Presentation is loading. Please wait.

Presentation is loading. Please wait.

Copyright, 2012 1 Security, for Society A View from the End of the World Roger Clarke Xamax Consultancy Pty Ltd, Canberra Visiting Professor in Computer.

Similar presentations


Presentation on theme: "Copyright, 2012 1 Security, for Society A View from the End of the World Roger Clarke Xamax Consultancy Pty Ltd, Canberra Visiting Professor in Computer."— Presentation transcript:

1 Copyright, Security, for Society A View from the End of the World Roger Clarke Xamax Consultancy Pty Ltd, Canberra Visiting Professor in Computer Science, ANU, Canberra Visiting Professor in Cyberspace Law & Policy, UNSW, Sydney {.html,.ppt} Copenhagen – 25 June 2012 The Danish Council for Greater IT-Security Danish Society of Engineers (IDA) Subgroup on IT (IDA-IT) In Association with CBIT, Roskilde University

2 Copyright,

3 Copyright, Security, for Society A View from the End of the World Aims Provide an Australian Perspective on some current themes in Data and IT Security Consider some broader aspects of Security Note tensions within and between Perspectives Present a security analysis of Danish Society

4 Copyright, The Notion of Security Security is used in at least two senses: a Condition in which harm does not arise, despite the occurrence of threatening events a Set of Safeguards whose purpose is to achieve that Condition

5 Copyright, The Scope of Security

6 Copyright, The Conventional IT Security Model Threats impinge on Vulnerabilities, resulting in Harm

7 Copyright, The Organisational Scope of Security

8 Copyright, Important IT Security Considerations Data Security Environmental, second-party and third-party threats to content, both in remote storage and in transit Authentication and Authorisation How to provide clients with convenient access to data and processes in the cloud, while denying access to imposters? Service Security Environmental, second-party and third-party threats to any aspect of reliability or integrity Susceptibility to DDOS Multiple, separate servers; but choke-points will exist

9 Copyright, Maladjustment Malcontent Spam, -Attachments, Downloads Malware Malcontent in the form of software Uses a Vector, to deliver a Payload, which is Invoked, and results in Harm Malbehaviour Flaming, Incitement, Social Engineering Hacking / Cracking / Break-In Defacing, Accessing, Changing, Destroying Denial of Service

10 Copyright, Basic Architecture for IT Security Safeguards External Security Internal Security Perimeter Security

11 Copyright, Key IT Security Safeguard Categories External Security Content Transmission Security ('Confidentiality') e.g. SSL/TLS Authentication of Sender, Recipient, Content e.g. Dig Sigs, SSL/TLS, Tunnelling, VPNs 'White Hat Hacking' Network-Based Intrusion Detection (ID)... Perimeter Security Inspection and Filtering Traffic, i.e. 'Firewalls' Malcontent, Malware Internal Security Access Control Vulnerability Inspection Intrusion (Threat) Detection Safeguard Testing Backup, Recovery, 'Business Continuity Assurance', incl. 'warm-site', 'hot-site'

12 Copyright, Recent Australian IT Security Experience Seen as a Contingency not Business-As-Usual Strong tendency to suppress bad news Investment and ongoing expense hard to justify Like all IT, subject to Outsourcing and hence mostly out of sight, out of mind and we have people to do that kind of thing for us

13 Copyright, Recent Australian IT Security Experience Seen as a Contingency not Business-As-Usual Strong tendency to suppress bad news Investment and ongoing expense hard to justify Like all IT, subject to Outsourcing and hence mostly out of sight, out of mind and we have people to do that kind of thing for us Sporadic explosions of fervour, unsustained

14 Copyright, Recent Australian IT Security Experience Seen as a Contingency not Business-As-Usual Strong tendency to suppress bad news Investment and ongoing expense hard to justify Like all IT, subject to Outsourcing and hence mostly out of sight, out of mind and we have people to do that kind of thing for us Sporadic explosions of fervour, unsustained Security companies have promised much, but have never flourish as they were expected to

15 Copyright, Organisational Perspective on Security 1.Operational Qualities Fit – to users' needs, and customisability Reliability – continuity of operation Availability hosts/server/db readiness/reachability Accessibility network readiness Usability response-time, and consistency Robustness frequency of un/planned unavailability Resilience speed of resumption after outages Recoverability service readiness after resumption Integrity – sustained correctness of the service, and the data Maintainability – fit, reliability, integrity after bug-fixes & mods incl. enhancements to Avizienis et al. (2004)

