“Call for Inputs” Summary

Chin-Laung and Michael 2007/10/31

This is the response summary of “Call for inputs on the 2nd phase R&D scope and topics”. Overall, those inputs can be divided into the following two types of recommendations: (1). on General Philosophy and Methodology, and (2). on Research topics.

I.                    General Philosophy and Methodology

1.      Continue the 1^st phase R&D projects and extend their Outputs and Outcomes.

2.      Build a big picture together!

3.       Divide R&D into 3 categories: mission-oriented, industry-focused, and center-specific.

4.      Identify several “useful” security products first!

5.      Use an open "call for proposals" to solicit joint Taiwan-US projects for the second phase of iCAST program.

II.                 Research Topics and Categories

We divide the research topic recommendations into the following four categories:

1.      Pervasive Security and Privacy Assurance

(1).      Distributed data mining by Grid computing

(2).      Enterprise RFID security

(3).      Advanced Remote Authentication

(4).      Hidden Policy in Access Control

(5).      Highly-efficient XML security inspection: Deep inspection on XML request packet and content to find out various XML-related attacks 

2.      Wireless and Sensor Network Security

(1).     Enterprise RFID security

(2).     Graphical password schemes for mobile devices

(3).      Security on Heterogeneous Wireless Networks

(4).      Intelligent Video Surveillance for Public Security

(5).      Secure Access Control for Wireless Sensor Network

(6).      Secure Wireless Overlay Observation Network

3.      SOC/IDS/IPS

(1).      Packet sampling classification and analysis

(2).      Detection of Slow attack by outlier detection algorithm

(3).      Automation of customized filter via machine learning algorithm

(4).     Botnet detection and cleaning

(5).      Network Forensics -- methods and systems

(6).      Collaborative evoluted worms/attacks detection systems

(7).      Risk assessment technique - Combine OCTAVE process with CNS27001

(8).      Integrated threat prediction technique (including insider threat and outsider threat  modeling)

(9).      Knowledge-based malware detection technique

(10).  Fraud behavior cluster with machine learning: Automatic data mining technique to identify fraud behavior from the transaction traffic and system event log

4.      Secure Computer

(1).     easy-to-use personal security guardian for end-users to protect personal information

(2).     TPM

(3).      Real-time transaction risk measurement: Dynamic measurement metrics for quantifying the degree of security risk based on user behavior profile and on-going transaction traffic

Reference: Original Inputs (Recommendation Texts)

2007/4/3

(1).      Packet sampling technique and analysis in computer security

(2).      Detection of Slow attack by outlier detection algorithm

(3).      Distributed data mining by Grid computing

(4).      Automation of customized filter via machine learning algorithm

2007/10/4

(5).      To identify 2-3 useful security products

It is time to identify 2-3 useful security products (commercializable, from a top-down approach, and even unrelated to the 1st phase outcome) that the project participants can jointly create, instead of fighting along in each one's own lab.

If there is a definitive picture of the resulting products, then it is easier to distribute (or call for proposal) the derived sub-projects and the group can be more organized and manageable.

2007/10/5

(6).      Botnet detection and cleaning

(7).      Easy-to-use personal security guardian for end-users - to protect personal information; some refer to as "secure computer"

2007/10/17

(8).      Enterprise RFID security

Description: RFID technology has become one of the core technologies for next generation enterprises and organizations in personnel identity recognition, important document labeling and management process, equipment or property inventory and management, product transportation tracking, goods refund process, theft prevention systems, retail sales process and so on. However, end-to-end environments, processes and management policies in terms of security for newly introduced RFID systems and co-related business process models in enterprises and organizations are not implemented or fully integrated together yet. Most of research in RFID security area was concentrated in basic or a dedicated portion of RFID system security such as authentication process. We think a broad security research view should be introduced to RFID adopted enterprises which will need a total security solution sooner than they can think of once the influence of RFID-wise systems, processes and models spreads all over the world. Therefore, how to design and integrate all related and developed RFID security technologies and methodologies to construct secure business processes and management models for RFID adopted enterprises should be an interesting research topic.

2007/10/17

(9).      Network Forensics -- methods and systems

(10).  Collaborative evoluted worms/attacks detection systems

2007/10/20

(11).  Pervasive Security and Privacy Assurance

(12).  SOC application related research:

l           Risk assessment technique

                             i.                Combine OCTAVE process (from CMU)and CNS27001

                            ii.                Prototype provide quantized risk index for easy evaluation

                          iii.                Many IS company want this prototype

l           Integrated threat prediction technique

                             i.                Include insider threat (from CMU)and outsider threat (network intrusion) modeling

                            ii.                70% of the information security events of a organization are recognized to be the problem of insider threat

                          iii.                Based on insider threat modeling procedure, network intrusion detection strategy can be best adapted.

                          iv.                Valuable to those IS companies who want to do business with government and big enterprise.

l           Knowledge-based malware detection technique

                             i.                Most of the malware detection processes need tools and domain knowledge, we will try to use ontology to generate the knowledge database for automation detection unknown malware.

                            ii.                Valuable to AV companies

2007/10/23

(13). Use an open "call for proposals" to solicit joint Taiwan-US projects for the second phase of iCAST program?

That is, instead of defining specific projects to work on (and with only the input from existing iCAST projects PIs in Taiwan), why not open the playing fields for all to participate?

The iCAST program office can still list key research areas (such as software security, intrusion detection and prevention, etc.) for researchers to look into, but then ask researchers in Taiwan and their collaborators in US to submit joint proposals BEFORE the 2nd phase will start.

