Privacy and Data Integrity

Document Sample
Privacy and Data Integrity Powered By Docstoc
					                 Privacy and Data Integrity

               Alexander Zangerl (az@bond.edu.au)

                             Bond University




Privacy and Data Integrity                          1 / 33
Privacy in a Public World?
      ”Privacy, discretion, confidentiality, and prudence are
      hallmarks of civilization.”




       Privacy and Data Integrity                              2 / 33
Mark Zuckerberg about his very willing sheep
      Mr. Facebook in an IM discussion about his access to lots of
      personal details of his users:
      ’People just submitted it.
      I don’t know why.
      They "trust me".
      Dumb fucks.’
      http://www.theregister.co.uk/2010/05/14/facebook_
      trust_dumb/




       Privacy and Data Integrity                                    3 / 33
Privacy on a Public Network?!?
      ”sure. that’s what encryption and authentication were
      invented for.”
      unfortunately, the reality is a bit less simple.




       Privacy and Data Integrity                             4 / 33
privacy versus the law
       claim: ”privacy means the law can’t catch child porn and
       terrorists”
       rebuttal: while most people wish that child pornography and
       terrorism did not exist, humanity should not be deprived of
       their freedom to communicate just because of how a very
       small number of people might use that freedom.
       also restricting privacy does not eradicate illegal activity!
       cf.:
              prohibition in the USA in the 1920s




        Privacy and Data Integrity                                     5 / 33
Key Escrow and The Inevitable Outcome
      "Mary had a little key,
      She kept it in escrow
      And everything that Mary sent
      The Feds were sure to know."
      source: Sam Simpson




       Privacy and Data Integrity       6 / 33
Privacy vs. Confidentiality
       obverse sides of the same coin
       privacy: keeping /personal/ information secret
       confidentiality: keeping information secret because of
       obligation owed to other party, law etc.
       both are issues mostly centered around access control




        Privacy and Data Integrity                             7 / 33
Anonymity
     cousin of privacy
     harder to accomplish than just keeping communication private
     but at least as important!
     think censorship, ’political correctness’,




      Privacy and Data Integrity                                    8 / 33
Threats against Privacy
      instances:
             Rampant Data Collection
             Retention and Feature Creep
             Cryptanalysis
             Traffic Analysis
             Software Bugs/Design ”Features” the lead to data leakage
             Cookies
             Web Bugs




       Privacy and Data Integrity                                       9 / 33
Rampant Data Collection
      eg.:
             google sniffing wifi’s when trolling streets
             http://www.theaustralian.com.au/australian-it/
             privacy-class-action-in-offing-for-google/
             story-e6frgakx-1225872739268
             http://privacy.org.au/




       Privacy and Data Integrity                             10 / 33
Retention and Feature Creep
      the originally stated usage of your data is a promise that is
      always violated.
      eg.:
             upcoming Oz driving licences
             http:
             //www.efa.org.au/Publish/efasubm-qt-nqdl.html
             http://www.parliament.nsw.gov.au/Prod/parlment/
             hansart.nsf/V3Key/LC20041209052




       Privacy and Data Integrity                                     11 / 33
Software Bugs/Design ”Features” the lead to data leakage
      example mis-feature: CSS :visited pseudoclass
      http://wtikay.com/docs/overview.html




       Privacy and Data Integrity                     12 / 33
Cookies
      cookies are nice for keeping state during web ”session”,
      but long-term cookies are bad:
      no technical reason
      only good for statistic analysis,
      marketing, advertisement-tracking,
      customer analysis...




          Privacy and Data Integrity                             13 / 33
Web Bugs
     almost ”invisible” piece of information
     empty images, empty web page
     tracks who is accessing web pages, from where, what browser,
     referrer...
     http://www.eff.org/Privacy/Marketing/web_bug.html




      Privacy and Data Integrity                                    14 / 33
Unwelcome Facts re Confidentiality
      disclosure, controlled or not, permanently relinquishes any
      control over the data
      once data is disclosed it’s out there, forever - especially bad
      for privacy
      (2008: google is estimated to have a few petabytes of data)
      access control is, in the end, the only tool available
      ...but with active components everywhere in our computer
      interaction leakage is hard to control
      eg:
             having to enable javascript for sites, service using
             googleapis.com
      overall, privacy policies aren’t worth the non-paper they’re not
      printed on anyway.



       Privacy and Data Integrity                                        15 / 33
Anonymous Proxies
      web proxies that do not keep logs
      some of them actively strip certain headers (referrer,
      forwarded-for,...)
      http://www.samair.ru/proxy/




       Privacy and Data Integrity                              16 / 33
Anonymous P2P Systems
     not (only/necessarily) for filesharing
     not really anonymous, but hard to trace
     idea: comms in a mesh with messages routed through
     multiple nodes
     eg:
            mixmaster anon remailers, anon web proxies, anonymous
            electronic money
     http://en.wikipedia.org/wiki/Anonymous_P2P




      Privacy and Data Integrity                                    17 / 33
Anonymous Remailers
      specialized kind of email server
      remailer software strips clean outgoing eamil of any identifying
      info
      remailer operator does not know you, nor wants to
      does not keep logs
      remailers can and should be chained
      http://www.eskimo.com/%7Eturing/remailer/FAQ/
      http:
      //www.sendfakemail.com/%7Eraph/remailer-list.html




       Privacy and Data Integrity                                        18 / 33
anon remailer software
      two common kinds of software
      instances:
             Cypherpunk Remailers
             Mixmaster Remailers




       Privacy and Data Integrity    19 / 33
Cypherpunk Remailers
      also called ”Type I” remailer
      accepts messages encrypted with its PGP key.
      specific message format must be followed
      message is then sent in clear to intended recipient




       Privacy and Data Integrity                           20 / 33
Mixmaster Remailers
      http://mixmaster.sourceforge.net/faq.shtml
      ”Type II” remailer
      accepts messages in the Mixmaster format, not PGP but
      something similar
      messages are multiply encrypted, sent through chains of
      remailers
      each remailer peels off one layer of encryption
      final one sends out email to recipient
      makes traffic analysis much more difficult!
      also makes messages all the same size (28.1kb), reordering,
      etc.




