| Thread Links | Date Links | ||||
|---|---|---|---|---|---|
| Thread Prev | Thread Next | Thread Index | Date Prev | Date Next | Date Index |
|
Hi Mick, Thanks for pointing to the assumption of a purely passive attacker. I fully agree that considering only pervasive ‘passive’ surveillance is much too short. On the other
side I don’t believe that it should become task of the Privacy SG to evaluate the strength of security protocols regarding flaws and backdoors – such assurance of quality of security means belongs to the duties of the security groups. But the intersection that attackers actively use legitimate protocol behavior to illegitimately retrieve privacy related information is a domain that the privacy SG should
address. Also agreeing that the initial PAR should be tightly focused, it may not be appropriate to continue with the differentiation between passive pervasive surveillance and
leveraging legitimate protocol behavior to actively querying the information. Bye Max From: ext Mick's Gmail Calendar [mailto:mickseaman@xxxxxxxxx]
The most striking thing about the referenced PrivSec draft (for me) is the assumption of a purely passive attacker. Hacking tools that use active techniques to invoke disclosure are widely available [google "wi-fi pineapple" for example
-I'm not providing links for obvious reasons and advise great care when acquiring such tools to verify their claims, though their listed techniques should be of considerable interest to us] and I don't currently believe that is safe to assume that pervasive
surveillance is technically constrained to passive attacks except in the very special case of an attacker who is very sensitive to disclosing his presence and techniques-e.g. an attacker who has to maintain a strong appearance of legality and is restricted
in his ability to change or override legal considerations. This excludes most opportunistic criminal attackers (at one end of the spectrum) and repressive regimes (at the other). It does make me wonder if the initial privacy sg par should not be much more tightly focused - recommendations on resisting persistence surveillance by passive attackers for example, rather than privacy as a whole. That restricted scope
should be challenging in itself (there is more than MAC address use that can identify a device) and we don't have any input to date on resisting active attacks (e.g. advertising bogus SSIDs to see if mobile stations are interested in them-how many students
were at that demonstration) and we haven't demonstrated technical feasibility for any active attacks. Mick
|