Bestand wählen
Merken

Civil Society Information Defense

Zitierlink des Filmsegments
Embed Code

Automatisierte Medienanalyse

Beta
Erkannte Entitäten
Sprachtranskript
but some of the
and more of the
the the function well on
who's In the work together different way if and suffered a very upset the most sincere influence money but future home away from it we will define it for the 5th onto a is near the user should annotation side so assumed that I'm actually kickoff make focal of would but then I guess it's a single was 1 if not all of the finally reached the here under tightened no it's not christian so much thousand word it means that basically actually said 1992 on alignments Edmonton see 190 community features the on so that differ from 210 the news and then give you some so it the light had the 50th the affinity I've a Democrat deontic I'll switch to English now to spell certain people the troubles translating it then I put in that dialog so we're under the persist civil society networks from the persistent attacks by military forces the that's the facts military budgets are used to attack civil society and it's difficult to defend oneself and if you defend yourself you defend everybody else help defending everybody else that's the point and in but 1st we want to know what are they and what they are doing so know I adversary 1st they collect much of old
data they can collect we don't go to which extent but to a high extent analyze a small fraction into put into a tiny parts and understand less much less so they are not good in interpretation which that could be a possible danger for us if they misinterpret misinterpret telecommunications they took took so they all rely on traffic out whole communicates where with long when they do network of communication network analysis and the maintain a vast collections of identifiers identified as can be anything your browser
configuration is 1 of the 1st for almost identifier so this being used they used cookies of commercial Internet companies are stored in your browser so they have all the they've got all the data from chemical networks well you should know this so they're good in this they're really good and this that's the bad news they closely track everybody who talks rights or otherwise communicates about their activities so you're amongst the targets and in a few but just collected and single this part let's keep it there for further analysis what they can do they can break free cryptography all the time they talk about breaking cryptography them operating cryptography the break key change protocols assisted by random number generators that are not random and have proved that and poisson standards of civil used in civil society by influencing the the
Grenier see the i there we found 26 ITF draft standards co-authored by and say stuff from 1975 they did the 1st in 1975 and then stop for 7 or more years it 2 thirds all of these out some of them became standards update the date from 2009 and to the now so they had to they 8 or so idea of documents from 1975 to 2009 and all the rest states from 2009 there is something fishy going on you know so I'll show you 2 examples Lake uh well that's here let's start here uh 1 of these drafts was called extended random this is 80 protocol extension of the TLS protocol so when it was introduced in 2008 it was not approved because the engineer said at the idea of the civilian said no yes we know that should be doing you tell us that this is some it that that's something you show and its efficient but we don't know what we don't see it can explain they couldn't the say we needed industry needed and so we looked a bit back and then we solve this extended random dated back to another effort as early as 2006 so the and is able run program started much earlier than with fault and the author is NASA information as assurance technical chief and a is Margaret salt our and is it was her who introduced both of these both unsuccessfully so in 2008 so tool Midas of cryptographers Ferguson and uh issue morph found another thing I do of it as a a random number generator you know for the encryption you need random numbers fall encryption process if the rock uh random numbers are marked random it's no real encryption can vary engineer so that was these elliptic curve random in you see there are always in the 2 coasts around they introduced this as a standard and that was pretty because there were critics said like Schumer from Ferguson um what does this do it's not even faster than any other random generators and so on they didn't could make out for what you this so recently a group of cryptographers led by Matthew from Johns Hopkins University and but those numbers tried this with the RSA should be used to be safe refuse flows through everywhere on the machines and the they tried to he CTR together with the extended random extension and there were really surprised they
could crack the elliptic curve random number generators took them to a 3 hours when the extended random protocol extension was added decryption was sped up 5 4 foot with a factor of 65 thousand so it took them 2 seconds to break the and encryption about 3 hours so that this suggests a need you what it's always the
same um pattern protocol extensions that are somewhat how useful elliptic curves and a block chaining mode called very low catalog count them uh count loan to last day counter mode the uh all elements under suspicion here would criticize before as we know here we have Ferguson warning off off-color counter mode
to use it in real-time protocols real-time protocols means bankrupt voice over IP telephony uh well it became and this standard national interests at Institute of Standards and Technology in the use a nevertheless in 2007 and in thousand there was an NSA drafted the i TF
suggesting dialog counter mode floor s RTP this is nothing but an encrypted real-time protocol so you know you you you just start understanding how they do it elliptic curves algoritm and always involved 1st comes an NSA led new standard because they're leading the deleting the security groups and the National Institute of Standards and Technology in the USA and we let me recall when I started analyzing the it's a surveillance documents in I bake 1999 I've found all relevant documents by using 1 to Rome for search and you know which term it was it was lawful because every document had lawful interception on it there 2 there is some similar there are some similarities here because all these elements introduced by NSA staffers a priestess effective so it's searched for effective and I found but so
here we have this turned out in the ETSI in 2011 I couldn't make we couldn't make sense out of it because it doesn't make sense it's the
Britain's breaking scheme at the uh at the exchange level so when both parties stopped to generate a common session key the this mechanism comes in and you see that they're showing 2 with handsets here that's plain wrong that's plane deception really it
is 1 hand said can be a tablet a smartphone whatever communicating via HTTP S with some websites and that's the way that only but that was 1 . we couldn't explain then in 2011 and now we can explain it off that Edward Snowden's the the entire process really lie the on the end on them on a random number generators that produce no random numbers the was introduced
this was introduced so the 3rd Generation Partnership Project this is very closely related to the European Telecoms Standards Institute this is their workgroup name allies lawful interception in autumn by as early as autumn 2010 by the Secretary of this group this guy's name is Ian Cooper and he's from the National technical assistance whenever this is a gchq unit this guy's the Secretary of this group so move these are part of the discussion difficulties can arise when airline mechanism and mechanisms are not engineered into systems at the early stage I I think that explains all you have to do it very early on so the process will function neatly that's mystical plane as he wrote it and by the way anybody in here wants this documents of the whole set here and you can look it up there is much more in it than I can show you and I would appreciate if some people that are really good intrapersonal not the the ringing crypto as I do would it be would like to analyze it said all UK government developed the number the exchange form what which supports S. LRI requirements this is the UK method there was the with discussions in in in this group walk which met method the should apply so it has additional benefits such as lower latency it's quick it's fast you can do it on on is entrusted of scale that's the effect
50 of this measure I will then propose uh this is the
the ETSI the breaking shakes shame and somewhat those the use uh the procedures all of the time yeah well up what the sites In these people should be put on those of a year and then they start breaking their encryption this is all about mobile networks of of nothing else it's all mobile and um so the the the my K I basically seem off x 0 resembles traditional law enforcement methods the British method bad not to resemble civilian methods it's military-style because they break any key that appears on the net and story and if you manage to get into the key change when the key exchange yeah mechanism start that's when you go to
