Cyber Security ResearchChallenges & Approaches

National Symposium on Recent Advances in Cyber security (RACS- 2013)

sarat@cdac.in

6-7th June 2013

Agenda

Cyber Security Challenges Need of indigenous R&D efforts in e-security Classification of security solutions C-DAC’s role - Focus Areas

Research Labs & Thrust Areas e-Security Products / Solutions/ Services Education, Awareness and Training Future Emphasis & On-going Research

Cyber Security Challenges

Typical Security Solution Deployment Scenario

Attack Sophistication vs. Intruder Technical Knowledge

Attack Scenario

Gaining Access

Taking ControlCovering traces

Reconnaissance

Cyber Attack

Types of cyber malware and attack modesMalware: A collective term for all types of malicious code and software

•Exploit– Taking advantage of computer vulnerability to cause unintended or unanticipated behaviour. This

includes gaining control of a computer system. •Virus/worm

– Computer programmes that replicate functional copies of themselves with varying effects ranging from mere annoyance and inconvenience to compromise of the confidentiality or integrity of information. Viruses need to attach themselves to an existing program, worms do not.

•Spyware– Malware that collects information about users without their knowledge.

•Trojan horse– Malicious program that acts in an automatic manner. Trojan horses can make copies of themselves,

steal information, or harm their host computer systems, or allow a hacker remote access to a target computer system.

•DDoS-attack– Attempt to make a computer or network resource unavailable to its intended users, mostly by

saturating the target machine with external communications requests so that it cannot respond to legitimate traffic, or responds so slowly as to be rendered effectively unavailable.

•Advanced persistent threats– A cyber-attack category, which connotes an attack with a high degree of sophistication and

stealthiness over a prolonged duration of time. The attack objectives typically extend beyond immediate financial gain.

•Botnets (or bots)– A collection of compromised computers connected to the Internet. They run hidden and can be

exploited for further use by the person controlling them remotely.

AdvancedIntrudersDiscover NewVulnerability

CrudeExploit Tools

Distributed

Novice IntrudersUse Crude

Exploit Tools

AutomatedScanning/ExploitTools Developed

Widespread Use of Automated Scanning/Exploit Tools

Intruders Begin Using New Types of Exploits

Vulnerability Exploit Cycle

Normal Flow

Fabrication

Modification Interception

Interruption

Get it?

Repudiation

No!

No!

Sent it?

Network Security Issues

Requirement

Availability

Integrity Confidentiality

Authenticity Non Repudiation

Network Security Services

Attacks on the Protocol Stack

Specific Challenges

• High Speed Content Analysis• Intrusion Detection, Analysis & Prevention• Malware Research• Efficient Behavior Modeling • Datamining for Security• Attack Analysis & Modeling• Vulnerability & Threat Analysis• End System Security • Cyber Forensics Analysis

Cyber Security Goals and Technologies

Security Tools – More Than Just a Firewall

Authentication and Authorization Technologies•Role-Based Authorization Tools•Password Authentication•Challenge/Response Authentication •Physical/Token Authentication •Smart Card Authentication •Biometric Authentication •Location-Based Authentication•Password Distribution and Management Technologies•Device-to-Device Authentication

Filtering/Blocking/Access Control Technologies •Network Firewalls •Host-based Firewalls •Virtual Networks

Encryption Technologies and Data Validation •Symmetric (Secret) Key Encryption •Public Key Encryption and Key Distribution •Virtual Private Networks (VPNs)

Management, Audit, Measurement, Monitoring, and Detection Tools •Log Auditing Utilities •Virus and Malicious Code Detection Systems •Intrusion Detection Systems •Vulnerability Scanners •Forensics and Analysis Tools (FAT) •Host Configuration Management Tools •Automated Software Management Tools

Industrial Automation and Control Systems Computer Software Server and Workstation Operating Systems Real-time and Embedded Operating Systems Web Technologies

Physical Security Controls •Physical Protection •Personnel Security

Need of indigenous R&D efforts

e-Security Ecosystem

Classification of Security solutions

•Collection

•Detection

•Prevention

•Protection

•Response (Analysis)

e-Security Products / Solutions of C-DAC

Collection Client-Server architecture based Dynamically Configurable Honeynet

Detection Malware Resist Malware Nivarak

Protection

The BharatiyaAFISTM Suite ENSAFE – End System Suraksha Framework STARS - Secure Two factor based Authentication for Remote Systems NAYAN – Network Abhigam niYantrAN USB Pratirodh