16 Copyright, Further Issues – Cloud Computing Perspective 2.Contingent Risks Major Service Interruptions Service Survival – supplier collapse or withdrawal Safeguards include software escrow; escrow inspection; proven recovery procedures; rights that are proof against actions by receivers Data Survival – data backup/mirroring/synch, accessibility Data Acessibility – blockage by opponents or a foreign power Compatibility – software, versions, protocols, data formats Flexibility Customisation Forward-Compatibilityto migrate to new levels Backward-Compatibilityto protect legacy systems Lateral Compatibilityto enable dual-sourcing and escape

17 Copyright, Further Issues – Cloud Computing Perspective 3.Commercial Disbenefits and Risks Acquisition Lack of information Non-Negotiability of Terms and SLA Ongoing Loss of Corporate Expertise re apps, IT services, costs to deliver Inherent Lock-In Effect from high switching costs, formats, protocols High-volume Data Transfers from large datasets, replication/synchronisation Service Levels to the Organisation's Customers

18 Copyright, Further Issues – Cloud Computing Perspective 4.Compliance Disbenefits and Risks General Statutory & Common Law Obligations Evidence Discovery Law Financial Regulations Company Directors' obligations re asset protection, due diligence, business continuity, risk management Security Treaty Obligations Confidentiality – incl. against foreign governments Strategic Commercial Governmental Privacy – particularly Unauthorised Use and Disclosure Second-Party (service-provider abuse), Third-Party ('data breach', 'unauthorised disclosure'), Storage in Data Havens (India, Arkansas)

19 Copyright, Attacks By Whom? Why? Principals Opportunists Hacktivists Vigilantes Organised Crime Corporations Nation-States Agents Mercenaries Private Military Corporations Politics Protest against Action Retaliation / Revenge Espionage Economics Financial Gain Financial Harm Social/Cultural Factors Challenge Dispute Celebration

20 Copyright, Recent Australian Experience Sporadic Emphasis on but Limited Understanding of: Risk Assessment Risk Management Governance Ambivalence about Cloud Computing Data Leakage Supplier Reliability Service Provision Data Availability Jurisdictional Location of Data

21 Copyright, A Broader Scope for Security Competition Collaboration, esp. re IT Infrastructure

22 Copyright, A Yet Broader Scope for Security IT Infrastructure for Economic Development Critical IT Infrastructure

23 Copyright, Recent Australian Experience Malware Detection and Eradication Corporate Devices Consumer Devices Botnets Zombie Detection and Eradication

24 Copyright, Recent Australian Experience Malware Detection and Eradication Corporate Devices Consumer Devices Botnets Zombie Detection and Eradication Internet-Connected SCADA

25 Copyright, Recent Australian Experience Malware Detection and Eradication Corporate Devices Consumer Devices Botnets Zombie Detection and Eradication Internet-Connected SCADA Moral Minority Desires re Censorship IP -Dependent Corporation Desires Nation-State Desires – ITU vs. TCP/IP

26 Copyright, un-proposals-to-regulate-internet-are-troubling- leaked-documents-reveal.php threat-analysis-of-the-wcit-4-cybersecurity/

27 Copyright, Tensions Between Organisational Objectives Certain Costs vs. Contingent Costs Financial Cost vs. Non-Quantifiables Business-as-usual vs. Invisibles

28 Copyright, Tensions Between Organisational Objectives Certain Costs vs. Contingent Costs Financial Cost vs. Non-Quantifiables Business-as-usual vs. Invisibles Between Alternative Scopes A bot doesnt harm the host, so theres no incentive to fix it (an externality) Copyright material on P2P networks Organisational, Sectoral, National and Supra-National Agency Interests

29 Copyright, A Mostly-Forgotten Scope for Security

30 Copyright, Current Australian Issues in Consumer and Citizen Security Data Breaches Notification Civil and Criminal Liability ePayments Mobile / Smartphones Visa PayWave, MCard PayPass Social Media Its Anti-Social Business Model Unconscionable Terms of Service Actual Abuse of Consumer Data The Coming Google-Acxiom Merger Smart Meters The Internet of Things

31 Copyright, The Many Scopes of Security

32 Copyright, What about Humanity? The Biosphere?

33 Copyright, And where is National Security?

34 Copyright, Is this National Security? The protection of a nation from attack or other danger by holding adequate armed forces and guarding state secrets Encompasses economic security, monetary security, energy security, environmental security, military security, political security and security of energy and natural resources

35 Copyright, Or is this National Security? Public Safety Mayhem in marketplaces, bombs in aircraft Major Events, e.g. Olympics, Euro 2012 Prominent Person Safety Bush and Blair; Rushdie and Kurt Westergaard Gx, APEC, CHOGM,... Critical Infrastructure Security Bombs in ports, ships, railways, energy,... Anthrax in the water supply,...

