|
|
Making the New Currency Safer to Transport Georgia Tech's Information Security Center studying technical and
|
From customer records to advanced product research, information has
become the cornerstone of operations for business, government, industry
and the military. Every day, threats to the safety of this "new
currency" blare from news headlines:
curious hackers, computer-based
terrorists, industrial espionage and even "information warfare" between
nations. Protecting this new commodity is of critical importance.
photo by Stanley Leary
GTRI researcher Jim Cannady, right, and his colleagues are using a
Cray supercomputer to develop information security technologies.
Last year, the Georgia
Institute of Technology moved to address both
technical and policy issues
"Until now, most efforts at information security have been ad hoc in
that a problem is discovered and a Band-Aid applied," said Dr. J.
Michael Cummins, the director of Georgia Center for Advanced
Telecommunications Technology (GCATT), who also served as GTISC's
interim director. "There is no underlying conceptual framework to think
through all these issues — particularly on a policy level. We formed
the Information Security Center to be the leader in developing that
theoretical infrastructure, while providing specific solutions to both
technical and policy issues."
Among the fundamental issues under study by GTISC are the sources of
information security breaches and the importance of information security
to economic growth. Specific technical issues being investigated
include: network security evaluation; external attack detection;
computer performance versus security tradeoffs; broadband network
security; the security and viability of the Internet II; and security
applications to make telecommuting more widely adopted. GTISC is
addressing these issues with a cross-disciplinary group of researchers
from: the Georgia Tech College of Computing, the organizational seat of
GTISC; Georgia Tech Research Institute; GCATT; and the Sam Nunn School
of International Affairs.
"We have strengths in both basic and applied research, and researchers
are already collaborating with each other," says Peter Freeman, dean of
the College of Computing. "Georgia Tech also has a lot of experience
working with top industry, governmental and academic leaders. So we
bring a strong and integrated approach to the information security
issue."
Fundamental
Issues of Information Security
Such issues as defining the standard for information security represent
the theoretical side of the problem, Enslow says. "There are a lot of
pieces required to make a secure operating system," he explains.
"There's encryption for data links, firewalls and other issues like
digital signatures.... But I want to help develop the overall
framework for such security issues and not get mesmerized by individual
components such as firewalls.
"Security systems operate in an environment created by government
regulation, criminal law and the mores of society," Enslow says. "These
are political issues that are important to business, society and
government."
Educating the stakeholders about security issues is Enslow's focus. He
wants to emphasize the importance of information security to economic
growth.
"There's been a lot of focus on the Y2K problem, but after it is dealt
with, I think more businesses will start to realize that their economic
survival depends on the security of their information," Enslow says.
"But it may not get enough attention until there's some nasty litigation
like a stockholder lawsuit. Really, information security is as much the
responsibility of the board of directors as is having sprinkler systems
and guards for their warehouses."
The New York Times
In September 1998, hackers sabotaged The New York Times Web site in the
first known successful hack of a major media organization. The hackers were able
to break in to the Times Web site and replace its front pages with pornography and
hidden messages. When the Times attempted to update its site, the hackers
responded with counterattacks. Finally, the Times gave up and took its site down for
about eight hours.
The Times was using what is called a common gateway interface, or CGI, to
create its Web pages. Experts believe the hackers probably launched their attack
through holes they found in the siteÕs CGI scripting. This language is used for
various interactive features on Web pages.
Citibank
In a series of break-ins in 1994, the bank's payment system was compromised
for about $10 million. The bank says it eventually recovered most of that sum.
Subsequently, Citibank tightened its computer security system.
But before those measures were taken, the Russia-based hackers were able to
electronically transfer large sums of money into their international bank accounts.
The hackers apparently used valid user IDs and passwords of other banks to
accomplish the fund transfers. How they got those passwords, given Citibank's
security, remains a mystery. Some officials believed the hackers had inside help, but
Citibank says no employees were involved.
Enslow also wants to dispel a common misperception. Most information
security breaches are not external ones. They are internal ones caused
by sabotage, accidents or incompetence, he says. Businesses need to
learn how they can verify the reliability of their employees and their
information processing operations to maintain security.
Evaluating Security of Networks
"The current lack of a standard method of assessing the security of
networks is one of the factors that has prevented the large-scale use of
electronic commerce," Cannady says.
So GTRI researchers are developing a standard methodology — called the
Network Security Evaluation Criteria (NetSEC) — for evaluating the
security of external network systems. It will also help system
administrators identify improvements needed to elevate their networks to
desired levels of security.
Learning the Characteristics of Attacks
"The individual creativity of attackers, the wide range of computer
hardware and operating systems, and the ever-changing nature of the
overall threat to targeted systems have contributed to the difficulty in
identifying network system intrusions," Cannady says.