Prevention Guard Your Network –N/W Intrusion Prevention System Appliance Malware Prevention System

Response

StegoCheck Face Recognition Software CyberCheck Suite MobileCheck NeSA – Network Session Analyzer Enterprise Forensics System Win-Lift Suite TrueImager TrueLock TrueBack Bridge TrueTraveller

Focus AreasCentre Focus Areas

Bangalore

- Network Security (IDS/ IPS) - PKI and Key Management Systems- Insider Attack Detection- Grid and cloud Security- SCADA Security- Securing hardware systems

Chennai - Cloud Security

Hyderabad

- End Point Security- Malware Analysis and Prevention- Security and Privacy for Ubiquitous Computing- Device Control - Web Application Security- Mobile Security- Cloud and Virtualization Security

Kolkata

- Face Recognition- Network & Information Security - Cyber Forensics - Multimodal Biometrics

Centre Focus Areas

Mohali

- Honeypots / Honeynets- Bot detection

Mumbai

- Biometrics (Fingerprint, voice, Periocular and Iris, Vascular)

Noida- Capacity building through Awareness Generation and Content Creation

Thiruvananthapuram

- Cyber Forensic for Hardware and Software tools- Disk Forensics- Network Forensics- Mobiles and Handheld device Forensics- Live Forensics and Enterprise Forensics

Focus Areas

Research Labs

Title Centre

Industrial Control System Security Research & Cryptology Lab

Bangalore

Cyber Forensic Research Lab Thiruvananthapuram

Cyber Threat Research Lab Mohali

Malware Research LabHyderabad

Public Key Infrastructure (PKI) LabBangalore

Facial Detection Resource LabKolkata

Services

Service Offered @

Cyber Forensic Analysis Thiruvananthapuram

Malware Analysis Hyderabad & Mohali

Penetration Testing & Security Audits Bangalore, Hyderabad & Mohali

Web Application Security Testing Hyderabad

Wireless Security Assessment Hyderabad

Network Abhigam niYantrANProtects internal network from rapidly propagating threats and network misuse

NAYAN addresses the

access control and

authentication requirements

of end systems

Network Abhigam niYantrANProtects internal network from rapidly propagating threats and network misuse

Salient Features

• User and End System Authentication

• End System authentication is based on signature generated from hardware and software configuration

• Desktop Firewall

• Centralized Policy Management

• Automatic Policy Updating

• Role and Time Based Network Access Control

• Activity and Network Log

Detection Based on Runtime Behaviour. All running programs are monitored for a set of critical behaviors that could affect the normal functioning

Malware ResistSimplifying and Strengthening Security

Salient Features & Benefits

Detection Based on Runtime Behaviour

Capability to detect unknown malware based on heuristic technology

Small memory footprint and high detection rate

Co-exists with Anti Virus Solutions

Low False Positive Rate

Easy to Deploy and Use

Malware ResistSimplifying and Strengthening Security

USB PratirodhRegulating removable storage device access

USB Pratirodh is a

software solution

which controls

unauthorized usage

of portable USB

storage devices

USB PratirodhRegulating removable storage device access

Salient Features:

• It provides the facility for an end user to control USB usage on his/her end system

• User authentication • Device Control • Blocks Autorun.inf Malware • Password Protected uninstaller • Co-exists with Antivirus solutions

Guard Your Network (GYN) IPS Features

Performance – 1 Gbps throughputAttack Detection Methods

Signature Based Anomaly Based

Signature based Detection Buffer overflow SQL Injection Cross site scripting Directory Traversal Authentication bypass

attempt Command Execution

Attempt Backdoor detection OS and Protocol based

Attacks Server attacks

• Anomaly detection – Scan

– Flood

– DoS

– DDoS

• Security Analysis– Flow analysis– Threat analysis– Incident analysis– Event Correlation

• Management– Bridge mode operation– Alert generation– Web based GUI

• Anomaly detection – Scan

– Flood

– DoS

– DDoS

• Security Analysis– Flow analysis– Threat analysis– Incident analysis– Event Correlation

