A new draft proposal at the Internet Engineering Task Force by Phillip Hallam-Baker sets out a work program to harden the Internet against Prism-style surveillance. It's a long but fascinating read, and it's been nicely summarized by ParityNews's Ravi Mandalia, who highlights the proposal's emphasis on Perfect Forward Secrecy and strong crypto by default. Last week, I posted John Gilmore's firsthand account of NSA sabotage of a IETF standard; it will be interesting to see how the NSA engages with this process.
Baker starts off by listing out the attack degree including he likes of information / content disclosure, meta-data analysis, traffic analysis, denial of service attacks and protocol exploits. The author than describes the different capabilities of an attacker and the ways in which an attack can be carried out – passive observation, active modification, cryptanalysis, cover channel analysis, lawful interception, Subversion or Coercion of Intermediaries among others.
Baker then highlights the controls that may be used to defend against the attacks including use of Perfect Forward Secrecy which tends to dramatically increase the cost involved with an attack; use of strong cryptography as a control against passive attacks; use of dual-layered public key exchange “using the credentials of the parties to negotiate a temporary key which is in turn used to derive the symmetric session key used for communications” among others.
The draft lists the final control as policy, audit and transparency; however, it notes that this area is “the most underdeveloped area of internet security to date.”
IETF floats draft PRISM-proof security considerations [Ravi Mandalia/Parity News]
Adzerk, who serves ads for Bittorrent, Stackexchange, Reddit and other high-profile sites, will honor Do-Not-Track messages from readers’ browsers, and its ads will not be blocked by the major ad-blocking software.
James writes, “A blend of fact and fiction, players take on the role of an NSA agent tracking down the source of the leaks. They’ll discover the journalists involved, and the real messages sent by Snowden to them at the time.”
In contrast to yesterday’s post about the way the Internet is depicted in patent drawings, check out these photos of the Internet’s secret actual infrastructure.
SitePoint Premium is the ultimate e-learning library for web developers, designers, and digital professionals. Famous for their web development books written by industry leaders, they’ve expanded their content library to include in-depth video courses and short, handy screencasts partnering with A Book Apart and UX Mastery. Whatever you want to achieve in your web career, […]
Skip the technical jargon and get right to taking amazing, professional-quality photos with this complete training. The Hollywood Art Institute Photography Course includes 22 modules filled with tutorials on how to profit off of your photography, or simply capture your memories in the manner they deserve.Accredited by the Photography Education Accreditation CouncilDive into this 22 […]
Power up your gadgets in the most unexpected places with the extremely compact SolarJuice battery pack. SolarJuice charges up at home like your average battery pack, but also lets you add extra juice on-the-go using its built-in solar panel—so you’ll never be left unplugged from the digital world.4.5 Stars on Amazon!Simultaneously charges 2 devices at […]