SlideShare une entreprise Scribd logo

Crypto-Book: Document leakage

M
mahan9
TechnologieFormation
1  sur  30
Télécharger pour lire hors ligne
Document Leakage John Maheswaran
Crypto-Book: integrating cryptography with social networking • Initially investigated using Facebook as a public key infrastructure • Implemented secure Facebook messaging using public key cryptography • Later implemented secure Facebook messaging using Boneh-Franklin identity based encryption • Current and planned work investigates social networking with anonymity networks
www.crypto-book.com
Crypto-Book • Crypto-Book: Whistle blowing through social networks • A system to allow users to leak document anonymously • Integrated with Facebook • Conscript other users without their consent into a group of potential sources
Background • The internet facilitates wide scale whistle blowing • Sites like WikiLeaks have received large amounts of press coverage • Major leaks include – Diplomatic cables – Iraq war documents and videos – Guantanamo Bay files
The Problem • WikiLeaks faces two conflicting challenges: – Want to preserve anonymity of whistle blowers – Need to verify credibility of leaks
Protecting anonymity is critical • Bradley Manning, an army intelligence analyst is suspected of leaking sensitive information to WikiLeaks – Has been arrested and faces up to 52 years and could even face the death penalty
Leak verification • Also need to verify leak credibility • Ideally would like to know leak comes from a credible source • WikiLeaks currently manually verifies leaks using traditional journalistic methods
Crypto-Book • Aims to solve the problems of preserving anonymity whilst verifying source credibility • The document can be verified as coming from one of N sources – but no one knows which one • Potential sources are linked to Facebook profiles
Crypto-Book – system flow • User logs in with Facebook • Authenticates with Crypto-Book servers through OAuth protocol • Whistle blower selects a group of other Facebook profiles who will form the anonymity set • Crypto-Book obtains public keys for each person – Identity based or generate 1 key for each person
Crypto-Book • Public keys sent to user, along with user’s private key • User signs document using linkable ring signature • Signed document is sent through anonymity network (Dissent or ToR) • Document is submitted to publication server
Crypto-Book • Publication server collates leaks and periodically publishes blocks of them – Mitigates intersection attacks • Publication server submits signed leaked document to WikiLeaks, and links to the document through Twitter
Example use case • President Levin says growing CS student numbers has increased costs and has meant that the CS department is no longer economically viable • Levin decides that before he leaves office, he will drastically downsize the CS department • Levin sends a confidential memo to all CS faculty outlining the planned downsizing
Example use case • Bryan Ford receives the memo and is outraged at the decision • To raise support against the plans, he wants to make the information public • He is worried if he forwards it to the Yale Daily News, he may be indentified as the source and he might not get tenure
Example use case • However if he anonymously leaks the email, people might not believe the story • He decides to use Crypto-Book to get the word out……
Bryan wants to leak Levin’s memo Crypto-BookFacebook Bryan logs in OAuth authentication
Choosing the anonymity set Crypto-BookFacebook Bryan selects other potential sources’ FB profiles to form anonymity set Avi’s, Joan’s and Vladimir’s Facebook profile IDs
Bryan obtains keys Crypto-Book Bryan Avi, Joan, Vladimir and Bryan’s public keys Bryan’s private key Generates key pair for each user using identity based or other generation scheme
Bryan signs and leaks memo Bryan 1. Creates a linkable ring signature (LRS) using Avi, Joan, Vladimir and his own keys 2. Signs Levin’s memo using LRS 3. Submits signed document to anonymity network
Design option • May be able to use Deniable Anonymous Group Authentication (DAGA) instead of linkable ring signatures to provide forward anonymity – Even if someone later hacks Bryan’s Facebook account, they cannot identify him as the source of the leak
Memo sent to publication server Leaked signed memo Publication server Publication server waits until it has several leaks with overlapping anonymity sets (to mitigate intersection attacks)
Document is made public Multiple leaked documents Publication server Once many leaks have been received, publication server publishes them
Outcome • Yalies see Levin’s memo on WikiLeaks or linked to from Twitter • Linkable ring signature allows people to verify the authenticity of the leak – The memo came from either Vladimir, Bryan, Joan or Avi, so know the source is credible – But no one knows who exactly leaked it • Levin is annoyed that his memo was leaked, but cannot punish all four professors • In face of student protestation, Levin retracts his planned downsizing of the CS department
SeeMail – the problem • Companies want to keep track of their sensitive data • Want to mitigate data leaks, identify leak sources and track who data is leaked to • Average cost of a data leak at between $90 and $305 per lost record [Forrester Research] – legal representation, PR expenditure, costs to have systems externally audited, loss of reputation and monitoring credit reports of consumers if financial information is leaked
SeeMail • Idea is to track when emails are read and forwarded using email beacons • Email beacons are unique images and each time one is loaded, it is logged
SeeMail - www.seemail.me
SeeMail - www.seemail.me
Future work • Want to track IP addresses and geolocate users • iPhones support display of iframes in emails – Hope to covertly extract more information from user – May be able to use Java script side channel attacks to see what other apps the user is running – May be able to extract GPS location of user when they read the email – Eventually hope to perform user study to see what proportion of iPhone users we can extract private information from
Future work – Anti-SeeMail • SeeMail techniques may be misused by oppressive regimes to silence whistle blowers • Hope to look at ways to guard against email tracking • Compare email objects with peers and clean any potentially unsafe ones before leaking the document
Future work – Anti-SeeMail • Want to look at Anti-SeeMail for web browsers – Have a pool of anonymous browsers that fetch web pages and compare them – Clean out any user specific parts such as web bugs, tracking scripts, targeted ads – Then display cleaned version to the end user

