logging in or signing up 607 presentation abe_lang Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINT lite Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: (To copy code, click on the text box) Embed: URL: Thumbnail: WordPress Embed Customize Embed The presentation is successfully added In Your Favorites. Views: 10 Category: Education License: All Rights Reserved Like it (0) Dislike it (0) Added: August 06, 2011 This Presentation is Public Favorites: 0 Presentation Description No description available. Comments Posting comment... Premium member Presentation Transcript Back Doors in Software : Back Doors in Software Increased Vulnerability, Decreased Privacy Abraham Lang COMP 607Introduction: Introduction Software Back doors: Demanded by governments, especially the US Provide access to data without owners knowledge Several issues: Technical – added vulnerability to third party misuse Ethical – Scope of law increases over time - use will expand from known criminals to general population Ethical – Violates US Fourth Amendment reasonable expectation of privacyWhat are Back Doors?: What are Back Doors? In Software, part of a program that allows holder of backdoor information to circumvent security and gain direct access to data or host Operating System. Software back doors: Purpose-built back door into program – designed by programmers Systemic, exists in encryption protocol or compiler, not designed into the software product Compromise system after creation using malware, etcWhat are Back Doors - Infrastructure: What are Back Doors - Infrastructure Hard-wired into telephone systems in the US. direct physical access to entire network of Telephone Company Proposed to expand this to internet providers, giving government unfettered access to all internet trafficWhy use Back Doors?: Why use Back Doors? Argument is to track illegal activity Encryption allows illegal activity to occur, thus assume it is occurring Backdoors needed to see all of this dataAdded Vulnerability: Added Vulnerability Back doors, by definition are another method to gain access to a system. “Any surveillance and control system must itself be secured. An infrastructure conducive to surveillance and control invites surveillance and control, both by the people you expect and by the people you don't ” Schneier (2010). Unintended use of back doors is documented Greece in 2004 had at least 100 phones illegally tapped by unknown parties.Government Misuse: Government Misuse “Systems like these invite misuse: criminal appropriation, government abuse and stretching by everyone possible to apply to situations that are applicable only by the most tortuous logic.” Schneier (2010) American government caught illegally wiretapping 3500 times over 4 years by falsely invoking terrorism emergencies Government is trying to expand wiretapping laws to include the internetReasonable Expectation of Privacy: Reasonable Expectation of Privacy US Fourth Amendment gives citizens a reasonable expectation of privacy by requiring prior suspicion (probable cause) before search. Back Door surveillance tools violate this by giving government access without citizen knowledge. Government demand for data access analogy: Like being required to give the local police a copy of your house key so they can search your home whenever they wishPresumption of Guilt: Presumption of Guilt Since encryption and software can be used for illegal activity, the assumption is that it is being used illegally, and thus must be accessible to monitoring at all times. Violates presumption of innocent until proven guilty Very dangerous violation of a basic citizen right.Conclusion: Conclusion Addition of software backdoors should be avoided Added vulnerability Increasing scope of law will lead to abuse of tools Violates US Fourth Amendment right to privacy Presents a presumption of guiltReferences: References Anderson, N. (2011, February). Black Ops: how HBGary wrote backdoors for the government. Arstechnica.com . Retrieved from http://arstechnica.com/tech-policy/news/2011/02/black-ops-how-hbgary-wrote-backdoors-and-rootkits-for-the-government.ars Electronic Frontier Foundation. ( n.d .) Calea : The Perils of Wiretapping the Internet. Retrieved from https://www.eff.org/issues/calea Fernandes , A. (1999, August 15). Microsoft, the NSA, and you. Proceedings from