Subversive Technologies

Academic Year: 2014-15, Hilary Term Date and Time: Weeks 1-9, Day and time to be determined Location: TBD

Course Convener: Dr Joss Wright, Research Fellow, [email protected]

Background The internet has created a new landscape for the communication and collaborative creation of information, and has caused a broad centralization of the global communications infrastructure. As a result, the technologies comprising the network have come to represent a significant means for control over the creation, access, and dissemination of large volumes of information.

Information and the means by which it is communicated and controlled, are now key concerns. Computer networks and the technologies on which they are built have evolved beyond their original scope and purpose. Issues such as privacy and information security have arisen that were often not considered in the original design of core protocols, resulting in an ongoing struggle to ensure that the fundamentally flawed infrastructure can meet the requirements placed on it in its role as a global information network.

Through both its flaws and its intended functionality the internet has produced an ecosystem of cultures, institutions, and technologies that aim to exert, resist, and circumvent control over information. This course aims to provide students with an understanding of technologies that provide control over information flows and action on the internet, and those that resist or subvert that control. To fully understand these technologies the course considers the cultures that created and surround them, how various new technologies interact with traditional institutions and structures, and how these are exploited by both states and individuals.

Learning Outcomes On completion of this course students will have an understanding of the technologies that underpin secured communications on the internet, and the development, aims, applications, and limitations of these technologies. Students will learn the advantages of new forms of communication technologies and the ongoing threats that they raise with respect to existing structures and institutions. Crucially, students will gain insight into the feasibility of technologies for controlling information and online action, and the effectiveness and consequences of social, technical, legal, and political means to influence their use.

Teaching Arrangements The course will consist of 8 weekly two-hour sessions, each being divided into an hour’s lecture with the remainder discussion and presentations of student work. The classes will meet in weeks 1-4 and 6-9 of Hilary term.

1

Note Students should note that over the course of the year, small changes may be made to the content, dates or teaching arrangements set out in this reading list, at the course provider's discretion. These changes will be communicated to students directly and will be noted on the internal course information website.

Summative Assessment Students will be assessed through a final essay of up to 5000 words which must be submitted to the Examinations School by 12 noon of Monday of Week 1 of Trinity term. The essay will cover one of the course topics, and students will choose a topic in consultation with the course tutors in advance. The essay should be clearly related to the topics of the course.

Formative Assignment In addition, all students will undertake formative assessment in the form of one short essay, of advised length 1500-3000 words, on any of the 8 topics covered. This essay will provide a means for students to obtain feedback on the progress they have achieved.

Submission of Summative Assignments All coursework should be submitted in person to the Examinations School by the stated deadline. All coursework should be put in an envelope and must be addressed to ‘The Chairman of Examiners for the MSc in Social Science of the Internet C/o The Clerk of Examination Schools, High Street. Students should also ensure they add the OII coversheet at the top of the coursework and that two copies of the coursework are submitted. Please note that all work must be single sided. An electronic copy will also need to be submitted to the department. Please note that all coursework will be marked anonymously and therefore only your candidate number is required on the coversheet.

Please note that work submitted after the deadline will be processed in the standard manner and, in addition, the late submission will be reported to the Proctors' Office. If a student is concerned that they will not meet the deadline they must contact their college office or examinations school for advice. For further information on submission of assessments to the examinations school please refer to http://www.admin.ox.ac.uk/schools/oxonly/submissions/index.shtml.

For details on the regulations for late and non-submissions please refer to the Proctors website at http://www.admin.ox.ac.uk/proctors/info/pam/section9.shtml. Any student failing this assessment will need to follow the rules set out in the OII Examining Conventions regarding re-submitting failed work.

List of Topics and Weekly Key Readings

Week 1: Fundamentals of Computer Security What do we mean by the concept of ‘security’ when applied to information, computers, and networks? What factors affect the security of computer systems, and how are these supported or hindered through technological and human means? This lecture provides an understanding of the goals of information security, charts its development from the early insecure days of computing and the internet to the modern day. We will examine some of the key events that drove security considerations to the fore, and the institutional and community-based reactions to the challenge of securing information resources.

Key Question: What is security?

Concepts: • Key concepts in network security.

