DOCSLIB.ORG

On Security and Privacy for Networked Information Society

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
On Security and Privacy for Networked Information Society Antti Hakkala On Security and Privacy for Networked Information Society Observations and Solutions for Security Engineering and Trust Building in Advanced Societal Processes Turku Centre for Computer Science TUCS Dissertations No 225, November 2017 ON SECURITY AND PRIVACY FOR NETWORKED INFORMATIONSOCIETY Observations and Solutions for Security Engineering and Trust Building in Advanced Societal Processes antti hakkala To be presented, with the permission of the Faculty of Mathematics and Natural Sciences of the University of Turku, for public criticism in Auditorium XXII on November 18th, 2017, at 12 noon. University of Turku Department of Future Technologies FI-20014 Turun yliopisto 2017 supervisors Adjunct professor Seppo Virtanen, D. Sc. (Tech.) Department of Future Technologies University of Turku Turku, Finland Professor Jouni Isoaho, D. Sc. (Tech.) Department of Future Technologies University of Turku Turku, Finland reviewers Professor Tuomas Aura Department of Computer Science Aalto University Espoo, Finland Professor Olaf Maennel Department of Computer Science Tallinn University of Technology Tallinn, Estonia opponent Professor Jarno Limnéll Department of Communications and Networking Aalto University Espoo, Finland The originality of this thesis has been checked in accordance with the University of Turku quality assurance system using the Turnitin OriginalityCheck service ISBN 978-952-12-3607-5 (Online) ISSN 1239-1883 To my wife Maria, I am forever grateful for everything. Thank you. ABSTRACT Our society has developed into a networked information soci- ety, in which all aspects of human life are interconnected via the Internet — the backbone through which a significant part of communications traffic is routed. This makes the Internet ar- guably the most important piece of critical infrastructure in the world. Securing Internet communications for everyone using it is extremely important, as the continuing growth of the networked information society relies upon fast, reliable and secure commu- nications. A prominent threat to the security and privacy of Internet users is mass surveillance of Internet communications. The meth- ods and tools used to implement mass surveillance capabilities on the Internet pose a danger to the security of all communica- tions, not just the intended targets. When we continue to further build the networked information upon the unreliable founda- tion of the Internet we encounter increasingly complex problems, which are the main focus of this dissertation. As the reliance on communication technology grows in a society, so does the impor- tance of information security. At this stage, information security issues become separated from the purely technological domain and begin to affect everyone in society. The approach taken in this thesis is therefore both technical and socio-technical. The research presented in this PhD thesis builds security in to the networked information society and provides parameters for further development of a safe and secure networked infor- mation society. This is achieved by proposing improvements on a multitude of layers. In the technical domain we present an efficient design flow for secure embedded devices that use cryp- tographic primitives in a resource-constrained environment, ex- amine and analyze threats to biometric passport and electronic voting systems, observe techniques used to conduct mass Inter- net surveillance, and analyze the security of Finnish web user passwords. In the socio-technical domain we examine surveil- lance and how it affects the citizens of a networked information society, study methods for delivering efficient security education, v examine what is essential security