wikileaks: secure dropbox or leaking dropbox?

Jean-Jacques QuisquaterUCL Crypto GroupLouvain-la-Neuvejjq@uclouvain.beJanuary 19 2011

twitter : @_jjq

Wikileaks: secure dropbox

or leaking dropbox??

Who I am?Jean-Jacques Quisquater• Engineer in applied mathematics (UCL, Belgium, 1970)• PhD in Computer Science (Orsay, France, 1987)• Scientist full time (1970-2010)• 20 years for Philips, 20 years academics• Professor of cryptography at UCLouvain-la-Neuve, ENS (Paris) • Working about cryptography, security, privacy from 1979

(200 papers, 40 PhD thesis, …)• Doing and applying research in cryptography for protecting

easily people, privacy and democracy: – smart card, – electronic Id, – electronic passport, – electronic voting, …

• Emeritus UCL (2010-…) and visiting scientist at MIT (2004-…)

Mission for today

• Explaining in 5 minutes (!) how organizations like Wikileaks can use technology to insure leakers remain anonymous.

Mission for today

• Explaining in 5 minutes (!) the way in which organizations like Wikileaks can use technology to insure leakers remain anonymous.

• Solution: perfect electronic dropbox

Basic scheme on the web

Hot info

dropboxHot

leaker

Anonymous dropboxon the web

• Internet voting• Auction• Disclosures (Enron, Worldcom, …)• Whistleblowers (« lanceur d’alerte »)• Audit• Suggestion box• Survey, poll• See also tor• …

Wikileaks (14/01/2007)

• Wikileaks will also incorporate advanced cryptographic technologies for anonymity and untraceability. Those who provide leaked information may face severe risks, whether of political repercussions, legal sanctions or physical violence. Accordingly, extremely sophisticated mathematical and cryptographic techniques will be used to secure privacy, anonymity and untraceability.

• For the technically minded, Wikileaks integrates technologies including modified versions of FreeNet, Tor, PGP and software of our own design.

Wikileaks (14/01/2011)

Wikileaks (14/01/2011)

Trac(k)ing files• Adding hidden and difficult to remove specific

information related to access (time, user, location, …): the EBU model

• Adding specific visible information (diffficult to remove, errors, rounded numbers, …)

• Watermarking for– Paper,– Map,– Object,– Printer, fax, computer (fonts, yellow dots, …),– Photo,– Text (font, distance between letters, words),– Program,– …

privacy

IXQUICK

Personally identifiable information about users

Basic Tools:- Encryption- AnonymizerServices:- ixquick=startpage, …

anonymity

• refers to the state of an individual's personal identity being publicly unknown.

anonymity

untraceabilityTrace: any information about the user

• internet• PC or internet cafe• files• …

Internet traces (tcp-ip v4, v6)

• SENDER:– From: IP address– To: IP address– Sent time– IP geolocalisation– Length of message– Data

RECEIVER:– Received time

• Think about the layers (applications, transport, internet, link)

Attacks and threat model(s)

• Traffic analysis (encrypted data!)

• DoS (denial of service) against main routers for forcing rerouting

• Ad-hoc virus, worm, injected javascript (for capturing keys, passwords, censoring (Tunisia), sabotage: stuxnet, …)

• Aggregation or linking (same anonymous user?)

• Password correlation

Who needs protection?http://www.torproject.org/about/torusers.html.en

• Normal people for protecting– privacy from unscrupulous marketers and identity thieves– communications from irresponsible corporations– children online; research sensitive topics

• Militaries (internet designed by DARPA, tor by NRL, DES by IBM-NSA, …)– Field agents; Hidden services; Intelligence gathering

• Journalists and their audience– Reporters without Borders– US International Broadcasting Bureau (Voice of America/Radio Free Europe) – Citizen journalists in China; Citizens and journalists in Internet black holes

• Law enforcement officers – Online surveillance; Sting operations; Truly anonymous tip lines

• Activists and Whistleblowers– Amnesty international …

• Business executives, Bloggers, IT Professionals– http://www.eff.org/issues/bloggers/legal

cryptography

• Encryption for confidentiality of data

• Signature for integrity of data

• Key generation, distribution, storage, authentication

• Problem: bad implementations and/or use (including SSL or https!)

