Jean-Jacques Quisquater is a professor of cryptography who discusses ways for organizations like Wikileaks to help leakers remain anonymous using technology. He explains how a perfect anonymous electronic dropbox could allow leakers to securely submit information without being identified. Quisquater then outlines various technologies like encryption, anonymity networks, and steganography that could help protect a leaker's privacy and anonymity.
This document summarizes cryptographic control over the past 70 years and issues revealed by Snowden's leaks, focusing on two cases. It discusses how cryptography has been controlled since WWII through organizations like the UKUSA agreement. While Snowden's leaks were not entirely new, they recontextualized the landscape. Case I examines how connected users are spied on through programs like PRISM and Bullrun that exploit systems like RSA's Dual_EC_DRBG and vulnerabilities like Heartbleed. Case II will discuss targeting non-connected users and environments through projects like TAO.
(130727) #fitalk anonymous network concepts and implementationINSIGHT FORENSIC
This document provides an overview of anonymous networks and circumvention techniques. It discusses Tor, Freenet, Gnunet, and I2P as examples of implemented anonymous networks. Tor routes traffic through volunteer servers called nodes to conceal a user's location and usage from anyone conducting network surveillance or traffic analysis. Circumvention techniques like Obfsproxy and Flashproxy are also summarized, which transform Tor traffic to bypass censorship methods like deep packet inspection.
Runa Sandvik, The Tor Project, London: Online Anonymity: Before and After th...i_scienceEU
The document discusses online anonymity before and after the Arab Spring. It summarizes how Tor works to provide anonymity and the arms race between censors blocking Tor and Tor developers finding new ways to circumvent censorship. It describes a large increase in Tor usage during the Arab Spring protests from 2010 to 2012 and ongoing blocking efforts by countries like China, Iran, and Kazakhstan. New anti-censorship tools like public key pinning, Obfsproxy, and ooni-probe are working to detect and prevent censorship of Tor.
Viral Parmar discusses steganography and how it can be used to hide secret messages within ordinary messages. Steganography techniques include hiding data in image files, word documents, network file streams, and other media. Parmar also covers how the Tor network functions to provide anonymity to users, but notes it has limitations like DNS leaks that can still reveal a user's identity. Case studies are presented on the Silk Road darknet market, bomb threats at Harvard, and FBI operations against Freedom Hosting and users of the Playpen child pornography site.
The document provides an overview of the dark net (also called the dark web). It begins by explaining that the surface web that is accessible through traditional search engines like Google only represents about 4% of total online content, while the remaining 96% is found in the deep web and darknet. The darknet is purposefully hidden and can only be accessed using special software like Tor, Freenet, and I2P. It then gives a brief history of the darknet beginning in 1970 and the development of tools like Tor. Reasons for using the darknet include protecting privacy and allowing for whistleblowing, while some also use it for computer crimes and selling restricted goods. The document concludes by describing some common darknet software
Encryption has a long history dating back to ancient times. It involves converting information into an unreadable format that can only be read by authorized parties. Key events included the development of the Enigma machine in the 1920s and the Data Encryption Standard in the 1970s. Encryption protects sensitive data and communications. It works by using mathematical algorithms and keys to encode and decode information. Authentication verifies identities, while digital signatures validate and authenticate data. Steganography hides secret messages within other files and media to avoid detection. Strong passwords, password managers, and two-factor authentication enhance security.
1. Hacking techniques will become more sophisticated as hackers combine different technologies like mobile, bio, and advanced malware.
2. Both black hat and white hat communities will continue innovating new hacking methods to either carry out attacks or strengthen security defenses.
3. Issues around stopping hacking will remain challenging as the internet allows rapid global transmission of viruses and malware that are difficult to contain or attribute.
The document discusses darknets as an alternative to the traditional internet (clearnet) that provides enhanced anonymity and privacy. Darknets use complex routing systems like Tor and I2P to make communications untraceable. While darknets allow greater anonymity for activities like whistleblowing, they are also used for illegal markets like drugs and arms dealing. As governments increasingly monitor the clearnet, more people may be drawn to darknets, but they will still provide a safe haven for criminal activities due to their anonymity.