       Privacy and Data Integrity                                   21 / 33
(pseudo)nyms and anon remailers
      after remailers done: email has no from anymore
      (well, doh! that’s what anonymity is all about...)
      -> nobody can reply
      solution: use remailers plus nym servers
      nym servers provide anonymous email boxes
      other nym servers allow posting of messages into
      alt.anonymous.messages
      problematic operation nowadays, not many such servers left
      http://www.lcs.mit.edu/research/anonymous.html




       Privacy and Data Integrity                                  22 / 33
Onion Routing
      http://www.onion-router.net/
      provides flexible communications infrastructure, resistant to
      eavesdropping and traffic analysis
      application talks to onion proxy, builds anon connection
      through several other onion proxies to the dest
      one layer of encryption for each onion proxy
      each onion proxy removes ”its” encryption layer
      result:
             traffic looks different everywhere
             traffic analysis hard to impossible
      real-time and bi-directional communication
      application-independent




       Privacy and Data Integrity                                    23 / 33
The Onion Router
      TOR
      general-purpose ”onion-routing” system
      similar to remailers but for any TCP-based communication
      visible as SOCKS proxy to client
      traffic is sent using a virtual circuit (chain) made up from
      multiple TOR peers
      each peer only knows the previous and next chain peer, each
      unwraps one layer of encryption
      eventually an ”exit node” sends data in clear to the final
      destination.
      history:
             initial release 2003, then US Naval Res Lab sponsored
             since then supported by EFF, now non-profit organization
      http://www.torproject.org/
      http:
      //en.wikipedia.org/wiki/Tor_(anonymity_network)
       Privacy and Data Integrity                                      24 / 33
Freenet
      http://www.freenetproject.org/
      large-scale peer-to-peer network
      pools the power of peers to create a virtual information store
      network is built first and foremost with anonymity in mind
      communication is encrypted and are ”routed-through” other
      nodes
      makes it difficult to determine who is requesting the
      information
      users contribute bandwidth and data store, no control over
      what is stored, encrypted storage




          Privacy and Data Integrity                                   25 / 33
GnuNet
     decentralised, secure and private p2p networking system
     is an anonymous, distributed, reputation based network
     main appl: censorship-resistant file sharing
     allows anonymous censorship-resistant file-sharing
     effort to ensure anonymity: much higher latency than WWW
     linklevel encryption, anonymity, traffic dispersal
     peers form and use ”opinion” on nearby nodes for request
     routing
     contribute to the network -> rewarded with better service
     is leech resistant, uses trust-based economic model
     http://www.ovmj.org/GNUnet/




         Privacy and Data Integrity                              26 / 33
Mixmaster for Anonymous Publishing
      mixmaster is an anonymous email remailer system
      supports onion-routing for email
      one application: anonymously published blogs
      2008: this blog provider unfortunately defunct
      eg.:
             http://invisiblog.com/




       Privacy and Data Integrity                       27 / 33
Disposable Email
      control the leakage by following the data flows
      use ephemeral, short-lived email addresses
      use MANY different ones, ideally one per not-quite-trusted
      party
      once attracting spam: cancel address, blacklist leaker
      cheap, simple but quite effective
      (my personal setup: one subdomain with list of who got what
      addy, and leaked it when/where)
      eg.:
             http://trash-mail.com/




       Privacy and Data Integrity                                   28 / 33
NoScript
      most essential tool for keeping leakage in Firefox browsers
      controllable
      together with ”no cookies, period”, excepting only explicitely
      whitelisted sites
      and not using evil black box tech like flash, silverlight et.al.
      http://noscript.net/




       Privacy and Data Integrity                                       29 / 33
A Bruce Schneier Quote
      "Trying to make digital files uncopyable
      is like trying to make water not wet."
      http://www.schneier.com/blog/




       Privacy and Data Integrity                30 / 33
Unwelcome Facts re Data Integrity
      anything beyond pencil+paper requires trust in the tool
      anything that only computers can do: requires full trust in a
      generally very untrustworthy entity
      cf.:
             physical security, tampering with the hardware, circumventing
             access control etc.




       Privacy and Data Integrity                                            31 / 33
Tamper Resistance
      real tamper resistance for mass-market devices: forget it
      reason:
             way too costly and cumbersome to mass market
      eg.:
             crypto co-processors like IBM 4758, cheap stuff like iButtons...
             Smart cards like GSM SIM cards...
      practically all of them hackable, as an environment if not
      directly at the hardware level
      http:
      //hackaday.com/2009/07/09/hacking-an-ibutton/
      http://en.wikipedia.org/wiki/IBM_4758
      best practical outcome: Tamper Evidence (HW) rsp.
      detection of tampering (Data)



       Privacy and Data Integrity                                              32 / 33
A John Gilmore Quote
      "Be very glad that your PC is insecure - it means that
      after you buy it, you can break into it and install
      whatever software you want. What YOU want, not what
      Sony or Warner or AOL wants."
      http:
      //en.wikipedia.org/wiki/John_Gilmore_(activist)
      homepage:
             http://www.toad.com/gnu/




       Privacy and Data Integrity                              33 / 33

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:4
posted:11/15/2011
language:English
pages:33