PDA

View Full Version : NSA: SIGINT Strategy, 2012-2016




tangent4ronpaul
11-23-2013, 03:17 AM
TOP SECRET//SI//REL TO USA, AUS, CAN, GBR, NZL
TOP SECRET//SI//REL TO USA, AUS, CAN, GBR, NZL

(U) SIGINT Strategy
2012-2016
23 February 2012

TOP SECRET//SI//REL TO USA, AUS, CAN, GBR, NZL
TOP SECRET//SI//REL TO USA, AUS, CAN, GBR, NZL

TOP SECRET//SI//REL TO USA, AUS, CAN, GBR, NZL
(U) Vision

(U) Ensure Signals Intelligence provides THE decisive edge in advancing the full spectrum of U.S. national
security interests.
(U) Mission
(U) Defend the nation through SIGINT-derived advantage with a skilled work force trained, equipped and
empowered to access and unlock the secrets of our adversaries.
(U) Values
(U) We will constantly strive to improve our knowledge, our people, our technology, and our products.
Through innovation and personalization, we will advance the SIGINT system. Our customers and
stakeholders can rely on us to provide timely, high quality products and services, because we never stop
innovating and improving, and we never give up!
(U) The Environment
(U//FOUO) For decades, Signals Intelligence has sustained deep and persistent access to all manner of
adversaries to inform and guide the actions and decisions of Presidents, military commanders, policy
makers and clandestine service officers. As the world has changed, and global interdependence and the
advent of the information age have transformed the nature of our target space, we have adapted in
innovative and creative ways that have led some to describe the current day as “the golden age of
SIGINT.”
(U//FOUO) That reputation was hard-won, but will only endure if we keep sight of the dynamic and
increasingly market driven forces that continue to shape the SIGINT battle space. We must proactively
position ourselves to dominate that environment across discovery, access, exploitation, analysis,
collaboration and in the products and services we provide. The SIGINT system and our interaction
therein must be as agile and dynamic as the information space we confront.
(U//FOUO) The mission space for SIGINT in the years ahead will continue to grow at a rapid pace
amidst a dramatically new set of challenges:
(U//FOUO) The interpretation and guidelines for applying our authorities, and in some cases the
authorities themselves, have not kept pace with the complexity of the technology and target
environments, or the operational expectations levied on NSA’s mission.
• (U) Digital information created since 2006 grew tenfold, reaching 1.8 exabytes in 2011, a trend
projected to continue; ubiquitous computing is fundamentally changing how people interact as
individuals become untethered from information sources and their communications tools; and the
traces individuals leave when they interact with the global network will define the capacity to locate,
characterize and understand entities1.
1

(U) Center for the Study of Intelligence (2010) Where Tomorrow Will Take Us: The New Environment for Intelligence. August 2010

2
TOP SECRET//SI//REL TO USA, AUS, CAN, GBR, NZL

TOP SECRET//SI//REL TO USA, AUS, CAN, GBR, NZL

• (U) Cyberattacks offer a means for potential adversaries to overcome overwhelming U.S. advantages
in conventional military power and to do so in ways that are instantaneously and exceedingly hard to
trace. Such attacks may not cause the mass casualties of a nuclear strike, but they could paralyze U.S.
society all the same2.
• (U) The international system – as constructed following the Second World War – will be almost
unrecognizable by 2025 owing to the rise of emerging powers, a globalizing economy, an historic
transfer of relative wealth and economic power from West to East, and the growing influence of
non-state actors3.
(U) Expectations
(U//FOUO) The power of information, its short shelf life in the information age and the speed at which
it moves will set the conditions for how NSA interacts with customers. Transactional, passive or linear
relationships will be replaced by embedded, deeply interactive engagements. Existing investments in
cyber security will by necessity expand across the enterprise to meet the demand and speed of action
required to thwart our adversaries. To remain a value for the warfighter our information must be
immediately available at the lowest classification level. The nation will continue to depend upon NSA to
be the lead for the application of the science of cryptography, sustaining access and understanding of
data even as encryption becomes automatic, transparent and prolific. Products and services from NSA
will evolve into forms and across boundaries that mirror the networked and agile manner in which
people interact in the information age, and we will share information, responsibly and securely, with
external partners and customers.
(U//FOUO) For SIGINT to be optimally effective, legal, policy, and process authorities must be as
adaptive and dynamic as the technological and operational advances we seek to exploit. Nevertheless,
the culture of compliance, which has allowed the American people to entrust NSA with extraordinary
authorities, will not be compromised in the face of so many demands, even as we aggressively pursue
legal authorities and a policy framework mapped more fully to the information age.
(U//FOUO) To sustain current mission relevance and to meet the challenges, the Signals Intelligence
Directorate must undertake a profound and revolutionary shift from the mission approach which has
served us so well in the decades preceding the onset of the information age to a SIGINT system that is
as agile and dynamic as the information space we confront. The environment demands it, the capability
of the SIGINT system can achieve it and the work force has the creativity and the skill base to make it
possible.
(U//FOUO) What follow are the five challenge goals the SIGINT leadership has established to close gaps
between the environment and expectations over the next five years.