2

• Fundamental insecurity of modern protocols such as email and the web. • History and development of malware from the Morris Worm to Stuxnet. • Distributed denial of service. • Security arguments for open source and closed source development.

Readings: • Anderson – Security Engineering: A Guide to Building Dependable Distributed Systems. Second Edition (11 April 2008). Chapters 1–7. http://www.cl.cam.ac.uk/~rja14/book.html

• Seeley – A Tour of the Worm. http://www.thehackademy.net/madchat/vxdevl/avtech/A\%20Tour\%20of\%20the\%20Worm.p df

• Whitten – Why Johnny can’t encrypt. http://www.cs.berkeley.edu/~tygar/papers/Why\_Johnny\_Cant\_Encrypt/OReilly.pdf

• National Security Institute – 5200.28-STD Trusted Computer System Evaluation Criteria. http://csrc.nist.gov/publications/history/dod85.pdf

• Anderson – “Security in Open versus Closed Systems – The Dance of Boltzmann, Coase and Moore”. http://www.cl.cam.ac.uk/~rja14/Papers/toulouse.pdf

Week 2: Hacking: A Practical Primer Computer hacking, understood as the practice of circumventing access controls and restrictions in computer systems, is strongly represented in the mythology of the internet. In this lecture we will attempt to dispel some of the hacker mythos by providing a detailed introduction to some of the archetypical security flaws in computer systems, and show practically how these are exploited by hackers.

With this basis the lecture will examine the motivations, politics, and activities underlying computer hacking, and explore some of the more well-known hacker groups and their impact on the development of the internet.

Key Question: Who are hackers, why do they hack, and how?

Concepts: • Buffer overflows. • SQL Injection. • Cross site scripting. • Distributed denial of service and its applications. • Special engineering. • Hacktivism. • Hacking cultures – phreaking, hacking, CoDC, CCC, Telecomix.

Readings: • Sterling – The Hacker Crackdown – Law and Disorder on the Electronic Frontier. http://www.mit.edu/hacker/hacker.html

• Aleph One – Smashing the Stack for Fun and Profit. http://phrack.org/issues/49/14.html

• Hakim Bey – The Temporary Autonomous Zone.

3

• rain.forrest.puppy – NT Web Technology Vulnerabilities. http://phrack.org/issues/54/8.html

• Computer Emergency Response Team. CERT Advisory CA96. 21: TCP SYN Flooding and IP Spoofing Attacks. https://www.cert.org/historical/advisories/CA-1996-21.cfm

Week 3: Underground Information Markets Computer and internet security is largely concerned with the control of information. As certain forms of data increasingly become a store of value and power, markets have emerged to allow the results of security breaches and other forms of cybercrime to be traded. This lecture will examine the types of information and activity that are traded on these markets, what is known about their structure, and the key actors that drive them. We will consider criminal markets for data such as credit cards and identities, command-and-control infrastructures that allow on-demand attacks against websites and spam, and the increasing market for ‘zero day’ security holes that are supported by both private actors and nation-states.

Key Question: What is traded on underground information markets, and by whom?

Concepts: • Zero day markets. • Credit card forums. • Zombie command-and-control infrastructures. • Notable centres of hacking: Russia, China, and Brazil. • Jurisdiction and enforcement of internet crime.

Readings: • Brown, I., Wright, J., et al. (2013) Comprehensive Study on Cybercrime. UN Office on Drugs and Crime, Vienna. March 2013. http://www.unodc.org/documents/organized- crime/UNODC\_CCPCJ\_EG.4\_2013/CYBERCRIME\_STUDY\_210213.pdf

• Ablon et al. Markets for Cybercrime Tools and Stolen Data – Hackers’ Bazaar. http://www.rand.org/pubs/research\_reports/RR610.html

• Yip – An investigation into Chinese cybercrime and the underground economy in comparison with the West. http://eprints.soton.ac.uk/273136/1.hasCoversheetVersion/dissertation\_final.pdf

• Miller – The Legitimate Vulnerability Market Inside the Secretive World of 0-day Exploit Sales. http://weis2007.econinfosec.org/papers/29.pdf

• Caballero – Measuring Pay-Per-Install: The commoditization of malware distribution. https://www.usenix.org/events/sec11/tech/full\_papers/Caballero.pdf

• Thomas et al. – Trafficking Fraudulent Accounts: The Role of the Underground Market in Twitter Spam and Abuse. http://www.icir.org/vern/papers/twitter-acct-purch.usesec13.pdf

Week 4: Key Concepts in Cryptography Cryptography is a fundamental tool in the control of information, and underpins many of the information security technologies on the internet. This lecture describes the key concepts and developments in cryptography and cryptanalysis from the earliest known uses of ad-hoc schemes through to the more formalised mathematical approaches of the modern era. This lecture will focus on

4 cryptography up to the modern discovery of public-key schemes, and will explore the role of cryptography in both national security and private contexts.

