CS 177 Computer Security Lecture 18

Transcription

CS 177 Computer Security Lecture 18
CS177
ComputerSecurity
Lecture18
StefanoTessaro
tessaro@cs.ucsb.edu
Finalinformation
FinalwilltakeplaceThursdayintwoweeks.
Finalwillbe3hours
Similarstyleasmidterm
Youareallowedtotakewithyou4letter-sized
sheets(i.e.,8pages)ofhandwritten notes
Willpublishlistoftopics.Q&AnextWednesday.
•
•
•
•
Today
•
•
•
•
Wiretappingandsurveillance
AnonymityandTor
Censorship
Dataprivacy
Socialissuesincomputersecurity
Privacyoftencompromisedinfavorof:
• Nationalsecurity
• Businessand/orscientificpractices
Ongoingdebate
Privacyhelpsthebad
guys.Goodguys
shouldn’tworry,they
havenothingtohide.
vs.
“Arguingthatyoudon’tcare
abouttherighttoprivacy
becauseyouhavenothingto
hideisnodifferentthan
sayingyoudon’tcareabout
freespeechbecauseyou
havenothingtosay.”
Keyissue: Lossofprivacyoftenhardtoassessatfirst,
andmayevenbringadvantages (e.g.,Facebook,social
media,etc).
Thisclass:Makeyourowninformed opinion!
AT&TWiretapcase[2006]
• MarkKleindisclosespotential
wiretappingactivitiesbyNSAat
SanFranciscoAT&Toffice
• Fiberopticsplitteronmajortrunk
lineforInternetcommunications
– Electronicvoiceanddata
communicationscopiedto“secret
room”
– Narus STA6400device
Wiretapsurveillance
Interceptiongear
Other
major
backbone
Other
major
backbone
AT&T
network
MAE-West
(Metropolitan AreaExchange,
West)
LargeamountsofInternettrafficcrossrelativelyfew
keypoints
Typesofpacketinspection
IPdatagram
IPheader
TCPheader
Internetserviceproviders
needonlylookatIPheaders
toperformrouting
Appl header
userdata
Deeppacketinspection(DPI)
analyzesapplication
headersanddata
Shallowpacketinspection
investigateslower
levelheaderssuchas
TCP/UDP
Isdragnetsurveillancetechnologically
feasible?
• CAIDAhaslotsofgreatresourcesfor
researchersabouttrafficlevels
• FromtheirSanJoseA tier-1backbonetap:
http://www.caida.org/data/realtime/passive/?monitor=equinix-sanjose-dirA
From
http://narus.com/index.php/product/narusinsi
ght-intercept
Lawfulintercept
• CALEA
– CommunicationsAssistanceforLawEnforcementAct
(1995)
• FISA
– ForeignIntelligenceSurveillanceAct(1978)
– Demarkboundariesofdomesticvs.foreignintelligence
gathering
– ForeignIntelligenceSurveillanceCourt(FISC)provides
warrantoversight
– ExecutiveorderbyPresidentBushsuspendneedforNSA
togetwarrantsfromFISC
• Almostallnationalgovernmentsmandatesomekindof
lawfulinterceptcapabilities
Preventingintercept
• End-to-endencryption(TLS,SSH)
Interceptiongear
IP:
1.2.3.4
Other
major
backbone
AT&T
network
IP:
5.6.7.8
• Whatdoesthisprotect?Whatdoesitleak?
• Whatcangowrong?
End-runaroundHTTPS
• HTTPSterminatedatedgeofGooglenetworks
• Internaldatacenter-to-datacenter
communicationsonprivatelyleasedlines
– Noencryptionupuntillastsummer
Hidingconnectivityisharder
• “Metadata”isuseful
• IPaddressesarerequiredtoroute
communication,yetnotencryptedbynormal
end-to-endencryption
– 1.2.3.4talkedto5.6.7.8overHTTPs
• Howcanwehideconnectivityinformation?