Recommandé

Crypto-Book Hotnets
Crypto-Book HotnetsCrypto-Book Hotnets
Crypto-Book Hotnetsmahan9
 
Crypto-Book SOSP WIP
Crypto-Book SOSP WIPCrypto-Book SOSP WIP
Crypto-Book SOSP WIPmahan9
 
Hotnets Slides
Hotnets SlidesHotnets Slides
Hotnets Slidesmahan9
 
Crypto-Book slides
Crypto-Book slidesCrypto-Book slides
Crypto-Book slidesmahan9
 
Security threats in social networks
Security threats in social networksSecurity threats in social networks
Security threats in social networksTannistho Ghosh
 
The issues of security and privacy in social network
The issues of security and privacy in social network The issues of security and privacy in social network
The issues of security and privacy in social network Noori Sadeq
 
Social network privacy & security
Social network privacy & securitySocial network privacy & security
Social network privacy & securitynadikari123
 
Understanding the basics of web design 2
Understanding the basics of web design 2Understanding the basics of web design 2
Understanding the basics of web design 2Jesus Obenita Jr.
 

Recommandé

Crypto-Book Hotnets
Crypto-Book HotnetsCrypto-Book Hotnets
Crypto-Book Hotnetsmahan9
 
Crypto-Book SOSP WIP
Crypto-Book SOSP WIPCrypto-Book SOSP WIP
Crypto-Book SOSP WIPmahan9
 
Hotnets Slides
Hotnets SlidesHotnets Slides
Hotnets Slidesmahan9
 
Crypto-Book slides
Crypto-Book slidesCrypto-Book slides
Crypto-Book slidesmahan9
 
Security threats in social networks
Security threats in social networksSecurity threats in social networks
Security threats in social networksTannistho Ghosh
 
The issues of security and privacy in social network
The issues of security and privacy in social network The issues of security and privacy in social network
The issues of security and privacy in social network Noori Sadeq
 
Social network privacy & security
Social network privacy & securitySocial network privacy & security
Social network privacy & securitynadikari123
 
Understanding the basics of web design 2
Understanding the basics of web design 2Understanding the basics of web design 2
Understanding the basics of web design 2Jesus Obenita Jr.
 
