Emerging Cyber Security Approaches and Technologies - Research Paper Example

Contents Name: 1 1 Contents 2 INTRODUCTION 2 MOVING TECHNOLOGY: 3 DEFINITION OF MOVING TARGET TECHNOLOGY: 3 GOVERNMENTAL SUPPORT 5 REMOTE AGENT TECHNOLOGIES 6 SUPPORT OF THE GOVERNMENT IN THE PROMOTION OF TECHNOLOGICAL SYSTEMS THAT SUPPORT REMOTE AGENTS 7 REAL-TIME FORENSIC ANALYSIS: 8 GOVERNMENTAL SUPPORT FOR REAL-TIME FORENSIC ANALYSIS 9 SEARCHABLE ENCRYPTION: 10 DEFINITION OF SEARCHABLE ENCRYPTION 11 UTILIZATION OF SEARCHABLE ENCRYPTIONS 12 THE FEDERAL GOVERNMENT AND SEARCHABLE ENCRYPTION: 13 TRUSTWORTHY SPACES: 15 TAILORED TRUSTWORTHY SPACES (TTS) AND ITS UTILIZATION: 15 CONCLUSION: 17 REFERENCE 17 INTRODUCTION The internet is a very important tool that almost every organization in the world is using. In as much as the internet is popular, there are a number of risks associated with it. This has raised a major concern of its use worldwide, with countries such as United States and United Kingdom, investing heavily, in a bid to protecting its cyber space. Furthermore, these countries have invested heavily on methods that they can use for purposes of protecting their cyber space. This paper provides a review of technologies that can be used for purposes of protecting the cyber space, and the various efforts that government organizations have enacted for purposes of supporting the development and implementation of the technologies concerned. Some of the technological innovations that are contained in this paper include trustworthy spaces, remote agent technology, searchable encryption, and real time forensics. MOVING TECHNOLOGY: Majority of computer networks are established by the use of static elements. Examples of these static elements include IP addresses, and computer software’s, etc. These static elements have a specific value or parameter, and when any changes occur in them, then the change under consideration is slight. Previously, when there was an attack on the cyber system, experts were not concerned on making changes on the computer system. This is despite the system being vulnerable to attacks that could contribute to the loss of data, or slow down the production process of the company. This is basically because of the ability of the static elements to scan the cyber system, over a period of time that is sufficient to finding its vulnerabilities, and fixing the problems. However, in the current environment, and innovation in information systems, and computer science, a static cyber system is difficult to defend. The Innovations under consideration are the emergence of the moving target defense elements. DEFINITION OF MOVING TARGET TECHNOLOGY: The intention of this technological innovation is creating change on the cyber system, with the intention of protecting it from attacks (NITRD, 2013). This system is advantageous in the sense that it is able to increase the costs that the attackers of a cyber system would incur. This would discourage these attackers from attacking the cyber system. This would in turn make the system to be secure, and less vulnerable to attackers, at any moment. The major challenge of the current security, of the cyber system, is because they are static. This means that, the attackers finds it easy to analyze the system, with the intention of coming up with the best methods of attacking the system. However, this is not the case with the moving target defense system (Grec, 2012). Because of the movements that it makes, the system makes it difficult for attackers to study its vulnerabilities, hence develop an efficient method of attacking it. A good example of this system is the ability of an organization to constantly change its IP address, and operational system. When this happens, any scan carried out by the attackers against the cyber system will be inconsistent, thus frustrating their efforts of attacking the cyber system or network (Grec, 2012). Thanks to the environmental changes initiated by IT experts, through the introduction of the Moving Target System. Furthermore, this system is highly efficient because it has the capability of reducing the area of the network that is directly accessible by the attacker. However, the implementation and adoption of this system has some challenges. The challenge emanates, when it involves the maintenance of the operational networks of users. This maintenance is very costly. However, a company such as Jumpsoft has emerged to produce a solution to such challenges. This is through their application, by the name of Jump Center. Jump Center is an example of a Moving Target System, and it is automated. This gives it the capability of changing the cyber system, based on the environmental conditions of its operations. This has an impact of reducing an attack that is targeted towards the surface area of the cyber system. This is a low cost moving target system that is highly efficient and effective in its intentions. The intention of the Jump Center technology is to make it very costly and risky for any attacker of the cyber system. This would in turn, minimize the chances of the occurrence of such an attack, hence achieving efficiency in its mission. In operating this technological innovation, there is a need of creating a layer of application. This layer is updated automatically, by every new release of the vendor. It