This document summarizes cryptographic control over the past 70 years and issues revealed by Snowden's leaks, focusing on two cases. It discusses how cryptography has been controlled since WWII through organizations like the UKUSA agreement. While Snowden's leaks were not entirely new, they recontextualized the landscape. Case I examines how connected users are spied on through programs like PRISM and Bullrun that exploit systems like RSA's Dual_EC_DRBG and vulnerabilities like Heartbleed. Case II will discuss targeting non-connected users and environments through projects like TAO.
(130727) #fitalk anonymous network concepts and implementationINSIGHT FORENSIC
This document provides an overview of anonymous networks and circumvention techniques. It discusses Tor, Freenet, Gnunet, and I2P as examples of implemented anonymous networks. Tor routes traffic through volunteer servers called nodes to conceal a user's location and usage from anyone conducting network surveillance or traffic analysis. Circumvention techniques like Obfsproxy and Flashproxy are also summarized, which transform Tor traffic to bypass censorship methods like deep packet inspection.
Runa Sandvik, The Tor Project, London: Online Anonymity: Before and After th...i_scienceEU
The document discusses online anonymity before and after the Arab Spring. It summarizes how Tor works to provide anonymity and the arms race between censors blocking Tor and Tor developers finding new ways to circumvent censorship. It describes a large increase in Tor usage during the Arab Spring protests from 2010 to 2012 and ongoing blocking efforts by countries like China, Iran, and Kazakhstan. New anti-censorship tools like public key pinning, Obfsproxy, and ooni-probe are working to detect and prevent censorship of Tor.
Viral Parmar discusses steganography and how it can be used to hide secret messages within ordinary messages. Steganography techniques include hiding data in image files, word documents, network file streams, and other media. Parmar also covers how the Tor network functions to provide anonymity to users, but notes it has limitations like DNS leaks that can still reveal a user's identity. Case studies are presented on the Silk Road darknet market, bomb threats at Harvard, and FBI operations against Freedom Hosting and users of the Playpen child pornography site.
The document provides an overview of the dark net (also called the dark web). It begins by explaining that the surface web that is accessible through traditional search engines like Google only represents about 4% of total online content, while the remaining 96% is found in the deep web and darknet. The darknet is purposefully hidden and can only be accessed using special software like Tor, Freenet, and I2P. It then gives a brief history of the darknet beginning in 1970 and the development of tools like Tor. Reasons for using the darknet include protecting privacy and allowing for whistleblowing, while some also use it for computer crimes and selling restricted goods. The document concludes by describing some common darknet software
Encryption has a long history dating back to ancient times. It involves converting information into an unreadable format that can only be read by authorized parties. Key events included the development of the Enigma machine in the 1920s and the Data Encryption Standard in the 1970s. Encryption protects sensitive data and communications. It works by using mathematical algorithms and keys to encode and decode information. Authentication verifies identities, while digital signatures validate and authenticate data. Steganography hides secret messages within other files and media to avoid detection. Strong passwords, password managers, and two-factor authentication enhance security.
1. Hacking techniques will become more sophisticated as hackers combine different technologies like mobile, bio, and advanced malware.
2. Both black hat and white hat communities will continue innovating new hacking methods to either carry out attacks or strengthen security defenses.
3. Issues around stopping hacking will remain challenging as the internet allows rapid global transmission of viruses and malware that are difficult to contain or attribute.
The document discusses darknets as an alternative to the traditional internet (clearnet) that provides enhanced anonymity and privacy. Darknets use complex routing systems like Tor and I2P to make communications untraceable. While darknets allow greater anonymity for activities like whistleblowing, they are also used for illegal markets like drugs and arms dealing. As governments increasingly monitor the clearnet, more people may be drawn to darknets, but they will still provide a safe haven for criminal activities due to their anonymity.
Introduction to HackDemocracy Brussels Meetup 3hackdemocracy
1) This document summarizes a HackDemocracy meetup in Brussels on February 23, 2011. It includes the location, contact email, and Twitter handle for HackDemocracy.
2) The meetup featured 3 presentations: the first was on analyzing traffic to a Belgian political website, the second was on online voting and verifiable voting systems, and the third was on how technology can improve school enrollment policy.