2(U)

Lynn, William J. III (2010). Defending a New Domain: The Pentagon’s Cyberstrategy. Foreign Affairs. September/October 2010. Vol
89, No 5, pp 97-108
3(U)

National Intelligence Council (2010) Global Trends 2020: A Transformed World. United States Government. November 2008

3
TOP SECRET//SI//REL TO USA, AUS, CAN, GBR, NZL


TOP SECRET//SI//REL TO USA, AUS, CAN, GBR, NZL

SIGINT Goals for 2012-2016
1. (U//FOUO) Revolutionize analysis – fundamentally shift our analytic approach from a production to
a discovery bias, enriched by innovative customer/partner engagement, radically increasing
operational impact across all mission domains.
1.1. (U//FOUO) Through advanced tradecraft and automation, dramatically increase mastery of the
global network
1.2. (U//FOUO) Conduct original analysis in a collaborative information space that mirrors how people
interact in the information age
1.3. (U//FOUO) Disseminate data at its first point of relevance, share bulk data, and enable customers
to address niche requirements
1.4. (U//FOUO) Drive an agile technology base mapped to the cognitive processes that underpin large
scale analysis, discovery, compliance and collaboration
2. (U//FOUO) Fully leverage internal and external NSA partnerships to collaboratively discover targets,
find their vulnerabilities, and overcome their network/communication defenses.
2.1. (U//FOUO) Bolster our arsenal of capabilities against the most critical cryptanalytic challenges
2.1.1. (S//SI//REL) Employ multidisciplinary approaches to cryptanalytic problems, leveraging and
integrating mid-point and end-point capabilities to enable cryptanalysis
2.1.2. (S//REL) Counter the challenge of ubiquitous, strong, commercial network encryption
2.1.3. (TS//SI//REL) Counter indigenous cryptographic programs by targeting their industrial bases
with all available SIGINT and HUMINT capabilities
2.1.4. (TS//SI//REL) Influence the global commercial encryption market through commercial
relationships, HUMINT, and second and third party partners
2.1.5. (S//SI//REL) Continue to invest in the industrial base and drive the state of the art for High
Performance Computing to maintain pre-eminent cryptanalytic capability for the nation
2.2. (TS//SI//REL) Defeat adversary cybersecurity practices in order to acquire the SIGINT data we
need from anyone, anytime, anywhere
2.3. (S//SI) Enable discovery capabilities and advanced tradecraft in the collection architecture to
enable the discovery of mission-critical persona, networks, accesses, signals and technologies
2.4. (S//SI) Integrate capabilities into the mission architecture, deepen workforce skill base in
advanced network and signals analysis, and optimize processes and policies for the benefit of discovery
3. (S//SI//REL) Dynamically integrate endpoint, midpoint, industrial-enabled, and cryptanalytic
capabilities to reach previously inaccessible targets in support of exploitation, cyber defense, and cyber
operations
3.1. (C//REL) Drive the SIGINT mission architecture to underpin synchronized, integrated,
multi-capability operations, extending it to mission partners
3.2. (TS//SI//REL) Integrate the SIGINT system into a national network of sensors which interactively
sense, respond, and alert one another at machine speed
3.3. (U//FOUO) Continuously rebalance our portfolio of accesses and access capabilities based on
current and projected contributions to key SIGINT missions
3.4. (S//SI//REL) Identify new access, collection, and exploitation methods by leveraging global
business trends in data and communications services