knowledge for citizens, advo- cate mastery over surveillance data by the targeted citizens in the networked information society, and examine the concept of forced trust that permeates all topics examined in this work. keywords: Information society, security, privacy, trust, surveil- lance, information security education, biometrics, Internet vot- ing, cryptography vi TIIVISTELMÄ Yhteiskunta, jossa elämme, on muovautunut teknologian kehi- tyksen myötä todelliseksi tietoyhteiskunnaksi. Monet verkottu- neen tietoyhteiskunnan osa-alueet ovat kokeneet muutoksen tä- män kehityksen seurauksena. Tämän muutoksen keskiössä on Internet: maailmanlaajuinen tietoverkko, joka mahdollistaa ver- kottuneiden laitteiden keskenäisen viestinnän ennennäkemättö- mässä mittakaavassa. Internet on muovautunut ehkä keskeisim- mäksi osaksi globaalia viestintäinfrastruktuuria, ja siksi myös globaalin viestinnän turvaaminen korostuu tulevaisuudessa yhä enemmän. Verkottuneen tietoyhteiskunnan kasvu ja kehitys edel- lyttävät vakaan, turvallisen ja nopean viestintäjärjestelmän ole- massaoloa. Laajamittainen tietoverkkojen joukkovalvonta muodostaa mer- kittävän uhan tämän järjestelmän vakaudelle ja turvallisuudelle. Verkkovalvonnan toteuttamiseen käytetyt menetelmät ja työka- lut eivät vain anna mahdollisuutta tarkastella valvonnan koh- teena olevaa viestiliikennettä, vaan myös vaarantavat kaiken In- ternet-liikenteen ja siitä riippuvaisen toiminnan turvallisuuden. Kun verkottunutta tietoyhteiskuntaa rakennetaan tämän kaltai- sia valuvikoja ja haavoittuvuuksia sisältävän järjestelmän varaan, keskeinen uhkatekijä on, että yhteiskunnan ydintoiminnot ovat alttiina ulkopuoliselle vaikuttamiselle. Näiden uhkatekijöiden ja niiden taustalla vaikuttavien mekanismien tarkastelu on tämän väitöskirjatyön keskiössä. Koska työssä on teknisen sisällön lisäk- si vahva yhteiskunnallinen elementti, tarkastellaan tiukan tekni- sen tarkastelun sijaan aihepiirä laajemmin myös yhteiskunnalli- sesta näkökulmasta. Tässä väitöskirjassa pyritään rakentamaan kokonaiskuvaa ver- kottuneen tietoyhteiskunnan turvallisuuteen, toimintaan ja va- kauteen vaikuttavista tekijöistä, sekä tuomaan esiin uusia rat- kaisuja ja avauksia eri näkökulmista. Työn tavoitteena on os- altaan mahdollistaa entistä turvallisemman verkottuneen tieto- yhteiskunnan rakentaminen tulevaisuudessa. Teknisestä näkö- kulmasta työssä esitetään suunnitteluvuo kryptografisia primitii- vejä tehokkaasti hyödyntäville rajallisen laskentatehon sulautetu- vii ille järjestelmille, analysoidaan biometrisiin passeihin, kansain- väliseen passijärjestelmään, sekä sähköiseen äänestykseen koh- distuvia uhkia, tarkastellaan joukkovalvontaan käytettyjen tek- niikoiden toimintaperiaatteita ja niiden aiheuttamia uhkia, sekä tutkitaan suomalaisten Internet-käyttäjien salasanatottumuksia verkkosovelluksissa. Teknis-yhteiskunnallisesta näkökulmasta työssä tarkastellaan valvonnan teoriaa ja perehdytään siihen, miten valvonta vaikut- taa verkottuneen tietoyhteiskunnan kansalaisiin. Lisäksi kehite- tään menetelmiä parempaan tietoturvaopetukseen kaikilla kou- lutusasteilla, määritellään keskeiset tietoturvatietouden käsitteet, tarkastellaan mahdollisuutta soveltaa tiedon herruuden periaa- tetta verkottuneen tietoyhteiskunnan kansalaisistaan keräämän tiedon hallintaan ja käyttöön, sekä tutkitaan luottamuksen mer- kitystä yhteiskunnan ydintoimintojen turvallisuudelle ja toimin- nalle, keskittyen erityisesti pakotetun luottamuksen vaikutuk- siin. avainsanat: Tietoyhteiskunta, turvallisuus, yksityisyys, luot- tamus, valvonta, tietoturvakoulutus, biometriikat, Internet-äänes- tys, kryptografia viii PUBLICATIONS Certain key aspects, ideas and figures in this thesis have previ- ously appeared – in different phases of maturity – in the follow- ing publications, in chronological order: Hakkala, Antti and Virtanen, Seppo. Accelerating Cryptographic Protocols: A Review of Theory and Technologies. In Proceedings of The Fourth International Conference on Communication Theory, Re- liability, and Quality of Service CTRQ 2011, NexComm 2011 conferen- ce, pages 103 – 109, Budapest, Hungary, April 17.