1. Investigatewhat the “Nothing to hide” argument means regarding privacy andgovernment/corporate surveillance. List and analyze, giving your reasoned view,the arguments for and against it.The“Nothing to hide” argument revolves around the idea that a government should beable to track and store all information that a person has viewed and stored viathe internet, this would include pictures, videos, bank account information,download history and much more.From the perspective of a user for Nothing to hide is that most corporatebusiness such as Google are already tracking everything that someone does onthe internet, for example in order to access Google Maps someone will need tofirst allow their location to be shared with Google, this means that Googleknow your exact starting position, route and destination. With this in mind thegovernment are raising the point that as this information is stored by businessalready therefore if the government were to gain access there would be no furtherbreach of information.
Similarly at the moment governments have the means ofaccessing this but they need reasonable evidence first in order to gain access.Most peoplewho are unaware of the situation, including myself, before researchingtook theperspective of “I don’t have a problem with the government seeing myinformation as I have nothing to hide”, but while reading through an article Icame across a statement that was raised by Ed Snowden which was“Sayingyou have nothing to hide is the same as not caring about free speech becauseyou have nothing to say”(Medium, 2016). This made mequestion my initial thoughts as even though a person has nothing to hide theyshould still be entitled to their own privacy.Another issue that was raised was that if the government were given access toall information, what is stopping them from selling the collected data to thirdparty business, these businesses will then be able to have more targetedadvertisements? Currently there are issues with Facebook and Google who areexploiting this as the moment as they track peoples search history’s and thenset advertisements based on those searches.
Finally what people do not understand is that if the government were givenaccess to your private information, this allows them to see anything that isdeemed confidential, this includes: DNA, hospital records and many more. Notonly hospital information but this allows government the government to surveillancea person whenever they want, this includes views from cameras on laptopwebcams, console cameras such as Xbox Kinect and even phone cameras.To concludeprior to in-depth research of the “Nothing to hide” argument I did not havemuch of an opinion on the matter, so naturally I fell into the “I have nothingto hide so I shouldn’t be worried” mind set, but with further investigate Ibegan to release the extent of the power this would pass on to the governmentand also bearing in mind that once they have this power we cannot retract thisargument.
I believe that the government should not have the ability to vieweverything a person does browsing the internet, not only due to having noprivacy but also the threat that our information would therefore be more likelyto be stolen as the government need to store this information somewhere leadingit to be more likely to be attacked by hackers. As previously discussed thereare positives and negatives to this argument but there is potential for thispower to be abused and this is where the trust between government and thecommunity are not great enough to allow the this sort of power.2. Describein detail all known attacks against the Diffie-Hellman protocol, and the mostcommon countermeasures to stop them.
Consider the date of the attacks andchanges over time that reduced or increased their relevance.Currentlythere are two main known attacks against the Diffie-Hellman protocol which areLogjam against TLS protocol and Brute Force attacks on prime numbers.The Logjamattack is based off the “Man in the middle” attack, but there was aprerequisite in order to complete this attack. When the Diffie-Hellman protocolwas first released it was initially used by governments back in the 1980s forencryption though communication.
One of the first cipher suites used wasDHE_EXPORT, which was 56 bit, This means that the client and server were onlyallowed to use 512 bit parameters while encrypting. At the time this was verysecure and what was indented in order to achieve encryption, but moving forwardfifteen years the computers that were used in the 1980s was purchasable byeveryday business and individuals. As computers were getting increasinglycomputationally powerful hackers saw the opportunity on users who used legacybrowsers, these legacy browsers only supported DHE_EXPORT cipher suit which ahacker was able to brute force all the possible combinations to allowthemselves to view that secure information that was being transminited.In order for business to stop this kind of an attack they first disabled theuse of DHE_EXPORT and many other weak cipher suites and additionally encouragedusers to update their browsers. Unfortunately due to local administrators beingunaware of Logjam attacks and default settings on servers which still use weakcipher suites Logjam attacks are still present over twenty years later.RecentlyNSA released to the public that even though the Diffie-Hellman protocol is oneof, if not the best ways to communicate to create symmetric keys, they didrealized that they were flaws in the approach that it takes.
CurrentlyDiffie-Hellman protocol uses 1024-bit keys which with common technology wouldtake years and thousands of dollars to crack one of the prime numbers that areused in the protocol. What NSA observed is that only a set amount of primenumbers are used in each communication. Researchers wrote “Since a handful of primes areso widely reused, the payoff, in terms of connections they could decrypt, wouldbe enormous”(HENINGER, 2015), NSA were then ableto calculate that even by cracking two of the large prime numbers that wouldallow them to eavesdrop on 20% of the top HTTPS websites. At the moment itseems that this issue is not as pressing as what it makes out to be as the NSAare normally around ten years in front of current technology and mathematicstandards, but even though the issue has been highlighted it now time to thinkof what can be done in order to mitigate this problem before hackers are ableto exploit it. Currently the only resolution to thisissue is to increase the bit length from 1024 to 2048, the knock on effect hereis that even though this approach does irradiate the potential of brute forceattacks it does have knock on effect on the speed in which communication takesplace, as due to the prime numbers being bigger the time in which to generateand calculate the keys with be drastically increased.