36 Copyright, Social Control Measures Justified by National Security Data Consolidation Identity Consolidation Nymity Denial Identity Management Surveillance Physical Communications Data Location and Tracking Content Experience and Behaviour Body Experience and Behaviour

37 Copyright, Why is National Security Exempt from Key Evaluation Principles? Justification Relevance Effectiveness Proportionality Transparency Accountability

38 Copyright, Elements of Social Control Architecture A National ID Scheme Imposed Singular Identities for all purposes Imposed Singular eIdentities and 'Portals' Biometric Id and/or Authentication Physical Location and Tracking Checkpoints, Video Surveillance, ANPR Network-Traffic Surveillance Public-Private Partnerships

39 Copyright, Denmarks Central Person Register (CPR) and Civil Registration System (CRS) Is obligatory and universal Includes birthdate, gender in the ID No. Consolidates all basic personal data and makes it widely available across all government agencies across increasingly large segments of the private sector Is proposed for expansion, in terms of: users uses data-items Id= /09/2001

40 Copyright, The Elements of a National Identity Scheme 1.A Database 2.A Unique Signifier for Every Individual 1.A 'Unique Identifier' 2.A Biometric Entifier 3.An (Id)entification Token (such as an ID Card) 4.Quality Assurance Mechanisms 1.Mechanisms for (Id)entity Authentication 2.Mechanisms for (Id)entification 5.Widespread Use 1.Widespread Data Flows Containing the Identifier 2.Widepread Use of the (Id)entifier 3.Widespread Use of the Database 6.Obligations 1.Obligations Imposed on Every Individual 2.Obligations Imposed on Many Organisations 7.Sanctions for Non- Compliance

41 Copyright, E-BOKS / e-Posthuset Is integrated with, or at least dependent on, the CPR/CRS and Personal Identification No. Is designed as the primary channel for all government communications to citizens Is imposed on all government employees Offers itself as a repository for id documents

42 Copyright, Digital Signatures / NemID Is designed to force all activities into a single identity per person, consolidating all personas, and thereby creating a honeypot for agencies, for corporations and for intruders Enables the service provider to commit masquerade Imposes trojan client-software that has access to all resources on the consumer/citizens devices

43 Copyright, Digital Signatures / NemID Is designed to force all activities into a single identity per person, consolidating all personas, and thereby creating a honeypot for agencies, for corporations and for intruders Enables the service provider to commit masquerade Imposes trojan client-software that has access to all resources on the consumer/citizens devices NemID = Nemesis In Danish Nemesis: 'divine retribution against those who succumb to arrogance before the gods'

44 Copyright, Abuse of Social Control Architecture By an Unelected Government an invader military putsch By an Elected Government that acts outside the law that arranges the law as it wishes that reflects temporary public hysteria

45 Copyright, A New Digital Security Model In a highly-interconnected world, Perimeter Security / The Walled Fortress doesn't work any more The new Core Principle: When-not-if unauthorised access happens, make sure that the data is valueless to anyone other than the user-organisation

46 Copyright, A New Digital Security Model Some Implementation Techniques Obscure the content and identities (Only the user-organisation has the decryption-key) Use pseudo-identifiers not identifiers (Only the user-organisation has the cross-index) Split the content into 'small enough' morsels (Only the user-organisation has the whole picture) Authenticate attributes rather than identities NITTA (2011) 'New Digital Security Models' National IT and Telecom Agency, Copenhagen, February 2011,

47 Copyright,

48 Copyright, Denmark is a World Leader GDP per capita (7th) Export Value per capita (9th) Corruption Index (2nd) Highly flexible labour market High Minimum Wage (1st) No-Fee Tertiary Education Human Development Index (16th) Happiness Index (1st)

49 Copyright, Security Analysis of Danish Society – 1 75% of GDP and Export is Industrial Product incl. Consumer Products, Lego, Hifi, Wind Turbines, Greentech,..., also Architecture Labour cost is very high Agility is critical to sustained success Stability, creativity and adaptability of the workforce are critical, to ensure agility Social control, surveillance and a climate of suspicion are incompatible with Agility