CBSE class X Computer Applications ch 1 INTERNET
CBSE class X Computer Applications ch 1 INTERNETCBSE class X Computer Applications ch 1 INTERNET
CBSE class X Computer Applications ch 1 INTERNETArchana Dwivedi
 
How Safe Is YOUR Social Network?
How Safe Is YOUR Social Network?How Safe Is YOUR Social Network?
How Safe Is YOUR Social Network?Blue Coat
 
Blognone - Feb 09
Blognone - Feb 09Blognone - Feb 09
Blognone - Feb 09Isriya Paireepairit
 
Information Gathering With Maltego
Information Gathering With MaltegoInformation Gathering With Maltego
Information Gathering With MaltegoTom Eston
 
Real-time Tweet Analysis w/ Maltego Carbon 3.5.3
Real-time Tweet Analysis w/ Maltego Carbon 3.5.3 Real-time Tweet Analysis w/ Maltego Carbon 3.5.3
Real-time Tweet Analysis w/ Maltego Carbon 3.5.3 Shalin Hai-Jew
 
DEF CON 27 - ZHANG XIANGQIAN AND LIU HULMING - your secret files are mine
DEF CON 27 - ZHANG XIANGQIAN AND LIU HULMING - your secret files are mineDEF CON 27 - ZHANG XIANGQIAN AND LIU HULMING - your secret files are mine
DEF CON 27 - ZHANG XIANGQIAN AND LIU HULMING - your secret files are mineFelipe Prado
 
common online terminologies
common online terminologiescommon online terminologies
common online terminologiesjayceenavarrete
 
Hacker tool talk: maltego
Hacker tool talk: maltegoHacker tool talk: maltego
Hacker tool talk: maltegoChris Hammond-Thrasher
 
Tools for Open Source Intelligence (OSINT)
Tools for Open Source Intelligence (OSINT)Tools for Open Source Intelligence (OSINT)
Tools for Open Source Intelligence (OSINT)Sudhanshu Chauhan
 
Basics of Maltego
Basics of MaltegoBasics of Maltego
Basics of MaltegoYash Diwakar
 
Empowerment Technologies - Module 2
Empowerment Technologies - Module 2Empowerment Technologies - Module 2
Empowerment Technologies - Module 2Jesus Rances
 
Using Web2.0 to Communicate with Stakeholders
Using Web2.0 to Communicate with StakeholdersUsing Web2.0 to Communicate with Stakeholders
Using Web2.0 to Communicate with StakeholdersNadine Norris
 
Password Attack
Password Attack Password Attack
Password Attack Sina Manavi
 
Maltego Radium Mapping Network Ties and Identities across the Internet
Maltego Radium Mapping Network Ties and Identities across the InternetMaltego Radium Mapping Network Ties and Identities across the Internet
Maltego Radium Mapping Network Ties and Identities across the InternetShalin Hai-Jew
 
Enterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence GatheringEnterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence GatheringTom Eston
 
Caveau Mobile
Caveau MobileCaveau Mobile
Caveau MobileMichele Marchetti
 
Password Cracking
Password CrackingPassword Cracking
Password CrackingSagar Verma
 
OSINT - Open Soure Intelligence - Webinar on CyberSecurity
OSINT - Open Soure Intelligence - Webinar on CyberSecurityOSINT - Open Soure Intelligence - Webinar on CyberSecurity
OSINT - Open Soure Intelligence - Webinar on CyberSecurityMohammed Adam
 
2011 06-freedombox-balug
2011 06-freedombox-balug2011 06-freedombox-balug
2011 06-freedombox-balugStefano Maffulli
 
Stop pulling the plug
Stop pulling the plugStop pulling the plug
Stop pulling the plugKamal Rathaur
 
Phishing
PhishingPhishing
PhishingSreekanth Narendran
 
00.fnc forensics overview new
00.fnc forensics overview new00.fnc forensics overview new
00.fnc forensics overview newforensicsnation
 

