SlideShare una empresa de Scribd logo

Privacy is always a requirement

Eleanor McHugh
Eleanor McHugh

OSCON Amsterdam talk on secrecy, privacy and the security of user data with particular emphasis on practical techniques you can apply to your own system architecture, software development and operational working practices.

Software
1 de 47
Descargar para leer sin conexión
privacy is always a requirement Eleanor McHugh Romek Szczesniak
http://leanpub.com/GoNotebook
we all have secrets and these secrets matter to us that’s what makes them secrets software should keep our secrets
some secrets are awful conspiracy infidelity criminality
some secrets are banal bank account numbers embarrassing incidents sexual preferences
secrecy should be absolute our tech must protect the awful or it won’t protect the banal
but there are laws we must comply with these assist the legitimate deny the illegitimate
secrecy ——> privacy
privacy is not absolute privacy requires mutual trust mutual trust is a contract and contracts can be broken
famous broken contracts Office of Personnel Management Amazon Web Services Ashley-Madison
today’s topic is applied paranoia
paranoia Pronunciation: /ˌparəˈnɔɪə/ noun {mass noun} A mental condition characterized by delusions of persecution, unwarranted jealousy, or exaggerated self-importance, typically worked into an organized system. It may be an aspect of chronic personality disorder, of drug abuse, or of a serious condition such as schizophrenia in which the person loses touch with reality. Unjustified suspicion and mistrust of other people: mild paranoia afflicts all prime ministers 12
paranoia Pronunciation: /ˌparəˈnɔɪə/ noun {mass noun} The perfectly reasonable belief that someone, somewhere is watching your online behaviour with malicious and/or voyeuristic intent. It may be a result of reading a Hacking Exposed or Hacking for Dummies publication, experiencing the fallout from identity theft, or shopping with bitcoin. Justified suspicion and mistrust of other people: chronic paranoia afflicts all information security professionals accute paranoia afflicts the victims of hacking 16
18
we have to trust governments governments are privileged if we don’t obey they can hurt us not much we can do about that 19
20
our users have to trust us our services are privileged they store real-world secrets and identifying metadata 21
but who can we trust? technology bars the gates but people create the bars and people have to monitor them 22
as a visitor I want to remain anonymous when I interact with your service so I can get an idea of who you are without committing to anything but it’s okay if you know I visited or ask if I’d like to hear from you later so long as you don’t tell anyone else and you accept my answer
as a registered user I want my personal data to be secure when I entrust you with it so hackers can’t steal my identity or bully me for my views but it’s okay if you’re aware when I make changes and confirm them so long as that information is provably to my benefit
as a system administration I want to roll-back errors and monitor security breaches so I can protect my users and my business from fraud or loss but it’s okay if I can only see data relevant to a particular incident so that I know the bare minimum about you or any other user
as a law enforcement officer I want to perform lawful interception queries so I can catch criminals and terrorists but it’s okay if you control my access and require court orders so that criminal investigate is never a cover for political oppression
as a regulator I want to ensure this service complies with all applicable rules so I can catch prove that the service is trustworthy and legitimate but it’s okay if you restrict my access to how you operate this service so that I know neither your users nor their interactions
as a service owner I want you to use my most excellent service so we can build a business relationship from which we will both profit but it’s okay if you don’t trust me with the details of your personal life so long as you do trust me to run this service as advertised
as an aggressive marketeer I want to access your visitor data to guess who might pay for miracle product X don’t make my life difficult if it affects sales I’m higher up the food chain than you!
as a disgruntled employee I want to access your service to make you pay for the pain I’m feeling I’ve had privileged access in the past and you’re too dumb to have cancelled it
as a script kiddie I want to access your service because it’s a rush to break into your stuff I’ve lots of different scripts to play with coz all lolz belong to us
as an online fraudster I want to access your service so I can steal credentials and data if that’s hard I’ll move onto a fresh target there’s always another sucker ripe for scamming
as a malicious attacker I want to access your service to monitor user behaviour and steal identities I’m waaaay more skilled than your team and I’m being paid for results
so what do we do? dev practices architecture operational rules 34
privacy ——> dev practices
privacy ——> architecture
encrypt all transports • establish a secure channel by exchanging public keys • and check their validity against trusted certificates (SSL, TLS, etc.) • pin these certificates to an origin address (SSH) • then exchange symmetric keys for a private secure channel • change these keys frequently (cheap cipher streams) • and pin each distinct message to a distinct key (one-time pads) 40
encrypt all passwords • accept utf-8 to expand the symbol space • hash every new password before it’s submitted • always use cryptograpically secure hashes (HMAC) • and a fresh HMAC key for each password (which you must store) • salt the resulting hash when you receive it (and store the salt) • then hash again before storing in your database 41
require multi-factor authentication • have the user submit their password over a secure channel • then send them a confirmation code out-of-band • that’s an agreed trust anchor acting as a shared secret • the confirmation code should be big enough to generate a HMAC • and only the HMAC should be submitted • now you have two shared secrets 42
encrypt all storage • secured transport is useless without secured data stores • encrypt all sensitive fields - that probably means all fields • batch fields where they’re too small to encrypt (denormalise) • and store HMACs for desired search terms • otherwise your black box is secure but unsearchable • make sure you use different roles for reading, writing and searching 43
privacy ——> operational rules
anchor trust internally • establish a private certificate authority • assign fine-grained roles to different components • audit: requirements, code, operations & security logs • never deploy without a formal security audit • and make those deployments immutable for later confirmation • security audits best done by third parties with an attacker mentality 45
patents pending • 14/622527 Authentication of Bearer • 14/622709 uPass Claims • 14/622549 Confidence Values • 14/622737 uPass Registration • 14/622740 Web Content Authentication • 14/726333 Asset Tracking • 14/822803 Two-factor Liveness Detection 46
slideshare://feyeleanor

