Attacking wireless InternetHannu H. Kari

Slide 1:Attacking (wireless) Internet Hannu H. Kari

Slide 2: ... a short flashback ...

Slide 3:Yksityisyys langattomissa verkoissa Hannu H. KARI 07.01.2003 virkaanastujaisesitelm�

Slide 4:Yksityisyys nykyaikana?

Slide 5:Yksil� ja yksityisyys

Slide 6:Yksityisyys ja s�hk�magneettinen aura

Slide 7:Esimerkki: Ketk� ovat kavereita?

Slide 8:Esimerkki: Ketk� ovat kavereita?

Slide 9:Yksityisyyden viisi/kuusi luokkaa Informaatio (data privacy) Kohde/l�hde (identity privacy) Tapahtumapaika (location privacy) Tapahtuma-aika (time privacy) Olemassaolo (privacy of existence) + Tapahtuma (transaction)

Slide 10:Yksil� vs. yhteiskunta

Slide 11: And now back to our original program ...

Slide 12: History

Slide 13:Technology enhancements

Slide 14:Technology enhancements

Slide 15:Technology enhancements The same thing has happened in Internet in 10�15 years!

Slide 16: Need for privacy?

Slide 17:Analogy for identification: Pets (news.wisc.edu)

Slide 18:Human identification today

Slide 19:Human identification some 60 years ago ... and ... today

Slide 20:Need for privacy

Slide 21:Need for privacy

Slide 22:Need for privacy

Slide 23:Need for privacy

Slide 24:Need for privacy

Slide 25:Need for privacy

Slide 26:Need for privacy

Slide 27:Wireless network eavesdropping

Slide 28:Privacy Definition of Privacy Privacy is the claim of individuals, groups, and institutions to determine for themselves, when, how, and to what extent information about them is communicated to others. Alan Westin 1967

Slide 29: Threats

Slide 30:Holmlund: Verkkohy�kk�ys voi uhata rahaliikennett� {10.11.2008: MPK 187:n avajaiset} YETTS: yhteiskunnan elint�rke�t toiminnot tulee turvata kaikissa tilanteissa Myyrmanni, Jokela & Kauhajoki: * syrj�ytyminen sis�isen turvallisuutemme suurin uhka * monia ei-toivottuja kehitystrendej� Tarkoituksellisin verkkohy�kk�yksin saatetaan heikent�� valtion p��t�ksentekoj�rjestelmien tai esimerkiksi rahaliikenteen toimivuutta Ik�v�t tapahtumat tulevat eteemme aina jossain m��rin yll�tyksen�* varautumisesta ja riskianalyyseista huolimatta. Asymmetrinen maailma, asymmetriset arvot ja motiivit Kaikki uhkat eiv�t v�ltt�m�tt� tule ulkoa

Slide 31:Main threats of Internet 1. We loose our confidence 2. Internet does not work 3. We loose data/money with Internet

Slide 32: Scenario �3/2011�

Slide 33:Scenario �3/2011� Election in a small EU country a country famous on ICT usage, including electronic voting During the election days, a massive DDoS attack is launched against the election system Electronic voting system is unavailable for several hours As a back up alternative, people will use �traditional paper voting system� No harm done????

Slide 34:Scenario �3/2011� Report for the Council of Europe: Internet voting in the March 2007 Parliamentary Elections in Estonia Internet attacks, such as DDoS (Distributed Denial of Service) attacks, could have hampered the ability to run the e-voting application. An extension of the e-voting period could potentially make it more difficult to launch such attacks. ... But will anyone really seriously think electronic voting as a viable alternative for paper voting after this??? NO! We have lost the game permanently

Slide 35: Design flaws of Internet

Slide 36:Security problems in Internet, samples

Slide 37:Security problems in Internet, samples

Slide 38:Who and Why? WHY Motivations: Social behavior Vandalism Money Ideology Military strategic interests

Slide 39:Internet design criterion Primary goals Multiplexing of channel Various network archtectures Administrative boundaries Packet switching Gateways (routers) between networks Secondary goals Robustness (loss of routers and links) Multiple services (reliable or realtime data) Usage of various networks Distributed management Cost efficient implementation Simple attachement to network Resource usage monitoring

Slide 40:Implicit Internet design criterion Silent assumptions Benevolence Openness Low level of dynamicity No mobility Limited computation capacity High cost of crypto algorithms Limited bandwidth

Slide 41:Internet design flaws Original design principles: The enemy is out there! �Everybody can send anything to anybody� Security measures are introduced afterwards The new design principles: The enemy is among us! We must be prepared to pay for security/reliability in form of computation power, bandwidth, energy, etc. Strong security as the fundamental building block Legal sanctions against malevolent entities Every packet must have an owner!

Slide 42: Security domains

Slide 43:Four security domains

Slide 44:Four security domains

Slide 45: Securing network infrastructure

Slide 46:Traditional Internet usage

Slide 47:Short term solution:Secured Infrastructure Router (SIR)

Slide 48:Secured Infrastructure Router (SIR)

Slide 49:Alternative SIR operation

Slide 50: Conclusions

Slide 51:Conclusions Privacy in Internet is vital Especially in wireless environment in all 5/6 categories Risks with Internet are imminent ...due to original design flaws of Internet Architecture with several levels of security Plan-B: �What shall we do, when our network doesn�t work?� What is the minimum level of service? How to handle �Internet brand�

Slide 53:Good/Bad things of Internet Google.cn: �tiananmen square� � 12 first image hits

Slide 54:Good/Bad things of Internet Google.com: �tiananmen square� � 12 first image hits