Pervasive Monitoring. June /16

Similar documents
Pervasive Monitoring 3 years in

IETF Working Groups Working Groups in:

Encryption Everywhere

Some Security and Privacy issues in the 21 Century Internet

Privacy in the Internet Engineering Task Force. Alissa Cooper

Internet Governance and Internet Standardization in the Post-Snowden Era. Alissa Cooper IETF Chair / Cisco Fellow November 2017

Internet Engineering Task Force (IETF) Category: Best Current Practice ISSN: May 2014

DNS Privacy - Implementation and Deployment Status

The Danger of the New Internet Choke Points. Authored by: Andrei Robachevsky, Christine Runnegar, Karen O Donoghue and Mat Ford

Where s my DNS? Sara Dickinson IDS 2. Where s my DNS?

Introduction to the DANE Protocol And Updates From IETF 88

Protecting Privacy: The Evolution of DNS Security

DNS Privacy. EDU Tutorial dnsprivacy.org. Sara Dickinson Sinodun

Internet Engineering Task Force (IETF) Request for Comments: Category: Best Current Practice ISSN: March 2017

The Impact of Transport Header Encryption on Operation and Evolution of the Internet

A New Internet? RIPE76 - Marseille May Jordi Palet

Root KSK Roll Update Webinar

DNSSEC Basics, Risks and Benefits

Network Defenses 21 JANUARY KAMI VANIEA 1

DNSSEC Basics, Risks and Benefits

How to get a trustworthy DNS Privacy enabling recursive resolver

Recommendations for DNS Privacy Service Operators

The Changing Landscape of the DNS

Re-engineering the DNS One Resolver at a Time. Paul Wilson Director General APNIC channeling Geoff Huston Chief Scientist

The Impact of Transport Header Encryption on Operation and Evolution of the Internet. draft-fairhurst-tsvwg-transport-encrypt-04

Computer Networks and Data Systems

Network Defenses KAMI VANIEA 1

Security, Internet Access, and Communication Ports

Share Count Analysis HEADERS

Security, Internet Access, and Communication Ports

Russ Housley 21 June 2015

Network Defenses 21 JANUARY KAMI VANIEA 1

Enumerating Privacy Leaks in DNS Data Collected above the Recursive

Why do we really want an ID/locator split anyway?

DANE Best Current Practice

Pluggable Transports Roadmap

Figure 1: DNS server properties and the DNS server icon

DDoS on DNS: past, present and inevitable. Töma Gavrichenkov

RFC 2181 Ranking data and referrals/glue importance --- new resolver algorithm proposal ---

Transport Layer TCP & UDP Week 7. Module : Computer Networks Lecturers : Lucy White Office : 324

DoH and DoT experience. Ólafur Guðmundsson Marek Vavrusa

What s Happening at the IETF & IRTF? Human Rights Protocol Considerations and how to get involved

Operators and the Internet Engineering Task Force (IETF)

IPv6- IPv4 Threat Comparison v1.0. Darrin Miller Sean Convery

QNAME minimisation. Ralph Dolmans (NLnet Labs) March 2016 Stichting NLnet Labs

Security, Internet Access, and Communication Ports

Network Working Group. Category: Standards Track December 2001

(DNS, and DNSSEC and DDOS) Geoff Huston APNIC

DNS Activity at IETF65

What s new in TLS 1.3 (and OpenSSL as a result) Rich Salz

ICANN and Technical Work: Really? Yes! Steve Crocker DNS Symposium, Madrid, 13 May 2017

BIG-IP System: Implementing a Passive Monitoring Configuration. Version 13.0

DNSSEC: what every sysadmin should know to keep things working

The World Wide Web is widely used by businesses, government agencies, and many individuals. But the Internet and the Web are extremely vulnerable to

CSE 565 Computer Security Fall 2018

Introduction to the DANE Protocol

The IETF as a model for the IGF. Avri Doria 1

Internet Engineering Task Force (IETF) Request for Comments: 7706 Category: Informational ISSN: November 2015

IPv6: Are we really ready to turn off IPv4?

DNS Sessions. - where next? OARC 27 San Jose, Sep Sep 2017, San Jose. DNS OARC 27

The following topics describe how to configure correlation policies and rules.

