AUTHENTICATION & COMP. SECURITY
Name : Tara Devi Sunuwar (tds22)
School of Engineering and Digital Arts
University of Kent
Investigate what the “Nothing to hide” argument means regarding privacy and government/corporate surveillance. List and Analyse, giving your reasoned view, the arguments for and against it.
The “nothing to hide” argument is regarding government surveillance and how it affects the privacy of the people. Government surveillance was introduced to track any illegal activities such as plans for terrorism and other crimes. There were many people both for and against this. The government backs up their need to pry on people stating the well-known slogan “If you’ve got nothing to hide, you’ve got nothing to fear.” 1. People were under the impression that their private data will only be monitored if they were found to have done illegal activities thus believing their privacy is not at risk if their activities are legal 2. It was believed by the people that if people were found to have done illegal activities than the government had the right to monitor them. So, the people who agreed to this notion had “nothing to hide” as they claim to have done nothing wrong and so were not against government surveillance. However, in 2013, Edward Snowden revealed that that was not the case and the government was doing way beyond what they were legally permitted to do. He made a statement saying that “Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.” 3. This subjected the people to question the government, and more people were against government surveillance believing that there was a threat to their privacy. People who are against government surveillance use the argument that by monitoring people and their personal lives they are “treating us all as criminal suspects, guilty until proven innocent, and every detail of our personal lives as suspicious.” 4.
Read and describe in your own words the paper “Impact of Artificial “Gummy” Fingers on Fingerprint Systems”. What countermeasures would you suggest to stop the attacks presented in this work.
The paper “Impact of Artificial “Gummy” Fingers on Fingerprint Systems” investigates issues with biometric systems specifically fingerprint systems. Biometric systems are believed to be the most convenient form of a password as you neither have to remember them like passcodes or have to carry them around with you like access cards. However, even though it is convenient it doesn’t provide you with 100% security as there are many ways to gain access to a fingerprint system even though your fingerprint is not registered. Some of the ways are, using the severed finger of the registered user, forcing the registered user to access the system through illegal means such as making use of guns and threats, genetically cloning the registered finger and artificially cloning the registered finger. Artificial clones of the registered fingers are sometimes used in cases when the registered user disfigures their fingers through an accident. However, the most common risk of that is that the artificial finger may get stolen. The paper focuses on an artificial finger made with gelatine, also known as “gummy” fingers, and experiments whether these artificial fingers will be able to be used to access the fingerprint systems. After the experiments, it was found that the fingerprint systems acceptance rate of the “gummy” fingers was really high with the probability of “68-100%”. The experiment tackled against the argument that making an artificial gummy finger without the registered users’ permission would be fairly impossible by creating the gummy fingers through the “residual fingerprints” of the registered users. One way to stop the “gummy fingers” from getting through to the system is that there could be a detection system to check whether the finger presented is live. Another way could be to use two people access where both fingerprints of the two people need to be presented in order to gain access to the system, it makes it harder for the attacker to create “gummy fingers” for more than one person. 5
Write an in-depth description of the FREAK SSL/TLS Vulnerability, describing its potential impact and the countermeasures/mitigation techniques used.
FREAK vulnerability (“Factoring Attack on RSA-EXPORT Keys”) is the process through which hackers are able to attack a supposedly secure communication between with client and the server. This process is carried out by the hackers by making use of the weakness of the TLS (“Transport Security Layer”)/ SSL (“Secure Sockets Layer”) implementations. This is very catastrophic as by performing this attack, hackers are able to exploit this weakness and gain private information such as login data including usernames and passwords, banking information and so on. This attack is done from the HTTPS connections by deciphering the private key of the website and weakening the communication of the client and the server to an older/weaker form of encryption. The weaker form of encryption is also known as “the export-grade key or 512-bit RSA keys” as the hacker/attacker uses the RSA keys to decrypt the communication which has “maximum key length of 512 bits”. It was found that “millions of users of Apple and Android were vulnerable” to this attack even while visiting secured websites such as the NSA website. The companies have since then released a fix for this problem, and Google has urged all websites to have their export certificates disabled as all servers accepting the “export-grade” encryption is vulnerable to this attack. Also, since this attack is mainly designed for outdated software to lower the possibility of the attack users are advised to update their software regularly. 6 7
Write an in-depth description of one of the POODLE/Heartbeat/Shellshock vulnerabilities against SSL/TLS, extracting possible security lessons from them and detailing how they have been stopped
POODLE vulnerability (“Padding Oracle on downgraded legacy encryption”) is also a MITM attack (“Man in the middle attack”) like the FREAK SSL/TLS vulnerability. This attack is done by forcing the downgrade of the protocol of the web browser that the user is using, to the protocol SSL 3.0 (“Secure Sockets Layer”). This protocol is older than the TLS (“Transport Layer Security”) and has a weak security which can be exploited by the hackers. SSL uses the CBC (“Cipher Block Chaining”) encryption which has a huge chance of information leaking due to it being subjected to be encrypted with many RC4 streams which are known to have RC4-biases. “Padding by 1 to L bytes (where L is the block size in bytes) is used to obtain an integral number of blocks before performing block-wise CBC (Cipher Block Chaining) encryption” 9. Since the block cipher padding of the CBC encryption is not covered by the MAC (“Message Authentication Code”), it causes a problem when decrypting as the verification of the padding is also not deterministic, therefore “the integrity of the padding cannot be fully verified”. This is the weakness which can be easily exploited by the hackers. Any browsers supporting the SSL can be attacked. Even if only one of the side of the client and the server communication supports SSL, they are likely to be attacked. Thus, to reduce the risk of the user’s browser getting downgraded to the SSL 3.0, it is advised that both the client and the server disable their SSL to improve their security. Users who have private browsers can disable the SSL themselves as most web browsers provide this option. 89
How can attackers bypass firewalls? Describe at least 4 possibilities providing enough technical details and some tools and countermeasures, if applicable.