Key Question: What effects have the ability to hide information had in the development of the internet, and what are the limitations of this ability?

Concepts: • Kerckhoffs’s Principle. • The existence of one-way trapdoor functions. • Pseudorandom functions. • Symmetric ciphers. • Hash functions. • Block cipher modes of operation.

Readings: • Schneier – Applied Cryptography, Second Edition. (1996). (Chapters 1-4,7,8)

• Anderson – Security Engineering: A Guide to Building Dependable Distributed Systems. Second Edition (11 April 2008). Chapter 5. http://www.cl.cam.ac.uk/~rja14/Papers/SEv2-c05.pdf

• Menezes, Alfred; van Oorschot, Paul C.; Vanstone, Scott A. (October 1996). Handbook of Applied Cryptography.

• Schneier – Applied Cryptography, Second Edition. (1996). (Remaining chapters.)

• Shannon – Communication Theory of Secrecy Systems. http://netlab.cs.ucla.edu/wiki/files/shannon1949.pdf

Week 5: BREAK

Week 6: Developments in Modern Cryptography

Traditional forms of cryptography focused on protecting messages in transit from being read by unauthorised parties. As computers and the internet have altered the communications and interception landscape, the use of cryptography has become increasingly prevalent, and has expanded to include a variety of non-traditional applications. At the same time, the ability of citizens to employ strong cryptography to their private communications has led to various attempts to regulate or prevent its use. This lecture will expose students to developments in modern cryptography since the rise of public-key encryption, and the ongoing regulatory and legal struggles that have accompanied these developments.

Key Question: What effects have modern developments in cryptography had on internet communications, and what effects will these have in the future?

Concepts: • Public key encryption. • Computational complexity and hard problems. • Homomorphic encryption. • Quantum computing and post-quantum cryptography. • Standardization and development. o The crypto-wars.

5

o NIST standards development processes. o NSA and GCHQ.

Readings: • Steven Levy – Crypto : How the code rebels beat the government, saving privacy in the digital age.

• Diffie and Hellman – New Directions in Cryptography. http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.37.9720

• Rivest, R.; A. Shamir; L. Adleman (1978). A Method for Obtaining Digital Signatures and Public-Key Cryptosystems. Communications of the ACM 21 (2): 120–126. doi:10.1145/359340.359342 http://people.csail.mit.edu/rivest/Rsapaper.pdf

• Nechvatal et al. – Report on the Development of the Advanced Encryption Standard (AES) http://csrc.nist.gov/archive/aes/round2/r2report.pdf

• Anderson – Security Engineering: A Guide to Building Dependable Distributed Systems. Second Edition (11 April 2008). Chapter 5. http://www.cl.cam.ac.uk/~rja14/Papers/SEv2- c05.pdf

Week 7: Cryptocurrencies: Digital Bits and Pieces of Eight

Attempts to create digital currency schemes, in particular those that allow cash-like properties such as anonymity, have existed since the early days of the internet. The lecture will trace the development of cryptocurrencies, and the stated economic and political rationales behind the desire for untraceable electronic cash, with particular reference to the Cypherpunks movement. We will then go on to examine Bitcoin, the most well-known and successful cryptocurrency to date. We will explore Bitcoin’s technical function and properties, and discuss some of the factors that have led to its adoption and success, as well as various high-profile events that have revolved around Bitcoin. In doing so, we will see the emerging legal and regulatory challenges that exist for a global electronic cash system.

Key Question: How do cryptocurrencies fit into the modern internet, and what future developments are likely both for currency schemes and their role in society?

Concepts: • Currency, libertarianism, and fiat currency. • Credit cards and electronic transactions. • Chaum’s eCash and the development of electronic currency. • Bitcoin o How it works and what it does and doesn’t do. o Bitcoin exchanges. o Alt-coins. LiteCoin, ZeroCoin. • Silk road and assassination markets.

Readings:

• Nakamoto – Bitcoin: A Peer-to-Peer Electronic Cash System. https://bitcoin.org/bitcoin.pdf

• Lund – Crypto Anarchy, Cyberstates, and Pirate Utopias (Chapters 6,7,8)

6

• Chaum – Untraceable electronic cash. http://blog.koehntopp.de/uploads/chaum\_fiat\_naor\_ecash.pdf

• Christin – Travelling the Silk Road: A measurement analysis of a large anonymous online marketplace. http://arxiv.org/pdf/1207.7139v1.pdf

• Ron Dorit; Adi Shamir (2012). Quantitative Analysis of the Full Bitcoin Transaction Graph. http://eprint.iacr.org/2012/584.pdf

• Bell – Assassination Politics. http://www.jrbooksonline.com/PDF\_Books/AP.pdf

Week 8: Untraceable Communications

The internet was originally designed as a robust and efficient communications network, with little consideration for privacy and security. Whilst the means to protect the content of messages from untoward observation are relatively well known, this leaves the significant problem of preventing traffic analysis – determining information about communicating users from their patterns of interaction.

This lecture explores approaches towards hiding the links between communicating parties, examines the arguments for and against online anonymity, and presents the major ideologies and groups that have driven both surveillance and privacy-enhancing technologies in the development of the modern internet.

Key Question: Can internet users be anonymous, and to what extent; and should online anonymity be promoted or prevented?

Concepts: • Notions of identity, anonymity and pseudonymity. • Traffic analysis. • Remailers and Mixes o History and development. Cypherpunks. o Legal and technical attacks. • Onion routing and Tor. o Anonymity, freedom of expression, and censorship. o Privacy, trust, funding, and development methodology.

Required Reading:

• Chaum – Untraceable electronic mail, return addresses, and digital pseudonyms. http://www.ovmj.org/GNUnet/papers/p84-chaum.pdf

• Dingledine et al. – Tor: The Second-Generation Onion Router. https://svn.torproject.org/svn/projects/design-paper/tor-design.pdf

• Chaum – The Dining Cryptographers Problem: Unconditional Sender and Recipient Untraceability. http://www.cs.ucsb.edu/~ravenben/classes/595n-s07/papers/dcnet- jcrypt88.pdf

• Raymond – Traffic Analysis: Protocols, Attacks, Design Issues, and Open Problems. http://freehaven.net/anonbib/cache/raymond00.pdf

7

• Murdoch – Hot or Not: Revealing Hidden Services by their Clock Skew. http://www.cl.cam.ac.uk/~sjm217/papers/ccs06hotornot.pdf

Week 9: Censorship and Control

Despite the promise of the Internet as a global communications medium, its use as a tool to filter and surveil flows of information by both governments and corporations has significant implications for freedom of expression worldwide. This lecture explores how Internet filtering affects the flow of information in both social and technical networks, and how filtering practices have developed and spread over time. We will show the main approaches to filtering and circumvention of filtering technologies, and will investigate the ways in which filtering policies and practise interact with the technical, physical, political, and social realities of the Internet.

Key Question: Is the internet ultimately a tool for freedom of expression, or for control of information?

Concepts: • Approaches to censorship and historical context. • Justification and spread of internet filtering. • Anderson’s Eternity Service. • Circumvention technologies • Virtual private networks. • Forwarding proxy networks. • Protocol mimicry and indivisibility. • Surveillance.

Readings: • Deibert et al. – Access Denied: The Practice and Policy of Global Internet Filtering. (Chapters 1–6). https://opennet.net/node/206

• Penney – Communications Disruption & Censorship under International Law: History Lessons. https://www.usenix.org/system/files/conference/foci12/foci12-final13.pdf

• Hills – The Struggle for Control of Global Communication. (Chapters 1–3).

• Anderson – The Eternity Service. http://www.ovmj.org/GNUnet/papers/eternity.ps

• Wright – Regional Variation in Chinese Internet Filtering. http://www.tandfonline.com/doi/abs/10.1080/1369118X.2013.853818

Please note: Option papers will only run if selected by at least four students.

8