4
TOP SECRET//SI//REL TO USA, AUS, CAN, GBR, NZL


TOP SECRET//SI//REL TO USA, AUS, CAN, GBR, NZL

(U) In order to achieve these three mission goals, we must collectively liberate the innovation and
creativity of our workforce through technology, policies, and business processes – hence, the following
two goals have been set:
4. (U) Collectively foster an environment that encourages and rewards diversity, empowerment,
innovation, risk-taking and agility
4.1. (U) Empower employees to make decisions and drive change; invest in and reward innovation,
risk-taking, and teaming
4.2. (U//FOUO) Build compliance into systems and tools to ensure the workforce operates within the
law and without worry
4.3. (U) Work together to detail, implement, and evolve the strategy
4.4. (U) Provide everyone with the training and experiences necessary to lead the world’s most capable
SIGINT service and be competitive for Intelligence Community leadership positions
5. (U) Enable better, more efficient management of the mission and business by establishing new,
modifying current, and eliminating inefficient, business processes; by strengthening customer
relationships; and by building necessary internal and external partnerships.
5.1. (U//FOUO) Pursue, develop, and implement policy consistent with the pace and scope of
operations
5.2. (U//FOUO) Build into systems and tools, features that enable and automate end-to-end
value-based assessment of SIGINT products and services
5.3. (U//FOUO) Create and sustain a mission management environment that is autonomic and agile
5.4. (U//FOUO) Synchronize mission, budget and acquisition, and technology and research activities to
deliver the capabilities required to keep SIGINT relevant
5.5. (U) Align and standardize administrative business processes throughout the SIGINT enterprise to
reduce the bureaucratic burden on the enterprise
5.6. (U//FOUO) Champion the development of a unified NSA/CSS U.S. customer engagement strategy
that streamlines processes, increases resource efficiencies, eliminates redundancies, and strengthens
NSA relationships

5
TOP SECRET//SI//REL TO USA, AUS, CAN, GBR, NZL

-t

tangent4ronpaul
11-23-2013, 03:51 AM
And this is what the IETF wants to do about it....

http://www.ietf.org/id/draft-hallambaker-prismproof-req-00.txt

Internet Engineering Task Force (IETF) Phillip Hallam-Baker
Internet-Draft Comodo Group Inc.
Intended Status: Standards Track September 11, 2013
Expires: March 15, 2014


PRISM-Proof Security Considerations
draft-hallambaker-prismproof-req-00

Abstract

PRISM is reputed to be a classified US government that involves
covert interception of a substantial proportion of global Internet
traffic. This document describe the security concerns such a program
raises for Internet users and security controls that may be employed
to mitigate the risk of pervasive intercept capabilities regardless
of source.

Status of This Memo

This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.

Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.

Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."

Copyright Notice

Copyright (c) 2013 IETF Trust and the persons identified as the
document authors. All rights reserved.

This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.









Hallam-Baker March 15, 2014 [Page 1]

