CSE 127: Introduction to Security
Lecture 18: Privacy and Anonymity / Policy and Ethics
George Obaido
UCSD Spring 2022
Copyright By PowCoder代写 加微信 powcoder
Some material from and
Lecture outline
• Foundationsofprivacy
• Privacy-enhancingtechnologies
• PGP and modern encrypted messaging
• Tor and anonymous communication
• Privacy-respecting browsers (Tor, Firefox)
• Ethicalprinciples
• Lawsrelevanttosecurityresearchandpractice
What is privacy and why do we care?
Various definitions of privacy: • Secrecy
• Anonymity
• Solitude
Human rights and values: • Humandignity
• Mentalhealth
• Intimacy/relationships
Political and democratic values: • Libertyofaction
• Moral autonomy
The “crypto wars”: privacy vs. wiretapping
• Cryptowars1.0
• Late 1970s,
• US government threatened legal sanctions on
researchers who published papers about cryptography.
• Threats to retroactively classify cryptography research.
• Cryptowars2.0
• Main issues: Export control and key escrow
• Several legal challenges
• Cryptowars3.0
• Apple v. FBI
• Calls for “balance”
Why is anonymous communication hard?
Alice is anonymous communication hard?
Alice /network service providers (ISPs, Google, Facebook, etc.) can generally see all traffc or communications they handle.
Why is anonymous communication hard?
Under the Stored Communications Act (1986), the US government can compel service providers to turn over customer communications. Only requires a subpoena for “storage” or communications held longer than 180 days.
End-to-end encryption and service providers
Alice a message is end-to-end encrypted, the service provider may not have the plaintext.
End-to-end encryption and service providers
Law enforcement can always serve the customer with a search warrant for the decrypted communications.
End-to-end encryption and service providers “Key escrow” or “backdoored encryption”
EncpubFBI (k) subpoena Enck(m)
The US government has been asking service providers to design ways to overcome encryption for decades. Most reasonable proposals work something like this.
Pretty Good Privacy (PGP)
• WrittenbyPhilZimmermannin1991
• Response to US Senate bill requiring crypto backdoors (didn’t pass)
• Publickeyemailencryption“forthemasses”
• Signatures, public key encryption, or sign+encrypt
• Keymanagement
• Public keyservers
• Web of trust: users sign other users’ keys
• GrandjuryinvestigatedZimmermann1993–1996
• No indictment issued, but was a subject for violating export controls
• Fundamental insight: Knowledge about cryptography is public. In theory, citizens can circumvent government-mandated key escrow by implementing cryptography themselves.
PGP in the modern era
• PGPwasbuiltbeforemoderncryptographicprotocol design was properly understood.
• Numerousvulnerabilities
• GnuPGPandlibgcryptopensourceandquitewidely used
• Usabilityissues:mostexpertsunabletousePGP properly
• “Why Johnny Can’t Encrypt: A Usability Evaluation of PGP 5.0” by Whitten and Tygar
• “Why Johnny Still, Still Can’t Encrypt: Evaluating the Usability of a Modern PGP Client” by Ruoti et al.
https://xkcd.com/1181/
“If you want to be extra safe, check that there’s a big block of jumbled characters at the bottom.”
Message Encryption since PGP
• Formessaging,Signal,WhatsApp,oriMessageoffer modern end-to-end encryption.
• Modernprotocolstypically:
• Use Diffe-Hellman to negotiate ephemeral keys
• Use long-term authentication keys with out-of-band
fingerprint verification
• Offer “forward secrecy”:
• In theory, protects against key compromise at time t revealing plaintext of previous messages
• If sender or recipient store plaintext, this is more likely point of compromise
• Offer “deniability”:
• Message recipient can verify message integrity without a
third party being able to “cryptographically prove” that
sender sent the message.
• Cryptographically interesting, but likely legally irrelevant.
Crypto Wars 2.0
In the current debates about government-mandated weakening of cryptography, there are two scenarios of interest:
• Messageencryption.
• This is what we’ve talked about so far in lecture.
• Storageencryption.
• For example, unlocking iPhones.
• This is what the Apple v. FBI case was about.
In Apple v. FBI, the question was whether the government could compel Apple to break their own encryption mechanism with the All Writs Act. The government backed down and reportedly used a specialty consulting firm to unlock the phone.
Michael Hayden, former NSA director: “We kill people based on metadata.”