• Management– Bridge mode operation– Alert generation– Web based GUI

Intrusion Detection / Prevention Techniques - Overview

Intrusion Detection / Prevention System

Signature Based System Anomaly Based System

Uses Predefined Attack Patterns ( Signatures) Known attacks can be detected reliably with low false positive rate No learning required Unable to detect new attacks Unable to process encrypted packets

Creates a baseline profile of normal activities. Thereafter, any activity that deviates from base line is treated as possible intrusion Capable to detect new attacksSuitable to detect attacks which create variation in traffic patterns Setting a base line for normal activity is challenging

EDGE Features

Network Management

Wide Area Network

Local Area Network

Network Discovery

Active Discovery

Passive Discovery

Network Monitoring

Performance

Security

Traffic Profiling

Host based

Application based

• Anomaly Detection– Statistical based

– Protocol based

• Attack Detection – Scan

– Flood

– DoS

– DDoS

• Fast and light weight • Customized Report Generation

• Anomaly Detection– Statistical based

– Protocol based

• Attack Detection – Scan

– Flood

– DoS

– DDoS

• Fast and light weight • Customized Report Generation

Security Assessment System (SAS)• Vulnerability and threat assessment system for grid. • Conducts network audit • Performs vulnerability and threat assessment. • Visualization of threats and vulnerabilities • Can be customized for generic computer networks• Keeping track of network, cluster ,OS and applications • Provides the details of services and vulnerabilities • Health analysis of the nodes.• Provides various security assessment functions • Facilitates system administrators to be aware of

vulnerabilities• Provides alerts for applying patches for identified

vulnerabilities• Report generation

 

Cyber Forensics

• Cyber Forensics activities were started at CDAC Thiruvananthapuram in 2002 by establishing a Resource Centre for Cyber Forensics under the initiatives on cyber security by DIT

• Research objectives are– Development of cyber forensics tools– Provide state-of-the-art training to User Agencies– Provide technical support to User Agencies by

analyzing cyber crimes

Apr 19, 2023

Resource Centre for Cyber Forensics 41

Major Research Areas

• Disk Forensics• FAT, NTFS, Ex2fs, UFS, MAC, etc• Network Forensics• Email, Log Analysis, Packet Analysis

• Device Forensics• GSM/CDMA phones, PDA, Smart Phones

• Software / Financial Fraud Forensics• IPR, Database, etc

• Enterprise Forensics

Details on ready to use solutions/ Products and user agencies identified

• Ready to use Solutions / Products:1. CyberCheck Suite –

• TrueBack - Tool for Disk Imaging• CyberCheck – Tool for Data Recovery, Evidence Analysis and

Reporting.

2. NetForce Suite – • CyberInvestigator - Tool for Log Analysis• NeSA – Tool for Network Session Re-construction and Analysis

3. Enterprise Forensics System

4. MobileCheck – Tool for Device Forensics

5. TrueImager – H/W based high-speed disk imaging tool

6. TrueLock – H/W based drive lock for IDE devices

7. TrueTraveller – Portable CF Analysis workstation

E-Security in the Industrial Control Systems (ICS)• Cryptography and key management

– Research into uniquely secure and diverse escrow schemes and supporting key-management & cryptography in smartgrid.

• Advanced topics in cryptography– Research in privacy-enhancing cryptographic algorithms (homomorphic encryptions),

cryptographic in-network aggregation schemes, Identity-based encryption, access control without a mediated, trusted third party, etc.

• Architecting for bounded recovery & reaction– Research in different elasticity, tolerance and recovery mechanisms to study the timeliness of the

steady state of the system.

• Architecting real-time security– Research in this area should provide strategies for minimizing and making predictable the timing

impacts of security protections.

• Resiliency management and decision support– Model to measure & identify the scope of cyber attack and dynamic cyber threat.

• Advanced attack analysis– Research in advanced tools to provide deep analysis of cyber-physical systems.

• Internet usage in smartgrid (DoS/DDoS Resiliency)– Research into the methods to deal with denial of service using internet for specific type of

smartgrid applications.• Security Design & Verification Tools(SD&VT)

– Modeling of smart grid cyber & power systems using formal languages. Data analytics and intelligent methods verification tools.