50 Copyright, Security Analysis of Danish Society – 2 Worlds largest public sector (30% of workforce) Worlds highest taxes Worlds most privacy-intrusive government Recent substantial centralisation of a previously highly distributed public sector LOTS to lose (see previous slide) So there is scope for nervousness and discontent

51 Copyright, Security Analysis of Danish Society – 3 The population is highly homogeneous (90% Danish) People like it like that The Muslim population has reached 3% This has resulted in anti-immigration sentiment and very tough immigration laws That encourages reprisals by activist Muslims So there is scope for repressive measures

52 Copyright, Security Analysis of Danish Society – 4 The pre-conditions for despotism are largely fulfilled already – CPR/CRS, NemID,... So there is scope for rapid introduction of repressive measures That would create a vicious spiral of discontent, more repressive measures, more active expressions of discontent, etc.

53 Copyright, Security, for Society A View from the End of the World Recapitulation Security, even when limited to data and IT, can be approached with varying scope There are tensions within each perspective, and tensions between perspectives As a society, were not doing it very well Most countries have let national security extremists flout basic security principles Denmark is in a precarious position

54 Copyright, Security, for Society A View from the End of the World Roger Clarke Xamax Consultancy Pty Ltd, Canberra Visiting Professor in Computer Science, ANU, Canberra Visiting Professor in Cyberspace Law & Policy, UNSW, Sydney {.html,.ppt} Copenhagen – 25 June 2012 The Danish Council for Greater IT-Security Danish Society of Engineers (IDA) Subgroup on IT (IDA-IT) In Association with CBIT, Roskilde University

55 Copyright,

56 Copyright, Why Privacy is Important Philosophically – for 'human dignity' and integrity, and individual autonomy and self-determination Psychologically – in public spaces as well as private Sociologically – people need to be free to behave, and to associate with others, subject to broad social mores, but without the continual threat of being observed Economically – innovators are 'deviant' from the norms of the time. The chilling effect of surveillance stifles innovation. People in countries with high labour-costs need to be free to innovate Politically – freedom to think, argue, and act underpins democracy. Surveillance chills behaviour and speech, and undermines democracy

57 Copyright, Counterveillance Tenets Terrorism is not new, and not unusual The 'power to weight ratio' of a single strike has increased (because fewer terrorists can deliver a bigger payload), but this has only limited implications for public policy Reactionary Extremism must not be accepted at face value National security and law enforcement interests must not be granted carte blanche to do whatever they wish Secrecy is not a necessary pre-condition of security It is illegitimate to treat what are really 'public safety' issues as though they were 'national security' matters Counter-Terrorism is not dependent on everyone being limited to a single State-managed identity

58 Copyright, Counterveillance Principles 1.Independent Evaluation of Technology 2.A Moratorium on Technology Deployments 3.Open Information Flows 4.Justification for Proposed Measures 5.Consultation and Participation 6.Evaluation 7.Design Principles 1.Proportionality 2.Independent Controls 3.Nymity and Multiple Identity 8.Rollback

59 Copyright, Design Precepts Every human entity has lots to hide It's in society's interests to enable people to hide information, in order to support freedoms to express, invent, innovate Every human entity has multiple identities, and needs them Identity management has to encompass nymity, accepting anonymity, and facilitating pseudonymity Pseudonymity balances social, economic and political freedoms, on the one hand, and accountability, on the other We need credible 'strong pseudonymity', that is proof against breaches by powerful governments and corporations

60 Copyright, Names Codes Roles Identity and Identifier

61 Copyright, Names Codes Roles Identity and Identifier Model World Domain or Subject World

62 Copyright, The Entity/ies underlying an Identity

63 Copyright, Entity and Entifier

64 Copyright, Nymity

65 Copyright, Identity Authentication and Authorisation Its Application to Access Control

66 Copyright, Uses of Biometrics 1. For (Id)entification A process to find 1-among-many, in order to answer the question 'Who is it?' 2. For (Id)entity Authentication A process to test 1-to-1, in order to help answer the question'Is this the person who you think it is?' 3. For Attribute Authentication w/- (Id)entity A process to help answer the question 'Does this person (whoever they are) have the attribute they purport to have?'

