1 / 17

The Issue

Governmental Control of Network Activities CS 239 Advanced Topics in Computer Security Peter Reiher September 30, 2010. The Issue. Governments worldwide want to wiretap electronic communications Not just POTS telephone calls But all modern cyber communications Skype and other VoIP

rashad
Download Presentation

The Issue

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Governmental Control of Network ActivitiesCS 239Advanced Topics in Computer Security Peter ReiherSeptember 30, 2010

  2. The Issue • Governments worldwide want to wiretap electronic communications • Not just POTS telephone calls • But all modern cyber communications • Skype and other VoIP • Blackberry and other email • Twitter, etc.

  3. Why? • For criminal investigations • For national security issues • Probably, in some cases, to spy on their citizens • Communications is moving away from traditional telephony • So government wiretapping follows

  4. Aspects of the Problem • Societal and international • Technical • We’re primarily concerned with the technical issues • In particular, can government get what it wants? • If so, at what price?

  5. Why Is This Problematic? • The telephone model of communications was different • Dumb terminals, smart network • The Internet reverses that • Smart terminals, dumb network • Telephony wiretapping techniques aren’t always feasible for the Internet

  6. Wiretapping Telephones The result: If Ma helps, easy to tap any telephone call Important properties: • Circuit switched • All elements under central control • Telephones not intelligent Ma Bell’s Cloud • Analog signals

  7. Wiretapping the Internet The result: There’s no Ma to help Important properties: Maybe there’s nobody to help • Packet switched • No central control or ownership • Very smart endpoints • Digital signals The Internet Cloud

  8. The Detailed Problems • Packet switching • Intelligence at the endpoints • No central control • Digital signals • Not necessarily a big deal

  9. Packet Switching • You can’t get a whole transmission just anywhere on its path • Need to tap in particular places • Also, need to reassemble the transmission • Maybe not that big a deal, though

  10. Smart Endpoints • Endpoint can do what it wants • Encrypt the traffic • Using its own keys • Exert some control on routing • Use overlay and peer techniques • Perhaps even mix networks • The folks in the middle can’t stop them • Perhaps can’t even tell they’re doing it

  11. No Central Control • Multiple parties involved • Machine’s owners • ISPs they connect to • Multiple core ASes • Law enforcement must work with many parties to wiretapp

  12. Modern Applications • How does something like Skype protect traffic? • Peer routing techniques • With no central control • End-to-end cryptography • Keys generated only at endpoints • Little or no recordkeeping

  13. What Do Governments Want? • To listen in on any conversation • Even if encrypted • On a moment’s notice • Or at least pretty quickly • Without the parties noticing • Cheaply and reliably

  14. The Cryptography Issue • The transmissions are encrypted • With high-quality crypto • Like AES • The keys are generated by the parties at the endpoints • They don’t share the keys with anyone • How can the government listen in?

  15. Options • Force no crypto • Nobody would accept that • Force crappy crypto • Also unacceptable • Force providers to know the keys • Use Skipjack-esque key escrow

  16. Forcing Providers to Keep Keys • Folks like the Skype and Research In Motion • When communications occur, their products create the keys • Sharing them with a company server • Government gets the keys from server when it wants

  17. Skipjack Approaches • Build in methods of deriving the key from the data transmission • Using special types of crypto • Companies don’t keep the keys • Government doesn’t need to go to them to get the keys

More Related