Solving the security challenge of dynamic networks

As networks undergo profound changes in their very nature, expanding at dizzying speed, potential security risks are increasing at an equal or even greater rate. Yet there is one promising approach to solving the security problems posed by such fast expanding networks - that of evolutionary and adaptive security. Three IST projects are tackling the problem on this basis.

"The most relevant issue is that the combination of heterogeneity and dynamism will make it impossible for security engineers to foresee all the possible situations that may arise and to create solutions for them," says Antonio Maña, scientific coordinator for the SERENITY project. In other words, it’s impossible to create a solution if you don’t know the problem.

SERENITY researchers are developing a framework to support the automated integration, configuration, monitoring and adaptation of security and dependability (S&D) in Ambient Intelligence (AmI) ecosystems. All this is achieved by capturing the necessary knowledge about S&D solutions so that they can be selected and applied by automated means.

Yet security issues in new networks are not about unknown problems. Networks themselves are transforming beyond all recognition. "The general rise of pervasive computing is a challenge to the traditional paradigm," says Daniele Miorandi, scientific coordinator of the BIONETS project, funded under the IST’s Future and Emerging Technologies (FET) initiative. "There are issues of scalability, complexity and heterogeneity. There is no longer any centralised control."

BIONETS aims at developing a biologically-inspired approach, based on paradigms from nature and society, for localised autonomic communication services that do not need central control. Such an approach would allow high-level services to evolve spontaneously. Autonomic services are self-configuring, self-healing, self-protecting and self-managing, much like the natural immune system of the human body. BIONETS researchers are focusing on networks, however security is a large element in their research.

All the experts agree that as networks and threats evolve, so must security. "It will be impossible to deploy all existing security measures using devices with limited resources, especially when they are providing the primary means to access services anytime, anywhere," says Gilles Barthe, coordinator of another FET-supported project, MOBIUS. "The particular challenge of dynamic security tackled by the MOBIUS project is to provide resource-aware language-based mechanisms to enforce evolving security concerns at download time."

MOBIUS aims to develop the technology to establish trust and security for next-generation networks. The project focuses on protecting the devices that form the various elements of networks, taking into account their heterogeneity and their need to support a large variety of services. MOBIUS uses the Proof Carrying Code (PCC) paradigm, where a component carries a formal proof that establishes its trustworthiness, and that the receiving device can validate quickly and autonomously.

PCC is ideal for securing future generations of networks because it allows individual components to gain trust by providing verifiable certificates of their trustworthiness - an approach than can complement centralised trust mechanisms that may sometimes be difficult to deploy. PCC also supports system component downloading, which is essential for remote maintenance of network devices.

Focusing on security from the start
Part of the problem in the past has been that new networking technologies are often deployed before security experts have the chance to analyse potential risks, let alone develop a suitable response.

That’s beginning to change, however. While BIONETS is primarily a research project looking at autonomic services where networks arise so spontaneously that the idea of distinct networks and devices disappears, researchers there are working on security issues from the very start.

It’s an essential step in the work of the project, believes Joachim Posegga, co-lead on the BIONETS security work package. "In the past, security specialists could work only on already established systems. With dynamic networks there’s no fixed infrastructure, the stable part is reduced or disappears, so we need to integrate security into the system from the very beginning,"

"We want to establish what is the minimum core required to respond to security needs," says Daniel Schreckling, the second co-lead on the BIONETS security work package.

Ultimately however, all security solutions have to balance the trade-off between flexibility, so the system can function and adapt to changing environments, and the level of guarantee provided. A standalone computer where the only possible input comes from typing would be very secure, but practically useless.

And there is a third factor to the equation, that of economics. It is possible to spend a great deal of money protecting against limited threats. It is necessary to find a balance between the two poles of ’best efforts’ and ’guaranteed security’.

However Dr Maña of the SERENITY project believes there is a middle ground, and that SERENITY offers an example of it. "SERENITY will provide a precise definition of the security achieved using a security and dependability solution, as part of the description of the S&D pattern. So in this sense, it is somehow guaranteed security."

Nevertheless he emphasises that absolute security is impossible, and that all solutions are based on given assumptions. "On the other hand, SERENITY does not aim at always providing the most robust security, so it is always ‘best effort’. Personally, I like the term ‘appropriate security’ - to describe a level of security that is adapted to the value of the protected element and the possibilities of attack," he says.

Adapting automatically to the application
The work of these three projects indicates that security technologies themselves could well be on the edge of a major breakthrough, allowing the devices themselves to provide security for a particular context and in order to deal with different levels of threat. For example security like that of Fort Knox is not necessary if the application is to access the TV schedules, whereas such security levels could well be required if the need is to transmit credit-card details over open networks.

The BIONETS project is perhaps the most ambitious and the most long-term of the research efforts. "We won’t establish a finalised security solution in BIONETS, but we’ve made good progress," says Schreckling. "The real benefit of our work will be the identification of minimal building blocks that can be used to develop truly autonomic security."

These building blocks will support adaptation and evolution, and will be tested within the project over the next three and a half years. "We probably won’t be able to produce a system-wide demonstrator, but we will develop tools internally to validate [also in real-world environments] the design principles," says Miorandi. "We need to develop algorithms that adapt autonomously, that’s the vision," adds Posegga.

The SERENITY project is moving rapidly too. "SERENITY is a three-year project and we are now starting the second half of the first year. We have made important advances in studying the state of the art and the definition of the target [security] scenarios," says Maña.

"We have also made very important advances in the description of security and dependability elements, ranging from concepts and properties to general solutions and even specific implementations. We are progressing well in the definition of the architecture of the SERENITY framework, a task that started just six weeks ago."

Work within MOBIUS project is also advancing apace. “We have identified and modelled the scenarios and security requirements that must be tackled, and defined the core security architecture. In order to focus developments and maximise impact, the architecture shall be developed for Java-enabled devices, and we are making very important steps towards developing mechanisms to build and check certificates," says Barthe.

"Our goal is to release within the next year a prototype that helps developers verify that their code is secure and generate certificates, and another prototype that helps consumers verify that the applications they execute are correctly certified. Overall, we shall provide a resource-aware and versatile infrastructure that is compatible with the evolution towards networks of widely distributed, autonomous, heterogeneous and extensible devices," he says.

Contacts:
Dr Daniele Miorandi
Center of REsearch And Telecommunication Experimentations for NETworked communities (CREATE-NET)
Scientific Coordinator of BIONETS

Dr Daniel Schreckling
Professor Joachim Posegga
University of Hamburg
Members of the group Security in Distributed Systems Leading the Security Workpackage of BIONETS

Contact via:
Dr Daniel Schreckling
Tel: +49-40-428832347
Email: Daniel.Schreckling@informatik.uni-hamburg.de

SERENITY
Professor Antonio Maña
University of Malaga
Tel: +34-952137142
Email: amg@lcc.uma.es

MOBIUS
Gilles Barthe
Tel: +33-492387938
Email: Gilles.Barthe@sophia.inria.fr

Source: Based on information from BIONETS, MOBIUS and SERENITY