3) The meetup was thanking various groups and individuals for their support, and was also encouraging others to get involved by speaking at future meetups or otherwise assisting the organization.
HackDemocracy 4: Open Data in Belgium Introductionhackdemocracy
This document summarizes a meetup event hosted by HackDemocracy in Brussels, Belgium about open data. It includes thanks to BetaGroup Coworking for hosting the event. The agenda includes 3 presentations about local open data initiatives in Brussels and a federal open data initiative in Belgium. The goal of HackDemocracy is to bring hackers and public officials together to collaborate on innovations to strengthen democracy using open data.
Pirate Party, Wikileaks & the Anonymoushackdemocracy
The document summarizes a meeting of the HackDemocracy group on December 16, 2010. It discusses the ideals of the Pirate Party, such as openness, transparency, and sharing information. It notes that the Pirate Party wants to reform copyright and patent systems and respect privacy rights. It provides a brief history of the Belgian Pirate Party, including its founding in 2006, reboot in 2009 after EU elections, and recent political actions and participation in 2010 federal elections.
Online and Offline Activism with the Indignados/Occupy movementhackdemocracy
This document announces a meeting of HackDemocracy Brussels to discuss online and offline activism with the Indignados movement. It provides contact information for HackDemocracy Brussels and thanks the speakers and host locations. The document indicates that today's speakers will discuss the Indignados movement's use of technology for global coordination, share perspectives on e-democracy, and provide insights into tensions between legitimacy and efficiency when online and offline activism converge.
Political Memory - Memopol Toolkit (HackDemocracy Meetup 5)hackdemocracy
Political Memory (Memopol) is a toolbox designed to help citizens reach members of European Parliament (MEPs), and track their voting records. Presented at HackDemocracy Brussels' 5th Meetup.
HackDemocracy Brussels 3: Using technology to improve School Choice Procedureshackdemocracy
The document discusses school choice procedures. It first addresses why regulating school choice is important for equity and to account for social preferences over school composition. It then examines whether procedures should be top-down or bottom-up in taking parents' preferences into account. Three criteria for evaluating procedures are discussed: efficiency, no justified envy, and strategic simplicity. Several school choice mechanisms are outlined, including the student-proposing deferred acceptance algorithm. Preliminary evidence from Dutch-speaking preschools in Brussels is also presented.
The document discusses Fair Observer, an online media platform that aims to provide contextualized analysis of important global issues through contributions from experts around the world. It summarizes Fair Observer's value proposition as capturing diverse perspectives across disciplines and countries to analyze trends. The document also provides details on Fair Observer's founders, editorial team, contributor network, growth metrics, business model focusing on various revenue streams, and key differentiators compared to other media.
Introduction HackDemocracy Meetup 5: Citizen Platforms for Political Accounta...hackdemocracy
HackDemocracy Brussels' 5th Meetup on Citizen Platforms for Political Accountability & the G1000 Citizens Summit. Presentations by Demoscha.Be and Memopol.
The document summarizes media freedom and internet usage in Central Asian countries. It discusses how countries like Kazakhstan, Kyrgyzstan, Tajikistan, Turkmenistan, and Uzbekistan rank poorly in press freedom indexes due to factors like state control of media and censorship. It also notes that internet penetration remains relatively low in the region, concentrated in urban areas, and subject to censorship and monitoring. The document is about an organization called neweurasia that aims to promote independent media and voices from Central Asia online through blogging and publishing.
Introduction HackDemocracy Meetup 5: Citizen Platforms for Political Accounta...hackdemocracy
HackDemocracy Brussels' 5th Meetup on Citizen Platforms for Political Accountability & G1000 Citizens Summit. Presentations about Demoscha.Be and Memopol.
Introduction to hack democracy meetup 2hackdemocracy
The document summarizes a meetup of the #HackDemocracy group in Brussels on January 19, 2011. It thanks the organizers and speakers at the event. It announces the launch of #HackDemocracy in San Francisco and invites people to help out or speak at future meetups. It also describes the #Hacks/Hackers group which brings together journalists and programmers, mentioning their 17 chapters worldwide. Finally, it lists three topics to be discussed about Wikileaks: how it ensures anonymity, how organizations are using Wikileaks' data, and Wikileaks' implications for international relations.