• Most implementations are leaking taking intoaccount the protocols (effective security: x bits?)

proxy• Change your IP address into another one

• Uses:– Remote use of ressources– anonymity of your IP address

• An anonymous proxy server hides the IP address and removes traffic such as:– Cookies– Pop-ups– Banners– Scripts– Referrer information

Mixnet (Chaum, 1981)

• Mixes enable anonymous communication by means of cryptography, scrambling the messages, and unifying them (padding to constant size, fixing a constant sending rate by sending dummy messages, etc)

• Examples: mixmaster, tor

• Chaum, “Untraceable Electronic Mail, Return Addresses, and Digital Pseudonym,” Communications of the ACM, 24:2, Feb. 1981

Mixnet

Onion routing

• http://www.onion-router.net/

• Reed, Syverson, Goldschlag, “Anonymous Connections and Onion Routing,” Proc. of IEEE Symposium on Security and Privacy, Oakland, CA, May ’97, pp. 44-54

• patented by the United States Navy in US Patent No. 6266704 (1998) (current version of tor is not using it)

Freenet(Clarke, 1999; Clarke, Sandberg, Wiley, Hong, 2000)

• http://freenetproject.org/ (running)

• Freenet is free software which lets you anonymously share files, browse and publish "freesites" (web sites accessible only through Freenet) and chat on forums, without fear of censorship. Freenet is decentralised to make it less vulnerable to attack, and if used in "darknet" mode, where users only connect to their friends, is very difficult to detect.

Tor

• Tor is a system intended to enable online anonymity, composed of client software and a network of servers which can mask information about users' locations and other factors which might identify them.

• Use of this system makes it more difficult to trace internet traffic to the user, including visits to Web sites, online posts, instant messages, and other communication forms.

• It is intended to protect users' personal freedom, privacy, and ability to conduct confidential business, by keeping their internet activities from being monitored.

Tor(Dingledine, Mathewson, Sylverson, 2004)

• http://www.torproject.org/

• http://torstatus.blutmagie.de/

Technical attacks against tor

Tor alternatives

• http://alternativeto.net/software/tor/

• http://www.shoutmeloud.com/ultrasurf-your-freedom-opera-tor-freegate-alternative.html

• http://www.digitalalchemy.tv/2006/11/psiphon-offers-alternative-to-tor-for.html

• http://web.informer.com/tor+alternative

• Psiphon: http://psiphon.ca/

PGP (Phil Zimmermann, 1991)

• Pretty Good Privacy (also GPG)

• computer program that provides cryptographic privacy and authentication for data communication

• Symantec and openPGP

darknet

• // black box (a system or device whose contents were unknown)

• Isolated network for security purpose (1970)

• any closed, private group of people communicating

• a collection of networks and technologies used to share digital content

• Examples of darknets: peer-to-peer file sharing, CD and DVD copying, key or password sharing on email and newsgroups

Main conferences

• Design

– All security conferences and workshops

• Attacks

– CCC

– Black Hat

– Defcon

– Usenix security

Internet ennemies (red)

Encryption

E, k

data

D, k

data

computeruser

Encrypted data

Steganography

E, k

Secret data

Clear data

D, k

Secret data

computeruser

Mixed data

steganography

• Steganography is the art and science of writing hidden messages in such a way that no one, apart from the sender and intended recipient, suspects the existence of the message.

Steganography: example

Steganography: example

Removing all but the two least

significant bits of each color

componentproduces an

almost completely black

image. Making that image 85 times brighter

produces …

Steganography: example

Removing all but the two least

significant bits of each color

componentproduces an

almost completely black

image. Making that image 85 times brighter

produces …

Haystack (SFO)

• Haystack was a partially completed proprietary network traffic obfuscator and encryptor that was being designed to circumvent internet censorship in Iran.

Haystack

Haystack

Ethical problems

• Use by opponents (which ones?)

• Use by terrorists

• Use by « pirates » (p2p networks)

• ACTA? (Tor not legal in some countries?)

• What to do?

pdf file (versus word)

• Pdf is not an easy solution for the receiver…

• Very dangerous due to the possibility of hidden and malicious executables

Hidden services (tor)