a website that uses HTTP as there will be a session key and that will be drafted thereafter and this will be composed of parts of bowls elements of both secrets swallows on the website and on their hands so both that's what we learned then both approaches seems to rely on non ran dom numbers generated the by a a random number generator yeah the by 2000 said 10 and that was all already in use other than the documents of this guy is called from a UK perspective as as of as it seems that have been introduced around 2000 as a as early as they 2008 or 2009 the corresponds nicely with all the avenues from that time the NSA but after you const beta center construction started similar mechanism amusement MIT mechanisms of a being deployed in US mobile networks and that was 1 friend don't break breakthrough reported by change spam for what he is the authority on the NSA he wrote the 1st book on the NSA the puzzle palace in 1988 and if pamphlet says so it is so at least in the past it was always according to his reporting so there was a the
breakthrough and at the same time the handsets turned over the entire mobile markets has turned around the which is not nowadays there just these handsets around so apparently what the NSA and the cheap and gchq do they use some kind of bond but the people principle do you know this but but the a K 5 is adenylyl the facilitator this people as to differently creates into different chambers of his body and a case of a pack of defense or attack these 2 liquids that upper say harmless each 1 is harmless but if you mix them and put them into a combustion and jammers the whole thing gets 100 great since use hot and explodes a similar mechanism happens at the happens at the standardization level extended random we can make much of the fit but they and we don't know what it is useful for it's just another extension foot TLS OK um we don't know what to make out of it the dual DCT the RBG alarm yes another random number generator on proposed to be very fast at ease and this Foster said uh well what should we do if that combined them and that but that's how the work because it's not so easy to smuggle entirely flawed standards into a collegium where there are first-class cryptographers sin so um we have here the these things are slim they're lean and they're pretty fast even if the processes come match the bigger these 1 on the bigger machines why because they have these they have linked critical they have lead security and going randomness this is fast if you use Fred so that is not a really crypto it will be faster than real encryption that's natural so this is the scheme 2 different
factors combined so the don't despair backlash but right now I can only recommend don't use on mobile handsets to do http S don't delete if you and I will customers you have the my say stream the British Xin implemented in the network so what you all it your secret part of the key will be compromised immediately sport as long as it is it as if it is valid nobody seemed to be a reserve well it's a long-term strategy nobody to wean for a decade or more so they were entirely free to do what they want all initial tactical of bull run is the and essays program tool Poisson photography to influence photography uh in the development development of of cryptographic methods in standards committees all around wherever they can the British counterpart is called Etude that's apparently what we saw in its so industry started addressing this now the you have you can bet that there is that these you guys already last lost some of the capabilities we can tell which capabilities possibly number of fiber-optic cables they had access to it have gone dark in between right industry is really worried because the NSA
scandal is trying to well influence the business in a negative way because the if if trust is gone you won't move as you on the net you move before freely and and openly and unsuspectingly I'm afraid this time is really over you got to defend yourself
each future steps to regain last capabilities that's the good news will be pretty
difficult because now there is suspicion that was not that did not exist before do not expect at which we neither they had a reason to call these 2 programs on breaking critical Bull run and that you run was the 1st battle in and in the American Civil War that she was the 1st battle in the British Civil War much earlier so even the other side expected a long process and we should know that when trying to address this the so what can you do that right now there is nothing
