Скачать презентацию Who am I Mats Ohlin Swedish Скачать презентацию Who am I Mats Ohlin Swedish

0530f98f51d7f905676114adc519aec5.ppt

  • Количество слайдов: 11

Who am I? • Mats Ohlin • Swedish Defence Materiel Administration (FMV) • IT Who am I? • Mats Ohlin • Swedish Defence Materiel Administration (FMV) • IT Security area – International Standardisation: ISO/IEC JTC 1/SC 27/WG 3 (Security Evaluation Criteria) – Defence IP Network Security

General • Mobile Network in Kista – Location Privacy • Overview of previous work General • Mobile Network in Kista – Location Privacy • Overview of previous work in the Privacy area • Freedom System extensions for mobile users

What is Security? • If you do not have a (stated) goal, it is What is Security? • If you do not have a (stated) goal, it is not possible to know when you have arrived – Winnie the Puh • Security is about the ability to counter identified attacks – Attack agent(s) – Assets (to be protected) • System Services • System Resources and Information Objects

Basic Privacy Terms • Anonymity – that a user may use a resource or Basic Privacy Terms • Anonymity – that a user may use a resource or service without disclosing the user´s identity. The requirements for Anonymity provide protection of the user identity. • Pseudonymity – ensures that a user may use a resource or service without disclosing its user identity, but still be accountable for that use.

Basic Privacy Terms (2) • Unlinkability – ensures that a user may make multiple Basic Privacy Terms (2) • Unlinkability – ensures that a user may make multiple uses of resources or services without others being able to link these uses together. • Unobservability – ensures that a user may use a resource or service without others, especially third parties, being able to observe that the resource or service is being used.

Basic assumptions • Any [wireless] component must have an ID – Authentication is often Basic assumptions • Any [wireless] component must have an ID – Authentication is often necessary • End-to-end security solutions is advisable, but. . . • Traffic analysis security is hard to achieve – variable routing – onion routing – dummy traffic – mixing (repackaging)

Practical aspects • Implementation problems – performance – availability (of Freedom routers) – knowledge Practical aspects • Implementation problems – performance – availability (of Freedom routers) – knowledge about Freedom routers • Wireless in practise – Some competent actors may apply special measures – The broad user community will stick with • what´s delivered • easily managed

Practical aspects (2) • Political – Some years ago; crypto debate – Now concern Practical aspects (2) • Political – Some years ago; crypto debate – Now concern about traffic analysis • Downside – Internet Tradition of Implicit Trust – Internet abuse • Host attacks • DNS attacks • Routing protocol attack (soon)

Practical aspects (3) • Gibson Research Corporation in May – Several DDOS attack waves Practical aspects (3) • Gibson Research Corporation in May – Several DDOS attack waves • 474 PCs in DDOS attack generating 2. 399. 237. 016 packets (fragments) in 4 days • Demands for Authenticated IP (IP-AH) – Trust Management a problem • Certificate Management • May stimulate further work on Privacy Enhancing Protocols (PET)

Practical aspects (4) • Further work should include – strict definition of security goals Practical aspects (4) • Further work should include – strict definition of security goals – attack analysis – how make the existence of Freedom Networks more invisible • Actually, also big organisations, like defence, is looking at similar techniques for countering traffic analysis

Questions • DOS attacks against Freedom Networks • Common Criteria Definitions Good Enough? • Questions • DOS attacks against Freedom Networks • Common Criteria Definitions Good Enough? • Modelling the extent of the attacker´s knowledge necessary for different types of attacks? • Business Model; who is going to pay and why?