Hack Democracy San Francisco meetup #1 - introhackdemocracy
This document outlines an agenda for a meetup of the Hack Democracy SF group. It thanks presenters and attendees. It discusses the meaning of the term "hacker" and how hackers can work with public institutions to define the future of democracy. The agenda lists 5 presentations on projects using technology to increase transparency and civic participation, including Code for America, Circle Voting, ScraperWiki, VoteReports.org, and ShortStack. It notes the format will be 5-minute presentations plus Q&A and discusses plans to expand the group to other cities.
Open data in public-private partnershipshackdemocracy
How citizens can become true watchdogs
Presentation at the first HackDemocracy meetup in Brussels, December 2010.
Presented by @jonvanparys of @wheresmyvillo
Open data in Belgium aims to make certain government and public data freely available without restrictions. It promotes transparency and allows developers to build applications using the data. Examples of open data providers include data.gov.uk and data.gov, while consumers have used open data to build tools like a traffic flows app and school finder. Open data can be accessed via websites, downloadable files, or APIs. Developers are encouraged to create applications and mashups with the open data on sites like openbelgium.be and opendatachallenge.org to further utilize the available information.
Presented by Paul Wilson, Director General of APNIC and Chair of APrIGF Multistakeholder Steering Group at the Asia Pacific Internet Leadership Program as part of 2016 APrIGF Taipei
Introduction to HackDemocracy Brussels Meetup 3hackdemocracy
1) This document summarizes a HackDemocracy meetup in Brussels on February 23, 2011. It includes the location, contact email, and Twitter handle for HackDemocracy.
2) The meetup featured 3 presentations: the first was on analyzing traffic to a Belgian political website, the second was on online voting and verifiable voting systems, and the third was on how technology can improve school enrollment policy.
3) The meetup was thanking various groups and individuals for their support, and was also encouraging others to get involved by speaking at future meetups or otherwise assisting the organization.
HackDemocracy 4: Open Data in Belgium Introductionhackdemocracy
This document summarizes a meetup event hosted by HackDemocracy in Brussels, Belgium about open data. It includes thanks to BetaGroup Coworking for hosting the event. The agenda includes 3 presentations about local open data initiatives in Brussels and a federal open data initiative in Belgium. The goal of HackDemocracy is to bring hackers and public officials together to collaborate on innovations to strengthen democracy using open data.
Pirate Party, Wikileaks & the Anonymoushackdemocracy
The document summarizes a meeting of the HackDemocracy group on December 16, 2010. It discusses the ideals of the Pirate Party, such as openness, transparency, and sharing information. It notes that the Pirate Party wants to reform copyright and patent systems and respect privacy rights. It provides a brief history of the Belgian Pirate Party, including its founding in 2006, reboot in 2009 after EU elections, and recent political actions and participation in 2010 federal elections.
Online and Offline Activism with the Indignados/Occupy movementhackdemocracy
This document announces a meeting of HackDemocracy Brussels to discuss online and offline activism with the Indignados movement. It provides contact information for HackDemocracy Brussels and thanks the speakers and host locations. The document indicates that today's speakers will discuss the Indignados movement's use of technology for global coordination, share perspectives on e-democracy, and provide insights into tensions between legitimacy and efficiency when online and offline activism converge.
Political Memory - Memopol Toolkit (HackDemocracy Meetup 5)hackdemocracy
Political Memory (Memopol) is a toolbox designed to help citizens reach members of European Parliament (MEPs), and track their voting records. Presented at HackDemocracy Brussels' 5th Meetup.
HackDemocracy Brussels 3: Using technology to improve School Choice Procedureshackdemocracy
The document discusses school choice procedures. It first addresses why regulating school choice is important for equity and to account for social preferences over school composition. It then examines whether procedures should be top-down or bottom-up in taking parents' preferences into account. Three criteria for evaluating procedures are discussed: efficiency, no justified envy, and strategic simplicity. Several school choice mechanisms are outlined, including the student-proposing deferred acceptance algorithm. Preliminary evidence from Dutch-speaking preschools in Brussels is also presented.