The need to detect both known and new types of external attacks on a
system is the focus of another GTRI research project. Cannady is
addressing this need with the power and flexibility of artificial neural
networks. These networks consist of collections of processing elements
that are highly interconnected. Each collection transforms a set of
inputs to a set of desired outputs.
In a neural network demonstration project called SENTINEL, Cannady is
developing an intrusion detection system that identifies not only
previous types of attacks, but new ones — something current rule-based
systems cannot do. The system gains experience with each effort so that
it "learns" the characteristics of attacks. That should allow the system
to eventually predict attacks and monitor activities, collecting
information for responses to attacks and the prosecution of those behind
them.
Cannady has compiled promising results from tests of two prototype
neural networks. One, the multi-level perceptron (MLP) network, was able
to correctly identify each of the embedded attacks in the test data.
This test demonstrated the ability of a neural network to identify
specific events that may be part of an intrusion. But most attacks
involve a series of events, Cannady says. So he also tested a hybrid
MLP/self-organizing map prototype. Results showed the network's ability
to identify seemingly subtle, time-evolving attack patterns interspersed
randomly in ordinary Internet traffic.
Information Security vs. Application Performance
Enter the concept of adaptive security being developed by researchers in
the Georgia Tech College of Computing. Adaptive security provides a
protocol for systems to adapt to changes in user/application security
requirements and host system computation resource capability.
"Our mission is to address performance vs. security tradeoffs by
adapting to the constantly changing availability of computation and
communication resources," says Dr. Phyllis Schneck. She is a recent
Ph.D. graduate conducting this research with Dr. Karsten Schwan, a
professor in the College of Computing, and Dr. Santosh Chokhani,
president and CEO of CygnaCom Solutions, an information security company
in McLean, Va.
"We want to provide an on-line, near-optimal allocation of these
resources over time," Schneck says. "The end goal is to minimize overall
risk by borrowing available security processing resources on one
communication stream to 'lend' to other application streams that may
currently be lacking."
She and her colleagues have developed a suite of dynamic authentication
heuristics (basically, exploratory problem-solving techniques) to help
achieve high levels of security with scarce computation resources. The
suite optimizes the use of host computer resources while still
preserving appropriate levels of security and providing feedback to
users when any changes are made. Users can initiate changes in security
level as well, while applications are running. A Georgia Tech Research
Corporation patent is pending on the heuristics suite.
Uniqueness of GTISC
"One of the special qualities about Georgia Tech is the way in which the
research here is often a cross-disciplinary, collaborative effort done
with industrial partners," Schneck says. "In that same spirit, GTISC
symbolizes the synergistic combination of academia and industry to
conduct new research, commercialize new technologies and educate our
community. It is this combination that eventually enables greater global
economic growth."
of information security with the
establishment of the
Georgia Tech Information Security Center (GTISC).
Researchers are now identifying the problems and developing solutions to
those problems. GTISC is expected to make great strides under the
leadership of its new director, Dr. Blaine Burnham, who assumed his
position in December 1998. He formerly worked at the National Security
Agency.
See sidebar story:
Two Infamous Cases of Computer Hacking
Just what is information security? Dr. Philip Enslow, a professor in the
College of Computing, explains it this way: "It means that tomorrow
morning when I get to work and turn on my computer, all my systems and
processes will work correctly, my information will be available and not
be corrupted, and no one will have had access to my data."
Meanwhile, businesses are addressing security issues such as electronic
commerce conducted via the Internet. They are increasingly dependent on
the security of their computer networks. Yet they lack an effective
method for assessing the security of external networks that could
dramatically degrade their own computer network security, says Jim
Cannady, a research scientist at the Georgia Tech Research Institute
(GTRI).
While internal attacks on information security may be more widespread,
the threat of external attacks by hackers is still very real and quite
complex.
Yet another issue is the tradeoff between information security and
application performance. Security computations consume a great deal of
application processing resources, and this detracts from the performance
of shared, collaborative, real-time and electronic commerce software
programs. Thus host computers often cannot handle Internet user demand
for applications — such as ones designed for electronic commerce —
that require high levels of security.
Expectations are high for the success of GTISC in solving major
information security problems because of its unique comprehensive
approach. Several institutions in the United States collect statistics,
investigate vulnerabilities and conduct research, Schneck says. But
Georgia Tech is unique because it offers a "fusion" of technical and
policy expertise.
For more information,
you may contact Dr. Blaine Burnham, College of
Computing, Georgia Institute of Technology, Atlanta, GA 30332-0280.
(Telephone: 404/894-3152)
(E-mail: gtisc-info@cc.gatech.edu);
or Jim
Cannady, Information Technology & Telecommunications Laboratory, Georgia
Tech Research Institute, Atlanta, GA 30332-0832. (Telephone:
404/894-9730)
(E-mail: james.cannady@gtri.gatech.edu)
Contents |
Research Horizons |
GT Research News |
GTRI |
Georgia Tech
Send questions and comments regarding these pages to
Webmaster@gtri.gatech.edu