Data Security and Keeping Secrets

CS 463 Lecture, Dr. Lawlor

"Three people may keep a secret, if two of them are dead."
    -- Ben Franklin

I personally have a really hard time with secrets.  My job is explaining things to people.  Basically all the software I write is open source.

Yet I still have secrets.  I can't give out my passwords, my bank account numbers, my SSH private keys, or my social security number without losing control over my identity.

The folks breaking into the Linux kernel distribution site kernel.org aren't trying to "steal the source code", which would be absurd since the whole point of kernel.org is to give out the source code.  They're trying to modify the official copy of the source code, thus placing a back door in the millions of computers, cellphones, and industrial control systems that use this software.  Back doors are a key difference between the control required for open-source code, and the looser access to open-access text such as Wikipedia, where the damage due to vandalism is narrower.

Authentication

Financial fraud is extremely widespread, and the insecurity of our electronic communications systems actually simplify things for the bad guys.  Hint: the US government's Office of Comptroller of the Currency is unlikely to have a 2012 email address of "occ@aol.com"

Unsophisticated attacks are mostly intended for unsophisticated users, but there is a harder problem here.  How can you reliably distinguish between a fake phishing password reset email, and a real password reset email?
Phishing email
Above: phishing email.  Below: legitimate email.  (Images only, links won't work.)

Actual legitimate email
The authentication problem is hard, but public key encryption provides several tools that can be used for this.  The certificate chain used for https uses public key encryption, and does a pretty solid job of identity verification on the sites you visit.

Secrets versus Accountability

In most organizations, the payroll processing system is fairly tricky to set up correctly, since you normally want to keep salaries secret (though not at UAF!), and certainly must keep blank check stock and account credentials secret.  Yet you also need sufficient transparency and auditing to make it difficult for a corrupt employee to embezzle payroll money: by paying fictional employees, paying real employees too much and splitting the difference with them, diverting money withheld for retirement or taxes, etc.

Some organizations have even harder problems.  Say you're working in Human Resources at the CIA.  Seemingly simple tasks like paying employees become difficult when the employee is not only behind enemy lines, but working at enemy headquarters--thus, simply mailing your informant a check or a tax form could get them killed!  If you're running the CIA payroll, consider the difficulty of distinguishing these situations:
Activity
 Authorized Uses
 Unauthorized Uses
Read
 Direct deposit paychecks.
Audit informant list.
 Steal bank account numbers.
Sell informant list.
Write (modify)
 Hire new employees.
Fire employees.
 Pay fake employees.
Burn current employees.

There isn't a general technical solution to these challenges, but cryptography provides some options--for example, you could hide employee identities behind a one-way hash function, or encode authorization using public key cryptography.

How paranoid do you need to be?

Some organizations, like intelligence services, know they're targeted, and act accordingly.  This means the backup CIA payroll computer, like the primary, probably sits in a vault with two armed guards, inside a bunker, inside a military base.  Backup tapes are hand-carried from the primary to the secondary by a carefully scripted, well defended transport system, then incinerated onsite.

Other organizations don't think of themselves as targets.  For example, this week southern restaurant chain Zaxby's had a suspected credit card data breach due to malware on dozens of their point-of-sale computers.  A number of breaches involve unencrypted USB drives, such as a series of disclosures involving millions of health care patients in British Columbia; but 94% of US hospitals reported a data breach in the last two years.  After a series of stolen laptops, NASA now has an agency-wide whole-disk encryption policy.

Basically everybody, and every organization, has at least some secrets that need to be protected.  This course will explore how to do that.