The document discusses Fair Observer, an online media platform that aims to provide contextualized analysis of important global issues through contributions from experts around the world. It summarizes Fair Observer's value proposition as capturing diverse perspectives across disciplines and countries to analyze trends. The document also provides details on Fair Observer's founders, editorial team, contributor network, growth metrics, business model focusing on various revenue streams, and key differentiators compared to other media.
Introduction HackDemocracy Meetup 5: Citizen Platforms for Political Accounta...hackdemocracy
HackDemocracy Brussels' 5th Meetup on Citizen Platforms for Political Accountability & the G1000 Citizens Summit. Presentations by Demoscha.Be and Memopol.
The document summarizes media freedom and internet usage in Central Asian countries. It discusses how countries like Kazakhstan, Kyrgyzstan, Tajikistan, Turkmenistan, and Uzbekistan rank poorly in press freedom indexes due to factors like state control of media and censorship. It also notes that internet penetration remains relatively low in the region, concentrated in urban areas, and subject to censorship and monitoring. The document is about an organization called neweurasia that aims to promote independent media and voices from Central Asia online through blogging and publishing.
Introduction HackDemocracy Meetup 5: Citizen Platforms for Political Accounta...hackdemocracy
HackDemocracy Brussels' 5th Meetup on Citizen Platforms for Political Accountability & G1000 Citizens Summit. Presentations about Demoscha.Be and Memopol.
Introduction to hack democracy meetup 2hackdemocracy
The document summarizes a meetup of the #HackDemocracy group in Brussels on January 19, 2011. It thanks the organizers and speakers at the event. It announces the launch of #HackDemocracy in San Francisco and invites people to help out or speak at future meetups. It also describes the #Hacks/Hackers group which brings together journalists and programmers, mentioning their 17 chapters worldwide. Finally, it lists three topics to be discussed about Wikileaks: how it ensures anonymity, how organizations are using Wikileaks' data, and Wikileaks' implications for international relations.
Hack Democracy San Francisco meetup #1 - introhackdemocracy
This document outlines an agenda for a meetup of the Hack Democracy SF group. It thanks presenters and attendees. It discusses the meaning of the term "hacker" and how hackers can work with public institutions to define the future of democracy. The agenda lists 5 presentations on projects using technology to increase transparency and civic participation, including Code for America, Circle Voting, ScraperWiki, VoteReports.org, and ShortStack. It notes the format will be 5-minute presentations plus Q&A and discusses plans to expand the group to other cities.
Open data in public-private partnershipshackdemocracy
How citizens can become true watchdogs
Presentation at the first HackDemocracy meetup in Brussels, December 2010.
Presented by @jonvanparys of @wheresmyvillo
Open data in Belgium aims to make certain government and public data freely available without restrictions. It promotes transparency and allows developers to build applications using the data. Examples of open data providers include data.gov.uk and data.gov, while consumers have used open data to build tools like a traffic flows app and school finder. Open data can be accessed via websites, downloadable files, or APIs. Developers are encouraged to create applications and mashups with the open data on sites like openbelgium.be and opendatachallenge.org to further utilize the available information.
Presented by Paul Wilson, Director General of APNIC and Chair of APrIGF Multistakeholder Steering Group at the Asia Pacific Internet Leadership Program as part of 2016 APrIGF Taipei
Acpe 2014 Internet Anonymity Using TorJack Maynard
Tor is free and open-source software that allows users to improve their anonymity and privacy online. It works by routing a user's internet traffic through a worldwide network of relays run by volunteers, making it difficult to track a user's location and browsing activities. While it can enable legal and beneficial uses like protecting free speech, Tor also allows criminal activities to take place anonymously, such as buying illegal drugs. The presentation discusses how Tor works, potential benefits and risks, and how network administrators can block Tor traffic on their systems using firewall rules and blacklists of Tor exit nodes.
The document provides an overview of the Tor network, which aims to enable anonymous communication on the internet. It discusses why anonymity is needed, how the Tor network works using onion routing and circuits of routers to hide a user's location and identity, limitations of Tor including slow speeds and vulnerability of exit nodes, licit and illicit uses of Tor for privacy and censorship circumvention as well as illegal activities, and dangers of using Tor including surveillance risks. It concludes that research has made progress on anonymous communication and public interest in privacy tools like Tor is likely to increase.
This seminar discuss about the TOR BROWSER NETWORK TECHNOLOGY. The discussion includes, How it works, its weakness, its advantage, hidden services, about anonymity etc.
A look at the methodology and techniques or hackers, cyber criminals and state sponsored attackers. Explores the kill chain, Geo political instability and the dark web.
Touring the Dark Side of Internet: A Journey through IOT, TOR & DockerAbhinav Biswas
With the advent of IOT, Every 'Thing' is getting Smart, starting from the range of smartwatches, smart refrigerators, smart bulbs to smart car, smart healthcare, smart agriculture, smart retail, smart city and what not, even smart planet. But why is every thing getting smart? People are trying to bridge the gap between Digital World & Physical World by means of ubiquitous connectivity to Internet, and when digital things become physical, digital threats also become physical threats. Security & Privacy issues are rising as never before. What if the microphone in your smart TV can be used to eavesdrop the private communications in your bed room? What if a smart driverless car deliberately crashes itself into an accident? What if you want to be Anonymous over Internet and don't want anybody to track you?
This talk will focus on answering the above questions with a view on 'What are we currently doing to protect ourselves' and 'What we need to do'. What are the new security challenges that are coming up and how privacy & anonymity is taking the lead over security. The talk will also sensitive the audience about the paradigm shift that is happening in IOT DevOps, with help of Docker Containers and how they can be anonymised using TOR.
The document discusses the history and development of the Internet. It explains that the Internet originated from the ARPANET system developed by the U.S. Department of Defense in the 1960s to link computers. It grew significantly in the 1980s and beyond as more computers and networks were connected. The document also outlines some of the basic services of the Internet like email, file transfer, and the World Wide Web. It notes the rapid growth in the number of devices connected to the Internet over time. Finally, it briefly discusses cybercrime and the need for cyber laws to address illegal activities online.
cyber crime & information security is most famous in the world..day by day increase cyber crime in internet world. that see. the detail about of cyber security.
This document discusses hacking and provides an overview of ethical hacking. It begins by defining what a hacker is, noting that historically it referred to an enthusiastic computer hobbyist rather than a criminal. It discusses the evolution of hacking and open source culture. It then discusses ethical hacking and penetration testing, noting it involves authorized attempts to breach systems to test security. It provides an example case study of a large hadron collider being hacked. It also discusses the importance of security given the rise in internet users and potential for attacks on critical networks.
Introduction to Cyberspace and its Architecture, Evolution and Basic Concepts of Internet, Cyberspace, Internet Ownership and Management, Data Security and Management, Data Encryption and Digital Signature, Convergence. Internet Telephony
and VPN, Social Issues in the Regulation of Cyberspace, The Regulability of Cyberspace, UNCITRAL Model Law on Electronics Commerce 1996
The document discusses ethical hacking and how it has evolved over time. It begins by defining hacking and explaining how hackers originally exploited telephone systems to make free calls. It then describes how hacking migrated to computers in the 1980s and became illegal with laws passed in 1986. The document outlines the different types of hackers and phases of a typical hack, including reconnaissance, scanning, gaining access, and covering tracks. It also provides examples of commonly used hacking tools like Nmap, Nessus, and Kismet. In closing, it discusses both the advantages and disadvantages of hacking, and considers the future scope of ethical hacking.
FreedomBox is a small, low-cost device that allows users to self-host applications and protect their privacy and freedom online. It provides private web browsing, secure communication tools, and applications to enable safe activism. FreedomBox is being used in rural India to address the digital divide by hosting essential digital services locally on FreedomBox servers in villages. This provides internet access and services with better privacy, security, and resilience compared to centralized cloud services. Initial deployments have been successful in providing internet access for tasks like accessing government services and education. The project aims to expand to more villages at very low cost through community networks powered by FreedomBox.
This document provides an overview of cyber forensics. It introduces Ambuj Kumar, a cyber security analyst, and discusses topics like the cyber forensics process, goals of forensics investigations, how computers are used in cybercrimes, types of investigations and evidence, challenges in acquiring evidence, roles of first responders, locations of electronic evidence, the chain of custody process, and techniques like hashing, write protection, and analyzing deleted data.