Contenu connexe

Tendances

CBSE class X Computer Applications ch 1 INTERNET
CBSE class X Computer Applications ch 1 INTERNETCBSE class X Computer Applications ch 1 INTERNET
CBSE class X Computer Applications ch 1 INTERNETArchana Dwivedi
 
How Safe Is YOUR Social Network?
How Safe Is YOUR Social Network?How Safe Is YOUR Social Network?
How Safe Is YOUR Social Network?Blue Coat
 
Information Gathering With Maltego
Information Gathering With MaltegoInformation Gathering With Maltego
Information Gathering With MaltegoTom Eston
 
Real-time Tweet Analysis w/ Maltego Carbon 3.5.3
Real-time Tweet Analysis w/ Maltego Carbon 3.5.3 Real-time Tweet Analysis w/ Maltego Carbon 3.5.3
Real-time Tweet Analysis w/ Maltego Carbon 3.5.3 Shalin Hai-Jew
 
DEF CON 27 - ZHANG XIANGQIAN AND LIU HULMING - your secret files are mine
DEF CON 27 - ZHANG XIANGQIAN AND LIU HULMING - your secret files are mineDEF CON 27 - ZHANG XIANGQIAN AND LIU HULMING - your secret files are mine
DEF CON 27 - ZHANG XIANGQIAN AND LIU HULMING - your secret files are mineFelipe Prado
 
common online terminologies
common online terminologiescommon online terminologies
common online terminologiesjayceenavarrete
 
Tools for Open Source Intelligence (OSINT)
Tools for Open Source Intelligence (OSINT)Tools for Open Source Intelligence (OSINT)
Tools for Open Source Intelligence (OSINT)Sudhanshu Chauhan
 
Empowerment Technologies - Module 2
Empowerment Technologies - Module 2Empowerment Technologies - Module 2
Empowerment Technologies - Module 2Jesus Rances
 
Using Web2.0 to Communicate with Stakeholders
Using Web2.0 to Communicate with StakeholdersUsing Web2.0 to Communicate with Stakeholders
Using Web2.0 to Communicate with StakeholdersNadine Norris
 
Password Attack
Password Attack Password Attack
Password Attack Sina Manavi
 
Maltego Radium Mapping Network Ties and Identities across the Internet
Maltego Radium Mapping Network Ties and Identities across the InternetMaltego Radium Mapping Network Ties and Identities across the Internet
Maltego Radium Mapping Network Ties and Identities across the InternetShalin Hai-Jew
 
Enterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence GatheringEnterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence GatheringTom Eston
 
Password Cracking
Password CrackingPassword Cracking
Password CrackingSagar Verma
 
OSINT - Open Soure Intelligence - Webinar on CyberSecurity
OSINT - Open Soure Intelligence - Webinar on CyberSecurityOSINT - Open Soure Intelligence - Webinar on CyberSecurity
OSINT - Open Soure Intelligence - Webinar on CyberSecurityMohammed Adam
 
Stop pulling the plug
Stop pulling the plugStop pulling the plug
Stop pulling the plugKamal Rathaur
 

Tendances (20)

CBSE class X Computer Applications ch 1 INTERNET
CBSE class X Computer Applications ch 1 INTERNETCBSE class X Computer Applications ch 1 INTERNET
CBSE class X Computer Applications ch 1 INTERNET
 
How Safe Is YOUR Social Network?
How Safe Is YOUR Social Network?How Safe Is YOUR Social Network?
How Safe Is YOUR Social Network?
 