that make you can make you entirely secure but well this is different browsers connections hardware creating new identifiers and they already have difficulties to cope with the existing identifiers they have difficulties breaking make case on an industrial scale storing them and whenever there is the key so service the new secrets to to some user they have to redo the process that it's my hypothesis why they built the Utah Data Center In bluff stable and all the efforts of the chooses CHQ with the new headquarters in Cheltenham there is something fishy still inside all or most of the mobile handset and the 1st and foremost aspect is the Android system because there's always go after this is the the operating
systems that have the most of the market share of 1st that's only natural 1st they went the windows hello afterwards the went after the mobile windows which is called and read so In the NSA runs linux so you choose you should use it to
I'll tell you when uh somebody came up right after the bull run program surface for the 1st time people came up in there in the kernel programming circles around leanest told and said all my i we have this you will you see the RBG In the current low we'll through all the all moles Linares really got angry read the specifications and use all the Linux operating system uses 7 6 or 7 different random number generators and does not rely on 1 that is possibly in built into the hardware that is my suspicion these I don't think it's a it's the same dual you see the RBG but now let but managed a breakthrough sound what somehow around by the end of 2008 2 thousand start beginning of 2009 because then all the data flow that came in and it's still on the handsets we don't know exactly where it's it's because it's very hard
to tell you can't look into their hardware of these tiny things easily it's a long long process to region near that but I don't do which now don't do it on mobile machines while you can delete but don't expect in a security than tools like tall tales and travel without TIR encrypt every make e-mail traffic when possible let's not make this complicated 100 secure 100 % security is neither society nor possible and every step you choose to add up the of just a bit of security to your communications complicates the processes so you can start slowly fading
out if you use some of these methods because your profiles we'll
start getting blurred so these books are not wizards but bureaucrats and every stamped take spend years it the last effort I remember was the indices Clipper chip into that in 1995 well that was scrapped and the Clipper Chip was
nothing but a piece of hardware that should have been built in into every machine it would increase its nicely in between but the NSA will be able to open it easily so
that did not work because industry didn't wanted it took them it took them years to regain this position so that's more or less very quickly what the gist of what I can tell you I will I repeat everybody or once a documents of them with you with me and thank if you want to take a look at them you can bit into the ongoing so in a standards committee that is concerned with surveillance they call it lawful interception that's where you can reach me and all the everything I told you I've described in everything epically here on
the blog I'm doing for a war effort adopt AT described everything and it it is in german I just did it
in English here to spare said
certain people the troubles of translating it we have a good at-bat them occluded interpretation they they don't get this is they they just don't get it imagine there analysts opined that the in somewhere in data centers they are not allowed to
talk freely to anybody but to those who will rule of sport the same security clearances then then they have no ideas about have not that's no ideas about um well coded speech social elect the can't
interpret them because you just need to look at I R a t i r i e a r P a that intelligence Advanced Research Project Projects Agency agency this is nothing but the NSA research agency and the Freud it's full of projects that are about automatic interpretation of contents the intercepted so don't despair are this is just the bad face but it will turn around and I'll tell you the black budget in the US is about 50 billions that's about the same as the yearly revenue just of Google we have not counted in Facebook we have not counted in Microsoft and they are all interested to make the systems more secure because there no business will go down if they don't do so the thank you that's from me and if there are any questions so I will be here the outside world if you if you want to us personally I'll be available around here all the days of you can as either no events in English or like we can switch to german so it's no problem face and times and Italy what the we Eric um 1st