is therefore important to explain that any business organization that has a large presence in the internet, need to have the Jump Center application. It would help in securing data of the organization. GOVERNMENTAL SUPPORT In a bid to developing a technological system, that could protect the cyber space, the federal government was able to sponsor NITRD, to develop such technological systems. NITRD has recognized the fact that Moving Target Systems are game changers, and they are efficient in the protection of cyberspace. Therefore, intensive research concentrates on the development of other Moving Target Systems that are less costly to develop and implement. The government has realized that bit needs the public and the private sector in protecting its cyber space, hence offering such support to these sectors (NITRD, 2013). In supporting the development of Moving Target Systems, the United States Air force was able to give a grant of one million dollars to Professor Scott DeLoach (Chabrow, 2012). Professor Loach is a Kansas State Professor, and he is highly respected in the field of cyber security and information systems. The air force was therefore entrusting him, to lead a research on Moving Target Systems, with the intention of developing an efficient one that can help to protect the American Cyber Security, most specifically, its military systems (Chabrow, 2012). REMOTE AGENT TECHNOLOGIES Another name for remote agents, is mobile agents..These agents have the capability of checking the mobile security of a cyber system, in an efficient and active manner. Active monitoring of a cyber system is important, basically because it protects against unsuspected attacks of a computer system, or cyber space. Remote agents use the latest technologies, to remain active, and they are constantly updated. Remote agent technologies also play a role in ensuring that system administrators are able to constantly monitor a large network. These networks are always difficult to monitor, because of the large number of nodes that they have, and the variations of a system (Tripathi et al, 2002). Furthermore, remote agents are important because they have the capability of testing the security system, of a centralized cyber space or computer networks. This is from a serve that is remotely controlled. The advantage of this system is that it would minimize the costs of administering a centralized computer or cyber system. Another advantage of a remote agent is that its applications can be operated without using unsecured firewall protocols (UMUC, 2012). In the current world, most institutions use the SNMP, for purposes of monitoring their network systems. The SNMP is an example of a remote agent. However, the major disadvantage of the SNMP is that it is complicated to use. An organization has to train or hire skilled IT administrators to operate and run the system, in their bid of protecting their networks (Tripathi, et al, 2002). The government is also encouraging research in the development of remote agents. For example, the Foundation of National Science is responsible for giving grants to students, with the intention of encouraging research that could lead to the development of remote agents that could be used in protecting the country’s cyber space. For instance, it sponsored a research by the students of Minnesota University, to develop a remote agent, by using a mobile agent application, by the name of Ajanta. Ajanta is efficient in altering the functionality of a cyber system, by remotely filtering information into the system. Furthermore, the Ajanta mobile system is efficient because it compares information from the central database, with the intention of detecting any issues that may make the system to be vulnerable to an attack, and thereafter initiating measures aimed at rectifying the vulnerabilities. Ajanta is also useful, basically because an administrator has the capability of remotely making changes to the computer system, in case of an attack. This involves the removal of agents that are a threat to the system, or addition of agents that can help in improving the efficiency of the cyber system. Tripathi et al (2002) explains that there are differences between the traditional SNMP system, and the remote agents. The major difference is the ability of the remote agents to relate various activities in the cyber system, and producing an alert, if it has detected any threats, contained in the files. This has an impact of raising the level, or awareness of a foreign agent within the computer system. Take for example, the logging in of a computer system by unauthorized person, by using different accounts (Wu, 2011). Remote agents have the capability of detecting these security threats, and alerting the system administrator of their existence. Furthermore, they also have the capability of automatically detecting any errors, in relation to an-authorized entry to a cyber system, and correcting them. SUPPORT OF THE GOVERNMENT IN THE PROMOTION OF TECHNOLOGICAL SYSTEMS THAT SUPPORT REMOTE AGENTS There are numerous benefits that the government would get by getting the capability of monitoring its cyber space, by the use of remote methods. This is because majority of the complex systems are managed and operated by the government (Digital government research, 2011). It is therefore