how to manipulate standards daniel j bernstein verizon
play

How to manipulate standards Daniel J. Bernstein Verizon - PDF document

Nov 13, 2022 •269 likes •961 views

How to manipulate standards Daniel J. Bernstein Verizon Communications Inc. LICENSE: You understand and hereby agree that the audio, video, and text of this presentation are provided as is, without warranty of any kind, whether expressed

  1. How to manipulate standards Daniel J. Bernstein Verizon Communications Inc. LICENSE: You understand and hereby agree that the audio, video, and text of this presentation are provided “as is”, without warranty of any kind, whether expressed or implied, including, without limitation, the implied warranties of merchantability, fitness for a particular purpose or otherwise. Since you are not a blithering idiot, you also understand that Verizon Communications Inc. and the entire Verizon family of companies are not actually associated in any way with the speaker, have not reviewed the contents of this presentation, and are not responsible for the contents of this presentation. Continuing to read, listen to, or otherwise absorb this information constitutes acceptance of this license. Any court dispute regarding this presentation shall be resolved in the state of Illinois in the United States of America.

  2. Verizon is a global leader delivering innovative communications and technology solutions that improve the way our customers live, work and play.

  3. Our core mission: Delivering information from point A to point B. � Verizon � Bob Alice

  4. � � Our core mission: Delivering information from point A to point B, and also to points C, D, E, : : : � Verizon Alice Bob Eve

  5. � � Our core mission: Delivering information from point A to point B, and also to points C, D, E, : : : � Verizon Alice Bob Eve “Can you hear me now? Good.”

  6. � � Our core mission: Delivering information from point A to point B, and also to points C, D, E, : : : � Verizon Alice Bob Eve “Can you hear me now? Good.” “Can they hear you now? Good.”

  7. � � Our core mission: Delivering information from point A to point B, and also to points C, D, E, : : : � Verizon Alice Bob Eve “Can you hear me now? Good.” “Can they hear you now? Good.” “We never stop working for you.”

  8. � � Our core mission: Delivering information from point A to point B, and also to points C, D, E, : : : � Verizon Alice Bob Eve “Can you hear me now? Good.” “Can they hear you now? Good.” “We never stop working for you.” “Rule the air.”

  9. � � Our core mission: Delivering information from point A to point B, and also to points C, D, E, : : : � Verizon Alice Bob Eve “Can you hear me now? Good.” “Can they hear you now? Good.” “We never stop working for you.” “Rule the air.” “Never settle.”

  10. � � Our core mission: Delivering information from point A to point B, and also to points C, D, E, : : : � Verizon Alice Bob Eve “Can you hear me now? Good.” “Can they hear you now? Good.” “We never stop working for you.” “Rule the air.” “Never settle.” “I am the man in the middle.”

  11. Ultimate goal: Make money.

  12. Ultimate goal: Make money. NSA “pays AT&T, Verizon and Sprint several hundred million dollars a year for access to 81% of all international phone calls into the US.”

  13. Ultimate goal: Make money. NSA “pays AT&T, Verizon and Sprint several hundred million dollars a year for access to 81% of all international phone calls into the US.” “Precision Market Insights, Verizon’s data marketing arm : : : will now sell its tool to advertisers for mobile ad campaigns that target Verizon’s massive subscriber base based on demographics, interests and geography.”

  14. Many of our competitors rely on your browser to send data to Eve.

  15. Many of our competitors rely on your browser to send data to Eve. “Libert has discovered that the vast majority of health sites, from the for-profit WebMD.com to the government-run CDC.gov, are loaded with tracking elements that are sending records of your health inquiries to the likes of web giants like Google, Facebook, and Pinterest, and data brokers like Experian and Acxiom.”

  16. We are your network . You give us your data. We redirect it to Eve. We modify it to help Eve .

  17. We are your network . You give us your data. We redirect it to Eve. We modify it to help Eve . “In an effort to better serve advertisers, Verizon Wireless has been silently modifying its users’ web traffic on its network to inject a cookie-like tracker. This tracker, included in an HTTP header called X-UIDH, is sent to every unencrypted website a Verizon customer visits from a mobile device.”