Pichman privacy, the dark web, & hacker devices i school (1)Stephen Abram
This document provides an overview and summary of a presentation on privacy, the dark web, and hacker devices. The presentation discusses tools that provide anonymity such as Tor browsing and VPNs. It also covers common devices and software used on the dark web and defenses against cyber attacks. The document discusses why people attack, how to prevent being tracked, and mitigating risks. It provides tips on anonymity and privacy as well as an overview of hacker tools and techniques. The presentation aims to familiarize audiences with anonymity methods while discouraging illegal use of the information.
1. Wikileaks:
secure dropbox
or leaking dropbox
??
Jean-Jacques Quisquater
UCL Crypto Group
Louvain-la-Neuve
jjq@uclouvain.be
January 19 2011
twitter : @_jjq
2. Who I am?
Jean-Jacques Quisquater
• Engineer in applied mathematics (UCL, Belgium, 1970)
• PhD in Computer Science (Orsay, France, 1987)
• Scientist full time (1970-2010)
• 20 years for Philips, 20 years academics
• Professor of cryptography at UCLouvain-la-Neuve, ENS (Paris)
• Working about cryptography, security, privacy from 1979
(200 papers, 40 PhD thesis, …)
• Doing and applying research in cryptography for protecting
easily people, privacy and democracy:
– smart card,
– electronic Id,
– electronic passport,
– electronic voting, …
• Emeritus UCL (2010-…) and visiting scientist at MIT (2004-…)
3. Mission for today
• Explaining in 5 minutes (!) how organizations
like Wikileaks can use technology to insure
leakers remain anonymous.
4. Mission for today
• Explaining in 5 minutes (!) the way in
which organizations like Wikileaks can
use technology to insure leakers
remain anonymous.
• Solution: perfect electronic dropbox
7. Anonymous dropbox
on the web
• Internet voting
• Auction
• Disclosures (Enron, Worldcom, …)
• Whistleblowers (« lanceur d’alerte »)
• Audit
• Suggestion box
• Survey, poll
• See also tor
• …
8. Wikileaks (14/01/2007)
• Wikileaks will also incorporate advanced cryptographic
technologies for anonymity and untraceability. Those
who provide leaked information may face severe risks,
whether of political repercussions, legal sanctions or
physical violence. Accordingly, extremely sophisticated
mathematical and cryptographic techniques will be
used to secure privacy, anonymity and untraceability.
• For the technically minded, Wikileaks integrates
technologies including modified versions of FreeNet,
Tor, PGP and software of our own design.
11. Trac(k)ing files
• Adding hidden and difficult to remove specific
information related to access (time, user, location, …):
the EBU model
• Adding specific visible information (diffficult to
remove, errors, rounded numbers, …)
• Watermarking for
– Paper,
– Map,
– Object,
– Printer, fax, computer (fonts, yellow dots, …),
– Photo,
– Text (font, distance between letters, words),
– Program,
– …
15. Trace: any information untraceability
about the user
• internet
• PC or internet cafe
• files
•…
16. Internet traces (tcp-ip v4, v6)
• SENDER:
– From: IP address
– To: IP address
– Sent time
– IP geolocalisation
– Length of message
– Data
RECEIVER:
– Received time
• Think about the layers (applications,
transport, internet, link)
17. Attacks and threat model(s)
• Traffic analysis (encrypted data!)
• DoS (denial of service) against main routers for
forcing rerouting
• Ad-hoc virus, worm, injected javascript (for
capturing keys, passwords, censoring (Tunisia),
sabotage: stuxnet, …)
• Aggregation or linking (same anonymous user?)
• Password correlation
18. Who needs protection?
http://www.torproject.org/about/torusers.html.en
• Normal people for protecting
– privacy from unscrupulous marketers and identity thieves
– communications from irresponsible corporations
– children online; research sensitive topics
• Militaries (internet designed by DARPA, tor by NRL, DES by IBM-NSA, …)
– Field agents; Hidden services; Intelligence gathering
• Journalists and their audience
– Reporters without Borders
– US International Broadcasting Bureau (Voice of America/Radio Free Europe)
– Citizen journalists in China; Citizens and journalists in Internet black holes
• Law enforcement officers
– Online surveillance; Sting operations; Truly anonymous tip lines
• Activists and Whistleblowers
– Amnesty international …
• Business executives, Bloggers, IT Professionals
– http://www.eff.org/issues/bloggers/legal
19. cryptography
• Encryption for confidentiality of data
• Signature for integrity of data
• Key generation, distribution, storage, authentication
• Problem: bad implementations and/or use
(including SSL or https!)