RSSAC001. Service Expectations of Root Servers. Service Expectations of Root Servers

IPv6 Security. Pedro Lorga - WALC 2006 (Quito, Ecuador July 06)

Realms and Identity Policies

A New Internet? Introduction to HTTP/2, QUIC and DOH

IETF DNS Privacy. A short introduction and update on DPRIVE. Warren Kumari. 1 ICANN-TechDay / Dublin,.IE - 10/ Ver:01

The ISP Column A column on various things Internet. DNSSEC and DNS over TLS. August 2018 Geoff Huston

Session initiation protocol & TLS

Internet-Draft December 11, 2013 Intended status: Standards Track Expires: June 14, 2014

Who am I? I m a python developer who has been working on OpenStack since I currently work for Aptira, who do OpenStack, SDN, and orchestration

Recent Advances in IPv6 Security. Fernando Gont

CIP Security Pull Model from the Implementation Standpoint

Connection Logging. About Connection Logging

Transaction oriented DNS flow analysis (WIP)

Network Discovery Policies

IPv6 Security. David Kelsey (STFC-RAL) IPv6 workshop pre-gdb, CERN 7 June 2016

Application Firewalls

The Sys-Security Group

DNSSEC Trust tree: (A) ---dnslab.org. (DS keytag: 9247 dig (DNSKEY keytag. ---org. (DS keytag: d

Getting Started with Network Analysis Policies

Realms and Identity Policies

An IETF view of ENUM

Encrypted SNI IETF 102

Network Security. Thierry Sans

DNS Related Activities at the RIPE NCC

VoIP Security Threat Analysis

Root KSK Rollover Update (or, We're really doing it this time)

Expires: June 16, 2004 VeriSign R. Austein ISC D. Massey USC/ISI S. Rose NIST December 17, 2003

Corrigendum 3. Tender Number: 10/ dated

Improving DNS Security and Resiliency. Carlos Vicente Network Startup Resource Center

Keeping DNS parents and children in sync at Internet Speed! Ólafur Guðmundsson

Introduction to Network. Topics

Updates: 2535 November 2003 Category: Standards Track

DOMAIN NAME SECURITY EXTENSIONS

RTCWEB Working Group. Media Security: A chat about RTP, SRTP, Security Descriptions, DTLS-SRTP, EKT, the past and the future

WHITE PAPER HIGH-FIDELITY THREAT INTELLIGENCE: UNDERSTANDING FALSE POSITIVES IN A MULTI-LAYER SECURITY STRATEGY

The Internet Engineering Task Force (IETF) Stuff

2008 DNS Cache Poisoning Vulnerability Cairo, Egypt November 2008

RDAP: A Primer on the Registration Data Access Protocol

IPv6: Are we really ready to turn off IPv4? Geoff Huston APNIC

Transcription:

Pervasive Monitoring stephen.farrell@cs.tcd.ie June 2014 stephen.farrell@cs.tcd.ie 1/16

It's an attack The actions of NSA and their partners (nation-state or corporate, coerced or not) are a multi-faceted form of attack, or are indistinguishable from that Not unique, others are likely doing the same... or will The scale arguably makes this an example of a new pervasive monitoring threat model that is neither purely passive nor a classic Man-in-the-Middle and that we have not normally considered in protocol design, implementation or deployment A purely technical response will not solve the problem but we should treat an attack as we usually do and try mitigate it stephen.farrell@cs.tcd.ie 2/16

A Definition From RFC7258/BCP188 Pervasive Monitoring is an Attack Pervasive Monitoring (PM) is widespread (and often covert) surveillance through intrusive gathering of protocol artefacts, including application content, or protocol meta-data such as headers. Active or passive wiretaps and traffic analysis, (e.g., correlation, timing or measuring packet sizes), or subverting the cryptographic keys used to secure protocols can also be used as part of pervasive monitoring. PM is distinguished by being indiscriminate and very largescale, rather than by introducing new types of technical compromise. stephen.farrell@cs.tcd.ie 3/16

IETF (Re)Action Overall: snowdonia has re-energised folks to do better on security and privacy in general (and not solely in response to PM) Side meeting in Berlin @ IETF-87 Tech plenary, major discussion @ IETF-88 STRINT workshop before IETF-89 htps://tools.ietf.org/html/draft-iab-strint-report Topic at many meetings/bofs @ IETF-89 Wanting to see results from IETF-90 onwards... Unsurprisingly this is similar to the more broad technical community reaction stephen.farrell@cs.tcd.ie 4/16