Recomendados

DIPLOMA Certificte
DIPLOMA CertificteDIPLOMA Certificte
DIPLOMA Certificte
masthan213
 
Creating a Dynamic, Reactive Communication Model from Scratch
Creating a Dynamic, Reactive Communication Model from ScratchCreating a Dynamic, Reactive Communication Model from Scratch
Creating a Dynamic, Reactive Communication Model from Scratch
Hobsons
 
WRT 205 U3
WRT 205 U3WRT 205 U3
WRT 205 U3
Vincent Perez
 
resume (3)
resume (3)resume (3)
resume (3)
Kamahl Walker
 
MSU Transcript
MSU TranscriptMSU Transcript
MSU Transcript
Kate Nelson
 
Websites with Tiffany Truffo PBC
Websites with Tiffany Truffo PBCWebsites with Tiffany Truffo PBC
Websites with Tiffany Truffo PBC
caseytruffo
 
Implementing Software Machines in Go and C
Implementing Software Machines in Go and CImplementing Software Machines in Go and C
Implementing Software Machines in Go and C
Eleanor McHugh
 
Assmang Vacation Training Certificate
Assmang Vacation Training CertificateAssmang Vacation Training Certificate
Assmang Vacation Training Certificate
Pieter Storm
 

Recomendados

DIPLOMA Certificte
DIPLOMA CertificteDIPLOMA Certificte
DIPLOMA Certificte
masthan213
 
Creating a Dynamic, Reactive Communication Model from Scratch
Creating a Dynamic, Reactive Communication Model from ScratchCreating a Dynamic, Reactive Communication Model from Scratch
Creating a Dynamic, Reactive Communication Model from Scratch
Hobsons
 
WRT 205 U3
WRT 205 U3WRT 205 U3
WRT 205 U3
Vincent Perez
 
resume (3)
resume (3)resume (3)
resume (3)
Kamahl Walker
 
MSU Transcript
MSU TranscriptMSU Transcript
MSU Transcript
Kate Nelson
 
Websites with Tiffany Truffo PBC
Websites with Tiffany Truffo PBCWebsites with Tiffany Truffo PBC
Websites with Tiffany Truffo PBC
caseytruffo
 
Implementing Software Machines in Go and C
Implementing Software Machines in Go and CImplementing Software Machines in Go and C
Implementing Software Machines in Go and C
Eleanor McHugh
 
Assmang Vacation Training Certificate
Assmang Vacation Training CertificateAssmang Vacation Training Certificate
Assmang Vacation Training Certificate
Pieter Storm
 
b-TECH DEGREE
b-TECH DEGREEb-TECH DEGREE
b-TECH DEGREE
ABILASH VARUGHESE
 
Report w13
Report w13Report w13
Report w13
Thanh Luan Nguyen
 
Internal Communication Plan
Internal Communication PlanInternal Communication Plan
Internal Communication Plan
Sal Hosny
 
TokyoR LT Rで連続データを離散化
TokyoR LT Rで連続データを離散化TokyoR LT Rで連続データを離散化
TokyoR LT Rで連続データを離散化
tetsuro ito
 
Artículo ley de reforma al código del trabajo (revisado)
Artículo ley de reforma al código del trabajo (revisado)Artículo ley de reforma al código del trabajo (revisado)
Artículo ley de reforma al código del trabajo (revisado)
Gabriel Recalde Bolaños
 
エクセル統計の使い方(重回帰分析編)
エクセル統計の使い方(重回帰分析編)エクセル統計の使い方(重回帰分析編)
エクセル統計の使い方(重回帰分析編)
Social Survey Research Information Co., Ltd.
 
how to use the virtual keyboard
how to use the virtual keyboardhow to use the virtual keyboard
how to use the virtual keyboard
Sri Rakesh
 
[2023] Putting the R! in R&D.pdf
[2023] Putting the R! in R&D.pdf[2023] Putting the R! in R&D.pdf
[2023] Putting the R! in R&D.pdf
Eleanor McHugh
 
Generics, Reflection, and Efficient Collections
Generics, Reflection, and Efficient CollectionsGenerics, Reflection, and Efficient Collections
Generics, Reflection, and Efficient Collections
Eleanor McHugh
 
The Relevance of Liveness - Biometrics and Data Integrity
The Relevance of Liveness - Biometrics and Data IntegrityThe Relevance of Liveness - Biometrics and Data Integrity
The Relevance of Liveness - Biometrics and Data Integrity
Eleanor McHugh
 
The Browser Environment - A Systems Programmer's Perspective [sinatra edition]
The Browser Environment - A Systems Programmer's Perspective [sinatra edition]The Browser Environment - A Systems Programmer's Perspective [sinatra edition]
The Browser Environment - A Systems Programmer's Perspective [sinatra edition]
Eleanor McHugh
 
The Browser Environment - A Systems Programmer's Perspective
The Browser Environment - A Systems Programmer's PerspectiveThe Browser Environment - A Systems Programmer's Perspective
The Browser Environment - A Systems Programmer's Perspective
Eleanor McHugh
 
Go for the paranoid network programmer, 3rd edition
Go for the paranoid network programmer, 3rd editionGo for the paranoid network programmer, 3rd edition
Go for the paranoid network programmer, 3rd edition
Eleanor McHugh
 
An introduction to functional programming with Go [redux]
An introduction to functional programming with Go [redux]An introduction to functional programming with Go [redux]
An introduction to functional programming with Go [redux]
Eleanor McHugh
 
An introduction to functional programming with go
An introduction to functional programming with goAn introduction to functional programming with go
An introduction to functional programming with go
Eleanor McHugh
 
Implementing virtual machines in go & c 2018 redux
Implementing virtual machines in go & c 2018 reduxImplementing virtual machines in go & c 2018 redux
Implementing virtual machines in go & c 2018 redux
Eleanor McHugh
 
Identity & trust in Monitored Spaces
Identity & trust in Monitored SpacesIdentity & trust in Monitored Spaces
Identity & trust in Monitored Spaces
Eleanor McHugh
 
Don't Ask, Don't Tell - The Virtues of Privacy By Design
Don't Ask, Don't Tell - The Virtues of Privacy By DesignDon't Ask, Don't Tell - The Virtues of Privacy By Design
Don't Ask, Don't Tell - The Virtues of Privacy By Design
Eleanor McHugh
 
Don't ask, don't tell the virtues of privacy by design
Don't ask, don't tell the virtues of privacy by designDon't ask, don't tell the virtues of privacy by design
Don't ask, don't tell the virtues of privacy by design
Eleanor McHugh
 
Anonymity, identity, trust
Anonymity, identity, trustAnonymity, identity, trust
Anonymity, identity, trust
Eleanor McHugh
 
Going Loopy - Adventures in Iteration with Google Go
Going Loopy - Adventures in Iteration with Google GoGoing Loopy - Adventures in Iteration with Google Go
Going Loopy - Adventures in Iteration with Google Go
Eleanor McHugh
 
Distributed Ledgers: Anonymity & Immutability at Scale
Distributed Ledgers: Anonymity & Immutability at ScaleDistributed Ledgers: Anonymity & Immutability at Scale
Distributed Ledgers: Anonymity & Immutability at Scale
Eleanor McHugh
 

Más contenido relacionado

Destacado

how to use the virtual keyboard
how to use the virtual keyboardhow to use the virtual keyboard
how to use the virtual keyboard
Sri Rakesh
 

Destacado (7)

b-TECH DEGREE
b-TECH DEGREEb-TECH DEGREE
b-TECH DEGREE
 
Report w13
Report w13Report w13
Report w13
 
Internal Communication Plan
Internal Communication PlanInternal Communication Plan
Internal Communication Plan
 
TokyoR LT Rで連続データを離散化
TokyoR LT Rで連続データを離散化TokyoR LT Rで連続データを離散化
TokyoR LT Rで連続データを離散化
 
Artículo ley de reforma al código del trabajo (revisado)
Artículo ley de reforma al código del trabajo (revisado)Artículo ley de reforma al código del trabajo (revisado)
Artículo ley de reforma al código del trabajo (revisado)
 
エクセル統計の使い方(重回帰分析編)
エクセル統計の使い方(重回帰分析編)エクセル統計の使い方(重回帰分析編)
エクセル統計の使い方(重回帰分析編)
 
how to use the virtual keyboard
how to use the virtual keyboardhow to use the virtual keyboard
how to use the virtual keyboard
 

Más de Eleanor McHugh

Generics, Reflection, and Efficient Collections
Generics, Reflection, and Efficient CollectionsGenerics, Reflection, and Efficient Collections
Generics, Reflection, and Efficient Collections
Eleanor McHugh
 

Más de Eleanor McHugh (20)

[2023] Putting the R! in R&D.pdf
[2023] Putting the R! in R&D.pdf[2023] Putting the R! in R&D.pdf
[2023] Putting the R! in R&D.pdf
 
Generics, Reflection, and Efficient Collections
Generics, Reflection, and Efficient CollectionsGenerics, Reflection, and Efficient Collections
Generics, Reflection, and Efficient Collections
 
The Relevance of Liveness - Biometrics and Data Integrity
The Relevance of Liveness - Biometrics and Data IntegrityThe Relevance of Liveness - Biometrics and Data Integrity
The Relevance of Liveness - Biometrics and Data Integrity
 
The Browser Environment - A Systems Programmer's Perspective [sinatra edition]
The Browser Environment - A Systems Programmer's Perspective [sinatra edition]The Browser Environment - A Systems Programmer's Perspective [sinatra edition]
The Browser Environment - A Systems Programmer's Perspective [sinatra edition]
 
The Browser Environment - A Systems Programmer's Perspective
The Browser Environment - A Systems Programmer's PerspectiveThe Browser Environment - A Systems Programmer's Perspective
The Browser Environment - A Systems Programmer's Perspective
 
Go for the paranoid network programmer, 3rd edition
Go for the paranoid network programmer, 3rd editionGo for the paranoid network programmer, 3rd edition
Go for the paranoid network programmer, 3rd edition
 
An introduction to functional programming with Go [redux]
An introduction to functional programming with Go [redux]An introduction to functional programming with Go [redux]
An introduction to functional programming with Go [redux]
 
An introduction to functional programming with go
An introduction to functional programming with goAn introduction to functional programming with go
An introduction to functional programming with go
 
Implementing virtual machines in go & c 2018 redux
Implementing virtual machines in go & c 2018 reduxImplementing virtual machines in go & c 2018 redux
Implementing virtual machines in go & c 2018 redux
 
Identity & trust in Monitored Spaces
Identity & trust in Monitored SpacesIdentity & trust in Monitored Spaces
Identity & trust in Monitored Spaces
 
Don't Ask, Don't Tell - The Virtues of Privacy By Design
Don't Ask, Don't Tell - The Virtues of Privacy By DesignDon't Ask, Don't Tell - The Virtues of Privacy By Design
Don't Ask, Don't Tell - The Virtues of Privacy By Design
 
Don't ask, don't tell the virtues of privacy by design
Don't ask, don't tell the virtues of privacy by designDon't ask, don't tell the virtues of privacy by design
Don't ask, don't tell the virtues of privacy by design
 