The other alternative isto wait for quantum computers, not only does this resolve the issue of timetaken to complete the mathematic functions involved but also allows the bit sizeto be increased. Once again this only resolves the issue until quantumcomputers become purchasable by the public as they can be used by hackers tobrute force the keys and or prime numbers used.Overall the battle between attacks and mitigations on the Diffie-Hellman is anongoing battle and forever will be until a improved protocol will be created.3.
Writean in-depth description of the FREAK SSL/TLS Vulnerability, describing itspotential impact and the countermeasures/mitigation techniques usedFREAK(Factoring RSA Export Keys) is an exploit in SSL/TLS protocols which wasintroduced by the U.S cryptography export regulations. FREAK is a man in themiddle attack where the hacker will use legacy software to use public keyencryption with moduli 512 or less encryption (AKA RSA_EXPORT).RSA_EXPORT wascreated by Netscape around the 1990s for encryption for credit cards, at thetime 512 bit encryption was sufficient encryption for everyday users. NSAnoticed that 512 bit encryption would not be difficult to crack with thecomputer power they had but understood that it was only NSA who had the powerto do so. Moving forward around 15 years and this vulnerability was forgottenabout, but due to the increase of computer power hackers began to realize thatcracking 512 bit encryption or less was a very achievable task. In order for aneavesdropper to use this sort of an attack they would need as little as $100 ofcloud computing and use an algorithm called Number Field Sieve which factories integerswell over 10100.
The element of FREAK that made the attack sodangerous was the ability to force RSA_EXPORT cipher suit while sendingencrypting data over HTTPS therefore making the client the target of the attack.Most companies used software called OpenSSL or SecureTransport as their SSLencryption but this is where the point of failure was, due to a bug in thesesoftware attackers were able intercept and force weak encryption. What was moreoutstanding was that this vulnerability was around for over 15 years. Knowingthis there were a lot of browsers that were susceptible to this attackincluding Android and iPhone default browsers, not only was it just browsersthat were affected but also the operating systems such as Windows server 2003that ran things such as ADFS or Mail servers.
Both Microsoftand Apple failed to find this bug and due to the sheer amount websites(including government websites) that were vulnerable to this attack they neededto act fast to mitigate the damage. The attack was noticed on the 3rdof March 2015 that lead Apple to release a patch on the 9th of Marchand Microsoft to roll out on their next sprint on the 10th(Wikipedia, 2018). Initially inorder to reduce the impact, users were advised to use browsers such as GoogleChrome and Firefox which were not susceptible to the attack, and although thisdid reduce the attacks, it was the patches to OpenSSL and SecureTransport thatannounced the attack redundant.Here iswhat was advised for each user to terminate further FREAK attacks:ServerAdministrator – Disable TLS export cipher suits and any other known ciphersuits that were known to be insecure.A user –Ensure that they had the most up to date web browser of their choice. Userswere strongly advised to use Firefox as they had full immunity to the attack.Developer –Ensure that all TLS libraries were up to date including, Apple Secure Transferand OpenSSL, furthermore confirm that all software does not offer Export ciphersuites under any circumstances. 4.
Howcan attackers bypass firewalls? Describe at least 4 possibilities providingenough technical details and some tools and countermeasures, if applicable.Frompersonal experiences and research the four most common ways of bypassing afirewall are Phishing, IP address spoofing, Social Engineering and SQL injection.A couple of these techniques were used when technology was not secure as it wastoday but some are still prevalent to date and are still used as a first stepin gaining access into a secure network.Phishingemails – Phishing emails is a method where an attacker creates an identicaltemplate of a corporate email, but within the email is a link to either awebsite that is created by the hacker to mimic the already existing websitethat is normally used within a business that will store credentials of theinternal user, or will install a key logger in the background in which theattacker will be able to record all keystrokes by the victim of that attack.With the increasing number of programs that have been created phishing emailshave become more and more popular with an increasing in successful attacks.Currently there are a few ways in which this sort of attack can be mitigated;first business can enroll employees on courses such as Bobs Business whichinforms employees on the most common ways on spotting a phishing email. Alternativelynetwork administrators can set rules on a mail server where any email addresswith a certain domain or include links/domains that could be deemed maliciousand sent to quarantine.
Spoofing IPaddresses – A firewall limits the connections to a network normally by settingrules that only allow a finite set of IP address to connect. If an attacker wasable to find out the ranges e.g 52.
310.0.0 – 52.
310.255.255 an attacker wouldbe able to set their static IP to one of these ranges which makes theirconnection look like an employees. In order to reduce the chances of this sortof attack, other than changing the IP address range of the network a methodcalled Packet Filtering can be imposed on the firewall. What packet filtering doesis look at the headers of any packets that are incoming and looks through thesource code to see if it matches the ‘Spoofed ’IP address.