New IETF work related to PM UTA WG formed, update BCPs on how to use TLS in applications WG has to do work now of course RFC7258/BCP188 published after major IETF LC debate sets the basis for further actions Proposals for new work discussed around IETF-89: DNS Privacy - unthinkable before snowdonia TCP encryption: was proposed two years ago but mistakenly rejected Including by me, as ack'd at mic @ IETF-88, bummer Old-RFC privacy/pm review team formed Please help! Mail me. IAB re-factoring their security and privacy programmes. stephen.farrell@cs.tcd.ie 5/16

Other relevant IETF Things TLS 1.3 being developed aiming for better handshake encryption properties (and learning from previous TLS problems) HTTPBIS WG developing HTTP/2.0, the major deployment model for which seems to be to run much much more HTTP traffic over TLS And since all this is IETF stuff, you can (and please do) join in and help if you're willing and able stephen.farrell@cs.tcd.ie 6/16

DNS Privacy IETF-89 BoF materials https://www.ietf.org/proceedings/89/dnse.html I stole slides from there mostly:-) Mailing list: https://www.ietf.org/mailman/listinfo/dns-privacy Drafts All unofficial remember, nothing here has consensus yet Problem statement: draft-bortzmeyer-dnsop-dns-privacy Some requirements: draft-hallambaker-dnse stephen.farrell@cs.tcd.ie 7/16

DNS Privacy Problem Query timing and content is meta-data that can help a pervasive monitor Could correlating DNS queries (e.g. via timing) be a fingerprint for which web page you're on? QNAME itself can be sensitive: <political-party>.<cctld> or <ailment>.org Full QNAME sent too often, too far in queries Can go to root, not needed there, at least in principle stephen.farrell@cs.tcd.ie 8/16

Problems with this Problem (1) DNS names likely to be exposed elsewhere anyway, primarily in TLS ServerNameIndication (SNI) which is not easy to protect SNI protection is being considered in TLS1.3, but load-balancers probably need something QNAME is used by some CDNs and others for valid networking purposes Maybe. Could have interaction with solving public-suffix list via DNS DNS privacy was never a requirement and we have DNSSEC; don't make deploying DNSSEC harder! Yep, but times change. Privacy solutions can almost certainly be independent of, and complementary to, DNSSEC stephen.farrell@cs.tcd.ie 9/16

Problems with this Problem (2) Stub<->Recursive and Recursive<->Authoritative patterns of interaction are hugely different Yep. May need different approaches to privacy for those, but that might well be ok, since the privacy issues are fairly different If you get your DNS from DHCP, there's no point since the resolver could anyone and could be spying on you Yep. But that'd mean a more active attack. There's no way to get this deployable via UDP Maybe. But maybe there is! stephen.farrell@cs.tcd.ie 10/16

Solutions Basic ideas for solutions are easy QNAME minimisation: just don't! No protocol change needed Crypto moving parts are fairly obvious See the BoF materials How to arrange those parts so that something might be deployed and useful is not at all obvious State of play: Mailing list are discussing. If interested, sign up and go stephen.farrell@cs.tcd.ie 11/16

Crypto + Data Minimisation Mitigation = Crypto + Minimisation For DNS protocol and other cases Though undoubtedly we will learn more/better as we go That includes registries too presumably whois coudn't be controversial could it? Are there activities feeding into policy development that are already considering PM? If not should/could there be? stephen.farrell@cs.tcd.ie 12/16

What to do? (1) Turn on crypto For applications and between data-centres Current tools: TLS, IPsec, IEEE MAC-sec, DNSSEC Future tools?: DNS-priv, TCPInc (tcpcrypt), MPLS-OE Discussions ongoing Measure/gamify what is being used Data minimisation E.g. DNS QNAME minimisation More uncertain, more to learn here stephen.farrell@cs.tcd.ie 13/16

What to do? (2) Better implementations https://cryptech.is/ and similar Update/check/audit crypto support Make security/privacy admin easier Deployments Turn on stuff that helps privacy Significant issues with business models and deployed base of services Users Target diversity - Don't all use the same services all the time stephen.farrell@cs.tcd.ie 14/16

What to do? (3) Discuss the issue openly In whatever fora are relevant for you Agitate (if that's your kind of thing:-) Go and be responsible engineers/computer scientists/whatever and take the broader implications of your work/research into account before, while and after doing it stephen.farrell@cs.tcd.ie 15/16

Conclusions IETF has consensus PM is an attack (RFC7258) and is working that problem We all should consider how we can work to make PM harder, since those doing it will not just stop When/if societies do decide that PM is as bad as it is, then the technical community should have in place the tools to effect that decision stephen.farrell@cs.tcd.ie 16/16

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback