Threat modeling nihilists v. vegans
•2 likes•1,538 views
Report
Share
Download to read offline
Slides from the threat modeling talk Parker Higgins and I did at Re:Publica in May 2015.
Recommended
More Related Content
Similar to Threat modeling nihilists v. vegans
Similar to Threat modeling nihilists v. vegans(20)
Recently uploaded
Recently uploaded(20)
Threat modeling nihilists v. vegans
- 1. <location, date> What the Hell is Threat Modeling Anyway? Eva Galperin/Parker Higgins eva@eff.org/parker@eff.org @evacide/@xor Electronic Frontier Foundation
- 2. <location, date> What the hell is a threat model?
- 3. <location, date> 1. What do you want to protect?
- 4. <location, date> 1. What do you want to protect? 2. Who do you want to protect it from?
- 5. <location, date> 1. What do you want to protect? 2. Who do you want to protect it from? 3. How likely is it you will need to protect it?
- 6. <location, date> 1. What do you want to protect? 2. Who do you want to protect it from? 3. How likely is it you will need to protect it? 4. How bad are the consequences if you fail?
- 7. <location, date> 1. What do you want to protect? 2. Who do you want to protect it from? 3. How likely is it you will need to protect it? 4. How bad are the consequences if you fail? 5. How much trouble are you willing to go through to prevent those consequences?
- 8. <location, date> ASSETS This is what you want to protect. Passwords Money Files Conversations Meta-data
- 9. <location, date> ADVERSARY This is what you want to protect your assets from. NSA Your classmates Your parents The police Advertisers
- 10. <location, date> THREAT Hackers hijack your Twitter account Your brother reads your diary Your boss sees your browser history Criminals steal your credit card numbers Adversary reads your communications Adversary deletes or alters your communications
- 11. <location, date> CAPABILITY Attacker could file a subpoena Attacker could break into your house Attacker could spy on your wifi network Attacker could put a tracking device on your car Attacker could force you to give up your passwords Attacker could torture your friends/family for info Attacker could shoulder-surf your phone password
- 12. <location, date>
- 13. <location, date>
- 14. <location, date>
- 15. <location, date> Then there’s this guy
- 17. <location, date> People have different appetites for risk
- 20. <location, date> Security is a process, not a product • Tools are not enough to protect your privacy • Build a threat model, then figure out what tools/processes are appropriate • Your threat model may change over time
- 21. <location, date>
- 22. <location, date> You don’t have to a nihilist or a vegan
- 23. <location, date>
- 24. <location, date>
- 25. <location, date>
- 26. <location, date>
- 27. <location, date> Thanks! Laura Poitras Bruce Schneier Jonathan Stray
Editor's Notes
- So you’ve just heard a bunch of scary stuff and I bet you’re wondering how to make sense of it. Should you be using Tor for all your browsing? Should you be using a VPN? Should you be sending all over your email using PGP? Should you throw your phone off a cliff? Trying to protect everything from everyone all the time is exhausting. But you probably don’t have to do that. And if you want to figure out what tools and procedures you should be using to give yourself meaning privacy for the things that are important to you, you need to learn to threat model.
- What’s meta-data?
- As you can see, this is not all about bad guys hacking into your computer. Legal attacks. Social attacks. Physical attacks.
- Assessing capability is HARD: you have to make a guess about what resources your attacker has and how far they’re willing to go to attack your assets. When you’re thinking about your physical assets, that may seem simple. You lock your doors. You put your important papers in a safe. You can see if you’re being physically followed. But the Internet doesn’t work the way it appears to most people. The same goes for courts. So in order to understand legal attacks, you talk to a lawyer. In order to understand, attacks over the Internet, you talk to hackers.
- Snowden leaks taught us a lot about NSA and 5-Eyes capabilities up to until very recently. But remember that capabilities are constantly changing. New laws get passed. New technologies are invented. New bugs are discovered and exploited. This work is never done.
- How likely is a particular threat against a particular asset? Related to capability: sure, your telco has access to all of your call data, but the risk that they will publish this publicly in order to harm your reputation is low. Threat is important to distinguish from risk. A threat is a bad thing that can happen. The risk is how likely it is that it will occur. There’s a threat that your house will collapse. But this is more likely to happen in San Francisco, where earthquakes are common, than Stockholm, where they are not.
- Conductive a risk analysis is a very subjective process. Not everyone has the same priorities or views threats the same way. Many people find certain threats (like the government spying on their internet traffic) unacceptable no matter what the risk. Other people disregard high risks because they don’t view the threat as a problem. For example, if I might not care so much if someone steals my credit card numbers because the credit card company will just reverse the charges.
- Want advice about threats/capabilities/tools? Check out SSD. Available in Arabic, English, French, Thai, Vietnamese, Spanish, and Urdu.