WIXLIB

PRISM and an Agenda for European NetworkSecurity ResearchAnother Turn of the Wheel: Mainframe, Desktop, Cloud, PeerChristian GrothoffTechnische Universität München26.08.2013“Never doubt your ability to change the world.” –Glenn Greenwald

Everybody Has SecretsIBusiness & Trade SecretsIPolitical opinionsIIllegal activities

Keeping SecretsIEncryption: baselineIHide meta-data: state of the artIPractice today?

Keeping SecretsIEncryption: baselineIHide meta-data: state of the artIPractice today?Send everything to US in plaintext

IGuardian: “The PRISM program allows the intelligenceservices direct access to the companies servers.”ICooperating providers: Microsoft, Yahoo, Google, Facebook,PalTalk, YouTube, Skype, AOL, Apple

IGuardian: “The PRISM program allows the intelligenceservices direct access to the companies servers.”ICooperating providers: Microsoft, Yahoo, Google, Facebook,PalTalk, YouTube, Skype, AOL, AppleIPRISM enables real-time surveillance and access to storedcontentIData collected: E-mails, instant messages, videos, photos,stored data (likely files), voice chats, file transfers, videoconferences, log-in times, and social network profilesITiny part of NSA: 20 M budget

US discussion focuses on spying on US citizens and legality underUS law.Frank Church (D-Idaho):“The NSA’s capability at any time could be turned around on theAmerican people, and no American would have any privacy left,such is the capability to monitor everything: telephone conversations, telegrams, it doesn’t matter.”

INSA’s tool to track global surveillance dataI2,392,343,446 records from the USI97,111,199,358 records worldwideIThis is for March 2013 alone

INSA’s tool to track global surveillance dataI2,392,343,446 records from the USI97,111,199,358 records worldwideIThis is for March 2013 aloneIGermany most surveilled country in Europe

INSA’s tool to track global surveillance dataI2,392,343,446 records from the USI97,111,199,358 records worldwideIThis is for March 2013 aloneIGermany most surveilled country in EuropeI“leverages FOSS technology”

Other ProgramsI“The SIGAD Used Most in NSA Reporting” there are more SIGINT toolsIPresentations list FARVIEW and BLARNEYIMonitor fiber cables and infrastructure(IXPs?)I“NSA collecting phone records of millions ofVerizon customers daily” –Guardian

Other ProgramsI“The SIGAD Used Most in NSA Reporting” there are more SIGINT toolsIPresentations list FARVIEW and BLARNEYIMonitor fiber cables and infrastructure(IXPs?)I“NSA collecting phone records of millions ofVerizon customers daily” –GuardianWe do not know all about PRISM. Repr. Sanches (D-Calif.), afterlearning more during a briefing, said there is“significantly more than what is out in the media today (.) I believeit’s the tip of the iceberg.”

History: Irak WarKatharine Gun leaked memo from NSA agent Frank Koza in 2003about an American effort to monitor the communications of six delegations to the United Nations who were undecided on authorizingthe Iraq War and who were being fiercely courted by both sides:“As you’ve likely heard by now, the Agency is mounting a surge particularly directed at the UN Security Council (UNSC) members (minusUS and GBR of course) for insights as to how to membership is reactingto the on-going debate RE: Iraq, plans to vote on any related resolutions, what related policies/negotiating positions they may be considering, alliances/dependencies, etc — the whole gamut of information thatcould give US policymakers an edge in obtaining results favorable toUS goals or to head off surprises. In RT, that means a QRC surge effortto revive/create efforts against UNSC members Angola, Cameroon, Chile,Bulgaria and Guinea, as well as extra focus on Pakistan UN matters.”

CyberwarPresidential Policy Directive 20, issued October 2012 and releasedby Edward Snowden, outlines U.S. cyberwar policy:“Offensive Cyber Effect Operations (OCEO) can offer unique and unconventional capabilities to advance U.S. national objectives around theworld with little or no warning to the adversary or target and with potential effects ranging from subtle to severely damaging. (.)The United States Government shall identify potential targets of nationalimportance where OCEO can offer a favorable balance of effectivenessand risk as compared with other instruments of national power, establishand maintain OCEO capabilities integrated as appropriate with other U.S.offensive capabilities, and execute those capabilities in a manner consistentwith the provisions of this directive.”