Stuxnet

• A worm that is believed to be created by US and Israel to target Iran’s Nuclear facilities in 2010

• Spreads via MS-Windows and targets Siemens SCADA (Supervisory Control and Data Acquisition) equipments

• Contains a specialized malware payload that re-programs PLC (Programmable Logic Controller)

SCADA Topology Representation ISA 99 Standard

SCADA Vulnerabilities & Attacks

Architectural vulnerabilities• Weak separation between process network & field network• Lack of authentication among the active components

Security Policy vulnerabilities• Patch management policies • Anti virus update policies• Access policies

Software Vulnerabilities• Buffer overflows• SQL-injection• Format string• Web-application vulnerabilities

Communication Protocols Vulnerabilities in • DNP 3.0 (IP based)• IEC 870-part 5 101 profile• IEC 870 part 5 104 profile (IP based)• Inter Control Centre Protocol (ICCP, IP based)• ELCOM 90 (IP based, LAN protocol)

Architectural vulnerabilities• Weak separation between process network & field network• Lack of authentication among the active components

Security Policy vulnerabilities• Patch management policies • Anti virus update policies• Access policies

Software Vulnerabilities• Buffer overflows• SQL-injection• Format string• Web-application vulnerabilities

Communication Protocols Vulnerabilities in • DNP 3.0 (IP based)• IEC 870-part 5 101 profile• IEC 870 part 5 104 profile (IP based)• Inter Control Centre Protocol (ICCP, IP based)• ELCOM 90 (IP based, LAN protocol)

SCADA Attack Scenarios

SCADA protocol oriented attacks• Malware DoS Scenario (email-infection, infection through phishing , DoS

worm) • Unauthorized command execution Scenario(normal commands, maintenance

commands)• System Data poisoning• Replay-attacks• Compromised masters

Process network attacks• SCADA Server Denial-of-Service (DoS)• SCADA Server Corruption

– Unauthorized command execution– Data poisoning– System stop

• SCADA Server data flow corruption• HMI corruption

Exchange network attacks• Real Time Databases attacks

– Data poisoning attacks– RT-database shutdown attacks

• Diagnostic Server attacks

SCADA protocol oriented attacks• Malware DoS Scenario (email-infection, infection through phishing , DoS

worm) • Unauthorized command execution Scenario(normal commands, maintenance

commands)• System Data poisoning• Replay-attacks• Compromised masters

Process network attacks• SCADA Server Denial-of-Service (DoS)• SCADA Server Corruption

– Unauthorized command execution– Data poisoning– System stop

• SCADA Server data flow corruption• HMI corruption

Exchange network attacks• Real Time Databases attacks

– Data poisoning attacks– RT-database shutdown attacks

• Diagnostic Server attacks

Multi Agent Based

Security Information Event Management (SIEM)

Multi Agent Based

SIEMTest bed Setup

Corporate Network – Test bed

MTUMTU

RTU 1IEC 870-5-101

RTU 1IEC 870-5-101

Protocol HardenerProtocol Hardener

Protocol HardenerProtocol Hardener

Front End ProcessorFront End Processor

Communication MediumCommunication Medium

RTU 1IEC 870-5-101

RTU 1IEC 870-5-101

Protocol HardenerProtocol Hardener

Protocol HardenerProtocol Hardener

Based on IEC 62351

Standards

Based on IEC 62351

Standards

SCADA Protocol Hardening mechanism for RTUs Compatible with IEC 870-5-101SCADA Protocol Hardening mechanism for RTUs Compatible with IEC 870-5-101

Face Recognition System

CENTRE FOR DEVELOPMENT OF ADVANCED COMPUTING TECHNOLOGY CONCLAVE - 2013

In the context of Machine Vision, a Face Recognition System is a computerized system to identify human faces.

?Facial Database

Query Face

Systems Developed by CDAC

1. Face Verification System : 1:1 match

2. Face Identification System for Watch-list.

Application areas:

• Visitor management system.

• Attendance recording system.

• Access control system.

• Authentication of facial images in electoral roll.

Application areas: (for reduction of search space out of large database)

• Sieving duplicate entry in large database (passport, electoral roll etc.)

• Missing person enquiry.

• Identification of suspect in disguise.Human investigator has to recognize the peer matched face from the

short-listed set of faces.

Sub-disciplines of Information HidingInformation Hiding

Cryptography Covered writing Anonymous communication

Steganography Robust copyright marking

Linguistic Steganography

Technical Steganograph

Fingerprinting Watermarking

Imperceptible Visible

Message Surveillance - Steganography

Cover MediaTypes ( Still

image, Audio, Video, Printed Text and Fax).