Blognone - Feb 09
Blognone - Feb 09Blognone - Feb 09
Blognone - Feb 09
 
Information Gathering With Maltego
Information Gathering With MaltegoInformation Gathering With Maltego
Information Gathering With Maltego
 
Real-time Tweet Analysis w/ Maltego Carbon 3.5.3
Real-time Tweet Analysis w/ Maltego Carbon 3.5.3 Real-time Tweet Analysis w/ Maltego Carbon 3.5.3
Real-time Tweet Analysis w/ Maltego Carbon 3.5.3
 
DEF CON 27 - ZHANG XIANGQIAN AND LIU HULMING - your secret files are mine
DEF CON 27 - ZHANG XIANGQIAN AND LIU HULMING - your secret files are mineDEF CON 27 - ZHANG XIANGQIAN AND LIU HULMING - your secret files are mine
DEF CON 27 - ZHANG XIANGQIAN AND LIU HULMING - your secret files are mine
 
common online terminologies
common online terminologiescommon online terminologies
common online terminologies
 
Hacker tool talk: maltego
Hacker tool talk: maltegoHacker tool talk: maltego
Hacker tool talk: maltego
 
Tools for Open Source Intelligence (OSINT)
Tools for Open Source Intelligence (OSINT)Tools for Open Source Intelligence (OSINT)
Tools for Open Source Intelligence (OSINT)
 
Basics of Maltego
Basics of MaltegoBasics of Maltego
Basics of Maltego
 
Empowerment Technologies - Module 2
Empowerment Technologies - Module 2Empowerment Technologies - Module 2
Empowerment Technologies - Module 2
 
Using Web2.0 to Communicate with Stakeholders
Using Web2.0 to Communicate with StakeholdersUsing Web2.0 to Communicate with Stakeholders
Using Web2.0 to Communicate with Stakeholders
 
Password Attack
Password Attack Password Attack
Password Attack
 
Maltego Radium Mapping Network Ties and Identities across the Internet
Maltego Radium Mapping Network Ties and Identities across the InternetMaltego Radium Mapping Network Ties and Identities across the Internet
Maltego Radium Mapping Network Ties and Identities across the Internet
 
Enterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence GatheringEnterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence Gathering
 
Caveau Mobile
Caveau MobileCaveau Mobile
Caveau Mobile
 
Password Cracking
Password CrackingPassword Cracking
Password Cracking
 
OSINT - Open Soure Intelligence - Webinar on CyberSecurity
OSINT - Open Soure Intelligence - Webinar on CyberSecurityOSINT - Open Soure Intelligence - Webinar on CyberSecurity
OSINT - Open Soure Intelligence - Webinar on CyberSecurity
 
2011 06-freedombox-balug
2011 06-freedombox-balug2011 06-freedombox-balug
2011 06-freedombox-balug
 
Stop pulling the plug
Stop pulling the plugStop pulling the plug
Stop pulling the plug
 

Similaire à Crypto-Book: Document leakage

00.fnc forensics overview new
00.fnc forensics overview new00.fnc forensics overview new
00.fnc forensics overview newforensicsnation
 
Swimming with sharks - don't be phish food
Swimming with sharks - don't be phish foodSwimming with sharks - don't be phish food
Swimming with sharks - don't be phish foodJisc
 
Threaths and risks
Threaths and risksThreaths and risks
Threaths and risksHHSome
 
Threaths and risks
Threaths and risksThreaths and risks
Threaths and risksHHSome
 
NENA 2017 Doxing and Social Engineering
NENA 2017 Doxing and Social EngineeringNENA 2017 Doxing and Social Engineering
NENA 2017 Doxing and Social EngineeringJack Kessler
 
Introduction to Cybersecurity - Secondary School_0.pptx
Introduction to Cybersecurity - Secondary School_0.pptxIntroduction to Cybersecurity - Secondary School_0.pptx
Introduction to Cybersecurity - Secondary School_0.pptxShubhamGupta833557
 
Social Media And It's Effect on Security
Social Media And It's Effect on SecuritySocial Media And It's Effect on Security
Social Media And It's Effect on SecurityRajkiran Nadar
 
securityawareness.pptx
securityawareness.pptxsecurityawareness.pptx
securityawareness.pptxbinowe
 
securityawareness.pptx
securityawareness.pptxsecurityawareness.pptx
securityawareness.pptxreagan sapul
 
Securityawareness
SecurityawarenessSecurityawareness
SecurityawarenessJayfErika
 

Similaire à Crypto-Book: Document leakage (20)