-22.2011. Heimo, Olli I. and Hakkala, Antti and Kimppa, Kai K. The prob- lems with security and privacy in eGovernment — Case: Biomet- ric Passports in Finland. In Ethicomp 2011 Conference Proceedings, Sheffield-Hallam University, UK, September 14.-16.2011. Heimo, Olli I. and Hakkala, Antti and Kimppa, Kai K. How to abuse biometric recognition systems. Journal of Information, Com- munication & Ethics in Society, Vol. 10 Iss: 2 pp. 68 – 81, 2012. Hakkala, Antti and Virtanen, Seppo. University-Industry Col- laboration in Network Security Education for Engineering Stu- dents. In International Conference on Engineering Education ICEE 2012, Turku, Finland, July 2012. Moosavi, Sanaz Rahimi and Hakkala, Antti and Isoaho, Johanna and Virtanen, Seppo and Isoaho, Jouni. Specification analysis for secure RFID implants. International Journal of Computer Theory and Engineering 04/2014; 6(2), 2014. Nigussie, Ethiopia and Hakkala, Antti and Virtanen, Seppo and Isoaho, Jouni. Energy-aware Adaptive Security Management for Wireless Sensor Networks. In IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks, Sydney, Aus- tralia, July 2014. Hakkala, Antti and Virtanen, Seppo. Virtualization of laboratory education in network security engineering. In proceedings of In- ternational Conference on Engineering Education ICEE 2015, Zagreb, Croatia, 20.-24.7.2015. ix Hakkala, Antti and Isoaho, Jouni. Defining and Measuring Key Expertise Areas in Information Security for Higher Education Students. In proceedings of International Conference on Enginee- ring Education ICEE 2015, Zagreb, Croatia, 20.-24.7.2015. Hakkala, Antti and Isoaho, Jouni and Virtanen, Seppo. Towards Adaptive Cryptography and Security with Software
Load more

Recommended publications
  • A Quantitative Study of Advanced Encryption Standard Performance
    United States Military Academy USMA Digital Commons West Point ETD 12-2018 A Quantitative Study of Advanced Encryption Standard Performance as it Relates to Cryptographic Attack Feasibility Daniel Hawthorne United States Military Academy, [email protected] Follow this and additional works at: https://digitalcommons.usmalibrary.org/faculty_etd Part of the Information Security Commons Recommended Citation Hawthorne, Daniel, "A Quantitative Study of Advanced Encryption Standard Performance as it Relates to Cryptographic Attack Feasibility" (2018). West Point ETD. 9. https://digitalcommons.usmalibrary.org/faculty_etd/9 This Doctoral Dissertation is brought to you for free and open access by USMA Digital Commons. It has been accepted for inclusion in West Point ETD by an authorized administrator of USMA Digital Commons. For more information, please contact [email protected]. A QUANTITATIVE STUDY OF ADVANCED ENCRYPTION STANDARD PERFORMANCE AS IT RELATES TO CRYPTOGRAPHIC ATTACK FEASIBILITY A Dissertation Presented in Partial Fulfillment of the Requirements for the Degree of Doctor of Computer Science By Daniel Stephen Hawthorne Colorado Technical University December, 2018 Committee Dr. Richard Livingood, Ph.D., Chair Dr. Kelly Hughes, DCS, Committee Member Dr. James O. Webb, Ph.D., Committee Member December 17, 2018 © Daniel Stephen Hawthorne, 2018 1 Abstract The advanced encryption standard (AES) is the premier symmetric key cryptosystem in use today. Given its prevalence, the security provided by AES is of utmost importance. Technology is advancing at an incredible rate, in both capability and popularity, much faster than its rate of advancement in the late 1990s when AES was selected as the replacement standard for DES. Although the literature surrounding AES is robust, most studies fall into either theoretical or practical yet infeasible.