of all thanks a lot I appreciate what you're doing because you obviously researched the Lord and studies in and you put yourself into the public light here to explain of what to do so pressure some what you taught basically 2 to fight a war and I want us a question about it because I don't want to fight a war basically that's not the society and want to live I would like to ask you to describe a utopia that won't where you would like to live with which is mines which is not like a dystopian like 1984 we have seen it is supposed to vote where there is privacy which is possible where you can and analyze private data in a secure way but not destroyed all kinds of 1 I maintain maps and other services that we want to have that the reason why we buy the smartphones because you want to use the new world describe how it can be that's my question how can we do it in a positive way this
is only the question this is a really a difficult question nobody of FASyS against e-commerce nobody's is of of us is against electronic banking because it's use useful but
um don't do it from mobile the you know much more secure on a bigger machine with a real operating system on it because there are more factors in it more randomness tendency in tendency more randomness but you need to start you need to stop narrow and appointees and industry have the same interests here and it's at the end their interests it's against the interests of the secret services so we are not in such a weak position but you know industries always and a bit cause shows uh and uh they don't want to talk openly but I would appreciate it if we had people from banks from e-commerce websites here we don't want to destroy anything we like these things where the with technical affinity so why why would we destroy the
snow what we got to destroy and I'm afraid there is some kind of war we we're going to fight because it already has started and we did not stop it the other side is started Bull Run indeed cheated as similar wall they choose these words deliberately they know what they are doing so we must defend ourselves on all possible levels what I told you is just the simple aah roundup of of possible measures measures let's say parts of a possible strategy nothing else the tactics after you because you must defend the net everybody
otherwise we will be done and industry will be done as well because if nobody trusts online banking nobody will do it uh I was this was that sufficient
that you and I the and the through here and and there on 2 and a half and Yemeni but they need to fucking secure it to the united expensive sorry but the we know business will prove more expensive the fact that they will not take from me as I don't see any more questions thank you thank
you in the
Lineares Funktional
Datennetz
Besprechung/Interview
Telekommunikation
Baumechanik
Information
Baumechanik
Gerade
Gruppenoperation
Forcing
Datennetz
Datenerfassung
Affiner Raum
Wort <Informatik>
Telekommunikation
Mereologie
Kontrollstruktur
Weg <Topologie>
Browser
Mathematisierung
Instant Messaging
Analysis
Internetworking
Zufallszahlen
Standardabweichung
Kryptologie
Datennetz
Protokoll <Datenverarbeitungssystem>
Kontrollstruktur
Maßerweiterung
Konfigurationsraum
Analysis
Interpretierer
Bruchrechnung
Protokoll <Datenverarbeitungssystem>
Datennetz
Kryptologie
Browser
Zufallsgenerator
Rechter Winkel
Mereologie
Cookie <Internet>
Identifizierbarkeit
Schlüsselverwaltung
Standardabweichung
Poisson-Prozess
Bit
Dualitätstheorie
Prozess <Physik>
Gruppenkeim
Zahlenbereich
Maßerweiterung
Information
Chiffrierung
Virtuelle Maschine
Zufallszahlen
Kryptologie
Morphismus
Protokoll <Datenverarbeitungssystem>
Randomisierung
Maßerweiterung
Optimierung
Elliptische Kurve
Implementierung
Autorisierung
Protokoll <Datenverarbeitungssystem>
Zwei
Kryptologie
TLS
Teilbarkeit
Zufallsgenerator
Chiffrierung
ATM
Information
p-Block
Standardabweichung
Aggregatzustand
Dualitätstheorie
Online-Katalog
Element <Mathematik>
Maßerweiterung
Zählen
Computeranimation
Stromchiffre
Chiffrierung
Internettelefonie
Zufallszahlen
Standardabweichung
Mustersprache
Protokoll <Datenverarbeitungssystem>
Vorlesung/Konferenz
Maßerweiterung
Elliptische Kurve
Implementierung
ATM
Protokoll <Datenverarbeitungssystem>
Kryptologie
Element <Gruppentheorie>
TLS
p-Block
Echtzeitsystem
ATM
p-Block
Streaming <Kommunikationstechnik>
Informationssystem
Standardabweichung
ATM
Protokoll <Datenverarbeitungssystem>
Elektronischer Programmführer
Computersicherheit
Gruppenkeim
Element <Gruppentheorie>
Ähnlichkeitsgeometrie
Element <Mathematik>
E-Mail
Nonstandard-Analysis
Stromchiffre
Strahlensätze
Standardabweichung
Protokoll <Datenverarbeitungssystem>
Elliptische Kurve
Informationssystem
Ebene
Kraftfahrzeugmechatroniker
Web Site