• LonghistoryofanonymouscommunicationinUS democracy
• e.g.Revolutionarywaranonymouspoliticalpamphlets
Technical question: Is anonymous communication still feasible on the internet?
“Anonymity” via tunneling or proxies
A proxy can rewrite metadata. Examples:
• Early“anonymousremailers”forwardedemail. • VPNservicesallowuserstotunneltraffic
“Anonymity” via tunneling or proxies
2703(d) BI
One-hop proxies have a single point of failure, must see both sides of communication.
Tor: Anonymous communication for TCP sessions Desired properties:
• Networkattackerwatchingclienttrafficcan’tsee destination.
• DestinationserverdoesnotseeclientIPaddress.
• Networknodescan’tlinkclientandserver.
• FastenoughtosupportTCPstreamsandnetwork applications.
Current state: A nonprofit organization, active academic research, deployed around the world.
Not perfect, but a building block.
(U) What isTOR?
Tor also allows “anonymous” servers
In practice, prominent “hidden services” deanonymized through real-world metadata, browser 0days, misconfigured servers.
Anonymity on the web
• CompanieslikeGoogle,Facebook,Twitter,Microsoft, Amazon, Target, Walmart, . . . make a lot of money from tracking users.
• Forsomeofthesecompaniesyouaretheproduct.So tracking you is their business.
• Howdowebsitestrackusers?
• Third-party cookies: recall that cookies for trackme.com are sent with any request to trackme.com, even if you’re on cnn.com.
• Tracking content: Sites include tracking code into URLs (e.g., advertisements, videos, marketing emails, etc.)
• Fingerprinting: sites profile your browser, extensions, OS, hardware, screen resolution, fonts you have installed, etc.
What can you do about this?
• Can’treallyavoidtheseplatforms(e.g.,Facebook profiles you even if you don’t have an account).
• Useabrowserthatcaresaboutyourprivacy(e.g., Firefox, The Tor Browser, Brave, Safari)
• Use privacy-enhancing browser extensions
Privacy-enhanced browsing (Firefox)
Privacy-enhanced browsing (Tor)
Privacy-enhanced browsing (Brave & Safari)
Privacy-enchaning extensions
• PrivacyBadgerblockstrackers;uBlockOriginblocks ads; many others
Privacy-enchaning extensions
• PrivacyBadgerblockstrackers;uBlockOriginblocks ads; many others
Lecture outline
• Foundationsofprivacy
• Privacy-enhancingtechnologies
• PGP and modern encrypted messaging
• Tor and anonymous communication
• Privacy-respecting browsers (Tor, Firefox, Brave)
• Ethical principles √
• Lawsrelevanttosecurityresearchandpractice
Overarching principles/lessons
• Ethics: Try to be a good person. Be thoughtful about your actions and their effects on yourself and others.
• Legalissues:Don’tviolatelaws.
• Iflawyersorlawenforcementareinvolved,youhave already lost. It doesn’t matter if you could in theory win the case in the end.
Legal/ethical principle: Property rights
Respect other people’s property.
Example: Hacking your own password.
• On your own machine: Probably ok. (Possible
exception: DMCA.)
• On someone else’s machine: Get permission or else it’s probably not ok. (Might be CFAA violation under Terms of Service interpretation.)
Computer Fraud and Abuse Act (CFAA)
18 U.S. CODE §1030 – FRAUD AND RELATED ACTIVITY IN CONNECTION WITH COMPUTERS
Whoever intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains information from any protected computer…
The punishment for an offense…
– a fine under this title or imprisonment for not more than one year, or both…,
– a fine under this title or imprisonment for not more than 5 years, or both… if—
(i) the offense was committed for purposes of commercial advantage or private financial gain;
(ii) the offense was committed in furtherance of any criminal or tortious act…; or
(iii) the value of the information obtained exceeds $5,000
Remember Aaron Swartz’s CFAA case
• ScrapedJStorfromMIT’snetworkandevaded numerous blocking attempts.
• ProsecutedforviolatingtheTermsofServiceofJStoreven though JStor did not want to prosecute.
• Propertyowners:MIT,JStor,articleauthors
• Swartzhadalreadybeeninvestigatedforscrapingpublic court records
https://docs.jstor.org/
Ethical Principle: Minimizing harm
Ethical research involves trying to minimize harm.
Example: SYN scanning
• Scanningpublichostsislegal,butgeneratesmany
complaints.