Message ~ text or, image to

ensure precise and accurate

communication

Research Areas

Cyber Attack Capturing and Monitoring Technologies– Passive technologies

• Web Application Honeypot• Hybrid Honeynet system• Distributed Honeynet system

– Active technologies• Active Honeypot system for Drive-By-download

attacks Analysis

– Bot detection and Botnet tracking– Malicious website detection– Cyber Attack profiling & attack trend

establishment– Attack Mitigation by development of attack

signatures

www.infosecawareness.in

ISEA Material Developed

Posters for Parents

Parents/TeachersHandbooks Children ComicBook

Posters for Children

Why PKI

• Assurance of the following properties are essential for safe, secure and reliable communication

– Confidentiality: preventing disclosure of information to unauthorized individuals or systems

– Integrity : Data cannot be modified without authorization

– Availability: The information must be available when it is needed

– Authenticity: Ensuring that the user, data, transactions, communications or documents are genuine

– Non-Repudiability: One party of a transaction can not deny having sent/received a transaction

Digital Signature

• A digital signature of a message depends on – the signer (in fact the keys of the signer) and – on the content of the message being signed

• Digital Signatures are verifiable

• To digitally sign an electronic document the signer uses his/her Private key

• To verify a digital signature the verifier uses the signer’s Public key

Signature & Verification

Sender

Receiver

Hashing + Encryption (Private Key) = Signature Creation

Signature + Decryption (Public Key) = Signature Verification (Hashing)

Transmitted Message

Signature

MessageDigest

Hash Function

If these are the same, then the message has not changed

Alice

Jai

MessageDigest

Hash Function

Encrypt

Signature

ExpectedDigest

Decrypt

Veeru

PKI Activities

• Conduct awareness programs for end users of PKI

• Conduct training programs for PKI developers of various platforms

• Conduct specialized programs for PKI Administrators

• Contribute to the adoption of PKI in mobile and ubiquitous environments

• Assist in setup of PKI Resource Centre• Evolve and Compose the PKI Body of

Knowledge

e-Security Products / Solutions of C-DAC

Collection Client-Server architecture based Dynamically Configurable Honeynet

Detection Enterprise Network Management Solution (EDGE) Adrisya – Flow Based Anomaly Detection System Malware Resist

Protection

The BharatiyaAFISTM Suite ENSAFE – End System Suraksha Framework STARS - Secure Two factor based Authentication for Remote Systems NAYAN – Network Abhigam niYantrAN USB Pratirodh

Prevention Guard Your Network –N/W Intrusion Prevention System Appliance Malware Nivarak AppSamvid

Response

StegoCheck Face Recognition Software CyberCheck Suite MobileCheck NeSA – Network Session Analyzer Enterprise Forensics System Win-Lift Suite TrueImager TrueLock TrueBack Bridge TrueTraveller

Research Labs

Title Centre

Cryptanalysis Research Lab Bangalore (KP)

Cyber Forensic Research Lab Thiruvananthapuram

Cyber Threat Research Lab Mohali

Industrial Control System Security Research LabBangalore (KP)

Malware Research Lab Hyderabad

Public Key Infrastructure (PKI) Lab Bangalore (EC)

Steganography Resource Lab Kolkata

Thrust Research Areas

• Advanced Cyber Forensics• Auditing and Security Quality Assurance• Biometrics• Cryptography and Cryptanalysis• Disaster Recovery Solutions• Digital Provenance• Distributed Honeynets• Dynamic Firewall & Network Management • Grid, Cloud and Virtualization Security• Hardware Security Modules• Insider Attack Detection • Intrusion Detection, Prevention & Analysis• Large scale test beds for realistic

experimentation• Large scale Identity management &device

control solutions• Malware and Botnets (analysis, detection

and prevention)• PKI Evaluation Lab & Development• Securing Time Critical Systems (SCADA,

Smart Grid etc)

