Upload
ian-brown
View
1.525
Download
5
Embed Size (px)
DESCRIPTION
Citation preview
Communications security for journalists
Ian BrownHidden Footprints Ltd.
Introduction A rough guide to the Internet and
cryptography Secure Web-based e-mail Pretty Good Privacy – PGP Securing phone calls Traffic analysis Freedom
The Internet All data – e-mail, Web pages, files –
is sent using the Internet Protocol (IP)
This chops up information into small ‘packets’ that can flow by many routes across the Internet
Web and mail servers can be anywhere on the Internet
Internet surveillance Packets can be monitored at many
points – from you to ISP, on their network, en route to destination
Servers can also monitor messages, Web pages visited, etc.
Even your PC is vulnerable
Cryptography Fundamental technology to protect
information Data is encrypted and decrypted using
secret “keys” Public-key cryptography uses a pair of
keys: one public, one private You can also digitally sign information In common use as SSL
Secure e-mail Messages travel through your ISP’s
mail server, and wait at the recipient’s ISP until collected
Encryption should be end-to-end PGP most commonly used
An encrypted message
Secure Web mail Even if accessed using SSL,
messages still sit unprotected at most Web mail servers like Hotmail
Hushmail runs Java applet on your computer than encrypts end-to-end if your correspondent also uses the service
Secure phone calls Starium
producing Palm-sized voice encryptor
Automatically protects calls to other Starium users
$699
Traffic analysis Starium and PGP don’t hide who you
are talking to, and when This leaves a nasty trail for
investigators to follow to both of you RIP allows relatively easy access to
traffic logs Also reveals Web sites you have
visited
Web server logs17:gateway1.gsi.gov.uk - - [08/May/2000:11:42:44 +0100] "GET /staff/I.Brown/archives/ukcrypto/0200-0500/threads.html HTTP/1.0" 200 22993617:gateway1.gsi.gov.uk - - [08/May/2000:11:43:14 +0100] "GET /staff/I.Brown/archives/ukcrypto/0200-0500/msg01632.html HTTP/1.0" 200 494417:legion.dera.gov.uk - - [08/May/2000:15:37:31 +0100] "GET /staff/I.Brown/archives/ukcrypto/0898-1198/msg00195.html HTTP/1.0" 200 686917:horde.dera.gov.uk - - [09/May/2000:09:21:44 +0100] "GET /staff/I.Brown/archives/ukcrypto/0799-1099/msg00946.html HTTP/1.0" 200 332317:horde.dera.gov.uk - - [09/May/2000:10:33:23 +0100] "GET /staff/I.Brown/archives/ukcrypto/ HTTP/1.0" 200 511820:gatekeeper.hertscc.gov.uk - - [05/Jun/2000:17:12:22 +0100] "GET /staff/I.Brown/pimms/index.html HTTP/1.0" 200 35320:gatekeeper.hertscc.gov.uk - - [05/Jun/2000:17:12:23 +0100] "GET /staff/I.Brown/pimms/toc.html HTTP/1.0" 200 138320:gatekeeper.hertscc.gov.uk - - [05/Jun/2000:17:12:24 +0100] "GET /staff/I.Brown/pimms/bottle.gif HTTP/1.0" 200 949920:gateway.bradford.gov.uk - - [06/Jun/2000:08:42:09 +0100] "GET /staff/I.Brown/archives/ukcrypto/0399-0699/msg00663.html HTTP/1.1" 200 42720:gatekeeper.bournemouth.gov.uk - - [08/Jun/2000:00:42:40 +0100] "GET /staff/I.Brown/archives/ukcrypto/0898-1198/msg00002.html HTTP/1.0" 21:mail.braintree.gov.uk - - [16/Jun/2000:11:18:06 +0100] "GET /staff/I.Brown/archives/ukcrypto/1199-0100/msg00266.html HTTP/1.0" 200 366122:wp.eris.dera.gov.uk - - [13/Jul/2000:11:24:42 +0100] "GET /staff/I.Brown/archives/ukcrypto/0799-1099/msg00508.html HTTP/1.0" 200 426522:gtfw1.doh.gov.uk - - [14/Jul/2000:19:02:16 +0100] "GET /staff/I.Brown/archives/ukcrypto/l HTTP/1.0" 404 24422:gtfw1.doh.gov.uk - - [14/Jul/2000:19:02:25 +0100] "GET /staff/I.Brown/archives/ukcrypto HTTP/1.0" 302 41122:gatekeeper.bournemouth.gov.uk - - [16/Jul/2000:08:24:10 +0100] "GET /staff/I.Brown/archives/ukcrypto/1198-0299/msg00293.html HTTP/1.0" 6:shadow.dera.gov.uk - - [05/Apr/2000:14:18:32 +0100] "GET /staff/i.brown/archives/ukcrypto/old/msg00112.html HTTP/1.0" 200 76986:proxy.hullcc.gov.uk - - [05/Apr/2000:16:50:21 +0100] "GET /staff/I.Brown/archives/ukcrypto/0497-1097/msg00014.html HTTP/1.0" 200 37257:Bouncer.nics.gov.uk - - [11/Apr/2000:10:31:17 +0100] "GET /staff/i.brown/archives/ukcrypto/1198-0299/msg00138.html HTTP/1.0" 200 43817:gateway1.gsi.gov.uk - - [11/Apr/2000:12:33:18 +0100] "GET /staff/I.Brown/archives/ukcrypto/0200-0500/threads.html HTTP/1.0" 200 1423897:gateway1.gsi.gov.uk - - [11/Apr/2000:14:35:19 +0100] "GET /staff/I.Brown/archives/ukcrypto/0200-0500/threads.html HTTP/1.0" 200 1426747:gtfw1.doh.gov.uk - - [12/Apr/2000:11:13:31 +0100] "GET /staff/I.Brown/archives/ukcrypto/0497-1097/msg00245.html HTTP/1.0" 200 47147:gtfw1.doh.gov.uk - - [12/Apr/2000:11:14:33 +0100] "GET /staff/I.Brown/archives/ukcrypto/0497-1097/msg00234.html HTTP/1.0" 200 4811
Freedom from ZeroKnowledge Systems can provide content and traffic analysis protection over the Internet
Automatically reroutes your traffic through the encrypted Freedom network
Works best with support at both ends
Freedom
Marked files and messages Be very careful about keeping
original messages and files from sources
They contain all sorts of hints that may lead back to their sender
Fingerprints may have been subtly inserted
Use secure delete; remember backups
E-mail trails
Messages are full of clues about their origins
Tracing IP addresses
Conclusions Communications security is
difficult! Traffic data may be more
important than content Security software will get better Legal environment may get worse
Links
http://www.pgp.com/http://www.hushmail.com/http://www.starium.com/http://www.freedom.net/http://www.cs.ucl.ac.uk/staff/I.Brown/