  18. “Verizon has partnerships with marketing data providers like Experian Marketing Services and Oracle’s BlueKai to enable anonymous matches between the Precision ID identifier and third-party data.

  19. “Verizon has partnerships with marketing data providers like Experian Marketing Services and Oracle’s BlueKai to enable anonymous matches between the Precision ID identifier and third-party data. Although there’s deterministic linkage back to the hashed ID, Verizon’s data partners are not able to collect or save the data profiles.”

  20. “Verizon has partnerships with marketing data providers like Experian Marketing Services and Oracle’s BlueKai to enable anonymous matches between the Precision ID identifier and third-party data. Although there’s deterministic linkage back to the hashed ID, Verizon’s data partners are not able to collect or save the data profiles.” : : : “Rather than a universal ID, I think there will probably be really rich algorithms that can tie multiple IDs together into a rationalized campaign.”

  21. Political backlash? “A Congressional probe into the multibillion-dollar data brokerage industry—companies that collect, analyze, sell or share personal details about consumers for marketing purposes—is intensifying.”

  22. Political backlash? “A Congressional probe into the multibillion-dollar data brokerage industry—companies that collect, analyze, sell or share personal details about consumers for marketing purposes—is intensifying.” “Experian, the massive data- broker with far-reaching influence over your ability to get a mortgage, credit-card, or job, sold extensive consumer records to an identity thieves’ service.”

  23. Solution: Talk about privacy. No need to protect privacy.

  24. Solution: Talk about privacy. No need to protect privacy. “Verizon said it is not using or selling its first-party subscriber data, but rather deploying partnerships with third-party data providers to target Verizon’s massive consumer base.”

  25. Solution: Talk about privacy. No need to protect privacy. “Verizon said it is not using or selling its first-party subscriber data, but rather deploying partnerships with third-party data providers to target Verizon’s massive consumer base.” “We will never sacrifice our core business and our commitment to privacy because there’s an additional dollar to be made by pumping data out into the ecosystem.”

  26. Technical backlash? Increasing problem for us: Crypto .

  27. Technical backlash? Increasing problem for us: Crypto . This “breaks network management, content distribution and network services”; creates “congestion” and “latency”;

  28. Technical backlash? Increasing problem for us: Crypto . This “breaks network management, content distribution and network services”; creates “congestion” and “latency”; “limits the ability of network providers to protect customers from web attacks”;

  29. Technical backlash? Increasing problem for us: Crypto . This “breaks network management, content distribution and network services”; creates “congestion” and “latency”; “limits the ability of network providers to protect customers from web attacks”; breaks “UIDH (unique client identifier) insertion” and “data collection for analytics”; breaks “value-add services that are based on access to header and payload content from individual sessions”; etc.

  30. Best case for us: No crypto. Lobby for this!

  31. Best case for us: No crypto. Lobby for this! Almost as good for us: “Opportunistic encryption” without authentication. “Stops passive eavesdropping” but we aren’t passive .

  32. Best case for us: No crypto. Lobby for this! Almost as good for us: “Opportunistic encryption” without authentication. “Stops passive eavesdropping” but we aren’t passive . Almost as good for us: Signatures on some data. We can still see everything. Can also censor quite selectively. Can’t modify signed data but can track in many other ways.

  33. More troublesome: End-to-end authenticated encryption. But we still see metadata— adequate for most surveillance.

  34. � � More troublesome: End-to-end authenticated encryption. But we still see metadata— adequate for most surveillance. Nightmare scenario: Scrambling unidentifiable encrypted cells— Tor has multiple layers of this: Alice Amber ■ ■ � sssssssss cell cell ■ ■ ■ ■ ■ ■ ■ Router ❑ ❑ � ✉✉✉✉✉✉✉✉✉ ❑ ❑ ❑ ❑ ❑ cell cell ❑ ❑ Bob Bruce

  35. Can we ban crypto?

  36. Can we ban crypto? If not, can we divert effort into opportunistic encryption, or into pure authentication?

  37. Can we ban crypto? If not, can we divert effort into opportunistic encryption, or into pure authentication? Can we promote standards that expose most data, or that trust our proxies ?