Technical CooperationBloomberg reports:IUS companies provide internal information to US secretservicesICompanies from software, banking, communications hardwareproviders, network security firmsIIncluding technical specifications and unpatched softwarevulnerabilitiesIIn return, these US companies are given access tointelligence informationIPartners include: Microsoft, Intel, McAfee

History: ECHELONISIGINT collection networkof AU, CA, NZ, UK and USIBaltimore Sun reported in1995 that Airbus lost a 6billion contract in 1994 afterNSA reported that Airbusofficials had been bribingofficials to secure thecontract.IUsed to facilitate KenetechWindpower’s espionageagainst Enercon in1994-1996.Former US listening station at Teufelsberg, Berlin.

Does it matter?MPI estimated losses due to industrial espionage damagein 1988 at DM 8 billion.So how does the EU react to learning about PRISM?

Does it matter?MPI estimated losses due to industrial espionage damagein 1988 at DM 8 billion.So how does the EU react to learning about PRISM?“Direct access of US law enforcement to the data of EU citizenson servers of US companies should be excluded unless in clearlydefined, exceptional and judicially reviewable situations.”–Viviane Reding, EC vice-president in response to PRISM

Not Just MonitoringIUS controls key Internet infrastructure:IIIIIINumber resources (IANA)Domain Name System (Root zone)DNSSEC root certificateX.509 CAs (HTTPS certificates)Major browser vendors (CA root stores!)Encryption does not help if PKI is compromised!

Political Solutions?Ron Wyden (US Senateintelligence committe) askedJames Clapper, director ofnational intelligence in March2013:“Does the NSA collect anytype of data at all on millionsor hundreds of millions ofAmericans?”Clapper replied:“No, sir.”.

The Enemy Within“In February, the UK based research publication Statewatch reportedthat the EU had secretely agreed to set up an international telephone tapping network via a secret network of committees established under the “third pillar” of the Mastricht Treacty covering cooperation on law and order. (.) EU countries (.) should agree oninternational interception standards (.) to co-operate closelywith the FBI (.). Network and service providers in the EU will beobliged to install tappable systems and to place under surveillanceany person or group when served an interception order. These planshave never been referred to any European government for scrutiny(.) despite the clear civil liberties issues raised by such an unaccountable system. (.) The German government estimates that themobile phone part of the package alone will cost 4 billion D-marks.”Scientific and Technological Options Assessment (STOA), “An Appraisal of Technologies of Political Control”,European Parliament, PE 166499, 6 January 1998.

Technical SolutionsCan we develop technologies to solve problems created by technology?

Technical SolutionsCan we develop technologies to solve problems created by technology?IHack back?

Technical SolutionsCan we develop technologies to solve problems created by technology?IHack back?IMove data to European cloud?

Technical SolutionsCan we develop technologies to solve problems created by technology?IHack back?IMove data to European cloud?IDecentralize data and trust!

Decentralize EverythingIEncrypt everything end-to-endIDecentralized PKIIDecentralized data storageINo serversINo authorities

Decentralize EverythingIEncrypt everything end-to-endIDecentralized PKIIDecentralized data storageINo serversINo authorities No juicy targets for APTs

Decentralized vs. CentralizedDecentralized:SlowerNo economics of scaleMore complex to useMore complex to developHard to secureHard to evolveCentralized:

Decentralized vs. CentralizedDecentralized:SlowerNo economics of scaleMore complex to useMore complex to developHard to secureHard to evolveCentralized:Compromised

My Research and Development AgendaMake decentralized systems:IFaster, more scalableIEasier to develop, deploy and useIEasier to evolve and extendISecure (privacy-preserving, censorship-resistant, available, .)

Our PEthernetPhys. Layer

Our PEthernetPhys. LayerHTTPS/TCP/WLAN/.

Our PEthernetPhys. LayerCORE (ECDHE AES)HTTPS/TCP/WLAN/.