Tor(TheOnionRouter)
Interceptiongear
IP:
1.2.3.4
Other
major
backbone
AT&T
network
IP:
5.6.7.8
TorNode
7.8.9.1
Other
major
backbone
TorNode
9.1.1.2
TorNode
8.9.1.1
IP:
1.2.3.4
7.8.9.1
8.9.1.1
Src:
9.1.1.2
Onionrouting
Src:
8.9.1.1
Src:
7.8.9.1
Src:
1.2.3.4
Dest:
7.8.9.1
Dest:
8.9.1.1
IP:
5.6.7.8
9.1.1.2
Dest:
9.1.1.2
Dest:
5.6.7.8
HTTP
packet
Encryptedw/9.1.1.2’spk
Encryptedw/8.9.1.1’spk
Encryptedw/7.8.9.1’spk
Torimplementsmorecomplexversionofthisbasicidea
Whatdoesadversarysee?
Src:
9.1.1.2
IP:
1.2.3.4
Dest:
5.6.7.8
HTTP
packet
Interceptiongear
Other
major
backbone
AT&T
network
IP:
5.6.7.8
TorNode
Other
major
backbone
TorNode
TorNode
7.8.9.1
9.1.1.2
Torobfuscateswhotalkedtowho,needend-to-end
8.9.1.1
encryption(e.g.,HTTPS)toprotectpayload
Tor– Bridgesvs.Relays
• Relays
– NodesintheTornetwork
• Bridges
– Non-publicrelays(canbeusedtobypassfiltering)
• Hiddenservices
– HostsonlyaccessibleviaTornetwork(aka,the
underworld)
– e.g.,silkroad
Otheranonymization systems
• Single-hopproxyservices
Anonymizer.com
• JonDonym,anonymousremailers(MixMaster,
MixMinion),manymore…
Surveillanceviathird-party
• “Thus,someSupremeCourtcaseshaveheldthatyouhave
noreasonableexpectationofprivacyininformationyou
have"knowinglyexposed"toathirdparty — forexample,
bankrecordsorrecordsoftelephonenumbersyouhave
dialed— evenifyouintendedforthatthirdpartytokeep
theinformationsecret.Inotherwords,byengagingin
transactionswithyourbankorcommunicatingphone
numberstoyourphonecompanyforthepurposeof
connectingacall,you’ve"assumedtherisk"thattheywill
sharethatinformationwiththegovernment.”
FromtheEFFwebsite
https://ssd.eff.org/your-computer/govt/privacy
Example:AT&THawkeyedatabase
• AllphonecallsmadeoverAT&Tnetworks
sinceapproximately2001
– Originatingphonenumber
– Terminatingphonenumber
– Timeandlengthofeachcall
Example:Googledatarequests
JulytoDecember2013
Fromhttp://www.google.com/transparencyreport/governmentrequests/userdata/
Shouldweprevent?Canwe?
• Onecanencryptdatathatisstored,butno
currentwaytoprotectdatathatneedstobeused
– Cryptographyofferssomesolution(searchable
encryption)
– Stillnotpracticalonlargescaleandsecuritynotso
wellunderstood
• Companiesareincreasinglyworriedabout
perceptionofgovernmentsurveillance
• Policy?
• Legalprotections?
Next:Censorship
CensorshipviaInternetfiltering
Src:
1.2.3.4
National
Internet
International
Internet
Dest:
5.6.7.8
Filtering equipment
• GoldenShieldProjectmostfamousexample
• Butmanyothernationsperformfilteringaswellincluding
• Iran,Syria,Pakistan(YouTubeanecdote)
• Turkey(twitterbanrecently)
• Singapore,Australia(proposedlegislation)
• Othercountries?
