Fraunhofer Institute SIT: perils of networked IT security - challenges and approaches. IT systems of companies and administrations are more and more networked. At the same time organisations are increasingly dependent of the availability and dependability of the deployed IT systems. Already, incidents of particular systems may cause chain reactions resulting in the break down of not related infrastructures within an organisation. Organisations and companies which are not taking appropriate actions are not only risking their own productivity but also face indemnity claims. The responsibility for appropriate actions lays within the duties of the management.

Service Oriented Architectures (SOA) represents a successful approach designing and describing distributed systems. By using Web Services the services are designed and provided. The concurrence between the involved services delivers a coherent product. Commercial grade systems are required to be dynamic, robust, and scaleable. Systems are dynamic if they react appropriate to changes in their operational conditions like a partial unavailability of a subsystem.

Robustness defines that there is no single point of failure leading to an outage of the overall system. This holds true for the physical as well as the information processing aspects. The scalability of a networked system is its ability to deal with different and changing sizes of the system like a changing number of nodes. Aside these general functional requirements, describing primarily the availability of the system, a growing number of statutory requirements concerning the data protection are to be fulfilled as well.

For example the German jurisdiction requires that the board of a stock corporation takes appropriate actions to recognise situations endangering the existence of the corporation. IT security is an important aspect within these regulations. SOX, Basel II, and the German KonTraG as examples are also defining further requirements.

In order to meet these challenges the systems differences between the requirements for communication, between the components involved, and the requirements for components themselves and their surroundings are considered.

Confidentiality and Integrity

In the context of communication integrity signifies that the information transferred is complete and not tampered. Distribution of services as offered by SOA and the establishment of redundant structures are strong concepts introduced in the area of availability. It is to be noted that the integrity of the End-to-End communication within such networks is to be guaranteed. The research project Hydra (http:// www.hydra.eu.com) as an example is concerned with design aspects for service oriented architectures in intelligent environments with a high demand for security and trust.

Hydra combines distributed service to virtual devices and allows by this multiple virtual representations of one physical device. Each of these virtual representations owns his own security parameters and therefore can be used in different contexts. This allows to secure the communication within one context without to restrict the usage of the device in other contexts. Central or distributed trust models, e.g. PKIs or the web of trust, may be used to gain testimonies about the trustworthiness of particular services.

Scalability and Robustness

To gain scalability and robustness approaches from the area of mobile ad-hoc networks (MANet) are considered. These approaches are concerned with the automatic configuration of the network topology which allows for local clusters bringing together logically or physically related services. Such an approach is for example in the Hydra project used to design logical contexts.

Services, which are only communication in a certain event or situation, are grouped in Hydra in a certain context. This clustering allows for a high scalability as for example the registration of a new service is only propagated within its context. Distribution as described here has in most cases also an impact on the robustness of the overall system. The lack of a central entity restricts the damage that is to be expected in case of a security incident. At maximum one cluster is affected and concepts for redundancy and selfreconfiguration or healing can be applied.

Service Security

The security of the particular involved service is another important aspect in contrast to the communication security. The security of the involved services is the underlying requirement for the security of the overall system. Not only the protection of the system and platform delivering the service is of interest but also the trustworthy communication of these aspects towards the communication partners is necessary. This build the base for each communication partner to testify if a certain service is providing the required security functionalities and but this able to perform its function trustworthy.

Especially in distributed systems, spanning different companies, this proof is of interest as it can not be considered as given that all services provide the same level of security and by this trust.

Trusted Computing as it is specified by the Trusted Computing Group (TCG) offers a security technology which can be used to provide the technological base to issue these proofs. Based on the Trusted Platform Module (TPM), which implements a security anchor, first Open Source and commercial products are available to protect platforms.

As examples the projects TrouSerS (http://trousers.sourceforge.net/) and Enforcer (http://enforcer.sourceforge.net/) can be given. Using this technology protocols to communicate the security means are required. The TCG develops wit the Trusted Network Connect (TNC) a family of protocols to ensure certain security policies for all devices attached to a network.

Distributed systems are in use in several areas today. Especially in the area of critical infrastructures like transportation, energy, or telecommunications an increasing degree of complexity can be observed. To take energy services as an example these are composed of different services like power plants operation, energy distribution, just to name some.

Each of these services are providing a unique aspect to the overall service delivered to the customer. A failure in one of the elementary services, most of them are IT based, should not lead to a major incident resulting for example in a power failure. Also for the IT sector the authorities are working on guidelines and regulations defining procedures to mitigate the shown perils to distributed and complex IT systems. As an example the German Federal Ministry of the Interior has developed the National Plan for the Protection of infrastructures (NPSI).

Prevention, preparedness and sustainability are the strategic objectives of the NPSI. These strategic objectives should effect that IT security incidents are reduced and the maximum possible damage minimized respectively. Therefore, the NPSI is supplemented through the implementation plan for critical infrastructure (KRITIS) and implemented them in the private sector.

The implementation plan for critical infrastructures describes actions and recommendations to the strategic objectives of the NPSI. The overall objective of the NPSI is to increase the service quality of service providers in terms of integrity, confidentiality and reliability. The growing complexity of systems, as it can be expected with regard to the emerging strong integration of former island solutions, requires a structured design and planning, including the security of the system as shown.

It should be noted that through a strong integration of business processes a new challenges arise. First these challenges have to be understood in its implications before it is possible to find adequate solutions. The approaches presented here represent only a small part of possible solutions, but show the diversity and complexity of this field.

Contact:

Nicolai Kuntze
Fraunhofer Institute for Secure Information Technology SIT,
Darmstadt, Germany
nicolai.kuntze@sit.fraunhofer.de
www.sit.fraunhofer.de

Dominique Mähler
BearingPoint GmbH,
Frankfurt am Main, Germany
dominique.maehler@bearingpoint.com
www.bearingpoint.com