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

How to manipulate curve standards: a white paper for the black hat Daniel J. Bernstein Tung

How to manipulate curve standards: a white paper for the black hat Daniel J. Bernstein Tung

How to manipulate curve standards: a white paper for the black hat Daniel J. Bernstein Tung Chou Chitchanok Chuengsatiansup Andreas H ulsing Eran Lambooij Tanja Lange Ruben Niederhagen Christine van Vredendaal bada55.cr.yp.to

585 views • 32 slides
How to Textbook key exchange manipulate curve standards: using standard

How to Textbook key exchange manipulate curve standards: using standard

How to Textbook key exchange manipulate curve standards: using standard point P a white paper for the black hat on a standard elliptic curve E : Alices Bobs Daniel J. Bernstein secret key a secret key b Tung

779 views • 73 slides
Standardization for the black hat Daniel J. Bernstein University of Illinois at Chicago &

Standardization for the black hat Daniel J. Bernstein University of Illinois at Chicago &

1 Standardization for the black hat Daniel J. Bernstein University of Illinois at Chicago & Technische Universiteit Eindhoven 1 bada55.cr.yp.to BADA55 Crypto including How to manipulate curve standards: a white paper for the

879 views • 45 slides
Failures in NISTs ECC standards Daniel J. Bernstein, Tanja Lange 2015.12.15 Review of the

Failures in NISTs ECC standards Daniel J. Bernstein, Tanja Lange 2015.12.15 Review of the

Failures in NISTs ECC standards Daniel J. Bernstein, Tanja Lange 2015.12.15 Review of the (prime-field) NIST curves I Presented by NIST in 1999 Curve names: P-192, P-224, P-256, P-384, P-521 Curve is defined over F p where p has

250 views • 22 slides
The libpqcrypto software library for post-quantum cryptography Daniel J. Bernstein and many

The libpqcrypto software library for post-quantum cryptography Daniel J. Bernstein and many

The libpqcrypto software library for post-quantum cryptography Daniel J. Bernstein and many contributors libpqcrypto.org Daniel J. Bernstein Context libpqcrypto.org Daniel J. Bernstein Redesigning crypto for security New requirements for

541 views • 51 slides
Algorithms for multiquadratic number fields D. J. Bernstein Jens Bauch, Daniel J. Bernstein,

Algorithms for multiquadratic number fields D. J. Bernstein Jens Bauch, Daniel J. Bernstein,

1 Algorithms for multiquadratic number fields D. J. Bernstein Jens Bauch, Daniel J. Bernstein, Henry de Valence, Tanja Lange, Christine van Vredendaal. Short generators without quantum computers: the case of multiquadratics. Eurocrypt

1.13k views • 97 slides
david_snyder@verizon.net 1 david_snyder@verizon.net 2 david_snyder@verizon.net 3 C ERTAINTIES

david_snyder@verizon.net 1 david_snyder@verizon.net 2 david_snyder@verizon.net 3 C ERTAINTIES

david_snyder@verizon.net 1 david_snyder@verizon.net 2 david_snyder@verizon.net 3 C ERTAINTIES OF THE " K NOWABLE F UTURE " DEMOGRAPHIC FORECASTS The future size and make-up of the U.S. adult population including our labor

701 views • 39 slides
Chinese government (Picture credit: Reuters.) is under attack from terrorists in Hong Kong. How

Chinese government (Picture credit: Reuters.) is under attack from terrorists in Hong Kong. How

Chinese government (Picture credit: Reuters.) is under attack from terrorists in Hong Kong. How to manipulate standards Daniel J. Bernstein University of Illinois at Chicago & Technische Universiteit Eindhoven Chinese government

1.18k views • 92 slides
Announcement of the CAESAR finalists Daniel J. Bernstein Announcement of the CAESAR finalists

Announcement of the CAESAR finalists Daniel J. Bernstein Announcement of the CAESAR finalists

Announcement of the CAESAR finalists Daniel J. Bernstein Announcement of the CAESAR finalists Daniel J. Bernstein CAESAR timeline planned in 2012 2013.01: Announce tentative schedule. 2014.01: Deadline for first-round submissions.