Bigbusiness
• ReportsofproductsbeingusedinSyria
– BlueCoat(http://www.bluecoat.com/)
– NetApp (http://www.netapp.com/)
• Iran,SaudiArabia
– SecureComputing’sSmartFilter software
– SecureComputingrecentlyboughtbyMcAffee
• EmbargospreventsellingdirectlybyUSA
companies,butresellerscandoso
Filtering
Src:
1.2.3.4
National
Internet
International
Internet
Filtering equipment
•
•
•
•
•
IPfiltering
DNSfiltering/redirection
URLfiltering
Packetfiltering(searchkeywordsinTCPpackets)
Protocolfiltering(detectTorprotocol)
Dest:
5.6.7.8
Circumventionoffiltering
Src:
1.2.3.4
National
Internet
International
Internet
• IPfiltering Filtering equipment
• Proxies
• DNSfiltering/redirection
• DNSproxy
• URLfilteringorPacketfiltering
• Encryption/Tunneling/obfuscation
• Protocolfiltering
• Obfuscationtechniques
Dest:
5.6.7.8
GoldenShieldProject
(GreatFirewallofChina)
IPfiltering
DNSfiltering/redirection
URLfiltering
Packetfiltering(searchkeywordsinTCPpackets)
• SendTCPFINbothways
• Protocolfiltering(Torisshutdown)
•
•
•
•
GreatFirewalltargetingofTor
(circa2011andbefore)
• EnumerateTorrelaysandfilterthem
Relayispublicly
listedTor node
BridgeisTornode
notpublicly listed
6#
Torproject-- www.torproject.org
66
addresses. The scanners connect to the respective bridge and try to
Tor connection (3). If it succeeds, the bridge is blocked.
GreatFirewalltargetingofTor
(circa2011-2012)
TLSconnectionswithparticular
ciphersuites flagged
Scanners
Tor user
DPI box
Tor bridge
From[Winter,Lindskog
2012]
Fig. 1. The structure of the Chinese Tor
blocking infrastructure.
Afte
identified a Tor connection to a bridge or relay, active scanners connect
machine and induce the block if the machine “speaks Tor”.
https://gist.github.com/da3c7a9af01d74cd7de7
TLSHandshake
Torclient
Torbridge
Pickrandom Nc
ClientHello, MaxVer,Nc,Ciphers/CompMethods
ServerHello, Ver, Ns,SessionID,Cipher/CompMethod
Pickrandom Ns
TorusesTLSforpoint-to-pointcommunciations,
includingfirsthop
Torclientsusedrelativelynon-standardCiphers
addresses. The scanners connect to the respective bridge and try to
Tor connection (3). If it succeeds, the bridge is blocked.
GreatFirewalltargetingofTor
(circa2011-2012)
TLSconnectionswithparticular
ciphersuites flagged
Scanners
Attempttoconnectto
dest IPbyTorclient
(sourceIPmaybespoofed)
Tor user
IfserverspeaksTor,thenIP
addedtoGFWblacklist
DPI box
Tor bridge
From[Winter,Lindskog
2012]
Fig. 1. The structure of the Chinese Tor
blocking infrastructure.
Afte
identified a Tor connection to a bridge or relay, active scanners connect
machine and induce the block if the machine “speaks Tor”.
https://gist.github.com/da3c7a9af01d74cd7de7
IslamicRepublicofIran
• EveryISPmustrun“content-controlsoftware”
– SmartFilter (upuntil2009)
– NokiaSiemensDPIsystems
• Accordingtowikipedia Facebook,Myspace,
Twitter,Youtube,Rapidshare,Wordpress,BBC,
CNN, allhavebeenfiltered
– BigWeb2.0securityofficeranecdotebywayof
RogerDingledine (Torproject):
• 10%(~10k)oftrafficviaTor
• 90%(~90k)oftrafficviaAmazon-hostedproxies
IranDPItoshutdownTor
• TormakesfirsthoplooklikeTLS/HTTPS
connection
TLSHandshake
Bankcustomer
Pickrandom Nc
Bank
ClientHello, MaxVer,Nc,Ciphers/CompMethods
ServerHello, Ver, Ns,SessionID,Cipher/CompMethod
CheckCERT
using CApublic
verificationkey
Pickrandom PMS
C<- E(pk,PMS)
Bracketnotation
meanscontents
encrypted
Pickrandom Ns
CERT=(pk ofbank, signatureoverit)
C
PMS<- D(sk,C)
ChangeCipherSpec,
{Finished, PRF(MS, “Clientfinished” ||H(transcript)) }
ChangeCipherSpec,
{Finished, PRF(MS, “Serverfinished” ||H(transcript’)) }
MS<- PRF(PMS, “mastersecret”||Nc ||Ns)
IranDPItoshutdownTor
• TormakesfirsthoplooklikeTLS/HTTPS
connection
• UseDPItofilterTorconnections:
– Torcertificateshaveshortexpirationdate
– Mostwebsiteshavelongexpirationdate
– Shutdownthoseconnectionswithshortexpiration
dates
• Torfixedvialongerexpirationdates
• Laterin2012:blocking/degradingallTLS
connections
ArabSpring
Next:DataPrivacy
Companiesandhealthcareproviders
exchange/releasedataonaregularbasis.