• Security Visualization• Security Evaluation in SDLC

• Security Metrics and Tools• Securing Cyber Physical Systems (ATMs,

EVMs etc)• Self Adaptive and Self Healing Software

Systems• Software Security and Formal Methods • Steganography and Steganalysis• Survivable Systems• Threat Modeling • Trusted Platform (Hardware and Software)• Unified Threat Management• Usable Security & Privacy• Vulnerability Discovery• Web Security• Whitelisting and Modeling correct software

behavior• Wireless & Mobile Security

Services

Service Offered @

Cyber Forensic Analysis Thiruvananthapuram

Malware Analysis Hyderabad & Mohali

Penetration Testing & Security Audits Bangalore (EC) Hyderabad & Mohali

Web Application Security Testing Hyderabad

Wireless Security Assessment Hyderabad

Online Courses

Name Duration Offered @

PKI Training Programme Self Paced Bangalore (EC)

C-DAC Certified Cyber Security Professional (CCCSP)

Self Paced (3 – 6 Months)

Hyderabad

e-Learning courses on e-Security 4 to 12 weeks Noida

Education and Training Programmes

Training Program Duration Offered @

Full Time Post-Graduate Diploma in Information Security 6 Months

Bangalore (EC) & Mumbai

NESEC (Network Security) 1 Week

Database Security 1 Week

C-HAT (Ethical Hacking) 2 Days

C-NET (Network Administration) 3 Days

C-PET (PKI Application Development) 2 Days

C-SEC (Perimeter Security) 3 Days

Database Security and Auditing 3 Days

Education and Training Programmes

Training Program Duration Offered @

CNSS - Certificate Course on Networking and System Security

22 Weeks

Hyderabad

Network Programming and Security Engineering 2 Weeks

e-Suraksha – A Practical Approach in Network Security

1 Week

Internetworking Devices Security 1 Week

Malware Reverse Engineering Techniques 1 Week

Web Application Security 1 Week

Wireless Security 2 Days

Information Security Awareness for Master Trainers 1 Day

Training Program Duration Offered @

Advanced Diploma in Networking & System Security 26 Weeks

Mohali

Training Program on Network Security Assessment and Proactive Defense

8 Weeks

Training program on Information and Network Security

8 Weeks

Ethical Hacking & Network Defense 6 Weeks

Network Security Engineering 6 Weeks

Perimeter Security Solutions 2 Weeks

Information Security Threat Assessment 2 Weeks

Information Security A Practical Approach 2 Weeks

Security Administration Linux 2 Weeks

Education and Training Programmes

Training Program Duration Offered @

Post Graduate Diploma Programme in Information security

2 Semesters (1 Year)

NoidaCertificate course in Information Security (Noida) 1 Semesters

(6 Months)

Basic Cyber Forensics 3 – 5 Days

ThiruvananthapuramAdvanced Cyber Forensics 2 Weeks

Education and Training Programmes

Future Emphasis

• Scalable, Robust and Standard compliant security solutions• Securing Hardware Systems• Common Criteria Certification • Secure Software engineering & coding practices• End to End Enterprise Security Suite• Gear up for Global Competition• Standardizing the training programmes across centres

Ongoing Research

Ongoing Research• Cyber Forensics• Enhancements in Enterprise Forensics System • Development of Advanced Cyber Forensics Tools

• Tools for Cloud Forensics; Multimedia Forensics; Financial Fraud Analysis; Satellite phones & GPS devices Forensics; Malware Forensics; Data Mining & Visualization

• Embedded & Critical Systems Forensics• Data Recovery from Damaged & Magnetically erased media• Setting up of CF training centre

Cloud Security

Mobile Security

SCADA Security

Ongoing ResearchUTM (Unified Threat Management) Appliance • Stateful Analysis • Intrusion detection and Prevention• Gateway antivirus• Gateway anti-spyware• Content filtering • IPSEC & VPN• Network and Bandwidth Management

Dynamic Firewall• Behaviour model for evolving new firewall rules dynamically• Methods to validate and verify the rules against conflicts, errors and

inconsistency.

Insider Attack Detection• Data collection

• Extensive Logging (Network and Host)• Traffic capture, decode application specific protocols (like HTTP, DNS..)• Collect Vulnerability Assessment information of all hosts

• Behavior Based model• Event Correlation

Moving Towards Trustworthy Systems: R&D Essentials

• “If you are playing a game you can’t win, Change the Game”

• Three game Changing Concepts:– Moving Target (MT) – systems that move in multiple

dimensions to the attacker’s disadvantage and to increase resiliency

– Tailored Trustworthy Spaces (TTS) – Security tailored to the needs of a particular transaction rather than the reverse

– Cybereconomic Incentives- a landscape of incentives that reward good cyber security and ensure that crime does not pay