(T) Every year at the RSA Conference, I have the same feeling: that information security is not changing and at the same time somewhat changing. What is changing is obviously technology: new technologies to attack computer systems and new technologies to better defend those systems.

 Following are some “Brilliant Ideas from Brilliant Minds” about new information security technologies. Just a summary of the most innovative technologies that I found discussed this year at RSA 2008.

Authentication Through Your Social Network

Authentication has now a fourth-factor! Current authentication methods rely generally on password (“what you know”), biometrics (“who you are”) and tokens (“what you have”). But with the growth of social networks and their integration to emerging Web 2.0 technologies, why not being authenticated by your social network: “who you know”? That is what RSA Labs is proposing with its notion of “voucher” or peer-level human-intermediated authentication that can be used in particular for emergency authentication which usually occurs when primary authentication mechanisms such as password or tokens are unavailable (forgotten or lost by the user).

Detecting Real-Time Fraud

Well-known event management techniques such as aggregation, normalization, and correlation of large data sets are not new. But what is new is that applications, systems, and security devices are producing a better event and log data and so security management systems can offer better functionality. A New York based-start-up Vigilant has developed real-time analysis and monitoring systems of events, logs and transactions that can prevent fraudulent activities especially the ones causing significant financial losses. The case of Jerome Kerviel leading to a $7 billion loss at Societe Generale is a painful reminder of the damage that can be caused with basic knowledge of the access control and audit systems when critical transactions are simply not monitored.

Virtualized Environments and Security

Virtualization is the kind of tools that can be used both to secure applications (good use) and to launch a system attack (bad use). Virtualization can isolate and protect software from malware. A trusted hypervisor can provide a “closed guest OS” like a dedicated appliance (versus an “open guest OS” like a PC) that protects the privacy and integrity of its contents. Virtualization can also be used to detect malware. A host-based IDS installed in a VM cannot be compromised by being isolated from the monitored host but still retain great visibility into the host’s state. But malware can also leverage virtualization with rootkits that take control of the underneath OS such as Blue Pill.

For more about what virtualization can do for security: Tal Garfinkel, from Stanford University. For more about malware virtualization: Joanna Rutkowska from Invisible Things Lab.

Identifying Packets with Security Tags

Cisco Systems launched in 2007 TrustSec, a Layer 2 security architecture, that expands Identity-Based Networking based on the IEEE 802.1x protocol and which leverages the Extensible Authentication Protocol (EAP) from the IETF. Cisco intends to implement as well in TrustSec the new IEEE 802.1AE MACSec protocol that provides data privacy and integrity for Ethernet networks. But what is much more interesting is that Cisco is planning to integrate a tag to an Ethernet frame that will map any packet to a security group that defines a number of authorization rules for both users and networked resources (such as servers, printers…). Packet forwarding and filtering will be based on this security group tag at the egress of the network. And as a consequence, access control policy will become embedded into the network fabric.

Intrusion Detection and Encryption at 10Gb/s

With datacenter and metro networks moving rapidly to 10 Gb/s, both intrusion detection and network encryption technologies must operate as well at 10Gb/s. There are basically two approaches to move from 1 Gb/s to 10 Gb/s. One approach is to aggregate encryption or intrusion detection systems from multiple 1 Gb/s devices into 10 Gb/s links through a switch or a controller that provides the 10 Gb/s inbound and outbound links. That approach is probably the one that offers optimal resiliency while being the lowest cost one. Both CipherOptics has announced 10 Gb/s IPSec network encryption and TippingPoint 10 Gb/s intrusion prevention products leveraging that approach. The second approach is to provide a 10 Gb/s throughput appliance. In that case, new silicon for the data plane is likely to be required.  Juniper Networks has announced 10 Gb/s intrusion protection leveraging that approach.

Note: The picture above is a painting from Pablo Picasso “Tete de Femme”.

Copyright © 2005-2008 by Serge-Paul Carrasco. All rights reserved.
Contact Us: asvinsider at gmail dot com.