• “Never underestimate the attention, risk, money and time that an opponent will put into reading traffic.”

    Robert Morris, former Chief Scientist of the US National Security Agency (NSA), National Computer Security Center, "Crypto '95 invited talks by R. Morris and A. Shamir", 1995

  • “The current way which organisations approach security can be recognised as an underlying market failure which consists of fire fighting security problems, silo'd implementation of technologies, uncontrolled application development practices and a failure to address systemic problems. Organisations tend to deal with one problem at a time that results in the deployment of point solutions to treat singular problems. This failure is typical of an uncontrolled marketplace evolving with little or no co-ordination.

    The British Government’s Technology Strategy Board, 2008

  • “Consider the use of smart cards ... for especially critical functions.  Although more costly than software, when properly implemented the assurance gain is great.  The form-factor is not as important as the existence of an isolated processor and address space for assured operations – an ‘Island of Security,’ if you will.  Such devices can communicate with each other through secure protocols and provide a web of security connecting secure nodes located across a sea of insecurity in the global net.”

    Brian Snow, Former Technical Director of the US National Security Agency (NSA), "We need assurance!", 1999-2008

  • “Assurance is best addressed during the initial design and engineering of security systems, NOT as an after market patch. The earlier you include a security architect in your design process, the greater the likely hood of a successful and robust design. As the quip goes, he who gets to the (module) interface first wins.”

    Brian Snow, Former Technical Director of the US National Security Agency (NSA), "We need Assurance", AusCERT 2008

  • "But conventional security is not enough. The complexity of today's operational environment means organisations must embrace a level of business resilience that is normally associated with the protection of critical national infrastructure."

    Detica, a BAE Systems Company

  • "Even a relatively small quantum computer, one that had a few tens of thousands of qubits, could consider so many different values at once that it would be able to break all known [ed: RSA, D&H, ECC, AES-128] codes commonly used for secure Internet communication.”

    Prof Seth Lloyd of MIT, MIT Review 2008

  • "Some physicists predicted that within the next 10 to 20 years quantum computers will be built that are sufficiently powerful to implement Shor’s ideas and to break all existing public key schemes. Thus we need to look ahead to a future of quantum computers, and we need to prepare the cryptographic world for that future.

    Prof Seth Lloyd of MIT, MIT Review 2008

  • "History has taught us: never underestimate the amount of money, time, and effort someone will expend to thwart a security system. It's always better to assume the worst. Assume your adversaries are better than they are. Assume science and technology will soon be able to do things they cannot yet. Give yourself a margin for error. Give yourself more security than you need today. When the unexpected happens, you'll be glad you did."

    Bruce Schneier, "Why Cryptography Is Harder Than It Looks", 1997

  • "There is a good chance that large quantum computers can be built within the next 20 years.  This would be a nightmare for IT security if there are no fully developed, implemented, and standardized post-quantum signature schemes."

    Prof. Johannes Buchmann, et al, “Post-Quantum Signatures”, Oct 2004, Technische Universität Darmstadt

  • "The future ability of quantum computers might be a decade or two away, their future ability to break public-key cryptography has important implications for the encryption of highly sensitive information today. For these applications, we must already design new public-key cryptosystems and one-way functions that are immune to quantum cryptanalysis."

    ARDA, Report of the Quantum Information Science and Technology Experts Panel, 2004

  • Build-in Security: Ensure that security is considered and built into the design of new infrastructure, so that our critical assets are protected from the start and more resilient to naturally-occurring and deliberate threats throughout their life-cycle."

    Obama-Biden Plan, Agenda: Homeland Security, December 2008

  • “The more complex the threats become, the more you have to do the basics and groundwork really well. Staying aware and on top of new vulnerabilities and ensuring that patches and software updates are rapidly implemented is crucial.”

    Jeff Shipley, Cisco Intelligence Collection Manager, Cisco 2008 Annual Security Report

  • "Given their power to intercept and disrupt secret communications, it is not surprising that quantum computers have the attention of various U.S. government agencies.  The National Security Agency, which supports research in quantum computing, candidly declares that given its interest in keeping U.S. government communications secure, it is loath to see quantum computers built. On the other hand, if they can be built, then it wants to have the first one.”

    Prof Seth Lloyd of MIT, MIT Review 2008

Resources Security bibliography Security Organisations, Projects, and Calls bibliography: US DHS Roadmap for Cybersecurity Research 2009
bibliography: US DHS Roadmap for Cybersecurity Research 2009
Full Title: A Roadmap for Cybersecurity Research (Nov 2009)
Organisation:

US Department of Homeland Security
Synaptic:
  • Synaptic Labs has completed serveral years of research and design on a new global IdM/CKM architecture that successfully predicted and addresses many of the priorities identified by the 2009 DHS Roadmap for Cybersecurity Research.
  • Synaptic Labs' global identity management and cryptographic key management proposal is directly relevant to 8 of the 11 hard problems listed on page iii, including 6 of the 8 hardest and most critical challenges listed on page vi.


