holistic security

Hol ist ic

Security

Peter Cochranecochrane.org.uk

University of Singapore 17 November 2017

what we know for sure

Attacks are escalatingThe Dark Side is winningThe attack surface is increasingCyber disruption costs are growingCompanies do not collaborate and shareThe attackers operate an open marketAll our security tools are reactiveAttacker rewards are on the upPeople are the biggest riskThere are no silver bullets

It is time to rethink our strategy and solution space

More of the same butbetter & faster will not

change the game…

…we have to think anew-get out of the boxand do something verydifferent !

CYBER warfare A new and rea l l y b i g game changer

“The Amer ican Mi l i tary can no longer protect the nat ion”

CY B E R war far e COST Pub l i shed numbers vary w ide l y - a l l we can say i s the cos t i s b i g and ge t t ing b i gger year on year

Top 10 economies on l y

CY B E R war far e COST Pub l i shed numbers vary w ide l y - a l l we can say i s the cos t i s b i g and ge t t ing b i gger year on year

Top 10 economies on l y

Al l N ati on s are

Payi n g a pri ce

THE B IG P ICTURECyber security is no longer contained

The Dark Side are winning because they are 100% committed and see this war as total; a much wider conflict than CYBER alone…

They are far more integrated and sharing - than we are and operate as a virtualised workforce driven by money and evil intent…

We do not anticipate their innovation, tactics, tools, attacks, and we don’t think as they do…we are always on the back foot!

We need to:

Scale & ComplexityBeyond human abilities across too many fronts

Physical AND&&Cyber

are integrateD

Relat ionsh ipS

Criminals

T h e D a r k S i d e o f T h e F o r c e !

Rogue States

Hackers

Pol it icos

Terrorists

responsibilityPeople have no security abilities

And why should they ? It is not their problem ! They are just users and victims of very poor design and a lack of support

Industry needs to step up to theplate; take control ; automate &

del iver turnkey solut ions.They sold the products

and services: andshould ensure al loperate safely &

problem free!

Dominated by Government

Forces

Government, Military, Industry, White Hats, General Population

Warfare continues to rapidly evolve,and is now total, embracing: PoliticsMedia, Infrastructure, Institutions,Financial Systems, Intel Agencies,Industry, Banks,Government, Homes,Appliances, Health Care,Emergency Services, Defence,Military, Transportation Systems,Farming, Food Production, Logistics,Networks, Devices, Hardware,Hardware, Software…+++

theatres of warNo longer a so l e m i l i ta ry p re se rve

AIRSEALAND

SPACECYBERCYBER

CYBER EMBRACEAll peoples & all things in the loop

Autonomous Entities Intelligences Computers Networks Electronic Electrical Mechanical Mankind

PopulationMan

and

Man

/Mac

hine

Mad

e T

hing

s

Humans Are The

Minor Players

Cyber is now a part of everything we do and own; what we are - and there are now far more machines than people

ATTAC K S U R FAC E We a re c o m p o u n d i n g o u r p ro b l e m s

I N T E R N E T

M O B I L I T Y

I O T

A n d , M O R E :U s e r s D e v i c e s S e r v i c e s M o b i l i t y N e t w o r k s B r o a d c a s t Soc ia l Nets C o m p l e x i t y e C o m m e rc e A p p l i c a t i o n s Tr a n s a c t i o n s C o n n e c t i v i t y O p e n A c c e s s D i g i t a l i s a t i o n I n f r a s t r u c t u r e G ro w i n g Re w a rd s + + + +

T h e t a r g e t i s g ro w i n g !

WHO ARE THEYAnd their pr imary occupat ion ?

Possible Recruit

Terrorist Trainee

CIA Agent

Rogue Gov Spy

Black Hat

Terrorist

Criminal

Terrorist Recruitor

White Hat

Hacker

Pol ice

Security Agent

CEO/CIO

Social Engineer

Cyber Bul ly Malware

BreederSecurity

Consultant

WHO ARE THEYAnd their pr imary occupat ion ?

Possible Recruit

Terrorist Trainee

CIA Agent

Rogue Gov Spy

Black Hat

Terrorist

Criminal

Terrorist Recruitor

White Hat

Hacker

Pol ice

Security Agent

CEO/CIO

Social Engineer

Cyber Bul ly Malware

BreederSecurity

Consultantp e o p l e a r e n o t j u s t b a d

a n d g o o d i n o n e d o m a i n

t h e i r h a b i t u a l i t i e s a r e

p e r m i a t e a l l d o m a i n s

W H A T A R E T H E I R D E V I C E S

c o m m u n i c a t i n g / h i d i n g

T o w h o m a n d w h a t a r e

t h e y c o m m u n i c a t i n g

What is th is ?A DDoS attack, or something more

Main Event ? Decoy ? Masking ? Diversion ?