    [Show full text]
  • NSA's Efforts to Secure Private-Sector Telecommunications Infrastructure
    Under the Radar: NSA’s Efforts to Secure Private-Sector Telecommunications Infrastructure Susan Landau* INTRODUCTION When Google discovered that intruders were accessing certain Gmail ac- counts and stealing intellectual property,1 the company turned to the National Security Agency (NSA) for help in securing its systems. For a company that had faced accusations of violating user privacy, to ask for help from the agency that had been wiretapping Americans without warrants appeared decidedly odd, and Google came under a great deal of criticism. Google had approached a number of federal agencies for help on its problem; press reports focused on the company’s approach to the NSA. Google’s was the sensible approach. Not only was NSA the sole government agency with the necessary expertise to aid the company after its systems had been exploited, it was also the right agency to be doing so. That seems especially ironic in light of the recent revelations by Edward Snowden over the extent of NSA surveillance, including, apparently, Google inter-data-center communications.2 The NSA has always had two functions: the well-known one of signals intelligence, known in the trade as SIGINT, and the lesser known one of communications security or COMSEC. The former became the subject of novels, histories of the agency, and legend. The latter has garnered much less attention. One example of the myriad one could pick is David Kahn’s seminal book on cryptography, The Codebreakers: The Comprehensive History of Secret Communication from Ancient Times to the Internet.3 It devotes fifty pages to NSA and SIGINT and only ten pages to NSA and COMSEC.
    [Show full text]
  • Efficient Hashing Using the AES Instruction
    Efficient Hashing Using the AES Instruction Set Joppe W. Bos1, Onur Özen1, and Martijn Stam2 1 Laboratory for Cryptologic Algorithms, EPFL, Station 14, CH-1015 Lausanne, Switzerland {joppe.bos,onur.ozen}@epfl.ch 2 Department of Computer Science, University of Bristol, Merchant Venturers Building, Woodland Road, Bristol, BS8 1UB, United Kingdom [email protected] Abstract. In this work, we provide a software benchmark for a large range of 256-bit blockcipher-based hash functions. We instantiate the underlying blockci- pher with AES, which allows us to exploit the recent AES instruction set (AES- NI). Since AES itself only outputs 128 bits, we consider double-block-length constructions, as well as (single-block-length) constructions based on RIJNDAEL- 256. Although we primarily target architectures supporting AES-NI, our frame- work has much broader applications by estimating the performance of these hash functions on any (micro-)architecture given AES-benchmark results. As far as we are aware, this is the first comprehensive performance comparison of multi- block-length hash functions in software. 1 Introduction Historically, the most popular way of constructing a hash function is to iterate a com- pression function that itself is based on a blockcipher (this idea dates back to Ra- bin [49]). This approach has the practical advantage—especially on resource-constrained devices—that only a single primitive is needed to implement two functionalities (namely encrypting and hashing). Moreover, trust in the blockcipher can be conferred to the cor- responding hash function. The wisdom of blockcipher-based hashing is still valid today. Indeed, the current cryptographic hash function standard SHA-2 and some of the SHA- 3 candidates are, or can be regarded as, blockcipher-based designs.