• Dependsonintendeduse:Usedbyattackerstofind vulnerable hosts, used by researchers to measure networks.
• Doingresearchonopennetworksmeans understanding and following best practices:
• Publicly identifying the purpose of the research
• Providing an opt-out mechanism
• Not launching attacks
• Avoiding overwhelming your or others’ networks or
crashing hosts
Ethical principle: Minimizing harm
Example: Botherding
• Botherdingistakingoverabotnet • Isthisethicalornot?
• Interfering with a legal botnet is definitely illegal.
• was celebrated for activating a “kill
switch” in WannaCry malware that halted
infections.
• Is taking over a botnet for research purposes ethical? It
is pursuing illegal activity to study illegal activity.
https://www.bbc.com/news/technology-49127569
Digital Millennium Copyright Act (DMCA)
DMCA cases
• 2010USv.Crippen,rarecriminalDMC modder
• 2002BunnieHuangXboxkeyextraction
• MIT did not support his work, AI Lab published his work and reached an agreement with Microsoft
DMCA Exemptions
Every three years, the Library of Congress considers exemptions to the DMCA.
• 2010:Phonejailbreaking • 2016:Securityresearch
Personal and Privacy Rights
Principle: Informed consent
• Humansubjectsresearchshouldgothroughethical review
• At a university, this is done by IRB
• Some companies now have review processes
• Humansubjectsresearchincludesanycollectionof Personally Identifiable Information
Informed consent
Example: posted fake sex ad on Craigslist as a woman in 2006
• Receivedhundredsofreplies,postedthemallonline • Unethical? Yes.
• Illegal?Unclear.
• Encyclopedia Dramatica received DMCA takedown notice.
• Sued in Illinois by anonymous victim, default $75k judgement
Legal foundations of privacy
In US, 14th amendment: “nor shall any state deprive any person of life, liberty, or property without due process of law”
Interpreted as right to privacy by 20th century supreme court:
• Legalityofcontraception
• Roev. administration trying to FUBAR
Wiretapping
California is a “two-party consent” state. All parties in a conversation must consent for it to be recorded.
Snowden leaked FISA order for all Verizon Business customer information in 2013
Updated FISA orders have continued to be approved.
Law Enforcement Access Policy
Policy/ethics question: Is it preferable to have law enforcement/intelligence:
• Stockpilesoftwarevulnerabilities,writetargeted malware, and hack into targets when desired
• Mandateencryptionbackdoorsorotherwiseenable mass surveillance
Unintended Consequences of Law Enforcement Access
• 2004Greekwiretappingscandal
• Greek politicians wiretapped through law enforcement access system present on phone network
• 2010ChinaGooglehack
• Came in through law enforcement access portal
https://www.theguardian.com/business/2006/feb/07/newmedia.media
https://www.washingtonpost.com/world/national-security/chinese-hackers-who-breached-google-gained-access-to- sensitive-data-us-officials-say/2013/05/20/51330428-be34-11e2-89c9-3be8095fe767_story.html
Disclosure options for security flaws
• Reporttovendoronly
• Reporttovendorandreceivebugbounty
• Reporttovendor,waitforfix,reporttopublic (“responsible disclosure”)
• Reportinfulltopublicimmediately(“fulldisclosure”)
• Tellnoone
• Sellvulnerabilitytomiddlemananddon’treportto vendor
The process of reporting vulnerabilities
• Somevendorshavesensiblereportingprocess
• E.g., Firefox and Chrome teams respond and react quickly, easy to work with on fixing bugs, etc.
• Somevendorslessso
• E.g., Send email through an intermediary, receive ACK, no real conversation.
• E.g., Send email, poke individual folks for replies, no replies. Give up.
• Somevendorsareplayingcatchup
• Somevendorsaretheworst:theywilltrytogag/sueyou
Bug bounty programs
• Manyvendorshavebugbountyprograms:$$forbugs
• Mozilla and Google will even run your checkers and pay you if the checkers find real bugs
• Ourstudentsmade≈$3Kperbug!
Policy questions around security research
• Shouldexploitsalesbelegal?
• Code as speech principle says yes
• Is publishing exploits ethical?
• Howaboutmixed-usetools?
• Privacy tools like Tor or encrypted messengers used by criminals, normal people, activists
• Random darknet shopper art piece?
Have a great end of the quarter!
Good luck on the final!
程序代写 CS代考 加微信: powcoder QQ: 1823890830 Email: powcoder@163.com