Online Tracking Encryption

Janine L. Spears, Ph.D.

May 8, 2012 DePaul University CNS 340
1

This Evenings Agenda

1. Announcements

2. Online tracking and data re-identification

3. Encryption
a) b) c) d) e) Whole disk Database Key management Example of tools Public vs. private encryption algorithms
2

Announcements

HW 3 due today
1. 2. 3. 4. John the Ripper Recuva Eraser Secunia

HW 4 (Policy) is due next Tues, May 15th by 5:45pm CST

Announcements

Reading assignment: To Track or Do Not Track by Tene and Polonetsky, Aug 2011
Read pages 1-14 Article is posted in Week 7 folder on D2L This article will be helpful for:
1. Extra credit assignment 2. Quiz #3 3. Group project

The browser security assignment that was listed in the course schedule will be a group assignment
There is one remaining individual assignment (HW 5) that will be assigned next week
4

Announcements

Group assignment posted this week:

Due Mon, Jun 4th, 11:59pm (night b4 Final Exam meeting) Group presentations will be in place of a final exam Form groups either:
a) In person (on-campus section) b) Via CATME survey (online and on-campus sections; an email will be sent from CATME)

Announcements

Extra credit assignment will be emailed later this week Quiz #2 review.

Identified vs. Identifiable Data

Personally Identifiable Information (PII)

Identified data

Identifiable data
Non-PII, but when aggregated or combined with other data could lead to the identification of an individual In other words, Non-PII can be transformed into PII
7

Data Re-Identification

De-identification of data occurs when personally identifiable information is stripped from a dataset in order to make the data anonymous Re-identification = linking de-identified data to identified data Re-identification of data occurs when a third party joins anonymized data with a small amount of auxiliary data from another database and de-anonymizes the data (Porter
2008)

Data Aggregation

Re-identification may occur through data aggregation

Aggregation refers to the combination of various types of data

Example of Data Re-Identification

Anonymous data set: Name: Unique alpha-numerical identifier Age: 13 Favorite Toy: Legos Favorite Movie: Batman Favorite Candy: Snickers Favorite Restaurant: McDonalds Zip Code: 20052

Facebook data set: Name: Billy Doe Age: 13 Location: I live in Washington, DC Narrative: I love to build things with Legos. I love Snickers bars. I recently saw the Batman movie and thought it was the coolest movie ever!

Another data set:

Name: William Doe Date of Birth: 04-04-1996 Address: 2000 H Street, NW, Washington, DC 20052
10
Schwartz & Solove, NY University Law Review 2011

Re-Identification using Simple Demographic Data (1 of 3)

According to an academic study, a combination of the following info is sufficient to identify

87%

of the population:
1. Birth date
Data typically considered non-PII Generally not considered embarrassing or sensitive Available via census data
11
Latanya Sweeney (2000)

2. Zip code
3. Gender

Re-Identification using Simple Demographic Data (2 of 3)

In the 1970s, the US Census Bureau began selling census data The data only contained addresses, not names How were marketing companies able to identify individuals?
1. Telephone lists

2. Voter registration lists

12

Re-Identification using Simple Demographic Data (3 of 3)

Predicting social security numbers

http://www.youtube.com/watch?v=sqjTyN8-q2w
http://www.cnn.com/2009/US/07/10/social.security.number s/index.html?iref=allsearch

Study was conducted by Alessandro Acquisti and Ralph Gross

http://www.heinz.cmu.edu/news/newsdetail/index.aspx?nid=991
13

Data Aggregation

Data aggregation and data re-identification

Are not within scope of existing US privacy laws

Are a privacy concern with regard to online behavioral tracking (targeted advertising)

14

Anonymity Myth (1 of 2)

The anonymity myth refers to the incorrect assumption that a person remains anonymous (i.e., is not identifiable) while on the web, as long as he/she does not use his/her name The anonymity myth stems from a mistaken conflation between momentary anonymity and actual untraceability

15

Anonymity Myth (2 of 2)

