My $.02 on Research Challenges in Security

1. My $.02 on Research Challenges in Security Gene Tsudik SCONCE: Secure Computing and Networking Center UC Irvine http://sconce.ics.uci.edu/ 05/11/2004

2. My (myopic, biased, subjective, self-centered and misguided) selection of topics that are:Beaten to death…or just tired • Multicast security • Especially group key management  • DDoS reactive measures, especially, IP traceback • JAVA security • XML security • Mixes and mixnets (for wired networks) • Routing security (BGP, OSPF, RIP!) • IPsec and kin • Fair exchange and kin • Covert channels (thanks, Virgil!) • Intrusion Detection • Neither beaten to death, nor tired; just not a research topic • Multi-Level Security

3. My (myopic, biased, subjective, self-centered and misguided) View of Prominent Challenges • How to provably forget secrets? • Nano-cryptography and nano-security for constrained devices • Anonymity: voting, petitions, handshakes, reputation management • Casual Multicast • Publish/subscribe, sensor nets, manets, etc. • Group Membership: Distributed Admission and Eviction • P2P, MANETs, other collaborative settings • Policies, protocols • Effective DDoS resistance for web services • Puzzles ain’t it… • Could it be done at transport layer? • Effective SPAM countermeasures: SPAM = application-layer DDoS • We tolerate physical spam… sender pays, recycling works  • I could use, say, $.02 for each piece of spam in my mbox • Observability in wireless, ad hoc and sensor networks • Home wireless nets are becoming ubiquitous

4. The end…Have I managed to upset everyone?