1 / 39

Lecture 21: How much do you trust your government?

Lecture 21: How much do you trust your government?.

dimaia
Download Presentation

Lecture 21: How much do you trust your government?

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Lecture 21: How much do you trust your government? There was of course no way of knowing whether you were being watched at any given moment...You had to live – did live, from habit that became instinct – in the assumption that every sound you made was overheard and, except in darkness, every movement scrutinized. George Orwell, 1984 (1948) Anonymous http://www.rewebber.com/surf_encrypted/MTBKb4IKq25YShD4yVMTkRoqWo1Bu8kpFHRYfkT48tTCovuKp7Cktazai94gqryx2aHjXyqVzAEgNpFMDvxmbvyVIByOstd5h5h9vlgkO3z6xFxiQ+xJ0eNrRNr3bjVa6uQ= CS551: Security and Privacy University of Virginia Computer Science

  2. Menu • Surveillance • Echelon, TEMPEST, Carnivore • Anonymity • Email, Browsing, Publishing University of Virginia CS 551

  3. UKUSA • Secret agreement in 1948 • NSA, GCHQ (UK), CSE (Canada), DSD (Australia), GCSB (New Zealand) • Listening stations throughout world • Monitor satellite, microwave, cellular and fiber-optic communications traffic • Voice recognition and OCR • Dictionary of suspicious phrases University of Virginia CS 551

  4. Echelon • Established for allies to spy on Soviets during cold war • More recently: justified as counter-terrorism • Listening stations directed at Intelsat satellites – intercept majority of inter-continental communications University of Virginia CS 551

  5. Echelon Echelon Intercept Station, Menwith Hill, England University of Virginia CS 551

  6. Questionable Uses of Echelon • Political spying: • British Prime Minister Margaret Thatcher used Echelon (Canada) to spy on ministers suspected of disloyalty (1983) • Senator Strom Thurmond, Congressman Michael Barnes • Target Amnesty International, Greenpeace, etc. • Commercial espionage • Liason to Department of Commerce, uses intelligence to help American companies get contracts • 1993 – Clinton asked CIA to spy on Japanese auto makers designing zero-emissions vechicles, and send information to GM, Ford and Chrysler University of Virginia CS 551

  7. TEMPEST University of Virginia CS 551

  8. van Eck Monitoring • All electronic equipment emits electromagnetic radiation • Can see what is on someone’s screen with a large antenna outside their office • TEMPEST (Telecommunications Electronics Material Protected from Emanating Spurious Transmissions ?) • Secret NSA standard for low-emissions computers • Lots of money wasted because of unreasonable paranoia (probably) University of Virginia CS 551

  9. Carnivore ChainMail’s Antivore University of Virginia CS 551

  10. Carnivore From http://www.fbi.gov/programs/carnivore/carnlrgmap.htm University of Virginia CS 551

  11. Carnivore History • Fourth Amendment prohibits unreasonable searches • Title III Omnibus Crime Control Act (1968) • FBI may obtain a court order to intercept electronic communications • Requires service providers to assist law enforcement in tapping wires • Carnivore designed to be precise filter • Court order can require ISP (Internet Surveillance Point) to install Carnivore University of Virginia CS 551

  12. How can we know Carnivore isn’t sending FBI more than it should? • Have an independent organization write a firewall that looks at transmissions from Carnivore to FBI • Have an independent organization examine the Carnivore source code • Trust them, the FBI would never abuse the information anyway. FBI’s choice University of Virginia CS 551

  13. Carnivore Examination • FBI refused to open source • DOJ solicited proposals to review Carnivore source – 11 proposals • All “good” places (MIT, Purdue, Dartmouth, UCSD) withdrew after FBI said they couldn’t publish source code and FBI would have complete control over report • Selected Illinois Institute of Technology Research Institute • Paid them ~$175,000 to say Carnivore is okay University of Virginia CS 551

  14. IITRI Report (Nov 22) • Carnivore technology “protects privacy and enables lawful surveillance better than alternatives.” • Carnivore “does not provide protections, especially audit functions, commensurate with the level of the risks” • Carnivore “reduces, but does not eliminate” the risk of unauthorized interception of electronic communication by the FBI University of Virginia CS 551

  15. What is a paranoid emailer/web browser/ web publisher to do? University of Virginia CS 551

  16. Defenses • Encryption • Can be broken • Even if not, it still reveals parties communicating (e.g., you visited Amnesty International’s web site) • Anonymity Services • Hide identity • Still provide 2-way communication University of Virginia CS 551

  17. To: bob@bob.com From: anon@sas.com “Someone likes you.” Simple Anonymity Service SAS Alice To: remailer@sas.com Request-remail-to: bob@bob.com “Someone likes you.” Bob University of Virginia CS 551

  18. Problems with SAS • Bob can’t reply to sender • Eavesdropper can see messages • Traffic monitoring could detect traffic from Alice to Bob • ... University of Virginia CS 551

  19. anon.penet.fi anon.penet.fi Alice To: remailer@anon.penet.fi From: alice@wonderland.edu Request-remailing-to: bob@bob.com “Someone likes you.” Bob To: bob@bob.com From: 4yg029657@anon.penet.fi <anon> “Someone likes you.” University of Virginia CS 551

  20. anon.penet.fi Shutdown • Church of Scientology wanted to prevent online publication of Church documents (anonymously posted from anon.penet.fi) • Church convinced Finnish police to force Julf Helsingius, operator of anon.penet.fi to reveal true identity (1995) • Shut down anon.penet.fi remailer University of Virginia CS 551

  21. Chain Remailers Can tell MA is from Alice remailer.gamma.com MA’ MA Alice remailer.omega.com MA’’ Can tell MA’’ is going to Bob Bob University of Virginia CS 551