The Crypto ’99 Conference, Santa Barbara, CA. Retrieved from http://web.archive.org/web/20000617163417/http://www.cryptonym.com/hottopics/msft-nsa/msft-nsa.html GPOaccess . (2009). Fourth Amendment Search and Seizure . Retrieved from http://www.gpoaccess.gov/constitution/pdf2002/022.pdf Leyden, J. (2007, July 11). Greek mobile wiretap scandal unpicked: Olympics-gate dissected. theregister.co.uk . Retrieved from http://www.theregister.co.uk/2007/07/11/greek_mobile_wiretap_latest/page2.html Lynch, J. (2011, February 16). Newly released documents detail FBI’s p lan to expand federal surveillance l aws . Retrieved from https://www.eff.org/deeplinks/2011/02/newly-released-documents-detail-fbi-s-plan-expand Poulson , K. (2008, March 6). Whistle-Blower: Feds have a backdoor into wireless carrier — Congress reacts. Wired.com . Retrieved from http://www.wired.com/threatlevel/2008/03/whistleblower-f/ Savage, C. (2010, September 27). U.S. tries to make it easier to wiretap the internet. The New York Times . Retrieved from https://www.nytimes.com/2010/09/27/us/27wiretap.html Schneier , B. (2007, November 15). Did NSA put a secret backdoor in new encryption standard? Wired.com . Retrieved from http://www.wired.com/politics/security/commentary/securitymatters/2007/11/securitymatters_1115 Schneier , B. (2010, January 23). U.S. enables chinese hacking of google . CNN Opinion Retrieved From http://articles.cnn.com/2010-01-23/opinion/schneier.google.hacking_1_chinese-hackers-access-system-google?_s=PM:OPINION Singel , R. (2011, February 17). FBI pushes for surveillance backdoors in web 2.0 tools. Wired.com Retrieved from http://www.wired.com/epicenter/2011/02/fbi-backdoors/ Thompson, K. (1984). Reflections on trusting trust. Bell Labs, Reprinted from Communication of the ACM, Vol . 27, No. 8, August 1984, pp. 761-763 . Retrieved from http://cm.bell-labs.com/who/ken/trust.html Wu, T., Chung, J., Yamat , J., & Richman, J. (2007). The ethics (or not) of massive government surveillance. Retrieved from http://www-cs-faculty.stanford.edu/~eroberts/cs201/projects/ethics-of-surveillance/tech_encryptionbackdoors.html You do not have the permission to view this presentation. In order to view it, please contact the author of the presentation.
607 presentation abe_lang Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINT lite Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: (To copy code, click on the text box) Embed: URL: Thumbnail: WordPress Embed Customize Embed The presentation is successfully added In Your Favorites. Views: 10 Category: Education License: All Rights Reserved Like it (0) Dislike it (0) Added: August 06, 2011 This Presentation is Public Favorites: 0 Presentation Description No description available. Comments Posting comment... Premium member Presentation Transcript Back Doors in Software : Back Doors in Software Increased Vulnerability, Decreased Privacy Abraham Lang COMP 607Introduction: Introduction Software Back doors: Demanded by governments, especially the US Provide access to data without owners knowledge Several issues: Technical – added vulnerability to third party misuse Ethical – Scope of law increases over time - use will expand from known criminals to general population Ethical – Violates US Fourth Amendment reasonable expectation of privacyWhat are Back Doors?: What are Back Doors? In Software, part of a program that allows holder of backdoor information to circumvent security and gain direct access to data or host Operating System. Software back doors: Purpose-built back door into program – designed by programmers Systemic, exists in encryption protocol or compiler, not designed into the software product Compromise system after creation using malware, etcWhat are Back Doors - Infrastructure: What are Back Doors - Infrastructure Hard-wired into telephone systems in the US. direct physical access to entire network of Telephone Company Proposed to expand this to internet providers, giving government unfettered access to all internet trafficWhy use Back Doors?: Why use Back Doors? Argument is to track illegal activity Encryption allows illegal activity to occur, thus assume it is occurring Backdoors needed to see all of this dataAdded Vulnerability: Added Vulnerability Back doors, by definition are another method to gain access to a system. “Any surveillance and