    [Show full text]
  • As Facebook Raised a Privacy Wall, It Carved an Opening for Tec
    As Facebook Raised a Privacy Wall, It Carved an Opening for Tec... https://www.printfriendly.com/p/g/FEuXeA As Facebook Raised a Privacy Wall, It Carved an Opening for Tech Giants nytimes.com/2018/12/18/technology/facebook-privacy.html By Gabriel J.X. Dance , Michael LaForgia and Nicholas Confessore December 19, 2018 For years, gave some of the world’s largest technology companies more intrusive access to users’ personal data than it has disclosed, effectively exempting those business partners from its usual privacy rules, according to internal records and interviews. The special arrangements are detailed in hundreds of pages of Facebook documents obtained by The New York Times. The records, generated in 2017 by the company’s internal system for tracking partnerships, provide the most complete picture yet of the social network’s data-sharing practices. They also underscore how personal data has become the most prized commodity of the digital age, traded on a vast scale by some of the most powerful companies in Silicon Valley and beyond. The exchange was intended to benefit everyone. Pushing for explosive growth, Facebook got more users, lifting its advertising revenue. Partner companies acquired features to make their products more attractive. Facebook users connected with friends across different devices and websites. But Facebook also assumed extraordinary power over the personal information of its 2.2 billion users — control it has wielded with little transparency or outside oversight. Facebook allowed Microsoft’s Bing search engine to see the names of virtually all Facebook users’ friends without consent, the records show, and gave Netflix and Spotify the ability to read Facebook users’ private messages.
    [Show full text]
  • Stream Cipher Designs: a Review
    SCIENCE CHINA Information Sciences March 2020, Vol. 63 131101:1–131101:25 . REVIEW . https://doi.org/10.1007/s11432-018-9929-x Stream cipher designs: a review Lin JIAO1*, Yonglin HAO1 & Dengguo FENG1,2* 1 State Key Laboratory of Cryptology, Beijing 100878, China; 2 State Key Laboratory of Computer Science, Institute of Software, Chinese Academy of Sciences, Beijing 100190, China Received 13 August 2018/Accepted 30 June 2019/Published online 10 February 2020 Abstract Stream cipher is an important branch of symmetric cryptosystems, which takes obvious advan- tages in speed and scale of hardware implementation. It is suitable for using in the cases of massive data transfer or resource constraints, and has always been a hot and central research topic in cryptography. With the rapid development of network and communication technology, cipher algorithms play more and more crucial role in information security. Simultaneously, the application environment of cipher algorithms is in- creasingly complex, which challenges the existing cipher algorithms and calls for novel suitable designs. To accommodate new strict requirements and provide systematic scientific basis for future designs, this paper reviews the development history of stream ciphers, classifies and summarizes the design principles of typical stream ciphers in groups, briefly discusses the advantages and weakness of various stream ciphers in terms of security and implementation. Finally, it tries to foresee the prospective design directions of stream ciphers. Keywords stream cipher, survey, lightweight, authenticated encryption, homomorphic encryption Citation Jiao L, Hao Y L, Feng D G. Stream cipher designs: a review. Sci China Inf Sci, 2020, 63(3): 131101, https://doi.org/10.1007/s11432-018-9929-x 1 Introduction The widely applied e-commerce, e-government, along with the fast developing cloud computing, big data, have triggered high demands in both efficiency and security of information processing.
    [Show full text]
  • Why Google Dominates Advertising Markets Competition Policy Should Lean on the Principles of Financial Market Regulation
    Why Google Dominates Advertising Markets Competition Policy Should Lean on the Principles of Financial Market Regulation Dina Srinivasan* * Since leaving the industry, and authoring The Antitrust Case Against Face- book, I continue to research and write about the high-tech industry and competition, now as a fellow with Yale University’s antitrust initiative, the Thurman Arnold Pro- ject. Separately, I have advised and consulted on antitrust matters, including for news publishers whose interests are in conflict with Google’s. This Article is not squarely about antitrust, though it is about Google’s conduct in advertising markets, and the idea for writing a piece like this first germinated in 2014. At that time, Wall Street was up in arms about a book called FLASH BOYS by Wall Street chronicler Michael Lewis about speed, data, and alleged manipulation in financial markets. The controversy put high speed trading in the news, giving many of us in advertising pause to appre- ciate the parallels between our market and trading in financial markets. Since then, I have noted how problems related to speed and data can distort competition in other electronic trading markets, how lawmakers have monitored these markets for con- duct they frown upon in equities trading, but how advertising has largely remained off the same radar. This Article elaborates on these observations and curiosities. I am indebted to and thank the many journalists that painstakingly reported on industry conduct, the researchers and scholars whose work I cite, Fiona Scott Morton and Aus- tin Frerick at the Thurman Arnold Project for academic support, as well as Tom Fer- guson and the Institute for New Economic Thinking for helping to fund the research this project entailed.