Tunnel set up ? Infiltration ? Intel Ops ? Implant ? Theft ? Tests ? +++

AXIOMATICM a c h i n e s d o m i n a t e

Number of Machines >> Number of People

They are by far the biggest communicators

Their sensory capabi l i t ies growing

Their intel l igence is growing

T h e y a r e a p a r t o f u s

We are a part of them

We enjoy an irreversible mutual dependency

“I th ink we can safe ly assume that they are col lect ing vast amounts of data and information…and we do not understand the s igni f icance of most of i t”

AXIOMATICP r o b l e m s o l v i n g

“ O u r b i g g e t s a n d m o s t c o m p l e x c y b e rs e c u r i t y p ro b l e m s c a n n o t b e s o l ve d b y

a n a l o g u e m e t h o d s , a n d t h a t a l m o s tc e r t a i n l y i n c l u d e s t h e h u m a n m i n d ”

AXIOMATICP r o b l e m s o l v i n g

“ O u r b i g g e t s a n d m o s t c o m p l e x c y b e rs e c u r i t y p ro b l e m s c a n n o t b e s o l ve d b y

a n a l o g u e m e t h o d s , a n d t h a t a l m o s tc e r t a i n l y i n c l u d e s t h e h u m a n m i n d ”

A

AI AND Machine Help

has become vital

NEEDLE IN A NEEDLE STACKA multi-tool challengePeople Surveillance Communications Employments Associations Individuals Purchases Networks Habits Social Travel Work +++

Device/s Surveillance Other Device Connect

Net Node Connect Social Networks

eAssoc iat ions eConnections

ePurchases Locations

Habits Travel eMail TXTs Calls Web +++

A

Habits+Activities

GIVE VITAL CLUES

WHAT WE NOW NEED ?An essentials shopping l ist is reasonably short

Global monitoring and shared s ituat ional awareness

Cooperative environments on attacks and solut ions

Universal sharing of identi f ied attacks/developments

Address c loaking & decoy customer s ites/net nodes

Behavioural analys is of networks, devices, people

To continue and expand al l establ ished ef forts

Auto-Immunity for a l l devices including IoT

Secure wireless channels - inv is ib le s ignals

Lets exaM INE THREEThe grey items have been addressed elsewhere

Global monitoring and shared s ituat ional awareness

Cooperative environments on attacks and solut ions

Universal sharing of identi f ied attacks/developments

Address c loaking & decoy customer s ites/net nodes

Behavioural analys is of networks, devices, people

To continue and expand al l establ ished ef forts

Auto-Immunity for a l l devices including IoT

Secure wireless channels - inv is ib le s ignals

Sociology of things

The sociology of things is not understood and has yet to be studied- and it is digital!

RelationshipsThe keys to the security kingdomand behaviors

b e h av i o u ra l a n a lys i sPeople, devices, networks, components, things are habitual

Habituality identifies us

Any deviation indicates some form of change

b e h av i o u ra l a n a lys i sNetwork data shows a marked increase in activ ity

222120191817161514131210987654

Attack generated data

Normal data

Auto-immunityMirrors biological forebears

Applied everywhere 24 x 7 ICs ISPs WiFi Hubs LANs Cards Traffic Servers Circuits Devices Internet Networks

Organisations Companies

Platforms Groups People Mobile

Fixed

Broadcasting Malware

Responding with updated

protection Wider Network Updated

Latest Solution Update

Dynamic isolation of infected devices and components

leading to repairA mix o f c l ean and in fec tedAuto-immunity

A Multiplicity of channelsAttack detection/exposure/thwarting using access diversity

BlueTooth Short Range Device to Cloud Device to Device

WiFi, WiMax Medium Range WLAN/Cloud

Integrated and intelligent security systems embedded

into all products and componentsZigBe/Other ?? Car-to-Car Direct Communications

Defence opportunities in channel/device/system diversity

A wide plurality of channel detection and protection

Attacks almost never isolated or single sourced

Not restricted to single channel/attempt

Secure attack and infection isolation

Diverse immunity/support access

Distributed info sharing

GEO info location

3, 4, 5 G Long Range

Device to Net Device to Cloud

SatCom Broadcast

Auto- immun ityF i g h t i n g f i r e w i t h f i r e

Infinite IoT WirElesSSans channels , bands & regulat ion

“ T h e r e i s n o b a n d w i d t h c r i s i s , a n adherence to the past , l imi ted th inking, bad design and engineer ing….we have to reth ink the day and not be constra ined by the past”

Where it all startedFork lift radio - analogue - long distances - lots of power

CW, AM, FM, SSB+++

P2P Fixed, Broadcast+++

LW, MW, SW, VHF, UHF+++

Terrestrial, Maritime, Airborne+++

~30Bn fixed and mobile broadcast radio & TV receivers dominate followed by simplex

voice transceivers

Big cells and n x1000s of towersFast forward

~7Bn live devices on 3/4G connected to a global net of duplex voice & data comms

• Digital modes only

• Personal mixed use and traffic

• Static base stations dominate

• Terrestrial concentration

• Large cells <20km

Does e ve r y th i ng, bu t bad l yTHE BIG F IX ?