The reason why thisis so effective is due to packets always leaving a trace of the original IPaddress that the packet originated from, if this is found then the packet isdropped and the connection is closed.SocialEngineering – This technique involves targeting employees on releasing orchanging sensitive information that otherwise is not the users. There manydifferent ways, in which an attacker is able to social engineer, an exampleincludes ringing an internal help desk impersonating a colleague. In order tocounteract this sort of an attack what business normally do is have a criteriafor the helpdesk that a customer or employee will need to answer in order toconfirm that they are the account holder This may include things such assecurity questions or email verification, alternatively it could be a mixtureof these to improve security.
Social engineering is currently the most common technique used by hackers, as of May 2016 according tothe FBI social engineering is resulted in losses of around £2.4 billion(Perez, 2016). The highest thanother attacks mentioned.SQL Injection –Similarly how socialengineering’s aimed on changing confidential information, SQL also does thisbut is based around attacking the database that the information is helddirectly rather than a helpdesk employee. It works by executing an SQLstatement such as UPDATE, DELETE, ADD etc, this is done on a request to thedatabase and attacks poor quality security. In order to mitigate this,databases can share sensitive information with a client by encrypting the dataon the database and in transit; furthermore PHP can be placed as a part of therequest which adds a backslash for the SQL parser to confirm where the end ofthe request is, this ensure there is no trailing quires.
5. Writean in-depth description of one of the POODLE/Heartbleed/Shellshockvulnerabilities against SSL/TLS, extracting possible security lessons from themand detailing how they have been stopped.Heartbleedwas the name of a bug that was present in OpenSSL from around 2012 to 2014. Thename Heartbleed was named after the operation that was taken advantage of whichwas named a heartbeat. When a user connects with a server they will first needto establish a connection to set up a session. As there are a limited amount ofsockets on a server it needs to know which ones are still valid and does thisby implementing a heartbeat.
The heartbeat acts as a send receive message andcan be as big as 64Kb, letting know that the client still needs informationfrom the server. Heartbeat works by the client sending a message up to 64Kb tothe server which send back the same message. The exploitation used was when ahacker sent a 1Kb message from the client but masking it as a 64Kb message, theserver will then reply with that 1Kb message but will pad it with 63Kb. Thecontent of this 63Kb will be random information from the server, mostly thiswill have garbage but in some instances it will hold usernames and passwordsfrom the database. What was more problematic was that this exploitation couldbe done multiple times, meaning that if the hacker did not receive anything ofinterest initially they would have able to use the vulnerability again untilthey received something they needed or was of interest to them.
To confirm,the issue was not with the SSL/TLS protocol itself but was with the OpenSSLsoftware but as OpenSSL is the most popular software used a lot of web serverswere vulnerable. As of May 2014 they say that 1.5% of the 800,000 most popularwebsites that use TLS are still vulnerable to Heartbleed(Wikipedia, 2018). The vulnerabilitywas patched early April 2014 and added to the Common Vulnerabilities andExposure database, this did resolved the issue but in order for a server tofully rid of the bug there were other procedures that existed to fully mitigatethe issue.
1. Patch systems that have/would besusceptible to the bug – When the fix was rolled out all servers running olderversions of OpenSSL need to be updated.2.
Regenerate private keys – As theHeartbleed was used to gain information from the server the message dumps couldhave contained private keys used from encryption either in conversation withanother client and a server or communication with services such as ADFS3. Installing new Certificates –Similar to the previous steps, hackers could have obtained the certificatesused to authenticate a client and a server therefore an attacker could redirecttraffic to a dummy website posing as the real web server and the browser wouldnot know as they have the certificate as proof.4. Reset passwords – Once again aspasswords could have been view from the memory dumps passwords could have beenleaked. Not only could this bug release users passwords on the server but couldalso affect administrators as well. Bibliography HENINGER, A.
, 2015. How is NSA breaking so much crypto? [Online] Available at: https://freedom-to-tinker.com/2015/10/14/how-is-nsa-breaking-so-much-crypto/ [Accessed 9 January 2018].
Medium, 2016. Why privacy is important, and having “nothing to hide” is irrelevant. [Online] Available at: https://medium.com/@obsidian_crypto/why-privacy-is-important-and-having-nothing-to-hide-is-irrelevant-d011b49de4c8 [Accessed 09 January 2018].
Perez, R., 2016. 60% of enterprises were victims of social engineering attacks in 2016. [Online] Available at: https://www.scmagazineuk.
com/60-of-enterprises-were-victims-of-social-engineering-attacks-in-2016/article/576060/ [Accessed 10 January 2018]. Wikipedia, 2018. FREAK. [Online] Available at: https://en.wikipedia.org/wiki/FREAK [Accessed 11 January 2018]. Wikipedia, 2018.
Heartbleed. [Online] Available at: https://en.wikipedia.
org/wiki/Heartbleed [Accessed 14 January 2018].