– Marketing,scientificstatistics,etc.
Strongregulations/lawsinplace
– e.g,HIPAAinhealthcareindustry
Dataisusuallyanonymized /sanitized
– e.g.byaddingnoise
Still:Mostlyanunsolvedproblem!
Anonymization
Basicanonymization techniques(delete“identifiers”,e.g.,
names,SSN,address)mostlyinsufficient.
http://arstechnica.com/tech-policy/2009/09/your-secrets-live-online-indatabases-of-ruin/
[Good news:Dr.Sweeneywasrecentlyappointed asheadtechnology officerattheFTC
…]
Example– NetflixChallenge
• DatasetreleasedonOctober2,2006
• 100mio ratingsfrom480knetflix subscribers
• Trainingdataconsistedofentries<user,
movie, date of grade, grade>,
wherefirsttwoentriesareintegerIDs.
• Goal: Improvealgorithmtopredictusers’
preferences
• $1mioprize
NetflixChallenge– Privacy?
• Movie/usernamehiddenbyintegerIDs
• Datawasintentionallyperturbed(while
retainingstatisticalproperties)
• Randomsubsetofdataset
“No,allcustomeridentifyinginformationhasbeenremoved;allthatremainsareratingsand
dates.Thisfollowsourprivacypolicy,whichyoucanreviewhere.Evenif,forexample,you
knewallyourownratingsandtheirdatesyouprobablycouldn’tidentifythemreliablyinthe
databecauseonlyasmallsamplewasincluded(lessthanone-tenthofourcompletedataset)
andthatdatawassubjecttoperturbation. Ofcourse,sinceyouknowallyourownratingsthat
reallyisn’taprivacyproblemisit?”
[Fromtheoriginal Netflix’sFAQ]
Whathappened?
• ExploitcorrelationsofmultipleDBs
• UsepartialIMDBdatafromspecific(known)user
• FindsamevotingpatternsinanonymousNetflix
DB
• Infervotesonothermoviesbysameuser,
learningtastepreferences,datesmovieshave
beenwatched, etc
– Oftenleakssensitiveinformation,suchaspolitical,
sexualorientation
Healthcaredata
33statessell
healthcaredata
Goal:Allow
researchers/
insurancesto
monitorstatusof
overallhealthcare
system
http://www.forbes.com/sites/adamlevin/2013
/07/18/is-your-state-selling-your-medicalhistory-for-pennies/
WAstatedeanonymization
“Patient-levelhealthdatafromtheStateofWashington
canbepurchased for$50.Thispubliclyavailabledataset
hasvirtuallyallhospitalizationsoccurringintheStateina
givenyear,includingpatientdemographics, diagnoses,
procedures, attendingphysician,hospital,asummaryof
charges, andhowthebillwaspaid.Itdoesnotcontain
patientnameoraddresses (onlyZIPs).”
Outcome: 43%ofdatasetdeanonymized usingnewspaper
accidentreports.
SweeneyL.MatchingKnownPatientstoHealthRecordsinWashington State
Data.HarvardUniversity.DataPrivacyLab.1089-1.June2013.
Dataflowsinhealthcare
http://thedatamap.org/
Solid line=
contains
personal
identifiers
DataflowsnotcoveredbyHIPAA
SmartMeters
http://green.blogs.nytimes.com/2
010/05/20/doctor-futurist-spythe-smart-meter/
“Withdatafromthousands ormillionsofsmart
meters,researcherscould designtoolsto
measurehowmanytimesadayarefrigerator
doorwasopened,relevanttodietaryand
obesityresearch, orsleeppatterns,relevantto
awiderangeofhealthresearch.”