Anonymity, identity, trust
Anonymity, identity, trustAnonymity, identity, trust
Anonymity, identity, trust
 
Going Loopy - Adventures in Iteration with Google Go
Going Loopy - Adventures in Iteration with Google GoGoing Loopy - Adventures in Iteration with Google Go
Going Loopy - Adventures in Iteration with Google Go
 
Distributed Ledgers: Anonymity & Immutability at Scale
Distributed Ledgers: Anonymity & Immutability at ScaleDistributed Ledgers: Anonymity & Immutability at Scale
Distributed Ledgers: Anonymity & Immutability at Scale
 
Hello Go
Hello GoHello Go
Hello Go
 
Go for the paranoid network programmer, 2nd edition
Go for the paranoid network programmer, 2nd editionGo for the paranoid network programmer, 2nd edition
Go for the paranoid network programmer, 2nd edition
 
Going Loopy: Adventures in Iteration with Go
Going Loopy: Adventures in Iteration with GoGoing Loopy: Adventures in Iteration with Go
Going Loopy: Adventures in Iteration with Go
 
Finding a useful outlet for my many Adventures in go
Finding a useful outlet for my many Adventures in goFinding a useful outlet for my many Adventures in go
Finding a useful outlet for my many Adventures in go
 
Anonymity, trust, accountability
Anonymity, trust, accountabilityAnonymity, trust, accountability
Anonymity, trust, accountability
 

Último

%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
masabamasaba
 
Harnessing ChatGPT - Elevating Productivity in Today's Agile Environment
Harnessing ChatGPT - Elevating Productivity in Today's Agile EnvironmentHarnessing ChatGPT - Elevating Productivity in Today's Agile Environment
Harnessing ChatGPT - Elevating Productivity in Today's Agile Environment
VictorSzoltysek
 
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
VictorSzoltysek
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Steffen Staab
 
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
masabamasaba
 
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionIntroducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
OnePlan Solutions
 

Último (20)

%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
 
Harnessing ChatGPT - Elevating Productivity in Today's Agile Environment
Harnessing ChatGPT - Elevating Productivity in Today's Agile EnvironmentHarnessing ChatGPT - Elevating Productivity in Today's Agile Environment
Harnessing ChatGPT - Elevating Productivity in Today's Agile Environment
 
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
 
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
 
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
 
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
 
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
 
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
 
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
 
WSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
WSO2Con2024 - Enabling Transactional System's Exponential Growth With SimplicityWSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
WSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
 
8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students
 
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
 
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionIntroducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
 
Announcing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK SoftwareAnnouncing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK Software
 
%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto
 
tonesoftg
tonesoftgtonesoftg
tonesoftg
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand
 