  22. Chain Remailing • Alice randomly picks n remailers from a list of servers • Each server has a public-private key pair. Alice knows KUn. • The ith server gets EKUi[address of i+1st server || EKUi+1 [i+2nd server || EKUi+2 [ ... ]]] University of Virginia CS 551

  23. 2-Chain Remailing • Alice sends Server 1: EKU1 [Address2, EKU2 [AddressBob]] • Server 1 uses KR1 to decrypt: DKR1 [EKU1 [Address2, EKU2 [AddressBob]]] = Address2, EKU2 [AddressBob] • Sends EKU2 [AddressBob] (and message) to Address2. • Both Server 1 and Server 2 must conspire to know Alice sent a message to Bob University of Virginia CS 551

  24. M2 M1 Eve remailer 1 remailer 2 Alice remailer 3 Bob Where must Eve listen to network to discover Alice and Bob are communicating? University of Virginia CS 551

  25. Thwarting Eavesdroppers • Need to make sure incoming/outgoing messages can’t be matched: • Make sure in/out messages can’t be matched: all messages look the same • Make sure each remailer is transmitting lots of messages (add dummy ones if necessary) University of Virginia CS 551

  26. Cypherpunk Remailers • Add encryption layers around message, one is removed on each hop • Stall for random time at each remailer before forwarding From http://www.obscura.com/~loki/remailer/remailer-essay.html • Vulnerabilities: • Message shrinks each hop (length reveals path) • Replay attacks University of Virginia CS 551

  27. Mixmaster • Chaum, Cottrell 97 • Each header contains RSA-encrypted information about next hop and 3DES key for decrypting message • 20 hops: message is encrypted 20 times with different 3DES keys From http://www.obscura.com/~loki/remailer/remailer-essay.html University of Virginia CS 551

  28. Replay Attacks • Each packet has a unique ID • Mixmaster remailer keeps track of all IDs it has seen, if it gets a packet with the same ID it drops it • Since ID is in header encrypted with remailer’s public key, no way for attacker to change ID without also changing header University of Virginia CS 551

  29. Onion Routing • Not just email – do the same thing with all IP packets • NRL (http://www.onion-router.net/) • Sender picks random servers for send and return, encrypts with server public keys in reverse order • Each server decrypts one header to find next destination, mangles packet so it is not recognizable University of Virginia CS 551

  30. Anonymous Web Browsing • Janus: (rewebber.com) • URL U http://www.rewebber.com/surf-encrypted/Ek (U) rewebber.com (rewrites links) Alice Ek (http://www.cs.virginia.edu/~evans/cs551) www.cs.virginia.edu Alice’s boss sees request to rewebber.com Log shows request from rewebber.com University of Virginia CS 551

  31. Anonymous Publishing • Use the rewebber URL: http://www.rewebber.com/surf_encrypted/MTCyWd$c6R5Nx0bexTDUG4YwzANYBiA300hz3CxsG3QIXdcPYrnoq2zAs22IPv34GRCLXqG49zQpFvR8r++TNI84Sd6$EKxJgogHZPlOOaqSlJ3H+1D+oj5swX+vws8Umtk= • Doesn’t prevent censoring • Not robust (server can still be attacked) University of Virginia CS 551

  32. Publius • [Mark Waldman (NYU), Avi Rubin (AT&T), Lorrie Cranor (AT&T, visiting UVa Jan 24th) 2000] • “Publius” – pseudonym used by Alexander Hamilton, John Jay and James Madison to publish Federalist Papers • “Robust, tamper-evident, censorship-resistant web publishing system” University of Virginia CS 551

  33. Publius Overview • Content encrypted using K and spread over several web servers • K is split into n shares, such that k are needed to reproduce K (but k – 1 reveal no information) • Shamir Secret Sharing (PS1) • Content is tied cryptographically to URL used to retrieve document – can tell if retrieved document was tampered with University of Virginia CS 551

  34. Publishing • Publisher generates random key K. • Randomly selects n Publius servers. • Each server gets EK (M) and a share of K. • URL concatenates name for each server (cryptographically generated based on both M and server location) University of Virginia CS 551

  35. Naming Servers for i = 1 to n name = hash (M + share[i]) name = XOR (name65-128, name1-64) location = name MOD serverListSize + 1 if location is unique publiusURL = publiusURL + name keep track of this location else can’t give 2 shares to same location start over with different random K University of Virginia CS 551

  36. Retrieving from Publius • URL is name1, ..., namen. • locationi = namei mod serverListSize + 1. • Retrieve a key share from k randomly chosen locations (associated with URL). • Randomly, retrieve EK (M) from one location. • Combine all key shares and decrypt to retrieve M. • Check hashes to make sure M is untampered. If not, try again. (Different locations.) University of Virginia CS 551

  37. How do you prevent denial of service attacks on anonymous services? • anon.penet.fi: severe limits on size and number of messages any user could send, several days delay for all messages • Chaining remailers – can’t do this, since they can’t identify users • Hash cash – require senders to do some work University of Virginia CS 551

  38. Hash Cash • Before publishing, server sends publisher challenge: c, b. • To publish, publisher must respond with s such that at least b bits of H(c + s) match b-bits of H(s). • To find a 19 bit SHA-1 collision takes about 20 seconds • Later use real digital cash... University of Virginia CS 551

  39. Charge • There are some good reasons for anonymity • Organizing against oppressive governments • Whistleblowing, anonymous feedback, etc. • Anonymity is dangerous • Criminal transactions, child porn, etc. • Lots of legal/political/moral issues to resolve... • Next time: groups 1-3 and 10-12 presentations • If you want to practice your presentation to me, talk to me now to arrange a time (if you haven’t already). University of Virginia CS 551

More Related