mist2012 panel discussion-ruo ando
DESCRIPTION
this file is used in MIST 2012 (4th International Workshop on Managing Insider Security Threats).TRANSCRIPT
MIST 2012Panel Discussion: “Key Challenges in Defending Against Insider Threats”
Ruo AndoNational Institute of Information and
Communication TechnologyTokyo, Japan
Outline: insider threat and data leakage
Information leakage is one of the most serious damages caused by insider threat. In this talk, I will introduce some key issues about ex-post countermeasures of information leakage
①First, "Data lives forever" problem is introduced. Once sensitive information is leaked over Internet, we have no effectivecountermeasures to nullify it. Some topics such as advanced secret sharing and right to be forgotten will be noted. ②Second, I will talk briefly about "Data sovereignty" to provide a logical and technical basis for tracking spread information. PDP (provable data possession) could be one of solutions.
Finally, I will present some actual cases about these problems.
Insider Threats and Information leakage
Stolen document14%
LostTape 14%
Disposal Document 14%
Data lives forever:Once sensitive data is released to network, it circulates forever.
Information leak: retroactive disclosureSensitive data could retrieved and retroactivated as offense.
2012/11 http://www.datalossdb.org
Attacks from outside by hackingis motivated for botNet, FaaS etc.
Data Leakage is one of the main purpose of insider attack. Besides, this kind of threat causes retroactive disclosure.
Incidents by Breach Type
Social Engineering And APT is sometimes So hard to be prevented Technically.
Can retroactivation as offense be mitigated ?Is ex-post countermeasure possible ?
2008 2010
Trojans, Virtuses, other malware 54 78
Spyware 48 74
Hackers 41 67
Employees exposing information
52 66
Equipment misconfiguration 41 61
Application Vulnerabilities 44 59
Spam 39 58
Data stolen by trusted party 38 53
Insider sabotage 34 49
Top threats to enterprise securityIDC’s survey
Is it possible to preventUploading sensitive files ?
2012/08Dropbox Confirms User Email Leaks – Adds Additional
Protection
Is it unstoppable even if we adopt domain seizure in Amazon EC2 ?
DLP can protect sensitive data sent from SNS ?
Japan’s case: information leakage via P2P networks
2009/04/02: Tokyo Rinkai Hospital – a list of 598inpatients information
2009/01/08: National Information-Technology Promotion Agency - a database of Ministry of Internal Affiars and National Patent Office
2010/10/30 Metropolitan Police Department taking charge of international terrorism splits a
confidential list over P2P networks
2008/03/22National Bank of
Japan leaks Confidential insider
information
2005/06Documents of nuclear power
plant of Mitsubishi was leaked.
Data Sovereignty in Cloud computing era
Data Sovereignty :- the coupling of stored data authenticity and geographical location in the cloud
However, as Cloud computing environment has become international, securing data sovereignty is harder and harder.
Technology of geolocation could be cheated. PDP (Provable Data Possession) could be one of the solutions for this problem.
A Position Paper on Data Sovereignty: The Importance of Geolocating Data in the Cloud Zachary N. J. Peterson, Mark Gondree, and Robert Beverly. USENIX Hot
Cloud 2011
Giuseppe Ateniese, Randal C. Burns, Reza Curtmola, Joseph Herring, Lea Kissner, Zachary N. J. Peterson, Dawn Xiaodong Song: Provable data possession at untrusted stores. ACM
CCS 2007
"Data lives forever" problem
• Wiki Leaks
WikiLeaks is an international organization that publishes submissions of
otherwise unavailable documents from anonymous sources and leaks.
On July 25, 2010, WikiLeaks released to The Guardian, The New York
Times, and Der Spiegel over 92,000 documentsrelated to the war in
Afghanistan between 2004 and the end of 2009.
• “Right to forget and delete”
European Commission sets out strategy to strengthen EU data protection
rules Nov 2010. “Controlling your information, having access to your data,
being able to modify or delete it – these are essential rights that have to be
guaranteed in today's digital world. “
P2P security VANISH: self destructing data
Roxana Geambasu, Tadayoshi Kohno, Amit Levy, Henry M. Levy. Vanish: Increasing Data Privacy with Self-Destructing Data. In Proceedings of the USENIX Security Symposium, Montreal, Canada, August 2009.
Technology: Secret sharing protocol and DHT
In vanish system, shared file is disappeared from network in a fixed interval.
Bob sends {C,L} to Alice. VANISH is implemented for Vuse DHT.
RANDOM INDEXES (L)
Data, timeout
K1
K2
KN
C=Ek(data)
Data, timeout
RANDOM INDEXES (L)
data=Dk(C)
{C,L}
P2P security UNVANISH: reconstructing data
Defeating Vanish with Low-Cost Sybil Attacks Against Large DHTsScott Wolchok, Owen S. Hofmann, Nadia Heninger, Edward W. Felten, J. Alex Halderman, Christopher J. Rossbach, Brent Waters, and Emmett Witchel, Network and IT Security Conference: NDSS 2010
UNVANISH mounts sybil nodes into DHT to replicate Ek hash to reconstruct data.
RANDOM INDEXES (L)
Data, timeout
K1
K2
KN
C=Ek(data)
Data, timeout
RANDOM INDEXES (L)
data=Dk(C)
{C,L}
UNVANISH
Example:Propagation speed over DHT network
node
0
2000000
4000000
6000000
8000000
10000000
12000000
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26
diff
10000
100000
1000000
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26
In first 4 hours, we can obtain
more than 4000000 peers!
After 5 hours, Δ ( increasing) become stable
Bit Torrent traffic rate of all internet estimates
“① 55%” - CableLabs About an half of upstream traffic of CATV.
“② 35%” - CacheLogic“LIVEWIRE - File-sharing network thrives beneath the Radar”
“③ 60%” - documents in www.sans.edu“It is estimated that more than 60% of the traffic on the internet is peer-to-peer.”