Privacy in an Electronic World A Lost Cause?

Transcription

1 InfoSec 2015 Summer School on Information Security Bilbao Privacy in an Electronic World A Lost Cause? Dr. Jan Camenisch Cryptography & Privacy Principal Research Staff Member Member, IBM Academy of Technology ibm.biz/jancamenisch

2 We all have lots of data, and many are personal Information Security Summer School - Bilbao

3 use them with different devices, store them anywhere and leave collateral data while doing so to make things worse: it's en vogue to let users manage their data :-( Information Security Summer School - Bilbao

4 ...but how can we protect them????? Information Security Summer School - Bilbao

5 Houston, we have a problem! ᄅ Information Security Summer School - Bilbao

6 Houston, we have a problem! ᄅ Buzz Aldrin's footprints are still up there (Robin Wilton) Information Security Summer School - Bilbao

7 Computers don't forget! Data storage ever cheaper store by default also collateral collection, surveillance cameras, Google Street View with wireless traffic, Apple location history,...! Data mining ever better self-training algorithms cleverer than their designers not just trend detection, even prediction, e.g., flu pandemics, ad clicks, purchases, what about health insurance, criminal behavior?! The world as we know it Humans forget most things too quickly Paper collects dust in drawers We build apps with the paper-based world in mind :-( if it works it works security too often still an afterthought implementors too often have no crypto education Information Security Summer School - Bilbao

8 Where's all my data? The ways of data are hard to understand! Devices, operating systems, & apps are getting more complex and intertwined Mashups, Ad networks Not visible to users, and experts Data processing changes constantly! And the cloud makes it worse... Processing machines can be moved around w/out borders Far too easy to lose (control over) data and to collect data! Information Security Summer School - Bilbao

9 You have no privacy, get over it...?!? The NSA has all our data anyway I have nothing to hide!! Huge security problem! Millions of hacked passwords (100'000 followers $ ) Stolen identities ($ , $ , $5 2013)! Difficult to put figures down Credit card fraud Spam & marketing Manipulating stock ratings, etc.. (Industrial) espionage! We know secret services can do it easily, but they are not the only ones but this is not about homeland security and there are limits to the degree of protection that one can achieve! last but not least: data are the new money, so they need to be protected! Information Security Summer School - Bilbao

10 Privacy a lost case? No, but we need paradigm shift & build stuff for the moon rather than the sandy beach! Information Security Summer School - Bilbao

11 What does that mean?! Apply Data Minimization Privacy & Security by Design Require (users to reveal) only the data that are really needed Do not design with the sandy beach beach in mind! Encrypt every bit Data should never ever be in the clear process it in the encrypted domain still need to manage keys carefully Needs to support switching of cryptographic algorithms symmetric key crypto gets broken at times beware of quantum computers! Attach usage & access control policy to every bit enforce need to know honest but curious probably good enough Information Security Summer School - Bilbao

12 What does it mean: the electronic gap! Strong security requires strong cryptographic authentication! Humans rarely can remember cryptographic keys let alone compute with them! From Humans to Keys the electronic gap Smart cards, HW tokens: a nuisance! Passwords: are dead?! Biometrics: cannot change them, too easily fooled?? Information Security Summer School - Bilbao

13 What does that mean? We do have the technology/crypto, but it is hardly used! Deemed too expensive! Too hard to manage all the keys, fear of loosing keys! Protecting data is considered futile! Often required by law, but these are w/out teeth! Debate about legality of encryption V2.0 On the positive side! Importance of security and privacy increasingly recognized! Laws are revised Information Security Summer School - Bilbao

14 Cryptography to the Aid Information Security Summer School - Bilbao

15 I. Human Computer Authentication Done Right PW PW correct? Password-based cryptography Off-line vs on-line attacks Solution: distributed password verification Done s.t. no info depends solely on password Must work even for short passwords (mobile) Information Security Summer School - Bilbao