• Most implementations are leaking taking into
account the protocols (effective security: x bits?)
20. proxy
• Change your IP address into another one
• Uses:
– Remote use of ressources
– anonymity of your IP address
• An anonymous proxy server hides the IP address and
removes traffic such as:
– Cookies
– Pop-ups
– Banners
– Scripts
– Referrer information
21. Mixnet (Chaum, 1981)
• Mixes enable anonymous communication by
means of cryptography, scrambling the
messages, and unifying them (padding to
constant size, fixing a constant sending rate by
sending dummy messages, etc)
• Examples: mixmaster, tor
• Chaum, “Untraceable Electronic Mail, Return
Addresses, and Digital Pseudonym,”
Communications of the ACM, 24:2, Feb. 1981
23. Onion routing
• http://www.onion-router.net/
• Reed, Syverson, Goldschlag, “Anonymous
Connections and Onion Routing,” Proc. of IEEE
Symposium on Security and Privacy, Oakland,
CA, May ’97, pp. 44-54
• patented by the United States Navy in US
Patent No. 6266704 (1998) (current version of
tor is not using it)
24.
25. Freenet
(Clarke, 1999; Clarke, Sandberg, Wiley, Hong, 2000)
• http://freenetproject.org/ (running)
• Freenet is free software which lets you anonymously share
files, browse and publish "freesites" (web sites accessible only
through Freenet) and chat on forums, without fear of
censorship. Freenet is decentralised to make it less vulnerable
to attack, and if used in "darknet" mode, where users only
connect to their friends, is very difficult to detect.
26. Tor
• Tor is a system intended to enable online anonymity,
composed of client software and a network of servers
which can mask information about users' locations and
other factors which might identify them.
• Use of this system makes it more difficult to trace
internet traffic to the user, including visits to Web sites,
online posts, instant messages, and other
communication forms.
• It is intended to protect users' personal freedom,
privacy, and ability to conduct confidential business, by
keeping their internet activities from being monitored.
27. Tor
(Dingledine, Mathewson, Sylverson, 2004)
• http://www.torproject.org/
• http://torstatus.blutmagie.de/
32. PGP (Phil Zimmermann, 1991)
• Pretty Good Privacy (also GPG)
• computer program that provides cryptographic
privacy and authentication for data communication
• Symantec and openPGP
33. darknet
• // black box (a system or device whose contents were
unknown)
• Isolated network for security purpose (1970)
• any closed, private group of people communicating
• a collection of networks and technologies used to share
digital content
• Examples of darknets: peer-to-peer file sharing, CD and
DVD copying, key or password sharing on email and
newsgroups
34. Main conferences
• Design
– All security conferences and workshops
• Attacks
– CCC
– Black Hat
– Defcon
– Usenix security
38. Steganography
user computer
E, k Mixed data D, k
Secret data
Secret data
Clear data
39. steganography
• Steganography is the art and science of
writing hidden messages in such a way that no
one, apart from the sender and intended
recipient, suspects the existence of the
message.
41. Steganography: example
Removing all but
the two least
significant bits of
each color
component
produces an
almost
completely black
image. Making
that image 85
times brighter
produces …
42. Steganography: example
Removing all but
the two least
significant bits of
each color
component
produces an
almost
completely black
image. Making
that image 85
times brighter
produces …
43.
44.
45. Haystack (SFO)
• Haystack was a partially completed
proprietary network traffic obfuscator and
encryptor that was being designed to
circumvent internet censorship in Iran.
49. Ethical problems
• Use by opponents (which ones?)
• Use by terrorists
• Use by « pirates » (p2p networks)
• ACTA? (Tor not legal in some countries?)
• What to do?
50. pdf file (versus word)
• Pdf is not an easy solution for the receiver…
• Very dangerous due to the possibility of
hidden and malicious executables