Those proposals are then reviewed, by iCAST program office and by external experts, and funded if approved.

I think this can work better than what has been in practice now.

It seems to me that, in the current phases, where the PIs in Taiwan are asked to come up with proposals but without the assurance that what they propose will be funded in the end.

I also find it odd that, in the current phase, US research partners for specific projects are sought AFTER the iCAST project are granted from NSC.

I think it will be better that every joint proposals, developed together by PIs from both Taiwan and US, are submitted to iCAST/NSC, say, 6 months before the 2nd phase starts. The approved proposals are then funded at the first date of the 2nd phase with full assurance.

(14).  Highly-efficient XML security inspection: Deep inspection on XML request packet and content to find out various XML-related attacks 

(15).  Fraud behavior cluster with machine learning: Automatic data mining technique to identify fraud behavior from the transaction traffic and system event log

(16).  Real-time transaction risk measurement: Dynamic measurement metrics for quantifying the degree of security risk based on user behavior profile and on-going transaction traffic

(17).  Advanced Remote Authentication

(18).  Hidden Policy in Access Control

2007/10/25

(19).  Graphical password schemes for mobile devices: User authentication for mobile devices has traditionally been poorly served, with the majority of devices relying upon problematic secret knowledge or strong alphanumerical passwords. However, creating secure but memorable alphanumerical passwords poses certain degrees of challenge. On the other hand, human beings are predominantly visual creatures. Hence, the development of user authentication schemes based on graphics is a very demanding task.

2007/10/29

(20).  Security on Heterogeneous Wireless Networks

•  Focus on

–                          higher-layer security mechanism designs and security applications by using novel mobile devices on heterogeneous wireless networks.

•  Contribute to

–                          Wireless networks operators

–                          Mobile devices industries

•  Possible technology focus

–                          Security mechanisms for wireless technologies

–                          NFC (or similar RFID technologies)

–                          Software TPM

•  To make technologies-combinations

•  Possible directions

–                          Enhanced authentication for trusty, easy-setup, user-friendly, and etc

•                                                  To adopt NFC, software TPM, etc

–                          Security improvements with considerations of

•                                                  Privacy protection

•                                                  Secure information interchange (Traditional Web, Web 2 Virtual Communities, or Dynamic Virtual Communities)

–                          New secure applications

•                                                  Service-sale applications (vs. DRM)

(21).  Intelligent Video Surveillance for Public Security

•      公共安全(Public Security)

–                          以公眾安全、治安、與犯罪偵防等社會效益為主

•      FY98  智慧型視訊分析核心技術 (Indexing)

–                          透過對智慧型視訊分析技術的探討，研發兼具效率與準確度之事件indexing能力，以將龐大的公共安全監視系統所拍攝的視訊快速過濾，以協助情治單位快速擷取(retrieve)犯罪偵防的關鍵資料，並迅速破案

–                          公共安全監視系統整合之規範研擬與推廣

•      FY99  視訊資料庫與資訊擷取技術(Retrieval)

–                          與監視系統維運單位進行資料庫整合規劃，將龐大的監控視訊資料有效率的儲存，並與事件indexing後的資訊結合，讓監控視訊的排列不再只是依時間的橫向，也能是以事件來觀察的縱向

•      FY100 智慧型視訊即時監控核心技術技術(Object detection, tracking and Event Identification )

- 發展智慧型視訊即時監控核心技術包含物件偵測與分類，物件追蹤(跨多攝影機) ，事件辨識(Event Identification ) ，以提昇安全監控之即時辨識能力與公共安全技術等級，防範犯罪於未然

•      FY101高階視訊分析技術(Behavior analysis, Poor quality video analysis)

- 開發進階之視訊分析技術如行為分析與低解析度視訊分析以提升監控系統的智慧程度

- 例如在監控系統中規劃智慧辨識軟體（IVS）功能，能判別出嫌疑犯特徵後持續追蹤

(22).  Secure Access Control for Wireless Sensor Network

•  Wireless Sensor Network (WSN) has been used in variety of environments to monitor physical circumstances where these environments are either difficult to deploy wired sensors or unsuitable for manual operations. Since sensor nodes are commonly deployed in public places and transmit data via vulnerable wireless interfaces, a secured access control that can protect sensor nodes from being manipulated by attackers is needed.

•  During the 2nd three-year phase of iCAST project, we expect to focus on SECURE ACCESS CONTROL for resource-limited pervasive devices such as wireless sensor nodes.

•  Research topics:

–                          Robust WSN Access Control

–                          Mission Critical WSN Access Control

–                          EAP-Based Sensor Access Control

–                          Attack Detect & Defensible Sensor Access Control

2007/10/30

(23).  Secure Wireless Overlay Observation Network

(24).  Divide into 3 categories: mission-oriented, industry-focused, and center-specific.

1.政策目標導向之研究主題：

由科技顧問組提供政策目標，大家再討論實現目標之分年計畫及其分工執行之研究主

題。工研院或資策會應可提供相關經驗，規劃並跟催其分工、整合及檢試工作，以落實

政策目標。

2.提升產業技術之研究主題：

明白告知國內資安產業，iCAST 有意願引進國外技術，與TWISC 共同協助資安產業技術

之升級。請國內資安產業各公司提出該產業之共同資安研究議題，及公司本身需 iCAST

協助之研究議題(若有需要，可採適當隱私處理，如隱密公司名稱)，以彙整於iCAST 下

一期研究主題中。

3.執行單位所需之研究主題：

執行單位為順利達成政策目標或提升產業技術所需之相關研究主題。