527 views • 10 slides
Crypto horror stories Daniel J. Bernstein University of Illinois at Chicago & Technische

Crypto horror stories Daniel J. Bernstein University of Illinois at Chicago & Technische

Crypto horror stories Daniel J. Bernstein University of Illinois at Chicago & Technische Universiteit Eindhoven Crypto horror stories Daniel J. Bernstein Horror story 1 RC4 Crypto horror stories Daniel J. Bernstein RC4 stream cipher:

799 views • 61 slides
Week 5: Manipulate, Facet, Reduce Encode Manipulate Facet Encode Manipulate Facet

Week 5: Manipulate, Facet, Reduce Encode Manipulate Facet Encode Manipulate Facet

Now How to handle complexity: 3 more strategies + 1 previous How? Week 5: Manipulate, Facet, Reduce Encode Manipulate Facet Encode Manipulate Facet Manipulate Reduce Manipulate Facet Reduce Map Derive Arrange Change Juxtapose

73 views • 3 slides
Thomas Jefferson and Apple versus the FBI Daniel J. Bernstein University of Illinois at Chicago

Thomas Jefferson and Apple versus the FBI Daniel J. Bernstein University of Illinois at Chicago

Thomas Jefferson and Apple versus the FBI Daniel J. Bernstein University of Illinois at Chicago & Technische Universiteit Eindhoven Thomas Jefferson and Apple versus the FBI Daniel J. Bernstein 1919 The Womens Christian Temperance Union

552 views • 29 slides
Randomness Daniel J. Bernstein University of Illinois at Chicago Technische Universiteit

Randomness Daniel J. Bernstein University of Illinois at Chicago Technische Universiteit

Randomness Daniel J. Bernstein University of Illinois at Chicago Technische Universiteit Eindhoven Tanja Lange Technische Universiteit Eindhoven Preliminary analysis of some submissions to snakeoil.cr.yp.to Daniel J. Bernstein University

363 views • 32 slides
Sliding right into disaster - Left-to-right sliding windows leak Daniel J. Bernstein, Joachim

Sliding right into disaster - Left-to-right sliding windows leak Daniel J. Bernstein, Joachim

Sliding right into disaster - Left-to-right sliding windows leak Daniel J. Bernstein, Joachim Breitner, Daniel Genkin, Leon Groot Bruinderink , Nadia Heninger, Tanja Lange, Christine van Vredendaal and Yuval Yarom September 28th, 2017 Sliding

581 views • 44 slides
Nonlinear algebra and matrix completion Daniel Irving Bernstein Massachusetts Institute of

Nonlinear algebra and matrix completion Daniel Irving Bernstein Massachusetts Institute of

Nonlinear algebra and matrix completion Daniel Irving Bernstein Massachusetts Institute of Technology and ICERM dibernst@mit.edu dibernstein.github.io Daniel Irving Bernstein Nonlinear algebra and matrix completion 1 / 20 Funding and

258 views • 22 slides
Crypto developments A bit about me Daniel J. Bernstein Designer of: qmail , used by Yahoo

Crypto developments A bit about me Daniel J. Bernstein Designer of: qmail , used by Yahoo

Crypto developments A bit about me Daniel J. Bernstein Designer of: qmail , used by Yahoo Research Professor, to handle Internet mail; University of Illinois at Chicago tinydns , used by Facebook Hoogleraar, to publish server

625 views • 43 slides
Transaction Processing in ANSI SQL Dr Janusz R. Getta School of Computing and Information