There are many ways an attacker can get through a firewall. One of the ways is through the attack “Phishing”. There are many types of phishing attacks such as spear phishing and whale phishing. The attack is carried out by the attackers by sending the victims emails which replicate other trustworthy companies, and through that, they gain the victims login data, bank account details and at times trick them into downloading malware and other harmful software. Voice phishing is also another form of attacks that the attackers use, and it is done through “voice communications media, including voice over IP (VoIP) or POTS (plain old telephone service)” 10. Phishing attacks can be reduced by the users using gateway filter for email which limits the numbers of phishing that gets through, and they can also install web security gateway which protects the users from links which are harmful. Another attack through which attackers can bypass firewalls is through “Social engineering”. This attack can be carried out just by monitoring the victim and searching their surroundings, for example by shoulder surfing or checking their documents and notes that they have lying around to gain the knowledge of their passwords and so on. The best way to fight this attack is through “two-factor authentication”. Another attack is through “Physical Access”. If the attackers get hold of the hardware device of the firewall they can easily gain access and get through the firewall. This is so because some firewalls allow “unauthenticated access” which allows them to get through it and tamper with it. This can be prevented by installing a physical security program. Another attack is done through “Session hijacking”. This is carried out using MITM attacks (“Man In The Middle”), mostly commonly through public hotspots, malicious software and so on, where the attackers are able to get through the supposedly secure communication between the client and the server. This can be prevented by using updated software and physically informing the users to not ignore error messages. 11
1 Solove, D. (2008). ‘I’ve Got Nothing to Hide’ and Other Misunderstandings of Privacy. online Poseidon01.ssrn.com. Available at: https://poseidon01.ssrn.com/delivery.php?ID=144069024001070093009114102091103099026013091078022071098084095031114031081113027109016057007032110013117124119108009124085019106033087014022113067105030119066066005087013007083116101072017027071106007005097096079110094107084114070013122112127125099&EXT=pdf, pp 748 Accessed 8 Jan. 2018.
2 Solove, D. (2008). ‘I’ve Got Nothing to Hide’ and Other Misunderstandings of Privacy. online Poseidon01.ssrn.com. Available at: https://poseidon01.ssrn.com/delivery.php?ID=144069024001070093009114102091103099026013091078022071098084095031114031081113027109016057007032110013117124119108009124085019106033087014022113067105030119066066005087013007083116101072017027071106007005097096079110094107084114070013122112127125099=pdf, pp 747 Accessed 8 Jan. 2018.
3 Solove, D. (2017). The Nothing-to-Hide Argument – My Essay’s 10th Anniversary – TeachPrivacy. online TeachPrivacy. Available at: https://www.teachprivacy.com/the-nothing-to-hide-argument-my-essays-10th-anniversary/ Accessed 8 Jan. 2018.
4 O’Carroll, T. (2015). Five reasons to care about mass surveillance. online Amnesty.org.uk. Available at: https://www.amnesty.org.uk/blogs/ether/five-reasons-care-about-mass-surveillance-edward-snowden-gchq-nsa-citizenfour Accessed 8 Jan. 2018.
5 Matsumoto, T., Matsumoto, H., Yamada, K. and Hoshino, S. (2002). Impact of Artificial “Gummy” Fingers on Fingerprint Systems. online Cryptome.org. Available at: https://cryptome.org/gummy.htm Accessed 9 Jan. 2018.
6 Kumar, M. (2015). ‘FREAK’ — New SSL/TLS Vulnerability Explained. online The Hacker News. Available at: https://thehackernews.com/2015/03/freak-openssl-vulnerability.html Accessed 10 Jan. 2018.
7 Instant SSL Certificate Blog | Get Latest Updates about SSL. (2015). Know what is Freak SSL | How to protect online users from Freak SSL. online Available at: https://blog.instantssl.com/freak-ssl/what-is-freak-ssl-flaw/ Accessed 10 Jan. 2018.
8 Hendrikx, M. (2014). What is the POODLE Vulnerability and How Can You Protect Yourself?. online Howtogeek.com. Available at: https://www.howtogeek.com/199035/what-is-the-poodle-vulnerability-and-how-can-you-protect-yourself Accessed 11 Jan. 2018.
9 Moller, B., Duong, T. and Kotowicz, K. (2014). The POODLE Bites: Exploiting the SSL 3.0 Fallback. online Openssl.org. Available at: https://www.openssl.org/~bodo/ssl-poodle.pdf Accessed 11 Jan. 2018.
10 Rouse, M., Cobb, M. and Loshin, P. (2014). What is phishing? – Definition from WhatIs.com. online SearchSecurity. Available at: http://searchsecurity.techtarget.com/definition/phishing Accessed 12 Jan. 2018.
11 Ginter, A. (2013). Special Section: 13 ways through a firewall: What you don’t know can hurt you – ISA. online Isa.org. Available at: https://www.isa.org/standards-publications/isa-publications/intech-magazine/2013/april/special-section-13-ways-through-firewall-what-you-dont-know-can-hurt-you/ Accessed 12 Jan. 2018.