to the interest of the government, to develop efficient and effective remote agents that would help in the protection of its systems. In a variety of countries, there is the existence of cooperation between countries that share the same border. This cooperation is aimed at developing the same remote agent that can play a role in protecting their cyber systems (Corey et al, 2002). It is important to explain that this collaboration between governments is of the best interest to all these parties. Furthermore, the ability of this collaboration is important, because it helps in the protection of classified that could be released to the public by computer hackers. An example is the leakage of sensitive American data, by the founder of Wiki Leaks, Mr. Assange. Despite this unethical activity by Assange, he has not yet been prosecuted. This is because of lack of international laws, and cyber jurisdiction agreements, the ways in which governments can collaborate, with the intention of prosecuting criminal activities such as this (Wu, 2011). Government organizations must therefore collaborate, with the intention of forming international laws and principles that would help in the protection of their cyberspace, and systems. REAL-TIME FORENSIC ANALYSIS: The current world is characterized by the use of the computer technology for purposes of fighting crime. This normally involves the use of forensic technology to investigate any criminal proceedings. Real-Time Forensic analysis has relations with the monitoring system of the network (UMUC, 2012). Real-Time Forensic Analysis is investigative in nature, and it is highly advantageous because it constantly investigates the various threats to the computer system. An example of this type of analysis is Network Forensics Tool, and it is abbreviated as NFAT. The NFAT is advantageous, basically because it is able to allow an efficient and effective monitoring of the cyber systems (Corey et al, 2002). The NFAT has the capability of recognizing an y flaws and violations in the configurations of the cyber system. Therefore, the most important role, of the Real-Time Forensics, is to monitor the performances of a cyber network, or system. These systems can also help in the recovery of data (Corey et al, 2002). However, the Real Time Forensics, specifically the NFAT only works, when there is a failure of another backup system. The use of these types of forensics, for purposes of monitoring the passage of information, between systems, is recognized by the law. For example, the portable and accountability act mandates hospital organizations to monitor information that passes through their systems. This is with the intention of protecting the privacy of patients, and the security of hospital organizations (Corey et al, 2002). GOVERNMENTAL SUPPORT FOR REAL-TIME FORENSIC ANALYSIS In any legal proceeding, it is very common for the government to support in analyzing any forensic data or evidence. This is for purposes of ensuring that it is able to get the correct results from the forensic evidence. The government has also extended this support to the field of computer forensics. However, dilemma exists on whether the government should put attention on real time forensics. Proponents of this system argue that the government should concern itself with real time forensics (Tripathi et al, 2002). This is because the government will gain an understanding on the emerging threats to the cyber security or systems, and on how to mitigate them. This is because it would get an opportunity of analyzing various threats and developing a solution to them. DARPA, an institution of government has engaged in research, and it has funded various researches, aimed at promoting the development of a Real-Time Forensics. For example, in the year 2006, DARPA was able to fund a Colombian University Project, whose aim was to design a tool kit that could be used to mine emails (EMT) (Brooks et al, 2013). EMT is an important technological innovation, and this is because it makes it possible for the administrators of a system, to efficiently analyze email traffics. This is for purposes of determining the flow of emails, and ensuring that they are directed to the person who should receive them. Almost all major organization in the United States have adopted the use of EMT, basically because it helps in the protection of their email correspondences (Stolfo, Creamer, & Hershkop, 2006). DARPA is actively engaged in funding various projects, aimed at protecting the American cyber space. It has supported initiatives aimed at developing Real Time Forensic tools that can be used to detect malwares, and other viruses into the cyber space of the government. Based on these facts, the government has realized on the need of investing in Real Time Forensics, hence using DARPA, to fund initiatives aimed at developing these cyber security tools (Levin, 2003). SEARCHABLE ENCRYPTION: Cloud computing has grown in popularity. However, there are various challenges with the growth of cloud computing, and one major challenge, is the security of the information that has been stored in the servers that makes cloud computing to be possible (Chandramouli, Iorga & Chokhani, 2014). On most occasions, these servers normally experience an attack from hackers, and therefore, it is difficult to trust