67 Copyright, The Huge Quality Problems with Biometric Applications Dimensions of Quality Reference-Measure Association Test-Measure Comparison Result-Computation Other Aspects of Quality Vulnerabilities Quality Measures Counter-Measures Spiralling Complexity

68 Copyright, Digital Signatures and... A string of characters that the Sender adds to a message The Theory: Only the entity that has access to the relevant Private Key can have possibly sent the message... Public Key Infrastructure (PKI) A substantial set of equipment, software, procedures and organisations necessary to generate and protect key-pairs, generate signatures, publish public keys and revocations, pre-authenticate signors, authenticate signatures, assure quality, insure participants, prosecute the guilty

69 Copyright, What a Digital Signature Actually Means A Digital Signature attests only that: the message was signed by a device that had access to the private key that matches the public key

70 Copyright, Myths relating to (Id)Entity 1 - An identity exists in an organisation's database 2 - You only have one identity 3 - Each identity is used by only one person 4 - A biometric is a human identifier 5 - Organisations create and manage identities 6 - Identity Management Products actually work 7 - It's generally necessary to authenticate identity...

71 Copyright, Only cheats/crims/terrorists have something to hide 10Cheats etc. can be deterred, prevented and caught, without creating a society worse than one that contains cheats etc. 11Nyms are for cheats 12Privacy-Enhancing Technologies (PETs) don't pay 13Data silos are bad 14Identity silos are bad 15Biometric schemes actually work 16Biometric schemes combat terrorism 17Imposed biometric schemes will work 18An id scheme is just another business system Clarke R. (2008) '(Id)Entities (Mis)Management: The Mythologies underlying the Business Failures' Invited Keynote at 'Managing Identity in New Zealand', Wellington NZ, April 2008, at

72 Copyright, The Paradox of Security Security measures threaten security

73 Copyright, Another Myth You cant have privacy if you want security Yes, if course privacy protections are used by people for anti-social and criminal ends But the privacy advocacy argument is not extremist like the national security agenda Privacy protections are about: Justification, not Blithe Assumptions Proportionality, not simplistic notions like Zero-Tolerance and we need to do anything that might help us wage the war on terrorism

74 Copyright, Basic Requirements of a SmartCard (Id)entity Authenticator (1 of 2) Restrict identified transaction trails to circumstances in which they are justified (because of the impossibility of alternatives) Sustain anonymity except where it is demonstrably inadequate Make far greater use of pseudonymity, using protected indexes Make far greater use of attribute authentication Implement and authenticate role-ids rather than person-ids Use (id)entity authentication only where it is essential Sustain multiple specific-purpose ids, avoid multi-purpose ids Ensure secure separation between applications

75 Copyright, Basic Requirements of a SmartCard (Id)entity Authenticator (2 of 2) Ownership of each card by the individual, not the State Design of chip-based ID schemes transparent and certified Issue and configuration of cards undertaken by multiple organisations, including competing private sector corporations, within contexts set by standards bodies, in consultation with government and (critically) public interest representatives No central storage of private keys No central storage of biometrics Two-way device authentication, i.e. every personal chip must verify the authenticity of devices that seek to transact with it, and must not merely respond to challenges by devices

76 Copyright, 'Natural' Extensions Biometrics Location and Tracking Physical Space Network Space

77 Copyright, Concepts of Location and Tracking Location – knowing the whereabouts of something, in relation to known reference points Physical Space, Network Space, Intellectual Space,... Precision, Accuracy, Reliability, Timeliness,... Tracking – knowing the sequence of locations of something over a period of time Real-Time-Tracking Retrospective Tracking Predictive Tracking

78 Copyright, Terrorists, Organised Crime, Illegal Immigrants Benefits Are Illusory Mere assertions of benefits, no explanation: its obvious, its intuitive, of course it will work, all of which are partners to simplistic notions like Zero-Tolerance and we need to do anything that might help us wage the war on terrorism Lack of detail on systems design Continual drift in features Analyses undermine the assertions Proponents avoid discussing the analyses

79 Copyright, Miscreants (Benefits Recipients, Fine-Avoiders,...) Benefits May Arise, But Are Seriously Exaggerated Lack of detail on systems design Continual drift in features Double-counting of benefits from the ID Scheme and the many existing programs Analyses undermine the assertions Proponents avoid discussing the analyses

80 Copyright, Conclusion PETs can address some PITs, but a nightmare- free Australia Card is not feasible Any intellectual, and any regulator, who accommodates a national identification scheme, is selling-out liberty, and derogating their duties as human beings We must not be cowed by either of the twin terrors of Islamic Fundamentalism and National Security Fundamentalism


Download ppt "Copyright, 2012 1 Security, for Society A View from the End of the World Roger Clarke Xamax Consultancy Pty Ltd, Canberra Visiting Professor in Computer."

Similar presentations


Ads by Google