Pervasive Monitoring and the Internet

Similar documents
Security Protocols HTTPS/ DNSSEC TLS. Internet (IPSEC) Network (802.1x) Application (HTTP,DNS) Transport (TCP/UDP) Transport (TCP/UDP) Internet (IP)

Security Protocols/Standards

3.2: Transport Layer: SSL/TLS Secure Socket Layer (SSL) Transport Layer Security (TLS) Protocol

Operating System Security

SSL BEST PRACTICES OVERVIEW

Secure Socket Layer/ Transport Layer Security (SSL/TLS)

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Web Security Considerations

Key Management (Distribution and Certification) (1)

A Server and Browser-Transparent CSRF Defense for Web 2.0 Applications. Slides by Connor Schnaith

Outline. INF3510 Information Security. Lecture 10: Communications Security. Communication Security Analogy. Network Security Concepts

Applying Cryptography as a Service to Mobile Applications

Bit Chat: A Peer-to-Peer Instant Messenger

Security Considerations in Cloud Deployments Matthew Garrett

Revealed: how US and UK spy agencies defeat internet privacy and security

Securing the SSL/TLS channel against man-in-the-middle attacks: Future technologies - HTTP Strict Transport Security and Pinning of Certs

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

CS5008: Internet Computing

INF3510 Information Security University of Oslo Spring Lecture 9 Communication Security. Audun Jøsang

Chapter 7 Transport-Level Security

Lecture 10: Communications Security

WebSphere DataPower Release FIPS and NIST SP a support.

CS 494/594 Computer and Network Security

Network Security Essentials Chapter 5

WEB SERVICES SECURITY

Contents. Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008

W3C Web Crypto APIs. Status of current specifications and future plans. Virginie GALINDO chair of Web Crypto WG

COSC 472 Network Security

Secure Remote Password (SRP) Authentication

VoIP Security. Seminar: Cryptography and Security Michael Muncan

Network Security Part II: Standards

Strengths and Weaknesses of Cybersecurity Standards

Chapter 17. Transport-Level Security

Three attacks in SSL protocol and their solutions

Enova X-Wall LX Frequently Asked Questions

Security (II) ISO : Security Architecture of OSI Reference Model. Outline. Course Outline: Fundamental Topics. EE5723/EE4723 Spring 2012

Is Drupal secure? A high-level perspective on web vulnerabilities, Drupal s solutions, and how to maintain site security

Dr. Arjan Durresi. Baton Rouge, LA These slides are available at:

Secure distribution of the device identity in mobile access network. Konstantin Shemyak senior security specialist, Nokia Siemens Networks

Fighting Off an Advanced Persistent Threat & Defending Infrastructure and Data. Dave Shackleford February, 2012

SSL Server Rating Guide

Transport Level Security

Criminal charges are not pursued: Hacking PKI

Security Evaluation CLX.Sentinel

Authenticity of Public Keys

Building Robust Security Solutions Using Layering And Independence

Network Security Technology Network Management

Introduction to Computer Security

Cryptography and Key Management Basics

SSL/TLS: The Ugly Truth

Key Management. CSC 490 Special Topics Computer and Network Security. Dr. Xiao Qin. Auburn University

Vulnerabilità dei protocolli SSL/TLS

Is Your SSL Website and Mobile App Really Secure?

USB Portable Storage Device: Security Problem Definition Summary

SSL implementieren aber sicher!

Communication Systems 16 th lecture. Chair of Communication Systems Department of Applied Sciences University of Freiburg 2009

Real-Time Communication Security: SSL/TLS. Guevara Noubir CSU610

Secure Sockets Layer

White paper. Why Encrypt? Securing without compromising communications

CSC 474 Information Systems Security

SSL and Browsers: The Pillars of Broken Security

Regional cyber security considerations for network operations. Eric Osterweil Principal Scientist, Verisign

High Security Online Backup. A Cyphertite White Paper February, Cloud-Based Backup Storage Threat Models

CPA SECURITY CHARACTERISTIC TLS VPN FOR REMOTE WORKING SOFTWARE CLIENT

SecureCom Mobile s mission is to help people keep their private communication private.

IT Networks & Security CERT Luncheon Series: Cryptography

Virtual Private Networks (VPN) Connectivity and Management Policy

Securing an IP SAN. Application Brief

Lecture 9 - Network Security TDTS (ht1)

Linux Access Point and IPSec Bridge

THE UNIVERSITY OF TRINIDAD & TOBAGO

SSL, PKI and Secure Communication

Information Security Basic Concepts

Report to WIPO SCIT Plenary Trilateral Secure Virtual Private Network Primer. February 3, 1999

IAIK. Motivation 2. Advanced Computer Networks 2015/2016. Johannes Feichtner IAIK

Wireless Security Overview. Ann Geyer Partner, Tunitas Group Chair, Mobile Healthcare Alliance

Web Security (SSL) Tecniche di Sicurezza dei Sistemi 1

Practical Yet Universally Composable Two-Server Password-Authenticated Secret Sharing

Architecture. The DMZ is a portion of a network that separates a purely internal network from an external network.