them. Companies responsible for hosting cloud servers, and computer hackers, normally have an access to the plain texts of the system. This causes a breach in the security of the system, and this is basically because the data cannot be controlled by the owner, since the do not have a full control to the system. One method of solving this problem is the use of encryptions, for purposes of eliminating any plain text (Bösch, Hartel, Jonker, & Peter, 2014). This has an impact of blocking hackers, and companies contracted to host the servers, from accessing the information contained in the computer network. This is because the owner of this information or data has a control of the encryptions, making it very difficult for third parties to interfere with the information contained in the computer systems (Brooks et al, 2013). In as much as encryption is efficient and effective in protecting data, it has some disadvantages. One disadvantage is that the data under consideration would not have the capability of being identified by search engines, and this is because the data under consideration has lost its search capability (Bösch et al., 2014). However, in solving this problem, there is a need of keeping the encryption, and also making it possible for users to access information contained in it. This information should be accessed on the sides of the server. This method is referred to as searchable encryption, and it will have an impact of protecting the information from hackers, or administrators of companies hosting the organizations servers (Goh, 2003). DEFINITION OF SEARCHABLE ENCRYPTION The search index is an example of a cloud server encryption that is used by most organizations. It refers to a structure of data, that has the capability of storing a large volume of data. It uses keywords for purposes of searching for a piece of information, stored in it (Curtmola, Garay, Kamara, & Ostrovsky, 2006). For instance, an individual seeking for information from the search engine would enter a key word. The application would then search into its database, for purposes of finding out any words that relate to the key word, and hence producing them. To secure the search index, there is a need of introducing the trap door. It is only the secret key that has the capability of creating a trap door (Curtmola et al, 2006). The search index is important because it has the capability of increasing the security of the database. Despite its importance, this system has its own disadvantages. One disadvantage is that it has the capability of leaking information about the interests of the client. This information is based on the items that the client searches the most, and the key words that are frequently used. It therefore has an impact in breaching the privacy of an individual (Kamara, Papamanthou, & Roeder, 2012). However, it is possible to mitigate on this problem. This is by the use of the oblivious RAMs. The oblivious RAMS are used for purposes of reducing the speed of the computer system. The intention of reducing this speed is to slow down the server, hence making it difficult for the search engine index, to leak information (Curtmola et al., 2006). UTILIZATION OF SEARCHABLE ENCRYPTIONS There is a huge possibility of using searchable encryptions, for purposes of protecting information or data. This is basically because of the growth of the international computer market. Furthermore, the development of innovative tools of information technology, would have an impact in increasing the demand for searchable encryptions (Columbus, 2013). Cloud computing is an industry that heavily relies on searchable encryptions to protect its data. However, it is important to explain that most companies using information technology system, are always reluctant to adopt cloud computing technologies, because of the vulnerabilities of their data. They believe that it is easier for third parties to access information contained in the company’s database, if they use the tools of cloud computing (Chandramouli, Iorga & Chokhani, 2014). However, with the development of technologies in searchable encryptions, these companies would have a control of their own data, hence they would begin using the cloud computing technologies, to store data, and also disseminate information. The use of these encryptions would therefore mean that companies do not need to make a decision on whether to choose between security and functionality (Tripathi et al, 2002). It is therefore possible to assert that the tools of searchable encryption have a potential for being accepted into the market. Furthermore, the non of the producers of cloud computing services, have offered to provide or make it possible for searchable encryptions to be in their products. This is because it is difficult for organizations to outsource their sensitive information to clouds (Columbus, 2013). Despite these challenges, there is a potential for an increase in the use of applications that support o0r host searchable encryptions. Furthermore, companies such as Hitachi have begun adopting the use of searchable encryptions. It uses an encryption referred to as the BLAT tool, to protect its data (Brooks et al, 2013). Hitachi is an example of a cloud computing company that has realized the importance of searchable encryptions, hence initiating measures aimed