    [Show full text]
  • A Bibliography of Publications on Hashing Algorithms
    A Bibliography of Publications on Hashing Algorithms Nelson H. F. Beebe University of Utah Department of Mathematics, 110 LCB 155 S 1400 E RM 233 Salt Lake City, UT 84112-0090 USA Tel: +1 801 581 5254 FAX: +1 801 581 4148 E-mail: [email protected], [email protected], [email protected] (Internet) WWW URL: http://www.math.utah.edu/~beebe/ 24 August 2021 Version 2.344 Title word cross-reference [BRM+09, BS91b, BS91a, CM01, Gir87, Ven86, WS93, War14, Coh97, Coh98, LHC05, QG89, QG90]. O(1) [FKS84]. O(log log n) #2 [Cer85]. [MN90]. O(log W ) [LS07b]. O(N) [HG77, MN90]. pn [Ack74]. π [FFGL10]. q 1 [PPS21]. 10 [GLM+10]. 11 [SY11]. 2 [OWZ14]. SL2 [MT16]. Z=p [Mue04]. + [EAA 16, GG92, HD72]. 2n [QG89, QG90]. + 3 [CBA94, Fly92, GG92, GK94, LMJC07, -approximate [SWQ 14]. -ary LDY+16, SYW+20, WSSO12]. 5=8 [Sch11]. [CC91, CLC92, Gui78, RRS07]. -Bit $62m [Nic17]. 64 [LK16]. ∗ [LNS93]. + [QG89, QG90, LK16, LK11]. -Body MT [WS93, War14]. -codes [Bie95]. -dimension [Omi88, Omi89a]. [HRB13]. 2 [AK98, QJ97]. A [Lyo83]. A∗ [MD97]. A2 [LHC05]. -dimensional [Yuv75]. + + -Functions [OOB12]. -gram [Bie95]. α [ABC 16]. b [LK11]. B [TB91]. + c [SWQ+14]. d [FPS17, PRM16]. f [LG78]. [Coh98, Ven86]. -Grams [Coh97, BRM 09]. 2 -Hash [BS91b, BS91a]. -Independence GL2(Fpn )[TNS20].H [DRS12]. H2A [CBB05]. K [Yuv75, APV07, CL85, CC91, [PT16, PT10a]. -mer [HC14, PNPC20]. CLC92, DKRT15, Die96, EFMRK+20, -min-wise [FPS17]. -Nearest [CL85]. + -partitions [DKRT15]. -Pipeline [PRM16]. FPS17, Gui78, HC14, LLG 17, PT10a, + PT16, PNPC20, RRS07, SS90b]. L [OOB12]. -probe [SS90b]. -Round [GLM 10, SY11].
    [Show full text]
  • Two Years After Snowden
    TWO YEARS AFTER SNOWDEN PROTECTING HUMAN RIGHTS IN AN AGE OF MASS SURVEILLANCE (COVER IMAGE) A student works on a computer that is projecting former U.S. National Security Agency contractor Edward Snowden as he appears live via video during a world affairs conference in Toronto © REUTERS/Mark Blinch 2 TWO YEARS AFTER SNOWDEN JUNE 2015 © REUTERS/Zoran Milich © REUTERS/Zoran “The hard truth is that the use of mass surveillance technology effectively does away with the right to privacy of communications on the Internet altogether.” Ben Emmerson QC, UN Special Rapporteur on counter-terrorism and human rights EXECUTIVE SUMMARY On 5 June 2013, a British newspaper, The exposed by the media based on files leaked by Guardian, published the first in a series Edward Snowden have included evidence that: of revelations about indiscriminate mass surveillance by the USA’s National Security Companies – including Facebook, Google Agency (NSA) and the UK’s Government and Microsoft – were forced to handover Communications Headquarters (GCHQ). their customers’ data under secret orders Edward Snowden, a whistleblower who had through the NSA’s Prism programme; worked with the NSA, provided concrete evidence of global communications the NSA recorded, stored and analysed surveillance programmes that monitor the metadata related to every single telephone internet and phone activity of hundreds call and text message transmitted in of millions of people across the world. Mexico, Kenya, and the Philippines; Governments can have legitimate reasons GCHQ and the NSA have co- for using communications surveillance, for opted some of the world’s largest example to combat crime or protect national telecommunications companies to tap security.
