Embed Size (px)
DESCRIPTION
Presentation at Stepping Up 2013 (IIA) about online privacy and security
Citation preview
STEPPING UP / IIA NZ Conference 2013 1STEPPING UP / IIA NZ Conference 2013
PRIVACY & SECURITY CHALLENGES IN AN INTERNET AGE
Vikram KumarMega [email protected]@vikram_nz
STEPPING UP / IIA NZ Conference 2013 2STEPPING UP / IIA NZ Conference 2013
Talk scope
• Professionals and SMEs
• Online collaboration and communication (documents and emails primarily)
• Using the open Internet
• External threats
STEPPING UP / IIA NZ Conference 2013 3STEPPING UP / IIA NZ Conference 2013
Information Integrity
Privacy +
• Confidentiality• Integrity• Availability• Authenticity• Non-repudiation
STEPPING UP / IIA NZ Conference 2013 4STEPPING UP / IIA NZ Conference 2013
Threat Landscape
Human error +
• Non-targeted attacks• Automated kits• “Full take” by government agencies
• Targeted attacks• Criminals• Competitors or “partners” or activists• State sponsored or initiated
STEPPING UP / IIA NZ Conference 2013 5STEPPING UP / IIA NZ Conference 2013
Major attack vectors
• Phishing, Spear Phishing
• Social engineering
• Purchase databases
• Device/Internet exploits
• Chained/escalated attacks
• Mobile and wifi
STEPPING UP / IIA NZ Conference 2013 6STEPPING UP / IIA NZ Conference 2013
Problem is increasing
• Expectations and need for anytime/anywhere access to files
• Inability for corporate IT to deliver- the “Dropbox Effect”
• Bring Your Own Device, mobility
• Invisible, delayed impact
• Falling technology prices- especially storage
STEPPING UP / IIA NZ Conference 2013 7
CRYPTO & MEGA
STEPPING UP / IIA NZ Conference 2013 8STEPPING UP / IIA NZ Conference 2013
Crypto 101
STEPPING UP / IIA NZ Conference 2013 9STEPPING UP / IIA NZ Conference 2013
MEGA
• ‘Cloud’ (Internet) file storage and collaboration• 50 GB free storage. Fastest in the world. Easy to use.• End-to-end, user controlled encryption
STEPPING UP / IIA NZ Conference 2013 10STEPPING UP / IIA NZ Conference 2013
MEGA Statistics
• Launched 20 January 2013
• About 5 million service users
• 450 million files uploaded, 180 Gb/s bandwidth, 0.05% notices of alleged copyright infringement
• Hosted in Germany, Luxembourg, and NZ
• Exiting beta soon with new website, iOS app, synchronisation client
STEPPING UP / IIA NZ Conference 2013 11STEPPING UP / IIA NZ Conference 2013
MEGA as a global company
Source: http://www.alexa.com/siteinfo/mega.co.nz
STEPPING UP / IIA NZ Conference 2013 12STEPPING UP / IIA NZ Conference 2013
Defeating crypto
STEPPING UP / IIA NZ Conference 2013 13STEPPING UP / IIA NZ Conference 2013
Crypto for the masses: lessons learnt
• It has to just work
• No compromises
• Network effect
• Privacy/confidentiality as a business model is viable
• Open source necessary for trust
STEPPING UP / IIA NZ Conference 2013 14
THE FUTURE OF EMAIL
STEPPING UP / IIA NZ Conference 2013 15STEPPING UP / IIA NZ Conference 2013
Email in a post-Snowden era
The death of email is vastly exaggerated.
3 emerging paths:• Peer-to-peer
• Integrated with standard web email
• Closed, secure sandbox
but most individuals will stay with free-for-advertising model.
STEPPING UP / IIA NZ Conference 2013 16STEPPING UP / IIA NZ Conference 2013
MEGA’s secure communications approach
• Closed, secure model with end-to-end encryption
• Integrate with online file storage and collaboration
• Integrated messaging, voice, and video
• In the browser but other apps and services built on top of MEGA will provide multiple options
• Privacy but not anonymity
STEPPING UP / IIA NZ Conference 2013 17
THANK YOU
Questions / comments?