at protecting its information or data. THE FEDERAL GOVERNMENT AND SEARCHABLE ENCRYPTION: The government is constantly engaged in securing cloud servers. Of major concern to the government is the management of cloud services, and cryptographic issues. NIST, a government agency, has managed to invest heavily on research, and the research focuses on problems that are related to unencrypted searchable tools (Chabrow, 2012). The government has realized that data centers and traditional computer systems are vulnerable to attacks, because of the large volume of data that they handle. Therefore, the federal government, through NIST, has embarked on research aimed at producing a large number of Cryptographic keys that would help in securing these data. Furthermore, the cloud computing are the most vulnerable areas of a computer system, or network. It therefore requires a complex process to secure these data (Corey et al, 2002). This is because physical control of the system, and its logical control are divided between the various actors in the cloud system (Chandramouli, Iorga, & Chokhani, 2013). Another major point of concern, that involves searchable encryption, is the impact that this system has on the government. Searchable encryptions have the capability of hindering the efforts of the government in securing data. This is because companies hosting the cloud servers have the capability of accessing this information (Levin, 2003). This is disadvantageous, majorly because if these organizations are in possession of sensitive government information, then chances are high that they may leak the information, to the public. In a bid to solving these issues of encryption, the government proposed thee CISPA act (Chabrow, 2012). The intention of this act was to share cyber intelligence, and initiate measures aimed at protecting the American cyber space. Furthermore, the intention of this act, is to encourage the sharing of information, between government agencies, and the private sector. The intention of the bill was to encourage cooperation between the government, and institutions responsible for hosting servers (Eggers, 2012). This is in instances where the country could experience an attack against its cyber systems. It is important to explain that the use of encryption can also be disadvantageous to the side of the government. This is because if it is used, the company hosting the cloud would not have an access to the given information. This therefore means that the government would not have the ability of getting this type of information, hence limiting its ability to get the people responsible for attacking its cyber system (Eggers, 2012). TRUSTWORTHY SPACES: Business organizations and people are now using the internet and cyberspaces, for business and personal activities. In majority of cases, the use of the internet for personal reasons does not need a high level security. However, when it comes to business transactions, there is a need of high level security (Chandramouli, Iorga & Chokhani, 2014). This is because the computer system treats all transactions equally, hence making the business systems to be vulnerable to an attack. The solution to this problem is creating a platform that has a different security level, which varies on strength and capability. This depends on the nature of information contained in it. This type of application that has a varying degree of protection is called Tailored Trustworthy Space. TAILORED TRUSTWORTHY SPACES (TTS) AND ITS UTILIZATION: One major challenge of using programs in the same environment is because they compete for the same resources. This makes it possible for hackers to find loopholes that they can use to attack the computer or cyber system of an organization (Hsu, 2013). Hackers can use applications that are not trusted, for purposes of accessing applications that are trusted. To protect the system against attacks, there is a need of creating a trustworthy space that is made to specifically protect the data under consideration. Take for example the videos produced by You Tube. Each of these videos requires some confidentiality level that is different (Chabrow, 2012). There are some private information, which addresses a specific audience, and there are some public information, that target the public. It is therefore important to explain that it is these types of applications that require the tailored trustworthy space, as it would provide a secured environment that can be useful in protecting its data. There are a variety of ways that can be used for purposes of implementing the TTS (Brooks et al, 2013). One such approach is by creating a compartment, within the system, and it would have the responsibility of examining the security needs of the system, and automatically initiating an application that can play a role in securing the computer network. The effect of these applications is the notion that they make it difficult for hackers or system attackers to access the unsecured network, hence protecting the system (Chabrow, 2012). It is therefore prudent to denote that the use of TTS, is important, and these applications have a wide variety of potential. Another area that the TTS can be used is in making the data contained in the computer system, to have the capability of protecting itself. It achieves this objective by