What is the key piece of information that enables traceability of ones actions once connected to the internet? The IP address is a unique identifier that is assigned to every computer connected to the Internet. Due to the shift from dynamic IP addresses for dial-up connections to static IP addresses for broadband connections, ISPs now have logs (that could span years) that link IP addresses with particular computers and, in many cases, eventually to specific users.
Only 5% of Americans still use dial-up (Pew Research Center 2010)
16

IP Address

Connection to a website requires a browser to provide the users IP address

Various tools can provide info on an IP address, such as:

Host name
Geographic location A map

17

Group Project Assignment

Identify browser tools that reduce the amount of:

Browser footprinting Online tracking

18

Data Encryption

Two issues are driving a major increase in the use of encryption

What are they?

19

Data Encryption

Data needs to be secured in transit and at rest.

a) What are examples of data in transit?

b) What are examples of data at rest?

The focus this week is on protecting data at rest

20

Data Encryption

Encryption is the process of converting an original message into a form that is unreadable (aka ciphertext). Decryption is the process of converting the ciphertext message back into plaintext so that it is readable.

21

Data Encryption

Encrypting data at rest:

a) Whole disk encryption
Hard drive encryption USB drive encryption

b) Folder/file encryption
c) Database encryption

22

Whole Disk Encryption (1 of 5)

How Whole Disk Encryption works:

http://www.symantec.com/content/en/us/enterprise/white _papers/bpgp_how_wholedisk_encryption_works_WP_21158817.enus.pdf

23

Whole Disk Encryption (2 of 5)

What gets encrypted:

Encrypts the entire disk including system files, temporary files, etc. Whole disk encryption automatically encrypts everything the user or O/S creates Encryption/decryption is transparent to user Benefit: If encrypted disk is lost, stolen, or placed into another computer, drive remains encrypted
24

Whole Disk Encryption (3 of 5)

When is data encrypted:

Works in conjunction with the O/S file system Data is encrypted blocks at a time first time When a user accesses a file, the data is decrypted in memory If user makes changes to a file, the data is encrypted in memory and written back to drive Decrypted data is never available on the disk
25

Whole Disk Encryption (4 of 5)

Limitation of whole disk encryption:

Once user logs into the system during startup, files can be opened by anyone

If user has logged in and leaves computer unattended (e.g., in a coffee shop), an unauthorized user can access data

26

Whole Disk Encryption (5 of 5)

Recovery methods:
1. Local self-recovery (users customizable pre-defined questions) 2. Recovery Token (one-time use) 3. Administrator key stored on a token or smart card

Best practices: before encrypting whole disk,

1. Create a Recovery CD
2. Backup the drive
27

Lost or Stolen Laptops with Whole Disk Encryption

If someone reports a lost or stolen PC, what are some questions that need to be asked?
Was the user logged on to the system? If so, was user logged on to network? If so, what data does user have access to?

Company also should define lost and stolen.

At what point is a device considered stolen?
28

Layered Security

An example of layered security (aka defense-indepth) for protecting data stored on hard disks:
If data on an encrypted hard disk is vulnerable after user logs on, what additional layer of security can be added to encrypt sensitive data on a hard disk?

29

Examples of Whole Disk and File Encryption Tools

From HW 3:
what is an example of a file encryption tool?

What is an example of an open source whole disk encryption tool?

30

Examples of Whole Disk Encryption Tools

3. Checkpoint Full Disk Encryption

http://www.checkpoint.com/products/datasecurity/pc/index.html

4. Pretty Good Privacy (PGP)

Demo for whole disk encryption:
http://www.symantec.com/business/products/videos.jsp?pcid=pcat_info_risk_c omp&pvid=wd_encryption_1

5. TrueCrypt
Free open-source encryption for Windows, Mac, Linux
http://www.truecrypt.org/

6. IronKey
Demo for flash drive encryption (also note key mgmt app):
https://www.ironkey.com/demo-enterprise
31

Examples of File Encryption Tools

Using the file or folder encryption feature in Windows:

Overview of the Encrypting File System (EFS)
http://windows.microsoft.com/en-US/windows7/Encrypting-File-System-EFS-recommended-links

Training video on using EFS to encrypt or decrypt

http://windows.microsoft.com/en-us/windows7/Encrypt-or-decrypt-a-folder-or-file

Back up Encrypting File System (EFS) certificate

http://windows.microsoft.com/en-US/windows7/Back-up-Encrypting-File-System-EFS-certificate

SWF Encrypt
Encrypt Adobe Flash SWF files: http://www.amayeta.com/software/swfencrypt/
32

Database Encryption

Server-side vs. Client-side encryption

Whole disk encryption is an example of client-side encryption (i.e., stored on client PC) Encryption of databases residing on a server is an example of server-side encryption

Two basic types of database encryption

1. Whole database (aka file-level) encryption 2. Column-level encryption
33

File-level Database Encryption (1 of 5)

Features of whole database encryption:

Encrypts an entire database file Secures files at rest not currently in use by a database system (e.g., SQL Server, Oracle) Without this, data in a DB file residing on a storage disk can be viewed with text editor Works at the O/S layer, so does not require additional application program code Simplest to implement Minimal impact on database performance
34

File-level Database Encryption (2 of 5)

A database without encryption:

35
Source: NetLib Encryptionizer, http://www.netlib.com/how-it-works.asp

File-level Database Encryption (3 of 5)

DB file encrypted but not enabled:

36
Source: NetLib Encryptionizer, http://www.netlib.com/how-it-works.asp

File-level Database Encryption (4 of 5)

DBMS enabled to process encrypted DB file:

37
Source: NetLib Encryptionizer, http://www.netlib.com/how-it-works.asp

Column-level Database Encryption (1 of 2)

Benefits of column-level encryption:

Encrypts individual columns of data within a table
(e.g., SSN)

Enables more granular encryption by allowing a group of users to only access part of table, while encrypting other parts (e.g., employee table containing
address book info + personal info)

Different columns can be encrypted with different keys

API enables customized programs to be written that control who, when, where, how data is accessed
39
Source: NetLib, http://www.netlib.com/column-vs-database.asp

Column-level Database Encryption (2 of 2)

Limitations of column-level encryption:

Impact on performance (estimated at 5-6% slower than
access plaintext columns)

The more columns encrypted, the greater the performance degradation

Performance may be significantly degraded for complex database queries on encrypted columns
(e.g., LastName begins with S, Salary between $50,000 and $60,000)

Cannot protect the intellectual property of the database (e.g., schema, views)
40 Source: NetLib, http://www.netlib.com/column-vs-database.asp

Database Activity Monitoring

Database activity monitoring (DAM):

Operates independently of DBMS

Monitors privileged user access (e.g., DBA)

Monitors application activity Provides cyber-attack prevention
Establishing a baseline of normal application activity and SQL structures and identifies when there is a diversion

Sample DAM vendor: Nitro Security

http://www.nitrosecurity.com/products/database-monitor/

Nitro Security acquired by MacAfee

http://www.networkworld.com/community/node/78826
41

Data Encryption

Encryption has two components:

1. Algorithm
Is typically publically available

2. Key
Is the parameter used in the algorithm that determines how data will be transformed from plaintext to cyphertext Is kept secret Is a very large number that should be impossible to 42 guess

Proper Encryption Key Management is Essential

The encryption key is the critical component in effective encryption

Key management is becoming increasingly challenging as more encryption software is added to the storage infrastructure due to increase in # of keys

43

Proper Encryption Key Management is Essential

Effective key management is essential:

Unauthorized access to keys renders encryption useless A lost key makes it impossible to retrieve encrypted data

Encryption key management involves managing the key lifecycle

What is a keys lifecycle?
44

Proper Encryption Key Management is Essential

Encryption key management involves the creation, secure storage, handling, and deletion of encryption keys
i.e., managing the key lifecycle