Prozess <Physik>
Nummerung
Gerade
Nabel <Mathematik>
Computeranimation
Übergang
Zufallsgenerator
Tablet PC
Ereignishorizont
Schlüsselverwaltung
Smartphone
Ebene
Soundverarbeitung
Zentrische Streckung
Kraftfahrzeugmechatroniker
Softwareentwickler
Prozess <Physik>
Datennetz
Machsches Prinzip
Gruppenkeim
Zahlenbereich
Physikalisches System
Nummerung
Gesetz <Physik>
Computeranimation
Systemprogrammierung
Strahlensätze
Generator <Informatik>
Bildschirmmaske
Unterring
Einheit <Mathematik>
Menge
Kryptologie
Mereologie
Notepad-Computer
Projektive Ebene
Generator <Informatik>
Einflussgröße
Web Site
Mathematisierung
Zahlenbereich
Maßerweiterung
Element <Mathematik>
Nummerung
Ähnlichkeitsgeometrie
Systemprogrammierung
Perspektive
Schlüsselverteilung
Mobiles Internet
Kontrollstruktur
Generator <Informatik>
Autorisierung
Kraftfahrzeugmechatroniker
Konstruktor <Informatik>
Multifunktion
Softwareentwickler
Datennetz
Betafunktion
Kryptologie
Mobiles Internet
Browser
Flüssiger Zustand
Mixed Reality
TLS
Ähnlichkeitsgeometrie
Algorithmische Programmiersprache
Zufallsgenerator
Chiffrierung
Mereologie
Schlüsselverwaltung
Prozess <Physik>
Kontrollstruktur
Zahlenbereich
Übergang
Streaming <Kommunikationstechnik>
Virtuelle Maschine
Zufallszahlen
Kryptologie
Randomisierung
Mobiles Internet
Maßerweiterung
Optimierung
Softwareentwickler
Expertensystem
Sinusfunktion
Kraftfahrzeugmechatroniker
Matching <Graphentheorie>
Datennetz
Benutzerfreundlichkeit
Computersicherheit
Kryptologie
TLS
Nummerung
Störungstheorie
Baumechanik
Flüssiger Zustand
Teilbarkeit
TLS
Zufallsgenerator
Chiffrierung
Mereologie
Strategisches Spiel
Schlüsselverwaltung
Term
Standardabweichung
Fitnessfunktion
Datennetz
Mobiles Internet
TLS
Baumechanik
Term
Computeranimation
Expertensystem
Einfach zusammenhängender Raum
Zentrische Streckung
Nichtlinearer Operator
Subtraktion
Stabilitätstheorie <Logik>
Prozess <Physik>
Hardware
Browser
Browser
Physikalisches System
Baumechanik
Humanoider Roboter
E-Mail
Statistische Hypothese
Systemprogrammierung
Dienst <Informatik>
Rechter Winkel
Computersicherheit
Identifizierbarkeit
Optimierung
Hardware
Subtraktion
Kreisfläche
Hardware
Gemeinsamer Speicher
Browser
Physikalisches System
E-Mail
Datenfluss
Kernel <Informatik>
Zufallsgenerator
Systemprogrammierung
Chiffrierung
Flächentheorie
Netzbetriebssystem
Bildschirmfenster
Computersicherheit
Optimierung
Hardware
Telekommunikation
Bit
Hardware
Prozess <Physik>
Computersicherheit
Browser
Profil <Aerodynamik>
E-Mail
Virtuelle Maschine
Systemprogrammierung
Chiffrierung
Computersicherheit
E-Mail
Hardware
Systemprogrammierung
Chiffrierung
Virtuelle Maschine
Hardware
Computersicherheit
Browser
Entropie
Indexberechnung
E-Mail
Computeranimation
Hardware
Strahlensätze
Web log
Ortsoperator
Elektronischer Fingerabdruck
Gesetz <Physik>
Standardabweichung
Rechenzentrum
Interpretierer
SGML
Computersicherheit
Elektronischer Fingerabdruck
Computeranimation
Mapping <Computergraphik>
Beobachtungsstudie
Interpretierer
Dienst <Informatik>
Datenmissbrauch
Facebook
Elektronischer Fingerabdruck
Projektive Ebene
Physikalisches System
Inhalt <Mathematik>
Smartphone
Ereignishorizont
Data Mining
Web Site
Bit
Ortsoperator
Physikalischer Effekt
Teilbarkeit
Computeranimation
Virtuelle Maschine
Dienst <Informatik>
Reelle Zahl
Netzbetriebssystem
Elektronischer Fingerabdruck
Randomisierung
Affiner Raum
Telebanking
Mereologie
Elektronischer Fingerabdruck
Strategisches Spiel
Vorlesung/Konferenz
Wort <Informatik>
Telebanking
Einflussgröße
Übergang
Datenerfassung
Elektronischer Fingerabdruck

Metadaten

Formale Metadaten

Titel Civil Society Information Defense
Serientitel re:publica 2014
Anzahl der Teile 126
Autor Moechel, Erich
Lizenz CC-Namensnennung - Weitergabe unter gleichen Bedingungen 3.0 Deutschland:
Sie dürfen das Werk bzw. den Inhalt zu jedem legalen Zweck nutzen, verändern und in unveränderter oder veränderter Form vervielfältigen, verbreiten und öffentlich zugänglich machen, sofern Sie den Namen des Autors/Rechteinhabers in der von ihm festgelegten Weise nennen und das Werk bzw. diesen Inhalt auch in veränderter Form nur unter den Bedingungen dieser Lizenz weitergeben.
DOI 10.5446/33305
Herausgeber re:publica
Erscheinungsjahr 2014
Sprache Englisch

Inhaltliche Metadaten

Fachgebiet Informatik
Abstract Civil society networks are under persistent attacks by military intelligence around the globe. These massive attacks need to be addressed on the political level, of course. Action must yet start on the technical layer. Defend your own communications and thus support defending all. -- Here is a selection of simple but altogether pretty effective countermeasures to harden and obfuscate your communication lines.

Ähnliche Filme

Loading...
Feedback