security against compelled disclosure
TRANSCRIPT
Security against compelled disclosure
Ian BrownHidden Footprints Ltd.
Ben LaurieA.L. Digital Ltd.
Opening Are users the weakest link in your
secure pipes and boxes? How could they be forced to
compromise your security? Threats and responses
Threats Discovery processes Signals intelligence Import and export searches Decryption and key warrants Criminal coercion
Discovery processes “It will be very hard to increase browser
market share on the merits of IE4 alone. It will be more important to leverage the OS asset to make people use IE instead of Navigator” – Christian Wildfeuer, Microsoft
Identification of pseudonyms
Signals intelligence
Everybody’s at it:
• Echelon
• Frenchelon
• Multinationals
“We steal [economic] secrets with espionage, with communications, with reconnaissance satellites” – James Woolsey
Import/export searches "All travellers entering the country should be prepared
to have their equipment scanned." – UK Customs and Excise
“Customs and Excise may be using disk imaging equipment such as DIBS and Flight Server which takes a complete copy of a hard-disk - not only the visible files but hidden material including previously deleted material.” – Peter Sommer, computer forensics expert, LSE
Including cached/swapped-out passwords, keys, document fragments, access logs…
Decryption and key warrants RIP notices require plaintext or keys to
be disclosed or 2 years in prison Breaking gagging clause: 5 years Served “for the purpose of securing the
effective exercise or proper performance by any public authority of any statutory power or statutory duty”
Going global with CoE cybercrime treaty
Criminal coercion
Who’s threatening / blackmailing / seducing your sysadmin and users and/or their friends and family?!
What damage could result?
Responses Enhanced communications security Truly secure storage Procedural mechanisms
Enhanced COMSEC Short lifetime/one-time keys
Use authenticated DH online Use then destroy many key pairs offline
Avoid traffic analysis with onion routing Lower standards for access to traffic data UK’s “National Data Warehouse”
Truly secure storage Users can be forced to unlock encrypted
partitions “So far as we are concerned, there is no difference
between an encrypted file and a locked suitcase" – UK Customs and Excise
Let them reveal only routine data – Steganographic Filesystems
Or keep it elsewhere – secure remote storage
Procedural mechanisms Site security-critical information in and
across safe jurisdictions Appoint designated revokers; use under
specified circumstances Maintain tight control over backups Limit information lifetime
CloseInformation piracy –
governmental, corporate or criminal – is a bad basis for building an information society
Governments should match their critical infrastructure protection rhetoric with real action