A graphical table illustrating several desired properties for Global-Scale Identity Management solutions made by the Department of Homeland Security



About the document:

"This cybersecurity research roadmap is an attempt to begin to define a national R&D agenda that is required to enable us to get ahead of our adversaries and produce the technologies that will protect our information systems and networks into the future. The research, development, test, evaluation, and other life cycle considerations required are far reaching—from technologies that secure individuals and their information to technologies that will ensure that our critical infrastructures are much more resilient. The R&D investments recommended in this roadmap must tackle the vulnerabilities of today and envision those of the future.
The intent of this document is to provide detailed research and development agendas for the future relating to 11 hard problem areas in cybersecurity, for use by agencies of the U.S. Government and other potential R&D funding sources."
Key Message:

(Page iii) “The 11 hard problems are:

  1. Scalable trustworthy systems (including system architectures and requisite development methodology)
  2. Enterprise-level metrics (including measures of overall system trustworthiness)
  3. System evaluation life cycle (including approaches for sufficient assurance)
  4. Combatting insider threats
  5. Combatting malware and botnets
  6. Global-scale identity management
  7. Survivability of time-critical systems
  8. Situational understanding and attack attribution
  9. Provenance (relating to information, systems, and hardware)
  10. Privacy-aware security
  11. Usable security"
Synaptic Labs' global identity management and cryptographic key management proposal is directly relevant to the bolded points 1, 4, 5, 6, 8, 9, 10, 11 above.

Key Message:

(Page iv) "The (following) eight problems were selected as the hardest and most critical challenges that must be addressed by INFOSEC research community if trustworthy systems envisioned by the U.S. Government are to be built.

  1. Global-Scale identity management
  2. Insider Threat
  3. Availability of Time-Critical Systems
  4. Building Scalable Secure Systems
  5. Situational Understanding and Attack Attribution
  6. Information Provenance
  7. Security with Privacy
  8. Enterprise-level security metrics"
Synaptic Labs' global identity management and cryptographic key management proposal is directly relevant to the bolded points 1, 2, 4, 5, 6, 7 above.

Key Message:

Synaptic's global IdM/CKM proposal specifically address trusted insider attacks by using a model that distributes trust across multiple autonomous service providers.

(page: 29)“Unlike unauthorized outsiders and insiders who must overcome security controls to access system resources, authorized insiders have legitimate and (depending on their positions) minimally constrained access to computing resources. In addition, highly trusted insiders who design, maintain or manage critical information systems are of particular concern because they prossess the skills and access necessary to engage in serious abuse or harm. Typical trusted insiders are system adminsitrators, system programmers, and security administrators.”

Key Message:

(Page: 50)Global-scale identity management concerns identifying and authenticating entities such as people, hardware devices, distributed sensors and actuators, and software applications when accessing critical information technology (IT) systems from anywhere. The term global-scale is intended to emphasize the pervasive nature of identities and implies the existence of identities in federated systems that may be beyond the control of any single organization.” ... "In this context, global-scale identity management encompasses the establishment of identities, management of credentials, oversight and accountability, scalable revocation, establishment and enforcement of relevant policies, and resolution of potential conflicts. To whatever extent it can be automated, it must be administratively manageable and psychologically acceptable to users."
Keywords: cryptographic key management, asymmetric cryptography, quantum computers, symmetric cryptography, identifier based encryption
Website: http://www.cyber.st.dhs.gov/docs/DHS-Cybersecurity-Roadmap.pdf
Citation: Department of Homeland Security. "A Roadmap for Cybersecurity Research". Roadmap, DHS Science and Technology Directorate, Nov. 2009.
See also:

US President's 60 day cyberspace policy review
IEEE Key Management Summit 2010
IBE enabling ubiquitous uptake of encryption
Behavioural Trust and Identity

About DHS: The United States Department of Homeland Security (DHS) is a Cabinet department of the United States federal government with the primary responsibilities of protecting the territory of the U.S. from terrorist attacks and responding to natural disasters. With more than 200,000 employees, DHS is the third largest Cabinet department. This road map was created by the DHS Directorate for Science and Technology.

Last Updated on Friday, 04 June 2010 16:07
 
This website uses cookies to manage authentication, navigation, and to provide you with a better and more personal service. By continuing to use this website, you are consenting to this use. Find out more here.

image Introduction to synaptic Laboratories global cyber safety and Security status 2012 Cyber Security Technical Problems, Drivers and Incentives Video Presentation by Brian Snow

"Synaptic Laboratories is a rare company; they tackle the hard problems! Their basic approach is directly relevant to Governments and/or any commercial companies that deploy products that must function correctly in high-risk environments. They differ from most competitors in that not only do they work hard to get the concepts right, they also work very hard to assure the implementation is correct and robust as well."

Related Items

 

 

 

 

 

 

 

Universal Transaction System