course evaluation room for attestations: 03.05.051 iLab Threat - - PowerPoint PPT Presentation

SLIDE 1

course evaluation

room for attestations: 03.05.051

SLIDE 2

iLab

Threat modelling, surveillance, operational security Benjamin Hof hof@in.tum.de

Lehrstuhl für Netzarchitekturen und Netzdienste Fakultät für Informatik Technische Universität München

Closing event – 15ss

SLIDE 3

You may not be interested in surveillance, but surveillance is interested in you

CC-BY-SA 3.0 Andreas Preuß

SLIDE 4

IEEE Spectrum 2007: The Athens Affair.

SLIDE 5

IEEE Spectrum 2007: The Athens Affair.

SLIDE 6

View on security

• 1. communication
• 2. software stacks
• 3. physical security

SLIDE 7

Outline

Classification of actors Threat actors Attack systems Examples Systematic defence

SLIDE 8

submarinecablemap.com

SLIDE 9

Eve

lifewinning.com/submarine-cable-taps

SLIDE 10

Mallory

SLIDE 11

Burglar

SLIDE 12

Jack Bauer

SLIDE 13

Outline

Classification of actors Threat actors Attack systems Examples Systematic defence

SLIDE 14

High end

◮ Five eyes ◮ Israel ◮ China ◮ Russia ◮ France

SLIDE 15

Commercial variants

SLIDE 16

SLIDE 17

arms dealers

SLIDE 18

Mercenaries

law suits, high profile business deals

SLIDE 19

SLIDE 20

attacker resources ./ money ./ target value

SLIDE 21

Scale

SLIDE 22

Outline

Classification of actors Threat actors Attack systems Examples Systematic defence

SLIDE 23

TOP SECRET//COMINT//NOFORN

RAMPART-A Typical Operation

A B C D

International Cable

USA Country X

Processing Center Access Point Partner Analysts

NSA Network

E

SECRET//COMINT NETWORK

SLIDE 24

SLIDE 25

◮ full traffic storage ◮ search engines ◮ financial transactions ◮ mobile systems

SLIDE 26

)

'

• TOP SECRET//$1

//REL USA, AUS, CAN, GBR, NZL

(TS//51//REL) Change the query to search for the last 3 Months and click SUBMIT

..

Stlector Prollle search

Seied:or Pl'oflle ~h~me

:

Mttlcatlon: Selectors S<iector Ploflle [·-

• -:o>gnal.ccm<goo;je>)

20111110 [3 OD:OO:OO

v

End D.to: 'bd>y

~

Yeste«Jay <oi) Add @ Remove ~

c ..

,.,.,.

1hl< -

• ~d
• e n - t i f- i ~ -

~ -

m

• ._

L ~ -~ L ~W~

L [J El ._.-~-

" O!"

·gma

f .c

• :n

[J E t:l

google

skypeM~

googlo skypeMaJ'blcM

sk.ypeM~l:.*.en

skyper.,.lbken

~

gmo

l . com

google Quiet Add: I Ercer ~

• r

rrore- seleclot!

sep~rate.:1

by (OO!mst and ht enter Authority Filtus 1hi:>Month Parcrreters LMt Nonlh Parilmetefs l 0ay Par<meters 2 t»ys ParM'let«s 3 ~

5.,.,.

P¥.snetus. 1 Oays P.v~s 140ays Pararwet.:

ers J M>tth

• 3r...w

6Monlhs l v~-~ v

7 ~

I >

:~._-.~

~;

t· · •n•·•

• .-
• . .. .. . .

.. - .

ll

SPIEGEL ONLINE

SLIDE 27

SLIDE 28

SLIDE 29

Outline

Classification of actors Threat actors Attack systems Examples Systematic defence

SLIDE 30

“I hunt sys admins”

◮ router ◮ look for successful logins ◮ admin ◮ personal webmail/facebook ◮ quantum

SLIDE 31

GCHQ attack on Belgian ISP Belgacom

SLIDE 32

German satcom provider Stellar

SLIDE 33

Attacks on standards

◮ Dual_EC_DRBG ◮ IETF

SLIDE 34

SLIDE 35

BSI report on German steel mill

SLIDE 36

Outline

Classification of actors Threat actors Attack systems Examples Systematic defence

SLIDE 37

Operational security

◮ get a strategy ◮ unlinkability, compartmentalization ◮ paranoia doesn’t work retroactively

SLIDE 38

Endpoint security requires control.

SLIDE 39

Debian reproducible builds

SLIDE 40

QubesOS

SLIDE 41

Applications

◮ OTR ◮ Textsecure, Redphone, Signal ◮ Tor

SLIDE 42

Hide metadata

SLIDE 43

Development

◮ LANGSEC ◮ OWASP ◮ ENISA

SLIDE 44

Operations

◮ diceware ◮ don’t store plaintext ◮ logging ◮ defence in depth

SLIDE 45

Attack surface

Endpoints

◮ browsers, drivers, . . . ◮ AMT/IPMI

tracking devices with audio functionality

◮ SS7 ◮ data trail ◮ baseband processor ◮ additional batteries

SLIDE 46

SLIDE 47

Believe nothing. Research everything.