› Forums › Security › News (Security) › Against the Law: Countering Lawful Abuses of Digital Surveillance · The Journal of Open Engineering
Tagged: Governance_G12, SecureElement_H11, Security_S12
- This topic has 1 voice and 0 replies.
-
AuthorPosts
-
-
October 28, 2019 at 4:34 am #35914
#News(Security) [ via IoTGroup ]
Headings…
Against the Law: Countering Lawful Abuses of Digital Surveillance
Introduction and Problem Statement
Approach and Goals
Faraday Cages Alone are Not an Option
Methods & Results
Methods that Do Not Meet our Criteria
Methods that Do Meet our Criteria
Cellular Modem Introspection
WiFi & Bluetooth Introspection
GPS IntrospectionAuto extracted Text……
Completely open source and user-inspectable (“You don’t have to trust us”) Introspection operations are performed by an execution domain completely separated from the phone’s CPU (“don’t rely on those with impaired judgment to fairly judge their state”)
While Faraday cages are simple in concept, any slot or hole in the cage, intentional or unintentional, will leak radiation. For example, creating an aperture for photography and control of the camera function would irreparably compromise the efficacy of the Faraday cage. Thus, any effective Faraday cage would run counter to the basic requirement that the phone be usable as a journalistic tool. The purpose of direct introspection is to enable journalists to carry a single, compact tool that can take photographs, shoot video, record audio, and serve as a word processor without betraying their position in the field. Forcing a reporter to choose between their safety – that is, keeping their phone in a Faraday cage – and taking photographs in the field violates goal number 8. Furthermore, asking reporters deep in war zones to carry a separate camera, audio recorder, and word processor to avoid surveillance is also not a practical option.
Proper operation of introspection system can be field-verified (guard against “evil maid” attacks and hardware failures) Difficult to trigger a false positive (users ignore or disable security alerts when there are too many positives) Difficult to induce a false negative, even with signed firmware updates (“don’t trust the system vendor” – state-level adversaries with full cooperation of system vendors should not be able to craft signed firmware updates that spoof or bypass the introspection engine) As much as possible, the introspection system should be passive and difficult to detect by the phone’s operating system (prevent black-listing/targeting of users based on introspection engine signatures) Simple, intuitive user interface requiring no specialized knowledge to interpret or operate (avoid user error leading to false negatives; “journalists shouldn’t have to be cryptographers to be safe”) Final solution should be usable on a daily basis, with minimal impact on workflow (avoid forcing field reporters into the choice between their personal security and being an effective journalist)
Thus, depending on the user’s threat model, the WLAN_PERST defeat may be a simple but effective method to defeat several radios with a single signal, but it may also give away information to advanced adversaries on the presence of an Introspection Engine.
The Introspection Engine is also designed for easy self-test, in the sense that one can verify that introspection is working by simply bringing the phone out of airplane mode and observing that all the monitored signals go live
Read More..
AutoTextExtraction by Working BoT using SmartNews 1.0299999999 Build 26 Aug 2019
-
-
AuthorPosts
- You must be logged in to reply to this topic.