Our PEthernetPhys. LayerR 5 N DHTCORE (ECDHE AES)HTTPS/TCP/WLAN/.

Our PEthernetPhys. LayerMesh (ECDHE AES)R 5 N DHTCORE (ECDHE AES)HTTPS/TCP/WLAN/.

Our PEthernetPhys. LayerGNSMesh (ECDHE AES)R 5 N DHTCORE (ECDHE AES)HTTPS/TCP/WLAN/.

Our PEthernetPhys. LayerRegEx/PSYCGNSMesh (ECDHE AES)R 5 N DHTCORE (ECDHE AES)HTTPS/TCP/WLAN/.

Our PIP/BGPEthernetPhys. LayerRegEx/PSYCGNSMesh (ECDHE AES)R 5 N DHTCORE (ECDHE AES)HTTPS/TCP/WLAN/.

Decentralized Naming Systems1aphtogremUR onLs ersSecureGlobalHierarchical RegistrationMemorableZooko’s Triangle1Joint work with Martin Schanzenbach and Matthias Wachs

The GNU Name System (GNS)Decentralized PKI that can also replace DNS/DNSSEC:ISigned Resource Records (RRs)ISecure delegation provides transitivity (SDSI)IDecentralized resolution (R 5 N DHT)IEvery user manages his own zone

Zone Management: like in DNS

Name resolution in GNSIBob wants to be called bobIBob can reach his webserver via www.gnu

Secure introductionBob Builder, Ph.D.Address: Country, Street Name 23Phone: 555-12345Mobile: 666-54321Mail:bob@H2R84L4JIL3G5C.zkeyIBob gives his public key to his friends via QR code Bob’s friends can resolve his records via *.petname.gnu

DelegationIAlice learns Bob’s public keyIAlice creates delegation to zone bobIAlice can reach Bob’s webserver via www.bob.gnu

Name Resolution1www.bob.gnu?Local Zone2.'bob'bob3A: 5.6.7.854DHTPKEY, KpubBobGET www, KpubBobPKEY.BobKpub

GNS as PKI (via DANE/TLSA)

Query Privacy: TerminologyG generator in ECC curve, a pointn size of ECC group, n : G , n primex private ECC key of zone ( Zn )P public key of zone, a point P : xGl label for record in a zone ( Zn )RP,l set of records for label l in zone PqP,l query hash (hash code for DHT lookup)BP,l block with information for label l in zone P publishedin the DHT under qP,l

Query Privacy: CryptographyPublishing B under qP,l : H(dG )h : H(l, P)(1)d : h · x mod n(2)BP,l : Sd (EHKDF (l,P) (RP,l )), dG(3)

Query Privacy: CryptographyPublishing B under qP,l : H(dG )h : H(l, P)(1)d : h · x mod n(2)BP,l : Sd (EHKDF (l,P) (RP,l )), dG(3)Searching for l in zone Ph H(l, P)(4)qP,l H(dG ) H(hxG ) H(hP) obtain BP,l(5)RP,l DHKDF (l,P) (BP,l )(6)

GNS for GNUnetProperties of GNSIDecentralized name system with secure memorable namesIDecentralized name system with globally unique, secureidentifiersIQR codes for introduction, delegation used to achievetransitivityIAchieves query and response privacy except againstconfirmation attackICan provide alternative PKI, validate TLS via TLSA recordsUses for GNS in GNUnetIPseudonymous file-sharingIIP services in the P2P network (P2P-VPN) via “VPN” recordsIIdentities in social networking applications

Our PIP/BGPEthernetPhys. LayerRegEx/PSYCGNSMesh (ECDHE AES)R 5 N DHTCORE (ECDHE AES)HTTPS/TCP/WLAN/.

The Evolution Challenge2IFeatures are frequently added to social applicationsISome require changes (“extensions”) to data formats andmessagesICentralized, browser-based networks can easily update to newversionIDecentralized systems must transition gracefully2Joint work with Carlo v. Loesch and Gabor Toth

Related Work: XMLIExtensible Markup LanguageISyntax is extensibleIExtensions have no semantics