Internet-Draft Writing I-Ds using HTML September 2013

Table of Contents

1. Requirements . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Attack Degree . . . . . . . . . . . . . . . . . . . . . . . . 3
2.1. Content Disclosure . . . . . . . . . . . . . . . . . . . 3
2.2. Meta Data Analysis . . . . . . . . . . . . . . . . . . . 4
2.3. Traffic Analysis . . . . . . . . . . . . . . . . . . . . 4
2.4. Denial of Service . . . . . . . . . . . . . . . . . . . . 4
2.5. Protocol Exploit . . . . . . . . . . . . . . . . . . . . 5
3. Attacker Capabilities . . . . . . . . . . . . . . . . . . . . 5
3.1. Passive Observation . . . . . . . . . . . . . . . . . . . 5
3.2. Active Modification . . . . . . . . . . . . . . . . . . . 5
3.3. Cryptanalysis . . . . . . . . . . . . . . . . . . . . . . 6
3.4. Kleptography . . . . . . . . . . . . . . . . . . . . . . 6
3.4.1. Covert Channels in RSA . . . . . . . . . . . . . . . 6
3.4.2. Covert Channels in TLS, S/MIME, IPSEC . . . . . . . 6
3.4.3. Covert Channels in Symmetric Ciphers . . . . . . . . 7
3.4.4. Covert Channels in ECC Curves . . . . . . . . . . . 7
3.4.5. Unusable Cryptography . . . . . . . . . . . . . . . 7
3.5. Lawful Intercept . . . . . . . . . . . . . . . . . . . . 7
3.6. Subversion or Coercion of Intermediaries . . . . . . . . 7
3.6.1. Physical Plant . . . . . . . . . . . . . . . . . . . 8
3.6.2. Internet Service Providers . . . . . . . . . . . . . 8
3.6.3. Router . . . . . . . . . . . . . . . . . . . . . . . 8
3.6.4. End Point . . . . . . . . . . . . . . . . . . . . . 8
3.6.5. Cryptographic Hardware Providers . . . . . . . . . . 8
3.6.6. Certificate Authorities . . . . . . . . . . . . . . 8
3.6.7. Standards Organizations . . . . . . . . . . . . . . 9
4. Controls . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
4.1. Confidentiality . . . . . . . . . . . . . . . . . . . . . 9
4.1.1. Perfect Forward Secrecy . . . . . . . . . . . . . . 10
4.2. Policy, Audit and Transparency . . . . . . . . . . . . . 10
4.2.1. Policy . . . . . . . . . . . . . . . . . . . . . . 10
4.2.2. Audit . . . . . . . . . . . . . . . . . . . . . . . 10
4.2.3. Transparency . . . . . . . . . . . . . . . . . . . . 10
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 11


















Hallam-Baker March 15, 2014 [Page 2]

Internet-Draft Writing I-Ds using HTML September 2013

1. Requirements

PRISM is reputed to be a classified US government that involves
covert interception of a substantial proportion of global Internet
traffic. While the precise capabilities of PRISM are unknown the
program is believed to involve traffic and meta-data analysis and
that the intercepts are obtained with the assistance of
intermediaries trusted by Internet end users. Such intermediaries may
or may not include ISPs, backbone providers, hosted email providers
or Certificate Authorities.

Government intercept capabilities pose a security risk to Internet
users even when performed by a friendly government. While use of the
intercept capability may be intended to be restricted to counter-
terrorism and protecting national security, there is a long and
abundant history of such capabilities being abused. Furthermore an
agency that has been penetrated by an Internet privacy activist
seeking to expose the existence of such programs may be fairly
considered likely to be penetrated by hostile governments.

The term 'PRISM-Proof' is used in this series of documents to
describe a communications architecture that is designed to resist or
prevent all forms of covert intercept capability. The concerns to be
addressed are not restricted to the specific capabilities known or
suspected of being supported by PRISM or the NSA or even the US
government and its allies.

2. Attack Degree

Some forms of attack are much harder to protect against than others
and providing protection against some forms of attack may make
another form of attack easier.

The degrees of attack that are of concern depend on the security
concerns of the parties communicating.

2.1. Content Disclosure

Content disclosure is disclosure of the message content. In the case
of an email message disclosure of the subject line or any part of the
message body.

The IETF has a long history of working on technologies to protect
email message content from disclosure beginning with PEM and MOSS. At
present the IETF has two email security standards that address
confidentiality with incompatible message formats and different key
management and distribution approaches.

S/MIME and PGP may both be considered broken in that they reveal the
message subject line and content Meta-data such as the time. This
problem is easily addressed but at the cost of sacrificing backwards



Hallam-Baker March 15, 2014 [Page 3]

Internet-Draft Writing I-Ds using HTML September 2013

compatibility.

2.2. Meta Data Analysis

Meta Data is information that is included in a communication protocol
in addition to the content exchanged, This includes the sender and
receiver of a message, the time, date and headers describing the path
the message has taken in the Internet mail service. Meta-data
analysis permits an attacker to uncover the social network of parties
that are in frequent communication with each other.

Preventing disclosure of meta-data is possible through techniques
such as dead drops and onion routing but such approaches impose a
heavy efficiency penalty and it is generally considered preferable to
limit the parties capable of performing meta-data analysis instead.

The IETF STARTTLS extension to email permits the use of TLS to
encrypt SMTP traffic including meta-data. However use of STARTTLS has
two major limitations. First SMTP is a store and forward protocol and
STARTTLS only protects the messages hop-by-hop. Second there is
currently no infrastructure for determining that an SMTP service
offers STARTTLS support or to validate the credentials presented by
the remote server. The DANE Working Group is currently working on a
proposal to address the second limitation.