16 The problem with passwords password salted PW hash correct? correct? correct? correct? correct? correct? correct!!! Passwords are symmetric and get lost too often! Password (hashes) useless against offline attacks Human-memorizable passwords are inherently weak NIST: 16-character passwords have 30 bits of entropy 1 billion possibilities Rig of 25 GPUs tests 350 billion possibilities / second, so 3ms for 16 chars 60% of LinkedIn passwords cracked within 24h! More expensive hash functions provide very little help only increases verification time as well does not work for short passwords such as pins etc! Single-server solutions inherently vulnerable to offline attacks Server / administrator / hacker can always guess & test Information Security Summer School - Bilbao

17 Solution: distributed password protocols Basic idea: multi-server password verification protocols split password for verification no server alone can test password no piece of information depends on password E= Enc X (p) X 1 E' = Enc X (1/p') E = Enc X (p/p') E' E' p' = p? Dec X (E') = 1? E=Enc X (p) Off-line attacks no longer possible! X 2 On-line attacks detectable and handleable (throttling) Information Security Summer School - Bilbao

18 Many different protocols [CLN'12,CLLN'14,CEN'15] Extensions: Servers could send key share to user if p=p': password to strong crypto key Many servers Asymmetric setting: user device plus one server (or many server) PW Password verification Password protected decryption of stored data (hard disk etc) Password-protect joint signing... Virtual Smart Card/Security Token Information Security Summer School - Bilbao

19 II. Data Minimizing Authorization & Authentication w/ ABCs (Public Verification Key) Are you > 12?! Service provider tells user what attribute are required! User transforms credentials into a token with just these attributes! Service provider can verify token w.r.t. issuers' verification keys More on this: and later today Information Security Summer School - Bilbao

20 III. Protecting our information using keys Encrypt and Authenticate Users (to Users):! Technology available (mostly) Storage (Hard disk encryption, encrypted volumes) Transmission ( , SSL/Browsers, ) Instant messaging, depends on implementation! But more research is needed PKI/CA problematic (Diginotar) need better approaches Dealing with keys still hard for users need apps & better solutions Backup & syncing between the devices could use the cloud, but that reveals tons of co-lateral information use our own cloud / router Information Security Summer School - Bilbao

21 III. Protecting our information using keys Encrypt and Authentication Users to Service Providers! Authentication still username & password :-( And still gets broken Alternatives available (c.f. slides before) FIDO Identity Mixer :-)! Encryption (e.g., user documents stored on servers) Mostly out of control of user but solvable with std crypto & key mgmt Often password based (linked to authentication) Encrypt and Authentication Devices (IoT)! The Good: Browser, VPNs,! The Bad: (or rather research topics ;-) Hardly any device to device authentication VPN not flexible enough need to know basis Washing machine does not need access to my music Music player does not need access to my health record Information Security Summer School - Bilbao

22 IV. Securing the Cloud data f(data) First of all: cloud is (also) a deployment model! Virtual machines! Software as services! Allows for easier composition and deployment of services Information Security Summer School - Bilbao

23 IV. Securing the Cloud Secure computation in the cloud (and your servers)! Fully homomorphic encryption works only for rather small comp.! Multiparty computation secret share data distributed computation can compile programs! Open research multi-party protocols revisited (honest but curious w/ auditability) key management (protection, distribution, updates) (oblivious) security services (justifiable & minimal TTPs) data f(data) Information Security Summer School - Bilbao

24 Further Research Needed!! Securing the infrastructure & IoT ad-hoc establishment of secure authentication and communication audit-ability & privacy (where is my information, crime traces) security services, e.g., better CA, oblivious TTPs, anon. routing,!usability HCI Infrastructure (setup, use, changes by end users)! Provably secure protocols Properly modeling protocols (UC, realistic attacks models,...) Verifiable security proofs Retaining efficiency Information Security Summer School - Bilbao

25 Further Research Needed!! Quantum Computers Lots of new crypto needed still Build apps algorithm agnostic! Towards a secure information society Society gets shaped by quickly changing technology Consequences are hard to grasp yet We must inform and engage in a dialog Information Security Summer School - Bilbao

26 Conclusion Let engage in some rocket science!! Much of the needed technology exists! need to use them & build apps for the moon! and make apps usable & secure for end users Thank ibm.biz/jancamenisch Information Security Summer School - Bilbao