You are here

End-to-End Network Trust

Description:

OBJECTIVE: Provide end-to-end, adaptive trust in a complex network infrastructure. Each component in the infrastructure must be able to establish trust, verify the trust of other components in the infrastructure, and provide trusted communications. DESCRIPTION: End-to-end trust is an emerging field in cyber security and should be an essential part of any mission-critical operation or secure electronic communication. Being able to verify the trust among, and the communications between, critical components is paramount to preventing compromise of discrete operations. It is not feasible to assume that the devices across a network can all be trusted. This effort requires a solution that provides end-to-end trust on a network, even in the presence of compromised or malicious components which may have or have recently had a trustworthy connection. A network infrastructure can be comprised of many components, such as servers, routers, desktops, mobile devices, and smart phones. Transmitting information from one component to another is complex and riddled with insecurities. For example, an adversary could potentially compromise a router between two components and perform a man-in-the-middle attack on their communications. The goal of this effort is to provide methods to verify the integrity of the components of a network infrastructure, as well as to provide a means to securely collaborate between components, even in the presence of malware. That is, the goal of this effort is not to prevent or detect the presence of an attack or malware, but instead will focus on how to measure, and verify that software on a component hasn"t been tampered with by an attack (i.e. can the software be trusted). In addition, techniques must be provided to periodically maintain and reestablish the trust of a component. A technique must be provided for a component to determine if it has experienced a loss of trust. Upon a component losing trust (e.g. possibly from a cyber-attack), this component should no longer be able to communicate with its previously trusted interconnected components. A method to communicate the trustworthiness between two components and establish a trusted connection shall be developed & utilized. This communications method will also support notification of detection of untrustworthy components as appropriate. The end-to-end security established should be able to survive on a network that is compromised by an adversary with intimate knowledge of the solution provided. The methods and protocols must be resilient to an attack even if the entire technique is known. Even after a trusted path between multiple components has been established, it is necessary to maintain this path to ensure that trust is maintained. This effort shall identify a means to preserve trust between components in order to maintain secure operations. Verified components shall be assigned an associated level of trust. This level of trust will be used to determine security criteria for the type of data that can be transmitted across these components. This capability must preserve network bandwidth as much as possible and minimize or preferably eliminate customization or replacement of components. Note that components can be physical and/or virtual and the proposed response will need to be able to address both. PHASE I: Identify all of the resources in the system that must be measured, determine a method for secure communications, and demonstrate end-to-end trust providing adaptation to one or more trusted components being subverted. Perform/report an analysis of alternatives and demonstrate techniques to verify/maintain the trust of each type of critical component in the overall system. PHASE II: Extend prototype for complex environment with multiple end-to-end processes with adversaries present who are aware of the approach used. Provide the ability to measure & determine the trustworthiness of software both at boot time and during run-time; include secure communications between all nodes on the network; include heterogeneous nodes & include the ability to react to compromised nodes by showing nodes renegotiating trust as processes and components are disrupted or subverted. PHASE III: Military Application: Utilize developed technologies to automate process of assuring trust across large mission-critical network. Commercial Application: benefits industries where trust and privacy are essential to business (incl. banking, medical, eCommerce, DHS, & commercial businesses. REFERENCES: 1."End to End Trust: Creating a Safer, More Trusted Internet". www.microsoft.com/mscorp/twc/endtoendtrust/. 2. Defrawy, Karim, et al."SMART: Secure and Minimal Architecture for (Establishing a Dynamic) Root of Trust". Feb 8, 2012, NDSS 2012. 3. NIST Special Publication 800-53,"Recommended Security Controls for Federal Information Systems and Organizations"http://csrc.nist.gov/publications/nistpubs/800-53-Rev3/sp800-53-rev3-final_updated-errata_05-01-2010.pdf
US Flag An Official Website of the United States Government