control system must itself be secured. An infrastructure conducive to surveillance and control invites surveillance and control, both by the people you expect and by the people you don't ” Schneier (2010). Unintended use of back doors is documented Greece in 2004 had at least 100 phones illegally tapped by unknown parties.Government Misuse: Government Misuse “Systems like these invite misuse: criminal appropriation, government abuse and stretching by everyone possible to apply to situations that are applicable only by the most tortuous logic.” Schneier (2010) American government caught illegally wiretapping 3500 times over 4 years by falsely invoking terrorism emergencies Government is trying to expand wiretapping laws to include the internetReasonable Expectation of Privacy: Reasonable Expectation of Privacy US Fourth Amendment gives citizens a reasonable expectation of privacy by requiring prior suspicion (probable cause) before search. Back Door surveillance tools violate this by giving government access without citizen knowledge. Government demand for data access analogy: Like being required to give the local police a copy of your house key so they can search your home whenever they wishPresumption of Guilt: Presumption of Guilt Since encryption and software can be used for illegal activity, the assumption is that it is being used illegally, and thus must be accessible to monitoring at all times. Violates presumption of innocent until proven guilty Very dangerous violation of a basic citizen right.Conclusion: Conclusion Addition of software backdoors should be avoided Added vulnerability Increasing scope of law will lead to abuse of tools Violates US Fourth Amendment right to privacy Presents a presumption of guiltReferences: References Anderson, N. (2011, February). Black Ops: how HBGary wrote backdoors for the government. Arstechnica.com . Retrieved from http://arstechnica.com/tech-policy/news/2011/02/black-ops-how-hbgary-wrote-backdoors-and-rootkits-for-the-government.ars Electronic Frontier Foundation. ( n.d .) Calea : The Perils of Wiretapping the Internet. Retrieved from https://www.eff.org/issues/calea Fernandes , A. (1999, August 15). Microsoft, the NSA, and you. Proceedings from The Crypto ’99 Conference, Santa Barbara, CA. Retrieved from http://web.archive.org/web/20000617163417/http://www.cryptonym.com/hottopics/msft-nsa/msft-nsa.html GPOaccess . (2009). Fourth Amendment Search and Seizure . Retrieved from http://www.gpoaccess.gov/constitution/pdf2002/022.pdf Leyden, J. (2007, July 11). Greek mobile wiretap scandal unpicked: Olympics-gate dissected. theregister.co.uk . Retrieved from http://www.theregister.co.uk/2007/07/11/greek_mobile_wiretap_latest/page2.html Lynch, J. (2011, February 16). Newly released documents detail FBI’s p lan to expand federal surveillance l aws . Retrieved from https://www.eff.org/deeplinks/2011/02/newly-released-documents-detail-fbi-s-plan-expand Poulson , K. (2008, March 6). Whistle-Blower: Feds have a backdoor into wireless carrier — Congress reacts. Wired.com . Retrieved from http://www.wired.com/threatlevel/2008/03/whistleblower-f/ Savage, C. (2010, September 27). U.S. tries to make it easier to wiretap the internet. The New York Times . Retrieved from https://www.nytimes.com/2010/09/27/us/27wiretap.html Schneier , B. (2007, November 15). Did NSA put a secret backdoor in new encryption standard? Wired.com . Retrieved from http://www.wired.com/politics/security/commentary/securitymatters/2007/11/securitymatters_1115 Schneier , B. (2010, January 23). U.S. enables chinese hacking of google . CNN Opinion Retrieved From http://articles.cnn.com/2010-01-23/opinion/schneier.google.hacking_1_chinese-hackers-access-system-google?_s=PM:OPINION Singel , R. (2011, February 17). FBI pushes for surveillance backdoors in web 2.0 tools. Wired.com Retrieved from http://www.wired.com/epicenter/2011/02/fbi-backdoors/ Thompson, K. (1984). Reflections on trusting trust. Bell Labs, Reprinted from Communication of the ACM, Vol . 27, No. 8, August 1984, pp. 761-763 . Retrieved from http://cm.bell-labs.com/who/ken/trust.html Wu, T., Chung, J., Yamat , J., & Richman, J. (2007). The ethics (or not) of massive government surveillance. Retrieved from http://www-cs-faculty.stanford.edu/~eroberts/cs201/projects/ethics-of-surveillance/tech_encryptionbackdoors.html