2.3. Traffic Analysis

Analysis of communication patterns may also leak information about
which parties are communicating, especially in the case of
synchronous protocols such as chat, voice and video.

Traffic analysis of store and forward protocols such as SMTP is more
challenging, particularly when billions of messages an hour may pass
between the major Webmail providers. But clues such as message length
may permit attackers more leverage than is generally expected.

2.4. Denial of Service

Providing protection against denial of service is frequently at odds
with other security objectives. In most situations it is preferable
for a mail client to not send a message in circumstances where there
is a risk of interception. Thus an attacker may be able to perform a
Denial of Service attack by creating the appearance of an intercept
risk.

Whether the potential compromise of confidentiality or service is
preferable depends on the circumstances. If critical infrastructure
such as electricity or water supply or the operation of a port
depends on messages getting through, it may be preferable to accept a
confidentiality compromise over a service compromise even though
confidentiality is also a significant concern.



Hallam-Baker March 15, 2014 [Page 4]

Internet-Draft Writing I-Ds using HTML September 2013


2.5. Protocol Exploit

Many protocols are vulnerable to attack at the application layer. For
example the use of JavaScript injection in HTML and SQL injection
attacks.

A recent trend in Internet chat services is to permit the
participants in a group chat to share links to images and other
content on other sites. Introducing a link into the chat session
causes every connected client to retrieve the linked resource, thus
allowing an attacker with access to the chat room to discover the IP
address of all the connected parties.

3. Attacker Capabilities

Some forms of attack are available to any actor while others are
restricted to actors with access to particular resources. Any party
with access to the Internet can perform a Denial of Service attack
while the ability to perform traffic analysis is limited to parties
with a certain level of network access.

A major constraint on most interception efforts is the need to
perform the attack covertly so as to not alert the parties to the
fact their communications are not secure and discourage them from
exchange of confidential information. Even governments that
intentionally disclose the ability to perform intercepts for purposes
of intimidation do not typically reveal intercept methods or the full
extent of their capabilities.

3.1. Passive Observation

Many parties have the ability to perform passive observation of parts
of the network. Only governments and large ISPs can feasibly observe
a large fraction of the network but every network provider can
monitor data and traffic on their own network and third parties can
frequently obtain data from wireless networks, exploiting
misconfiguration of firewalls, routers, etc.

A purely passive attack has the advantage to the attacker of being
difficult to detect and impossible to eliminate the possibility that
an intercept has taken place. Passive attacks are however limited in
the information they can reveal and easily defeated with relatively
simple cryptographic techniques.

3.2. Active Modification

Active attacks are more powerful but are more easily detected. Use of
TLS without verification of the end-entity credentials presented by
each side is sufficient to defeat a passive attack but is defeated by
a man-in-the-middle attack substituting false credentials.



Hallam-Baker March 15, 2014 [Page 5]

Internet-Draft Writing I-Ds using HTML September 2013


Active attacks may be used to defeat use of secure after first
contact approaches but at the cost of requiring interception of every
subsequent communication.

While many attackers have the ability to perform ad-hoc active attack
only a few parties have the ability to perform active attack
repeatedly and none can expect to do so with absolute reliability.

A major limitation on active attack is that an attacker can only
perform an active attack if the target is known in advance or the
target presents an opportunity that would compromise previous stored
communications.

3.3. Cryptanalysis

Many parties have the ability to perform cryptanalysis but government
cryptanalytic capabilities may be substantially greater.

3.4. Kleptography

Kleptography is persuading the party to be intercepted to use a form
of cryptography that the attacker knows they can break. Real life
examples of kleptography include the British government encouraging
the continued use of Enigma type cryptography machines by British
colonies after World War II and the requirement that early export
versions of Netscape Navigator and Internet Explorer use 40 bit
symmetric keys.

3.4.1. Covert Channels in RSA

One form of kleptography that is known to be feasible and is relevant
to IETF protocols is employing a RSA modulus to provide a covert
channel. In the normal RSA scheme we choose primes p and q and use
them to calculate n = pq. But the scheme works just as well if we
choose n' and p and look for a prime q in the vicinity of n'/p then
use p and q to calculate the final value of n. Since q ~= n'/p it
follows that n' ~= n. For a 2048 bit modulus, approximately 1000 bits
are available for use as a covert channel.

