Communications and Privacy
Communications and Privacy
- Encryption as the norm - even onetime pads are feasible
- Since all speech and other media content will be in digital form, it will be trivial to provide encryption and authentication of all communication (if the participants want to)
- traditional public telephony less secure than using: VPNs, SRTP, MIKEY, …
- For WLANs: IEEE 802.11i security features along with 128-bit Advanced Encryption Standard (AES) encryption, …
- Identity hiding - Authentication when you mutually want to
- Mobile presence has to be done carefully
- Anonymous network access
- Location hiding & Privacy
Alberto Escudero-Pascual, (formerly http://www.it.kth.se/~aep)
-
- Anonymous and Untraceable Communications - Location privacy in mobile internetworking, Licentiate Thesis, June 2001
- Privacy in the Next generation Internet: Data Protection in the context of the European Union Policy, Dissertation, Dec. 2002
- Location misdirection ⇒ End of Sovereignty
- Traffic pattern hiding
- Traffic hiding
See RFCs 3323, 3325, 4244, 5876, and 5767
See Crosstalk’s The dark side of the web – Internet’s parallel universe
Slide Notes
Peterson, “A Privacy Mechanism for the Session Initiation Protocol (SIP)”, Internet Request for Comments, RFC Editor, RFC 3323 (Proposed Standard), ISSN 2070-1721, November 2002, http://www.rfc-editor.org/rfc/rfc3323.txt Links to an external site.
Jennings, J. Peterson, and M. Watson, “Private Extensions to the Session Initiation Protocol (SIP) for Asserted Identity within Trusted Networks”, Internet Request for Comments, RFC Editor, RFC 3325 (Informational), ISSN 2070-1721, November 2002, Updated by RFC 5876 http://www.rfc-editor.org/rfc/rfc3325.txt Links to an external site.
Barnes, “An Extension to the Session Initiation Protocol (SIP) for Request History Information”, Internet Request for Comments, RFC Editor, RFC 4244 (Proposed Standard), ISSN 2070-1721, November 2005 http://www.rfc-editor.org/rfc/rfc4244.txt Links to an external site.
J. Elwell, “Updates to Asserted Identity in the Session Initiation Protocol (SIP)”, Internet Request for Comments, RFC Editor, RFC 5876 (Informational), ISSN 2070-1721, April 2010, http://www.rfc-editor.org/rfc/rfc5876.txt Links to an external site.
M. Munakata, S. Schubert, T. Ohba, “User-Agent-Driven Privacy Mechanism for SIP”, Internet Request for Comments, RFC Editor, RFC 5767 (Informational), ISSN 2070-1721, April 2010 http://www.rfc-editor.org/rfc/rfc5767.txt Links to an external site.
Transcript
[slide384] So, that leads us to the question of what happens if encryption becomes the norm? If everyone starts encrypting all of their communications for their multimedia traffic. Even more amazing is the fact that one-time pads are actually feasible. We know from a cryptographic point of view that one-time pads are unbreakable. Only the other party who has the copy of the one-time pad can decode it. Why are one-time pads now really feasible? Before, only a few governments could manage to justify the use of them. Think of how much storage your smartphone has. You could easily store in your device a one-time pad that would let you encrypt with this one-time pad all of your conversation for a month. And now you'd have unbreakable security. The problem is you'd have to distribute that one-time pad to the person you wanted to talk to. So it's hard, but if you really had very highly valuable communications, you might be able to do that. But there are lots of questions about what happens when it becomes the norm. Because of course it means that intelligence agencies, police, can't look at the traffic and say, ah, I see encrypted traffic there. That must be interesting and worth looking at. When all of the traffic is encrypted. Another problem is about identity hiding. Should you authenticate yourself to anyone who asks? And maybe you shouldn't. Mobile presence. As we saw, being able to determine things like your geolocation or your state, are you busy or not busy, can reveal information to someone else which you might not want. There are some people who said, maybe actually what we want is anonymous network access. When you buy your network interface, you've paid for the access via the network. So there's no need to authenticate yourself. An interesting approach. There's questions about location hiding and privacy, and Alberto Escudero in his licensure thesis and his doctoral thesis addresses some of those problems. There's questions about location misdirection, which potentially leads to the end of sovereignty. What happens if I'm virtually not here? Well, if I'm a company, that may mean that actually, for instance, I might not be taxable. Because if my business is located elsewhere, it's the elsewhere that gets to tax it. But can I make all of my communications look like they're coming from elsewhere? Yes. So I can be virtually somewhere else. There's the issue of traffic pattern hiding that I mentioned. And there's even some work on traffic hiding. And one of the difficulties is that in some cases, there's communication that we want to have where we don't actually want others to be even aware that we're communicating. So how can we make it so it's difficult for others to see that we are communicating?