45

Enterprise Encryption Key Management Systems

Encryption key mgmt systems are intended to:

a) provide centralized management of an orgns encryption keys b) manage the lifecycle of keys c) store keys securely d) distribute keys more easily

These systems are typically unable to manage keys from disparate storage systems
Key mgmt standards are currently being developed
1) Key Management Interoperability Protocol (KMIP) 2) IEEE P1619.3 (for stored data)
46
Cath Everett 2010

Encryption Key Management Policies & Procedures (1 of 2)

Policies and procedures come first, and then automated tools are used to enforce them. Some key management policies:
1. 2. 3. 4. Which group(s) should manage keys? How often should keys be changed? Level of key granularity (i.e., different key per ___) Segregation of duties

SearchStorage, Nov 2009

47

Encryption Key Management Policies & Procedures (2 of 2)

Key management policies contd:

5. For encrypted data that must be archived, ensure the key used to encrypt the data is stored securely and accessible for X years 6. Backup keys in case system goes down 7. Plan for dealing with encrypted data in case of merger, acquisition, or divestment

8. When outsourcing to ESP, must decide:

a) Encryption mechanism to use b) Outsourcers role, if any, in key mgmt
Cath Everett 2010

48

Considerations for Encryption Key Storage

Where to manage and store keys Hardware-based solutions store encryption keys on an appliance, offering a centralized location. Software-based encryption products store encryption keys on the servers where the encrypted data is locateda distributed approach to key storage although some software vendors offer an optional appliance for key storage.

Centralized storage offers an easy target for attack, but distributed storage is only as good as the most recent security patch on your server. 49
http://www.sqlmag.com/article/encryption2/database-encryption-solutions.aspx

Considerations for Encryption Solutions

Key considerations for encryption controls:

What data needs to be protected? Where does this data reside? (Apps, servers, databases, devices, etc.)

How should keys be managed? (where stored, how many, accessible by whom)
What trade-offs are users willing to make for performance vs. protection?
50

Data Encryption

One of two methods of encryption used:

1. Public key encryption (AKA asymmetric) 2. Secret key encryption (AKA symmetric)

51

Asymmetric Key Encryption

Public key encryption

Two keys are necessary: a public key and a private key The public key is known to many people and is not kept secret The private key must be kept secret The two keys are used to code and decode messages A message coded with one can only be decoded with the other RSA is most common public key method
52

Asymmetric Key Encryption

Public key encryption contd

The RSA method is provided in Web browsers Full two-way secure communication requires both parties to have a public and private key

Most B2C transactions are only secure from the consumer to the merchant, since the consumer likely does not have a private key

53

Asymmetric Key Encryption

54

Asymmetric Key Encryption

Source: http://www.networksorcery.com/enp/data/encryption.htm

55

Symmetric Key Encryption

Secret key encryption (AKA symmetric)

The sender and receiver use the same key to code and decode a message The level of security is a function of the size of the key

Common secret key algorithms used:

1. Data Encryption Standard (DES) 2. Triple DES (3DES) 3. Advanced Encryption Standard (AES)
56

Symmetric Key Encryption

Source: http://www.networksorcery.com/enp/data/encryption.htm

57

Symmetric Key Encryption

58

Another Use of Encryption Keys

Digital signature
Since a private key is only known by the one party, it can be used as a digital signature RSA method used for private (secret) key A certification agency must issue the keys in the form of a digital certificate containing:
a) Users name b) Users public key c) Digital signature of the certificate issuer

The digital certificate can be attached to a message to verify the identity of the sender
59

Limitations with Encryption

Key extraction from monitoring cache memory access patterns

http://web.mit.edu/newsoffice/2009/cryptography.html The memory access patterns that is, which memory addresses are accessed are heavily influenced by the specific secret key being used in that operation
AKA cache-timing attacks against AES

Researchers demonstrated a concise and efficient procedure for learning the secret keys given just this crude information about the memory access patterns.
60