    [Show full text]
  • Optimizing Authenticated Encryption Algorithms
    Masaryk University Faculty of Informatics Optimizing authenticated encryption algorithms Master’s Thesis Ondrej Mosnáček Brno, Fall 2017 Masaryk University Faculty of Informatics Optimizing authenticated encryption algorithms Master’s Thesis Ondrej Mosnáček Brno, Fall 2017 This is where a copy of the official signed thesis assignment and a copy ofthe Statement of an Author is located in the printed version of the document. Declaration Hereby I declare that this paper is my original authorial work, which I have worked out on my own. All sources, references, and literature used or excerpted during elaboration of this work are properly cited and listed in complete reference to the due source. Ondrej Mosnáček Advisor: Ing. Milan Brož i Acknowledgement I would like to thank my advisor, Milan Brož, for his guidance, pa- tience, and helpful feedback and advice. Also, I would like to thank my girlfriend Ludmila, my family, and my friends for their support and kind words of encouragement. If I had more time, I would have written a shorter letter. — Blaise Pascal iii Abstract In this thesis, we look at authenticated encryption with associated data (AEAD), which is a cryptographic scheme that provides both confidentiality and integrity of messages within a single operation. We look at various existing and proposed AEAD algorithms and compare them both in terms of security and performance. We take a closer look at three selected candidate families of algorithms from the CAESAR competition. Then we discuss common facilities provided by the two most com- mon CPU architectures – x86 and ARM – that can be used to implement cryptographic algorithms efficiently.
    [Show full text]
  • CDT Submission OHCHR Consultation on Privacy
    GOVERNMENT SURVEILLANCE AND THE RIGHT TO PRIVACY OFFICE OF THE HIGH COMMISSIONER FOR HUMAN RIGHTS CONSULTATION ON “THE RIGHT TO PRIVACY IN THE DIGITAL AGE” April 1, 2014 About the Center for Democracy & Technology The Center for Democracy & Technology (CDT) is a U.S.-based civil society organization that works globally to defend human rights and civil liberties online. We are dedicated to keeping the Internet open, innovative, and free, and we are committed to finding forward-looking and technically sound solutions to the medium’s most pressing challenges. For over 20 years, since the Internet’s infancy, CDT has played a leading role in shaping the policies, practices, and norms that have empowered individuals to more effectively use the Internet as speakers, entrepreneurs, and active citizens. CDT brings legal and technical expertise, thought leadership, and coalition-building skills to its work with domestic and global policy institutions, regulators, standards bodies, governance organizations, and courts. I. Overview of Recommendations CDT welcomes the opportunity to provide input for the United Nations High Commissioner for Human Rights’ report following General Assembly Resolution 68/167, “The right to privacy in the digital age.” This submission seeks to highlight specific technological and legal issues relevant to the right to privacy in the context of government surveillance. CDT emphasizes several key points to inform the High Commissioner’s report: ! Human Rights Council member states have affirmed that “the same rights that people have offline must also be protected online, in particular freedom of expression, which is applicable regardless of frontiers and through any media of one’s choice."1 ! The right to privacy is, without question, implicated by government communications surveillance.