Such a covert channel may be used to leak some or all of the private
key or the seed used to generate it. The data may be encrypted to
avoid detection.

3.4.2. Covert Channels in TLS, S/MIME, IPSEC

Similar approaches may be used in any application software that has
knowledge of the actual private key. For example a TLS implementation
might use packet framing to leak the key.





Hallam-Baker March 15, 2014 [Page 6]

Internet-Draft Writing I-Ds using HTML September 2013

3.4.3. Covert Channels in Symmetric Ciphers

A hypothetical but unproven possibility is the construction of a
symmetric cipher with a backdoor. Such an attack is far beyond the
capabilities of the open field. A symmetric cipher with a perfect
backdoor would constitute a new form of public key cryptography more
powerful than any known to date. For purposes of kleptography however
it would be sufficient for a backdoor to limit the key space that an
attacker needed to search through brute force or have some other
limitation that is considered essential for public key cryptography.

3.4.4. Covert Channels in ECC Curves

Another hypothetical but unproven possibility is the construction of
a weak ECC Curve or a curve that incorporates a backdoor function. As
with symmetric ciphers, this would require a substantial advance on
the public state of the mathematical art.

3.4.5. Unusable Cryptography

A highly effective form of kleptography would be to make the
cryptographic system so difficult to use that nobody would bother to
do so.

3.5. Lawful Intercept

Lawful intercept is a form of coercion that is unique to government
actors by definition. Defeating court ordered intercept by a domestic
government is outside the scope of this document though defeating
foreign lawful intercept requests may be.

While the US government is known to practice Lawful Intercept under
court order and issue of National Security Letters of questionable
constitutional validity, the scope of such programs as revealed in
public documents and leaks from affected parties is considerably more
restricted than that of the purported PRISM program.

While a Lawful Intercept demand may in theory be directed against any
of the intermediaries listed in the following section on subversion
or coercion, the requirement to obtain court sanction constrains the
number and type of targets against which Lawful Intercept may be
sought and the means by which it is implemented. A court is unlikely
to sanction Lawful Intercept of opposition politicians for the
political benefit of current office holders.

3.6. Subversion or Coercion of Intermediaries

Subversion or coercion of intermediaries is a capability that is
almost entirely limited to state actors. A criminal organization may
coerce an intermediary in the short term but has little prospect of
succeeding in the long term.



Hallam-Baker March 15, 2014 [Page 7]

Internet-Draft Writing I-Ds using HTML September 2013


3.6.1. Physical Plant

The Internet is at base a collection of data moving over wires,
optical cables and radio links. Every form of interconnect that is a
practical means of high bandwidth communication is vulnerable to
interception at the physical layer. Attacks on physical interconnect
require only a knowledge of where the signal cables are routed and a
back hoe.

Even quantum techniques do not necessarily provide a guarantee of
security. While such techniques may be theoretically unbreakable, the
physical realization of such systems tend to fall short. As with the
'unbreakable' One Time Pad, the theoretical security tends to be
exceptionally fragile.

Attacks on the physical plant may enable high bandwidth passive
intercept capabilities and possibly even active capabilities.

3.6.2. Internet Service Providers

Internet Service Providers have access to the physical and network
layer data and are capable of passive or active attacks. ISPs have
established channels for handling Lawful Intercept requests and thus
any employee involved in an intercept request that was outside the
scope of those programs would be on notice that their activities are
criminal.

3.6.3. Router

Compromise of a router is an active attack that provides both passive
and active intercept capabilities. such compromise may be performed
by compromise of the device firmware or of the routing information.

3.6.4. End Point

Compromise of Internet endpoints may be achieved through insertion of
malware or coercion/suborning the platform provider.

3.6.5. Cryptographic Hardware Providers

Deployment of the 'kleptography' techniques described earlier
requires that the attacker be capable of controlling the
cryptographic equipment and software available to the end user.
Compromise of the cryptographic hardware provided is one means by
this might be achieved.








Hallam-Baker March 15, 2014 [Page 8]

Internet-Draft Writing I-Ds using HTML September 2013

3.6.6. Certificate Authorities

Certificate Authorities provide public key credentials to validated
key holders. While compromise of a Certificate Authority is certainly
possible, this is an active attack and the credentials created leave
permanent evidence of the attack.

