1. Wikileaks:
secure dropbox
or leaking dropbox
??
Jean-Jacques Quisquater
UCL Crypto Group
Louvain-la-Neuve
jjq@uclouvain.be
January 19 2011
twitter : @_jjq
2. Who I am?
Jean-Jacques Quisquater
• Engineer in applied mathematics (UCL, Belgium, 1970)
• PhD in Computer Science (Orsay, France, 1987)
• Scientist full time (1970-2010)
• 20 years for Philips, 20 years academics
• Professor of cryptography at UCLouvain-la-Neuve, ENS (Paris)
• Working about cryptography, security, privacy from 1979
(200 papers, 40 PhD thesis, …)
• Doing and applying research in cryptography for protecting
easily people, privacy and democracy:
– smart card,
– electronic Id,
– electronic passport,
– electronic voting, …
• Emeritus UCL (2010-…) and visiting scientist at MIT (2004-…)
3. Mission for today
• Explaining in 5 minutes (!) how organizations
like Wikileaks can use technology to insure
leakers remain anonymous.
4. Mission for today
• Explaining in 5 minutes (!) the way in
which organizations like Wikileaks can
use technology to insure leakers
remain anonymous.
• Solution: perfect electronic dropbox
7. Anonymous dropbox
on the web
• Internet voting
• Auction
• Disclosures (Enron, Worldcom, …)
• Whistleblowers (« lanceur d’alerte »)
• Audit
• Suggestion box
• Survey, poll
• See also tor
• …
8. Wikileaks (14/01/2007)
• Wikileaks will also incorporate advanced cryptographic
technologies for anonymity and untraceability. Those
who provide leaked information may face severe risks,
whether of political repercussions, legal sanctions or
physical violence. Accordingly, extremely sophisticated
mathematical and cryptographic techniques will be
used to secure privacy, anonymity and untraceability.
• For the technically minded, Wikileaks integrates
technologies including modified versions of FreeNet,
Tor, PGP and software of our own design.
11. Trac(k)ing files
• Adding hidden and difficult to remove specific
information related to access (time, user, location, …):
the EBU model
• Adding specific visible information (diffficult to
remove, errors, rounded numbers, …)
• Watermarking for
– Paper,
– Map,
– Object,
– Printer, fax, computer (fonts, yellow dots, …),
– Photo,
– Text (font, distance between letters, words),
– Program,
– …
15. Trace: any information untraceability
about the user
• internet
• PC or internet cafe
• files
•…
16. Internet traces (tcp-ip v4, v6)
• SENDER:
– From: IP address
– To: IP address
– Sent time
– IP geolocalisation
– Length of message
– Data
RECEIVER:
– Received time
• Think about the layers (applications,
transport, internet, link)
17. Attacks and threat model(s)
• Traffic analysis (encrypted data!)
• DoS (denial of service) against main routers for
forcing rerouting
• Ad-hoc virus, worm, injected javascript (for
capturing keys, passwords, censoring (Tunisia),
sabotage: stuxnet, …)
• Aggregation or linking (same anonymous user?)
• Password correlation
18. Who needs protection?
http://www.torproject.org/about/torusers.html.en
• Normal people for protecting
– privacy from unscrupulous marketers and identity thieves
– communications from irresponsible corporations
– children online; research sensitive topics
• Militaries (internet designed by DARPA, tor by NRL, DES by IBM-NSA, …)
– Field agents; Hidden services; Intelligence gathering
• Journalists and their audience
– Reporters without Borders
– US International Broadcasting Bureau (Voice of America/Radio Free Europe)
– Citizen journalists in China; Citizens and journalists in Internet black holes
• Law enforcement officers
– Online surveillance; Sting operations; Truly anonymous tip lines
• Activists and Whistleblowers
– Amnesty international …
• Business executives, Bloggers, IT Professionals
– http://www.eff.org/issues/bloggers/legal
19. cryptography
• Encryption for confidentiality of data
• Signature for integrity of data
• Key generation, distribution, storage, authentication
• Problem: bad implementations and/or use
(including SSL or https!)