5g• Replaces optical fibre • Outguns 3 & 4G • Gbit/s everywhere

• Will dominate the IoT • +++++ • Cooks a chicken • Improves your sex l ife….

ObservationsI t i s a m i rac l e i t a l l wo rk s

Protocols very inefficient We avoid interference by dynamic juggling!

The spectrum shortage is an il lusion We seldom use more than 20% of the available space

5G unlikely to be a big player It cannot ful ly service the IoT

We need more than incrementalism More bands, channels, modulation and coding schemes are not enough

n e w d i r e c t i o n SFrom connected people to connected things

People ~10Bns

Traffic ~1 Bn

Goods ~100Bns

Components ~1 Tn IoT

E n e r g y l i m i t a t i o n SWe cannot realise such a future using our current approach

Internet and connected devices ~ 10% of all energy generated

What would 50, 250 or 1000Bn IoT devices demand ?

We have to get down from mW to µW, nW and pW

This demands ‘simplicity’ of processing and communications

N e w M o d e sMore things linking off net than on

Most THINGS will never connect to the internet

THINGS will want to network and connect with other THINGS

The IoT is entirely evolutionary and not just revolutionary

New sporadic networks and associations will occur

one size fits all - not!We are going to need a multiplicity of technologies

Cost Per Unit ~ 0 - 20 £, $, €

Size of Units ~ 1 - 50 mm3

Power Used ~ pW - mWSingle Chips Rule

Cont i n u e tW eak i n g ?This heritage/thinking cannot possible get us there

The Illusion of scarcityWhy do we do th i s - i t i s large ly legacy th ink ing

The Illusion of scarcityWhy do we do th i s - i t i s large ly legacy th ink ing

Actuall

y the

spec

trum is

mostl

y unu

sed!

A dense london location~50k WiF i nodes wi th in a 1km rad ius o f L iverpoo l St

New OpportunitiesHigh loss i s a short d i s tance/ reuse +++

God Given Spat ia l F i l ters

Status Quo Leave wel l

a lone

New Terr i tory and new

opportunit ies

Cont inues untouched

Al l modulat ion schemes from the past +new

New modulat ionschemes & modesinc luding hyperDirect SequenceSpread Spectrum

The Illusion of scarcityWhy do we do th i s - i t i s large ly legacy th ink ing far too complex & expensiveU n f i t f o r t h e I o T p u r p o s e - e s p e c i a l l y a t 3 0 - 3 0 0 G H z

New Opportun it i esHigh loss idea l for short d i s tance/ reuse +++

Direct Sequence Spread Spectrum

HYPER Direct Sequence Spread Spectrum

S/N dB

BW Hz

Duration

T seconds

Volumetric representation of S/N, BW and Time Claude Shannon 1945/46

I = B.T log2(1 + k.S/N)

I ~ B.T.K.S/NdB

vv

Back to basics

k.S/N >> 1

The same information transmitted in 3 different modes exploiting S/N, BW and T

S/N dB

BW Hz

Duration

T seconds

degrees of freedom

S/N dB

BW Hz

Duration

T seconds

In the Extreme

‘Waste Bandwidth’ to push the Signal Below the Noise

FiltersCoding

ModulationTiming Recovery

Amplifiers & Mixers

JitterPhase NoiseDoppler ShiftFrequency StabilityMulti-Path Propagation

Negated

BW ~ 500MHz

All digital no analogue elements - mixers, amplifies, filtersUWB ON AFTERBURNERS

From UWB

To HWB Hyper Wide Band

BW ~ 50GHz

SIGNAL CODING/Error Correction => Bit Counting/Averaging

1bit/Hz

0.01bit/Hz

Antennas spanning huge

frequency ranges are a non-

trivial problem…and whilst

fractal antennas are seen to

be (theoretically) the holy grail,

no one has yet succeeded in

realising fully workable designs

Challenge

For the usa army

The cyber war HAS

becomE Just war

Thank Youwww.cochrane.org.uk