3.6.7. Standards Organizations

Another route for deployment of cryptography would be to influence
the standards for use of cryptography although this would only permit
the use of kleptographic techniques that are not publicly known.

Another area of concern is that efforts to make strong cryptography
usable through deployment of key discovery infrastructure or security
policy infrastructure may have been intentionally delayed or
discouraged. The chief security failure of the Internet today is that
insecurity is the default and many attacks are able to circumvent
strong cryptography through a downgrade attack.

4. Controls

Traditionally a cryptographic protocol is designed to resist direct
attack with the assumption that protocols that provide protection
against targeted intercept will also provide protection against
pervasive intercept. Consideration of the specific constraints of
pervasive covert intercept demonstrates that a protocol need not
guarantee perfect protection against a targeted intercept to render
pervasive intercept infeasible.

One of the more worrying aspects of the attempt to defend the
legality of PRISM program is the assertion that passive intercept
does not constitute a search requiring court oversight. This suggests
that the NSA is passively monitoring all Internet traffic and that
any statement that a citizen might make in 2013 could potentially be
used in a criminal investigation that began in 2023.

At present Internet communications are typically sent in the clear
unless there is a particular confidentiality concern in which case
techniques that resist active attack are employed. A better approach
would be to always use encryption that resists passive attack,
recognizing that some applications also require resistance to active
attacks.

4.1. Confidentiality

Encryption provides a confidentiality control when the symmetric
encryption key is not known to or discoverable by the attacker. Use
of strong public cryptography provides a control against passive
attacks but not an active attack unless the communicating parties
have a means of verifying the credentials purporting to identify the



Hallam-Baker March 15, 2014 [Page 9]

Internet-Draft Writing I-Ds using HTML September 2013

parties.

4.1.1. Perfect Forward Secrecy

One of the main limitations of simple public key exchange schemes is
that compromise of an end entity decryption key results in compromise
of all the messages encrypted using that key. Perfect Forward Secrecy
is a misnomer for a technique that forces an attacker to compromise a
separate private key for every key exchange. This is usually achieved
by performing two layers of public key exchange using the credentials
of the parties to negotiate a temporary key which is in turn used to
derive the symmetric session key used for communications.

Perfect Forward Secrecy is a misnomer as the secrecy is not
'perfect', should the public key system used to identify the
principals be broken, it is likely that the temporary public key will
be vulnerable to cryptanalysis as well. The value of PFS is not that
it is 'perfect' but that it dramatically increases the cost of an
attack to an attacker.

4.2. Policy, Audit and Transparency

The most underdeveloped area of internet security to date is the lack
of a security policy infrastructure and the audit and transparency
capabilities to support it.

4.2.1. Policy

A security policy describes the security controls that a party
performs or offers to perform. One of the main failings in the
Internet architecture is that the parties have no infrastructure to
inform them of the security policy of the party they are attempting
to communicate with except for the case of Certificate Policy and
Certificate Practices Statements which are not machine readable
documents.

A machine readable policy stating that a party always offers a
minimum level of security provides protection against downgrade
attack.

4.2.2. Audit

Audit is verifying that a party is in compliance with its published
security policy. Some security policies are self-auditing (e.g.
advertising support for specific cryptographic protocols) others may
be audited by automatic means and some may require human
interpretation and evaluation.







Hallam-Baker March 15, 2014 [Page 10]

Internet-Draft Writing I-Ds using HTML September 2013

4.2.3. Transparency

A security policy is transparent if it may be audited using only
publicly available information.

An important application of transparency is by trusted intermediaries
to deter attempted coercion or to demonstrate that a coercion attempt
would be impractical.

Author's Address

Phillip Hallam-Baker
Comodo Group Inc.

philliph@comodo.com


=========

So, NSA has had a REALLY BAD summer and IETF is fighting back with these considerations and the main focus appears to be a put out IP6 2.0 with strong end to end encryption (everything is encrypted) and authentication.

Who do you think is winning?

Do you think it will be safe to use the Internet again?

This might take a little bit longer to fix than healthcare.gov ...

-t

tangent4ronpaul
11-23-2013, 10:08 AM
Hello peeps!

Feedback appreciated....

AHEM....

-t