• Most implementations are leaking taking into
account the protocols (effective security: x bits?)
20. proxy
• Change your IP address into another one
• Uses:
– Remote use of ressources
– anonymity of your IP address
• An anonymous proxy server hides the IP address and
removes traffic such as:
– Cookies
– Pop-ups
– Banners
– Scripts
– Referrer information
21. Mixnet (Chaum, 1981)
• Mixes enable anonymous communication by
means of cryptography, scrambling the
messages, and unifying them (padding to
constant size, fixing a constant sending rate by
sending dummy messages, etc)
• Examples: mixmaster, tor
• Chaum, “Untraceable Electronic Mail, Return
Addresses, and Digital Pseudonym,”
Communications of the ACM, 24:2, Feb. 1981
23. Onion routing
• http://www.onion-router.net/
• Reed, Syverson, Goldschlag, “Anonymous
Connections and Onion Routing,” Proc. of IEEE
Symposium on Security and Privacy, Oakland,
CA, May ’97, pp. 44-54
• patented by the United States Navy in US
Patent No. 6266704 (1998) (current version of
tor is not using it)
24.
25. Freenet
(Clarke, 1999; Clarke, Sandberg, Wiley, Hong, 2000)
• http://freenetproject.org/ (running)
• Freenet is free software which lets you anonymously share
files, browse and publish "freesites" (web sites accessible only
through Freenet) and chat on forums, without fear of
censorship. Freenet is decentralised to make it less vulnerable
to attack, and if used in "darknet" mode, where users only
connect to their friends, is very difficult to detect.
26. Tor
• Tor is a system intended to enable online anonymity,
composed of client software and a network of servers
which can mask information about users' locations and
other factors which might identify them.
• Use of this system makes it more difficult to trace
internet traffic to the user, including visits to Web sites,
online posts, instant messages, and other
communication forms.
• It is intended to protect users' personal freedom,
privacy, and ability to conduct confidential business, by
keeping their internet activities from being monitored.
27. Tor
(Dingledine, Mathewson, Sylverson, 2004)
• http://www.torproject.org/
• http://torstatus.blutmagie.de/
32. PGP (Phil Zimmermann, 1991)
• Pretty Good Privacy (also GPG)
• computer program that provides cryptographic
privacy and authentication for data communication
• Symantec and openPGP
33. darknet
• // black box (a system or device whose contents were
unknown)
• Isolated network for security purpose (1970)
• any closed, private group of people communicating
• a collection of networks and technologies used to share
digital content
• Examples of darknets: peer-to-peer file sharing, CD and
DVD copying, key or password sharing on email and
newsgroups
34. Main conferences
• Design
– All security conferences and workshops
• Attacks
– CCC
– Black Hat
– Defcon
– Usenix security
38. Steganography
user computer
E, k Mixed data D, k
Secret data
Secret data
Clear data
39. steganography
• Steganography is the art and science of
writing hidden messages in such a way that no
one, apart from the sender and intended
recipient, suspects the existence of the
message.
41. Steganography: example
Removing all but
the two least
significant bits of
each color
component
produces an
almost
completely black
image. Making
that image 85
times brighter
produces …
42. Steganography: example
Removing all but
the two least
significant bits of
each color
component
produces an
almost
completely black
image. Making
that image 85
times brighter
produces …
43.
44.
45. Haystack (SFO)
• Haystack was a partially completed
proprietary network traffic obfuscator and
encryptor that was being designed to
circumvent internet censorship in Iran.
49. Ethical problems
• Use by opponents (which ones?)
• Use by terrorists
• Use by « pirates » (p2p networks)
• ACTA? (Tor not legal in some countries?)
• What to do?
50. pdf file (versus word)
• Pdf is not an easy solution for the receiver…
• Very dangerous due to the possibility of
hidden and malicious executables