Transcript Border and Transportation Security

Information Infrastructure for
Border and Transportation Security
Suku Nair
SMU
HACNet 2005
Research in HACNet
•
Secure Information Infrastructure: This work involves several sub-areas of
research
–
–
–
–
low-power algorithms to provide secure, non-repudiated communication amongst
sensing devices which form a self-configuring mesh
Secure and ubiquitous access to information
Intrusion tolerance through detection and prevention of cyber attacks such as
phishing, Distibuted Denial of Service (DDoS)
Threat prediction and attack trace-back
Restoration of network and computer systems after an attack or failure
Dependable architecture for secure grid-computing
–
–
Software security from design to implementation
Protocol validation
–
security engineering processes (such as application and extension of the Systems
Security Engineering Capability Maturity Model, SSE-CMM)
Enterprise security
Legal and ethical policy issues
–
–
•
Application Security – Sub areas of this research include
•
Security Engineering - Research in this area involves
•
–
–
Nano-security
SMU
HACNet 2005
Our View of Border and Transportation System
“Prefect Prevention”
Emergent Vision
“Viable Prevention with
Continued Observation”
Little post-incursion
protection
Continued protection through
Non-intrusive Distributed
Monitoring & Detection Network
High-impedance
Border Flow
Safe cargo
SMU
Questionable cargo
Low-impedance
Border Flow
Dangerous cargo
HACNet 2005
Detected & Stopped Incursions
SMU
Secure and reliable communications,
designed for high-performance and
secure user access
Secure and reliable communications,
suitable for low-power devices and
operations in adverse environments
Enablers for End-to-End System Integrity
Mobile Devices
for reliable status
transmission
Topography
Generating
Application
Pattern
Recognition
Application
Threat
Prediction
Application
Anomaly
Detection
Application
Sensors & Sensor
Network Autoconfiguration
HACNet 2005
Low-power,
secure & reliable
communications
Tracking and
Localization
Application
Databases
(Customs, SEVIS,
US-VISIT, etc.)
Security and Reliability in Sensor Networks
• Distributed authentication
– Beyond SNEP, TESLA, and µTESLA
– Key generation and distribution schemes
– Authentication of reverse broadcast
• Confidentiality
– Low cost encryption schemes using chaffing and
winnowing based on FEC codes
• Self-organizing networks
– Error detection/correction
– Neighbor detection through Interactive Consistency (IC)
– Reconfiguration schemes
SMU
HACNet 2005
Threat Prediction
All data
Data Collection
and Cleansing
Anomalies/Flags
EMM Data
Mining
Sequential
Data Collection
Link Graph
Construction
N/W Analysis
SMU
Growth/
Shrinkage
Heuristics
Recommendations
HACNet 2005