Privacy is always a requirement

  • 1. privacy is always a requirement Eleanor McHugh Romek Szczesniak
  • 3. we all have secrets and these secrets matter to us that’s what makes them secrets software should keep our secrets
  • 4. some secrets are awful conspiracy infidelity criminality
  • 5. some secrets are banal bank account numbers embarrassing incidents sexual preferences
  • 6. secrecy should be absolute our tech must protect the awful or it won’t protect the banal
  • 7. but there are laws we must comply with these assist the legitimate deny the illegitimate
  • 9. privacy is not absolute privacy requires mutual trust mutual trust is a contract and contracts can be broken
  • 10. famous broken contracts Office of Personnel Management Amazon Web Services Ashley-Madison
  • 11. today’s topic is applied paranoia
  • 12. paranoia Pronunciation: /ˌparəˈnɔɪə/ noun {mass noun} A mental condition characterized by delusions of persecution, unwarranted jealousy, or exaggerated self-importance, typically worked into an organized system. It may be an aspect of chronic personality disorder, of drug abuse, or of a serious condition such as schizophrenia in which the person loses touch with reality. Unjustified suspicion and mistrust of other people: mild paranoia afflicts all prime ministers 12
  • 13.
  • 14.
  • 15.
  • 16. paranoia Pronunciation: /ˌparəˈnɔɪə/ noun {mass noun} The perfectly reasonable belief that someone, somewhere is watching your online behaviour with malicious and/or voyeuristic intent. It may be a result of reading a Hacking Exposed or Hacking for Dummies publication, experiencing the fallout from identity theft, or shopping with bitcoin. Justified suspicion and mistrust of other people: chronic paranoia afflicts all information security professionals accute paranoia afflicts the victims of hacking 16
  • 17.
  • 18. 18
  • 19. we have to trust governments governments are privileged if we don’t obey they can hurt us not much we can do about that 19
  • 20. 20
  • 21. our users have to trust us our services are privileged they store real-world secrets and identifying metadata 21
  • 22. but who can we trust? technology bars the gates but people create the bars and people have to monitor them 22
  • 23. as a visitor I want to remain anonymous when I interact with your service so I can get an idea of who you are without committing to anything but it’s okay if you know I visited or ask if I’d like to hear from you later so long as you don’t tell anyone else and you accept my answer
  • 24. as a registered user I want my personal data to be secure when I entrust you with it so hackers can’t steal my identity or bully me for my views but it’s okay if you’re aware when I make changes and confirm them so long as that information is provably to my benefit
  • 25. as a system administration I want to roll-back errors and monitor security breaches so I can protect my users and my business from fraud or loss but it’s okay if I can only see data relevant to a particular incident so that I know the bare minimum about you or any other user
  • 26. as a law enforcement officer I want to perform lawful interception queries so I can catch criminals and terrorists but it’s okay if you control my access and require court orders so that criminal investigate is never a cover for political oppression
  • 27. as a regulator I want to ensure this service complies with all applicable rules so I can catch prove that the service is trustworthy and legitimate but it’s okay if you restrict my access to how you operate this service so that I know neither your users nor their interactions
  • 28. as a service owner I want you to use my most excellent service so we can build a business relationship from which we will both profit but it’s okay if you don’t trust me with the details of your personal life so long as you do trust me to run this service as advertised
  • 29. as an aggressive marketeer I want to access your visitor data to guess who might pay for miracle product X don’t make my life difficult if it affects sales I’m higher up the food chain than you!
  • 30. as a disgruntled employee I want to access your service to make you pay for the pain I’m feeling I’ve had privileged access in the past and you’re too dumb to have cancelled it
  • 31. as a script kiddie I want to access your service because it’s a rush to break into your stuff I’ve lots of different scripts to play with coz all lolz belong to us
  • 32. as an online fraudster I want to access your service so I can steal credentials and data if that’s hard I’ll move onto a fresh target there’s always another sucker ripe for scamming
  • 33. as a malicious attacker I want to access your service to monitor user behaviour and steal identities I’m waaaay more skilled than your team and I’m being paid for results
  • 34. so what do we do? dev practices architecture operational rules 34
  • 35. privacy ——> dev practices
  • 36.
  • 37.
  • 39.
  • 40. encrypt all transports • establish a secure channel by exchanging public keys • and check their validity against trusted certificates (SSL, TLS, etc.) • pin these certificates to an origin address (SSH) • then exchange symmetric keys for a private secure channel • change these keys frequently (cheap cipher streams) • and pin each distinct message to a distinct key (one-time pads) 40
  • 41. encrypt all passwords • accept utf-8 to expand the symbol space • hash every new password before it’s submitted • always use cryptograpically secure hashes (HMAC) • and a fresh HMAC key for each password (which you must store) • salt the resulting hash when you receive it (and store the salt) • then hash again before storing in your database 41
  • 42. require multi-factor authentication • have the user submit their password over a secure channel • then send them a confirmation code out-of-band • that’s an agreed trust anchor acting as a shared secret • the confirmation code should be big enough to generate a HMAC • and only the HMAC should be submitted • now you have two shared secrets 42
  • 43. encrypt all storage • secured transport is useless without secured data stores • encrypt all sensitive fields - that probably means all fields • batch fields where they’re too small to encrypt (denormalise) • and store HMACs for desired search terms • otherwise your black box is secure but unsearchable • make sure you use different roles for reading, writing and searching 43
  • 45. anchor trust internally • establish a private certificate authority • assign fine-grained roles to different components • audit: requirements, code, operations & security logs • never deploy without a formal security audit • and make those deployments immutable for later confirmation • security audits best done by third parties with an attacker mentality 45
  • 46. patents pending • 14/622527 Authentication of Bearer • 14/622709 uPass Claims • 14/622549 Confidence Values • 14/622737 uPass Registration • 14/622740 Web Content Authentication • 14/726333 Asset Tracking • 14/822803 Two-factor Liveness Detection 46