The Feasibility and Application of using a Zero-knowledge Protocol Authentication Systems

True Identity solution

Secure Use of the New NHS Network (N3): Good Practice Guidelines

Payment Card Industry (PCI) Terminal Software Security. Best Practices

Site to Site Virtual Private Networks (VPNs):

Transcription:

Pervasive Monitoring and the Internet Jari Arkko Stephen Farrell Richard Barnes IETF {Chair, SEC AD, RAI AD}* *) Speaking as individuals & this presentation contains forward looking statements What do we know? What are the implications? What can we do? 1

Background This year s allegations about the NSA, GCHQ, etc. But actually a wider issue around the world Not a surprise as such, but the scale and tactics have been surprising Strong reactions from many directions 2

Scope for This Discussion We should not have a political discussion Or use this forum to criticize activities But we MUST understand what dangers in general face Internet traffic And we SHOULD have an idea how Internet technology can better support security and privacy 3

These Are Attacks from the Perspective of Internet Protocols... or indistinguishable from attacks Retrieved information could be used for good or bad; consider thieves stealing passwords Anything indistinguishable from an attack must be considered an attack 4

Likely Attack Vectors Unprotected communications (duh!) Direct access to the peer Direct access to keys (e.g., lavabit?) Third parties (e.g., fake certs) Implementation backdoors (e.g., RNGs) Vulnerable standards (e.g., Dual_EC_DBRG) 5

Vulnerable Standards? Bad random number generators (case Dual_EC_DBRG withdrawn NIST) Weak crypto (case RC4 & TLS) Some claims about other vulnerabilities in IETF standards (IPsec) and elsewhere but personally we believe this to be unlikely 6

What Can the Engineers Do? Technology may help - to an extent - but does not help with communications to an untrusted peer Prevent some attacks, make getting caught more likely,... We need to do and be seen doing as much as we can - this is about the security of the Internet - and the time window is now 7

What Is the IETF Doing? Discuss the topic - openly PERPASS, Plenary, IAB WS, WGs, RIPE,... Work on the problem: threats, potential solutions... A list at http://down.dsg.cs.tcd.ie/misc/perpass.txt Specific proposals: TLS algorithms & PFS Ongoing efforts with impacts: HTTP 2.0, TLS 1.3 8

Some Directions for Protection Unprotected communications - protect them! Vulnerable standards - public review, decommissioning old algorithms, additional review Implementation backdoors - diversity, open source, review 9

Final Words A crisis is painful, but it can also be an opportunity Maybe this is a reminder to us that there are challenges in Internet security [duh] We could now do even more than before: there s motivation, the web stack is undergoing significant evolution right now, TLS traffic is surging,... It will not be easy - but set a high goal: web traffic 90% encrypted in 2016? 10

Welcome to Vancouver! November 3-8, 2013 Wed 9am: Technical Plenary (IAB, Bruce Schneier,...) Wed 1pm: Handling Pervasive Monitoring in the IETF (BOF)... PERPASS list at https://www.ietf.org/mailman/listinfo/perpass 11

Thank You 12

Backup Slides for Reference and Links (Note: We do not know how reliable and/or opinated this material is; it is merely provided here for your reference and easy access to the claims.) 13

Types of Reactions Various political and personal reactions Used as an argument in IG discussions NSA-envy in other intelligence agencies Increased the need for more diverse Internet (more IXPs, cables, services), good! Increased the calls for more nationally controlled Internets, bad! Engineers wondering what we can do 14

Known Existing Activities Lawful interception is a fact, at least for individual users (for both services and access) In some cases at least header information is collected for all traffic States are known to monitor Internet traffic passing through them 15

Low-Level Stuff Doping h/w from various places in production http://people.umass.edu/gbecker/beckerches13.pdf Dual_EC_DBRG http://csrc.nist.gov/publications/nistbul/itlbul2013_09_supplemental.pdf http://arstechnica.com/security/2013/09/stop-using-nsa-influence-code-in-ourproduct-rsa-tells-customers/ Other (P)RNG code in kernels etc. often unsafe https://freedom-to-tinker.com/blog/nadiah/new-research-theres-no-need-panicover-factorable-keys-just-mind-your-ps-and-qs/ Stuxnet/Flame: different motive but similar modus-operandi http://www.h4ckr.us/library/documents/ics_events/stuxnet%20dossier %20(Symantec)%20v1.4.pdf Even more paranoid: compromised crypto APIs might leak key bits through use of IVs that appear random but are actually related to application data encryption key http://www.metzdowd.com/pipermail/cryptography/2013-september/017571.html 16

Mid-Level Stuff Tempora http://www.theguardian.com/uk/2013/jun/21/gchq-cables-secret-worldcommunications-nsa PRISM http://www.theguardian.com/world/2013/jun/06/us-tech-giants-nsa-data XKEYSCORE http://www.theguardian.com/world/2013/jul/31/nsa-top-secret-program-onlinedata Phone records http://www.theguardian.com/world/2013/sep/26/nsa-surveillance-intelligencechiefs-testify-before-senate-live-updates Financial records http://www.spiegel.de/international/world/spiegel-exclusive-nsa-spies-oninternational-bank-transactions-a-922276.html Email records http://www.theguardian.com/world/2013/jun/27/nsa-data-mining-authorisedobama 17

High-Level Stuff MitM attacks on popular web sites (collaborating PKI?) https://www.net-security.org/secworld.php?id=15579 Directed breaches of ISP/provider n/w in Belgacom http://www.spiegel.de/international/europe/british-spy-agency-gchq-hackedbelgian-telecoms-firm-a-923406.html Meta-data vs. data http://www.theguardian.com/technology/interactive/2013/jun/12/what-ismetadata-nsa-surveillance Databases of passwords, secret and private keys, incl. Kerberos! http://g1.globo.com/fantastico/noticia/2013/09/nsa-documents-show-unitedstates-spied-brazilian-oil-giant.html reports on programme, from which some screenshots were posted... http://leaksource.files.wordpress.com/2013/09/nsa-brazil-4.png (last bullet says Results can frequently be verified using Kerberos etc. data 18

Higher-Level Stuff Legal compulsion http://www.theguardian.com/world/2013/jun/12/microsoft-twitter-rivals-nsarequests Corporate collusion (non-objective:-) http://www.phibetaiota.net/2013/06/rickard-falkvinge-nsa-as-poster-child-forgovernment-corporate-corruption-collusion-treason/ 19

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information