Transaction Processing in ANSI SQL Dr Janusz R. Getta School of Computing and Information

Transaction Processing in ANSI SQL file:///Users/jrg/235-2020-SPRING/SLIDES/WEEK06/13transactionsinsql/13transactionsinsql.html#1 CSCI235 Database Systems Transaction Processing in ANSI SQL Dr Janusz R. Getta School of Computing and

545 views • 19 slides
COUNTER-EXAMPLES Herbert Oliveira Rocha, Raimundo Barreto, Lucas Cordeiro and Arilo Dias Netto

COUNTER-EXAMPLES Herbert Oliveira Rocha, Raimundo Barreto, Lucas Cordeiro and Arilo Dias Netto

FEDERAL UNIVERSITY OF AMAZONAS INSTITUTE OF COMPUTING GRADUATE PROGRAM IN COMPUTER SCIENCE UNDERSTANDING PROGRAMMING BUGS IN ANSI-C SOFTWARE USING BOUNDED MODEL CHECKING COUNTER-EXAMPLES Herbert Oliveira Rocha, Raimundo Barreto, Lucas

992 views • 53 slides
CBEFF CBEFF Common Biometric Exchange Formats Framework Common Biometric Exchange Formats

CBEFF CBEFF Common Biometric Exchange Formats Framework Common Biometric Exchange Formats

CBEFF CBEFF Common Biometric Exchange Formats Framework Common Biometric Exchange Formats Framework 6 March 2009 Catherine Tilton W3C Workshop on SIV What is a CBEFF? CBEFF describes a structure and set of metadata elements necessary to

173 views • 13 slides
CMPSC 311- Introduction to Systems Programming Module: Signals Professor Patrick McDaniel Fall

CMPSC 311- Introduction to Systems Programming Module: Signals Professor Patrick McDaniel Fall

CMPSC 311- Introduction to Systems Programming Module: Signals Professor Patrick McDaniel Fall 2014 CMPSC 311 - Introduction to Systems Programming UNIX Signals A signal is a special message sent through the OS to tell a process (or

389 views • 14 slides
The CBMC bounded model checker for C Paul Jackson School of Informatics University of Edinburgh

The CBMC bounded model checker for C Paul Jackson School of Informatics University of Edinburgh

The CBMC bounded model checker for C Paul Jackson School of Informatics University of Edinburgh Formal Verification Spring 2017 Sources CBMC: Bounded Model Checking for ANSI-C Introductory slides on CBMC from CProver website. V1.0, 2010.

500 views • 5 slides
C to assembly / C 1 last time AT&T syntax destination last jmp * lea condition codes

C to assembly / C 1 last time AT&T syntax destination last jmp * lea condition codes

C to assembly / C 1 last time AT&T syntax destination last jmp * lea condition codes ZF, SF, CF, OF set by last arithmetic instruction ZF = result was zero SF = result was negative (sign bit set) CF = overfmow if treating

1.98k views • 160 slides
IEEE 5G Standardization Robert S. Fish Vice President, IEEE Communications Society Industry and

IEEE 5G Standardization Robert S. Fish Vice President, IEEE Communications Society Industry and

IEEE 5G Standardization Robert S. Fish Vice President, IEEE Communications Society Industry and Standards Activities 1 IEEE 5G Vision IEEE, like many other organizations, believes that 5G ecosystem is rather large and will cover many

367 views • 9 slides
WHY EVERYONE NEEDS A DROPS PREVENTION PROGRAM Presented by Mathew Moreau, Product Manager -

WHY EVERYONE NEEDS A DROPS PREVENTION PROGRAM Presented by Mathew Moreau, Product Manager -

WHY EVERYONE NEEDS A DROPS PREVENTION PROGRAM Presented by Mathew Moreau, Product Manager - Dropped Tool & FME Sponsored by TODAYS PRESENTER Mathew Moreau, Product Manager, Pure Safety Group Mathew Moreau has been involved in

490 views • 36 slides

More recommend