Phishing
PhishingPhishing
Phishing
 
00.fnc forensics overview new
00.fnc forensics overview new00.fnc forensics overview new
00.fnc forensics overview new
 
FNC Forensics Overview
FNC Forensics OverviewFNC Forensics Overview
FNC Forensics Overview
 
Computer Security Hacking
Computer Security HackingComputer Security Hacking
Computer Security Hacking
 
Swimming with sharks - don't be phish food
Swimming with sharks - don't be phish foodSwimming with sharks - don't be phish food
Swimming with sharks - don't be phish food
 
Computer Security
Computer SecurityComputer Security
Computer Security
 
Threaths and risks
Threaths and risksThreaths and risks
Threaths and risks
 
Threaths and risks
Threaths and risksThreaths and risks
Threaths and risks
 
Hacking
HackingHacking
Hacking
 
Hacking
HackingHacking
Hacking
 
Hacking
HackingHacking
Hacking
 
hacking.ppt
hacking.ppthacking.ppt
hacking.ppt
 
2hacking.ppt
2hacking.ppt2hacking.ppt
2hacking.ppt
 
SOCIAL NETWORK SECURITY
SOCIAL NETWORK SECURITYSOCIAL NETWORK SECURITY
SOCIAL NETWORK SECURITY
 
NENA 2017 Doxing and Social Engineering
NENA 2017 Doxing and Social EngineeringNENA 2017 Doxing and Social Engineering
NENA 2017 Doxing and Social Engineering
 
Introduction to Cybersecurity - Secondary School_0.pptx
Introduction to Cybersecurity - Secondary School_0.pptxIntroduction to Cybersecurity - Secondary School_0.pptx
Introduction to Cybersecurity - Secondary School_0.pptx
 
Social Media And It's Effect on Security
Social Media And It's Effect on SecuritySocial Media And It's Effect on Security
Social Media And It's Effect on Security
 
securityawareness.pptx
securityawareness.pptxsecurityawareness.pptx
securityawareness.pptx
 
securityawareness.pptx
securityawareness.pptxsecurityawareness.pptx
securityawareness.pptx
 
Securityawareness
SecurityawarenessSecurityawareness
Securityawareness
 

Dernier

Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 

Dernier (20)

Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 

Crypto-Book: Document leakage

  • 2. Crypto-Book: integrating cryptography with social networking • Initially investigated using Facebook as a public key infrastructure • Implemented secure Facebook messaging using public key cryptography • Later implemented secure Facebook messaging using Boneh-Franklin identity based encryption • Current and planned work investigates social networking with anonymity networks
  • 4. Crypto-Book • Crypto-Book: Whistle blowing through social networks • A system to allow users to leak document anonymously • Integrated with Facebook • Conscript other users without their consent into a group of potential sources
  • 5. Background • The internet facilitates wide scale whistle blowing • Sites like WikiLeaks have received large amounts of press coverage • Major leaks include – Diplomatic cables – Iraq war documents and videos – Guantanamo Bay files
  • 6. The Problem • WikiLeaks faces two conflicting challenges: – Want to preserve anonymity of whistle blowers – Need to verify credibility of leaks
  • 7. Protecting anonymity is critical • Bradley Manning, an army intelligence analyst is suspected of leaking sensitive information to WikiLeaks – Has been arrested and faces up to 52 years and could even face the death penalty
  • 8. Leak verification • Also need to verify leak credibility • Ideally would like to know leak comes from a credible source • WikiLeaks currently manually verifies leaks using traditional journalistic methods
  • 9. Crypto-Book • Aims to solve the problems of preserving anonymity whilst verifying source credibility • The document can be verified as coming from one of N sources – but no one knows which one • Potential sources are linked to Facebook profiles
  • 10. Crypto-Book – system flow • User logs in with Facebook • Authenticates with Crypto-Book servers through OAuth protocol • Whistle blower selects a group of other Facebook profiles who will form the anonymity set • Crypto-Book obtains public keys for each person – Identity based or generate 1 key for each person
  • 11. Crypto-Book • Public keys sent to user, along with user’s private key • User signs document using linkable ring signature • Signed document is sent through anonymity network (Dissent or ToR) • Document is submitted to publication server
  • 12. Crypto-Book • Publication server collates leaks and periodically publishes blocks of them – Mitigates intersection attacks • Publication server submits signed leaked document to WikiLeaks, and links to the document through Twitter
  • 13. Example use case • President Levin says growing CS student numbers has increased costs and has meant that the CS department is no longer economically viable • Levin decides that before he leaves office, he will drastically downsize the CS department • Levin sends a confidential memo to all CS faculty outlining the planned downsizing
  • 14. Example use case • Bryan Ford receives the memo and is outraged at the decision • To raise support against the plans, he wants to make the information public • He is worried if he forwards it to the Yale Daily News, he may be indentified as the source and he might not get tenure
  • 15. Example use case • However if he anonymously leaks the email, people might not believe the story • He decides to use Crypto-Book to get the word out……
  • 16. Bryan wants to leak Levin’s memo Crypto-BookFacebook Bryan logs in OAuth authentication
  • 17. Choosing the anonymity set Crypto-BookFacebook Bryan selects other potential sources’ FB profiles to form anonymity set Avi’s, Joan’s and Vladimir’s Facebook profile IDs
  • 18. Bryan obtains keys Crypto-Book Bryan Avi, Joan, Vladimir and Bryan’s public keys Bryan’s private key Generates key pair for each user using identity based or other generation scheme
  • 19. Bryan signs and leaks memo Bryan 1. Creates a linkable ring signature (LRS) using Avi, Joan, Vladimir and his own keys 2. Signs Levin’s memo using LRS 3. Submits signed document to anonymity network
  • 20. Design option • May be able to use Deniable Anonymous Group Authentication (DAGA) instead of linkable ring signatures to provide forward anonymity – Even if someone later hacks Bryan’s Facebook account, they cannot identify him as the source of the leak
  • 21. Memo sent to publication server Leaked signed memo Publication server Publication server waits until it has several leaks with overlapping anonymity sets (to mitigate intersection attacks)
  • 22. Document is made public Multiple leaked documents Publication server Once many leaks have been received, publication server publishes them
  • 23. Outcome • Yalies see Levin’s memo on WikiLeaks or linked to from Twitter • Linkable ring signature allows people to verify the authenticity of the leak – The memo came from either Vladimir, Bryan, Joan or Avi, so know the source is credible – But no one knows who exactly leaked it • Levin is annoyed that his memo was leaked, but cannot punish all four professors • In face of student protestation, Levin retracts his planned downsizing of the CS department
  • 24. SeeMail – the problem • Companies want to keep track of their sensitive data • Want to mitigate data leaks, identify leak sources and track who data is leaked to • Average cost of a data leak at between $90 and $305 per lost record [Forrester Research] – legal representation, PR expenditure, costs to have systems externally audited, loss of reputation and monitoring credit reports of consumers if financial information is leaked
  • 25. SeeMail • Idea is to track when emails are read and forwarded using email beacons • Email beacons are unique images and each time one is loaded, it is logged
  • 28. Future work • Want to track IP addresses and geolocate users • iPhones support display of iframes in emails – Hope to covertly extract more information from user – May be able to use Java script side channel attacks to see what other apps the user is running – May be able to extract GPS location of user when they read the email – Eventually hope to perform user study to see what proportion of iPhone users we can extract private information from
  • 29. Future work – Anti-SeeMail • SeeMail techniques may be misused by oppressive regimes to silence whistle blowers • Hope to look at ways to guard against email tracking • Compare email objects with peers and clean any potentially unsafe ones before leaking the document
  • 30. Future work – Anti-SeeMail • Want to look at Anti-SeeMail for web browsers – Have a pool of anonymous browsers that fetch web pages and compare them – Clean out any user specific parts such as web bugs, tracking scripts, targeted ads – Then display cleaned version to the end user