developing a security encryption, making it extremely difficult, to violate its security by foreign applications. Therefore, it is highly possible to protect any type of data, through the use of these applications. These data can either be, both secured, or unsecured (WindTalker Security, 2013). Take an example of a pharmaceutical company. This company may invent a secret formula of making a particular drug. The company would need to store this information, by the use of either a secured or unsecured application. The company may use the self-protection data method, to attach it, to unsecured application, such as Microsoft word. When this information is sent, only people with a secret encrypted key can access the information (WindTalker Security, 2013). TTS can also be used by journalists, and this is basically because they normally access the internet, by the use of the access points. This makes the information that they have vulnerable to breaches, hence they need to send encrypted messages. In China, the government has censored the press, and it uses, an application referred to as the China Great Wall. This application prevents any encrypted messages from leaving the Chinese Cyber Space (Brooks et al, 2013). CONCLUSION: It is the responsibility of the government to protect any public and private property. This is whether it is within the international, or the national level. With the use of scientific knowledge, the government has managed to develop applications whose intentions are to protect its cyber space. It is important to understand that the threats of cyber attacks are real and an example is an attack on Sony Computers. Technological innovations in respect center on the development of Real Time Forensics, Tailored Trustworthy spaces, Remote Agent Technologies, and Searchable Encryption for purposes of protecting the American cyber space. These technological innovations are highly efficient in protecting the American Cyber Space, and hence, there is a need of investing more in research, with the intention of developing more applications that can be used for purposes of protecting its cyber space. REFERENCE Bösch, C., Hartel, P., Jonker, W., & Peter, A. (2014). A survey of provably secure searchable encryption. ACM Computing Surveys (CSUR), 47(2), 18. Brooks, R. R., Hambolu, O., Marusich, P., Fu, Y., & Balachandran, S. (2013, January). Creating a tailored trustworthy space for democracy advocates using hostile host. In Proceedings of the Eighth Annual Cyber Security and Information Intelligence Research Workshop (p. 1). ACM. Chabrow, E. (2012). Intelligent defense against intruders. Webaccessed June 2, 2015. Chandramouli, R., Iorga, M., & Chokhani, S. (2014). Cryptographic Key Management Issues and Challenges in Cloud Services (pp. 1-30). Springer New York. Columbus, L. (2013). Predicting Enterprise Cloud Computing Growth. Web < http://www.forbes.com/sites/louiscolumbus/2013/09/04/predicting-enterprise-cloud-computing-growth/> accessed June 2, 2015. Corey, V., Peterman, C., Shearin, S., Greenberg, M. S., & Van Bokkelen, J. (2002). Network forensics analysis. Internet Computing, IEEE, 6(6), 60-66. Curtmola, R., Garay, J., Kamara, S., & Ostrovsky, R. (2006, October). Searchable symmetric encryption: improved definitions and efficient constructions. In Proceedings of the 13th ACM conference on Computer and communications security (pp. 79). ACM. Goh, E. J. (2003). Secure Indexes. IACR Cryptology ePrint Archive, 2003, 216. Grec, S. (2012). Is moving-target defense a security game changer? Web< https://www.novainfosec.com/2012/05/23/is-moving-target-defense-a-security-game-changer/> accessed June 1, 2015. Hsu, D. F., & Marinucci, D. (Eds.). (2013). Advances in Cyber Security: Technology, Operation, and Experiences. Fordham Univ Press. JumpSoft. (2013). Cyber moving target defense. Web accessed June 1, 2015. Kamara, S., Papamanthou, C., & Roeder, T. (2012, October). Dynamic searchable symmetric encryption. In Proceedings of the 2012 ACM conference on Computer and communications security (pp. 965). ACM. Levin, D. (2003, April). Lessons learned in using live red teams in IA experiments. In DARPA Information Survivability Conference and Exposition, (Vol. 1, pp. 110-110). IEEE Computer Society. NITRD. (2013). Moving target. WEB accessed June 1, 2015. Stolfo, S. J., Creamer, G., & Hershkop, S. (2006, May). A temporal based forensic analysis of electronic communication. In Proceedings of the 2006 international conference on Digital government research (pp. 23-24). Digital Government Society of North America. Tailored Trustworthy Spaces: Solutions for the Smart Grid (TTS). (2011). Web accessed June 2, 2015. Tripathi, A., Ahmed, T., Pathak, S., Carney, M., & Dokas, P. (2002). Paradigms for mobile agent based active monitoring of network systems. In Network Operations and Management Symposium, 2002. NOMS 2002. 2002 IEEE/IFIP (pp. 65-78). IEEE. UMUC. (2012). Module 7: The future of cybersecurity technology and policy. Web accessed June 2, 2015. WindTalker Security. (2013). What are Self-Protecting Data and Differential Sharing? Web https://www.youtube.com/watch?v=JavyVD0wRWk accessed June 2, 2015. Wu, T. (2011). Drop the Case Against Assange. Web < http://www.foreignpolicy.com/articles/2011/02/04/drop_the_case_against_assange?page=0,0> accessed June 2, 2015. Read More