    [Show full text]
  • Low-Complexity Mitigation of Cache Side Channel Attacks
    Non-Monopolizable Caches: Low-Complexity Mitigation of Cache Side Channel Attacks LEONID DOMNITSER, State University of New York at Binghamton AAMER JALEEL, Intel Corporation, VSSAD JASON LOEW, NAEL ABU-GHAZALEH, and DMITRY PONOMAREV, State University of New York at Binghamton We propose a flexibly-partitioned cache design that either drastically weakens or completely eliminates cache-based side channel attacks. The proposed Non-Monopolizable (NoMo) cache dynamically reserves cache lines for active threads and prevents other co-executing threads from evicting reserved lines. Unreserved lines remain available for dynamic sharing among threads. NoMo requires only simple modifications to the cache replacement logic, making it straightforward to adopt. It requires no software support enabling it to automatically protect pre-existing binaries. NoMo results in performance degradation of about 1% on average. We demonstrate that NoMo can provide strong security guarantees for the AES and Blowfish encryption algorithms. Categories and Subject Descriptors: C.1.0 [Processor Architectures]: General General Terms: Design, Security, Performance Additional Key Words and Phrases: Side-channel attacks, shared caches, secure architectures ACM Reference Format: Domnitser, L., Jaleel, A., Loew, J., Abu-Ghazaleh, N., and Ponomarev, D. 2012. Non-monopolizable caches: Low-complexity mitigation of cache side channel attacks. ACM Trans. Architec. Code Optim. 8, 4, Article 35 (January 2012), 21 pages. DOI = 10.1145/2086696.2086714 http://doi.acm.org/10.1145/2086696.2086714 1. INTRODUCTION In recent years, security has emerged as a key design consideration in computing and communication systems. Security solutions center around the use of cryptographic algorithms, such as symmetric ciphers, public-key ciphers, and hash functions.
    [Show full text]
  • Cyber, Intelligence, and Security
    Cyber, Intelligence, and Security Volume 3 | No. 1 | May 2019 European Countries Facing the Challenge of Foreign Influence on Democracy—Comparative Research David Siman-Tov and Mor Buskila The Threat of Foreign Interference in the 2019 Elections in Israel and Ways of Handling it Pnina Shuker and Gabi Siboni The INF Treaty and New START: Escalation Control, Strategic Fatalism, and the Role of Cyber Stephen J. Cimbala Iranian Cyber Capabilities: Assessing the Threat to Israeli Financial and Security Interests Sam Cohen Outsourcing in Intelligence and Defense Agencies: A Risk of an Increase in the Proliferation of Cyber Weapons? Omree Wechsler The Academization of Intelligence: A Comparative Overview of Intelligence Studies in the West Kobi Michael and Aaron Kornbluth Forty-Five Years Since the Yom Kippur War: Intelligence and Risk Management in the Thirty Hours Preceding the War Shmuel Even National Cyber Security in Israel Yigal Unna Cyber, Intelligence, and Security Volume 3 | No. 1 | May 2019 Contents European Countries Facing the Challenge of Foreign Influence on Democracy—Comparative Research | 3 David Siman-Tov and Mor Buskila The Threat of Foreign Interference in the 2019 Elections in Israel and Ways of Handling it | 27 Pnina Shuker and Gabi Siboni The INF Treaty and New START: Escalation Control, Strategic Fatalism, and the Role of Cyber | 41 Stephen J. Cimbala Iranian Cyber Capabilities: Assessing the Threat to Israeli Financial and Security Interests | 71 Sam Cohen Outsourcing in Intelligence and Defense Agencies: A Risk of an Increase in the Proliferation of Cyber Weapons? | 95 Omree Wechsler The Academization of Intelligence: A Comparative Overview of Intelligence Studies in the West | 117 Kobi Michael and Aaron Kornbluth Forty-Five Years Since the Yom Kippur War: Intelligence and Risk Management in the Thirty Hours Preceding the War | 141 Shmuel Even National Cyber Security in Israel | 167 Yigal Unna The purpose of Cyber, Intelligence, and Security is to stimulate Cyber, and enrich the public debate on related issues.
    [Show full text]