Communications security for journalists

Post on 25-Jan-2015

1,523 views 5 download

Preview:

Click to see full reader
Report this document
SHARE

description

 

transcript

Communications security for journalists

Ian BrownHidden Footprints Ltd.

Introduction A rough guide to the Internet and

cryptography Secure Web-based e-mail Pretty Good Privacy – PGP Securing phone calls Traffic analysis Freedom

The Internet All data – e-mail, Web pages, files –

is sent using the Internet Protocol (IP)

This chops up information into small ‘packets’ that can flow by many routes across the Internet

Web and mail servers can be anywhere on the Internet

Internet surveillance Packets can be monitored at many

points – from you to ISP, on their network, en route to destination

Servers can also monitor messages, Web pages visited, etc.

Even your PC is vulnerable

Cryptography Fundamental technology to protect

information Data is encrypted and decrypted using

secret “keys” Public-key cryptography uses a pair of

keys: one public, one private You can also digitally sign information In common use as SSL

Secure e-mail Messages travel through your ISP’s

mail server, and wait at the recipient’s ISP until collected

Encryption should be end-to-end PGP most commonly used

An encrypted message

Secure Web mail Even if accessed using SSL,

messages still sit unprotected at most Web mail servers like Hotmail

Hushmail runs Java applet on your computer than encrypts end-to-end if your correspondent also uses the service

Secure phone calls Starium

producing Palm-sized voice encryptor

Automatically protects calls to other Starium users

$699

Traffic analysis Starium and PGP don’t hide who you

are talking to, and when This leaves a nasty trail for

investigators to follow to both of you RIP allows relatively easy access to

traffic logs Also reveals Web sites you have

visited

Web server logs17:gateway1.gsi.gov.uk - - [08/May/2000:11:42:44 +0100] "GET /staff/I.Brown/archives/ukcrypto/0200-0500/threads.html HTTP/1.0" 200 22993617:gateway1.gsi.gov.uk - - [08/May/2000:11:43:14 +0100] "GET /staff/I.Brown/archives/ukcrypto/0200-0500/msg01632.html HTTP/1.0" 200 494417:legion.dera.gov.uk - - [08/May/2000:15:37:31 +0100] "GET /staff/I.Brown/archives/ukcrypto/0898-1198/msg00195.html HTTP/1.0" 200 686917:horde.dera.gov.uk - - [09/May/2000:09:21:44 +0100] "GET /staff/I.Brown/archives/ukcrypto/0799-1099/msg00946.html HTTP/1.0" 200 332317:horde.dera.gov.uk - - [09/May/2000:10:33:23 +0100] "GET /staff/I.Brown/archives/ukcrypto/ HTTP/1.0" 200 511820:gatekeeper.hertscc.gov.uk - - [05/Jun/2000:17:12:22 +0100] "GET /staff/I.Brown/pimms/index.html HTTP/1.0" 200 35320:gatekeeper.hertscc.gov.uk - - [05/Jun/2000:17:12:23 +0100] "GET /staff/I.Brown/pimms/toc.html HTTP/1.0" 200 138320:gatekeeper.hertscc.gov.uk - - [05/Jun/2000:17:12:24 +0100] "GET /staff/I.Brown/pimms/bottle.gif HTTP/1.0" 200 949920:gateway.bradford.gov.uk - - [06/Jun/2000:08:42:09 +0100] "GET /staff/I.Brown/archives/ukcrypto/0399-0699/msg00663.html HTTP/1.1" 200 42720:gatekeeper.bournemouth.gov.uk - - [08/Jun/2000:00:42:40 +0100] "GET /staff/I.Brown/archives/ukcrypto/0898-1198/msg00002.html HTTP/1.0" 21:mail.braintree.gov.uk - - [16/Jun/2000:11:18:06 +0100] "GET /staff/I.Brown/archives/ukcrypto/1199-0100/msg00266.html HTTP/1.0" 200 366122:wp.eris.dera.gov.uk - - [13/Jul/2000:11:24:42 +0100] "GET /staff/I.Brown/archives/ukcrypto/0799-1099/msg00508.html HTTP/1.0" 200 426522:gtfw1.doh.gov.uk - - [14/Jul/2000:19:02:16 +0100] "GET /staff/I.Brown/archives/ukcrypto/l HTTP/1.0" 404 24422:gtfw1.doh.gov.uk - - [14/Jul/2000:19:02:25 +0100] "GET /staff/I.Brown/archives/ukcrypto HTTP/1.0" 302 41122:gatekeeper.bournemouth.gov.uk - - [16/Jul/2000:08:24:10 +0100] "GET /staff/I.Brown/archives/ukcrypto/1198-0299/msg00293.html HTTP/1.0" 6:shadow.dera.gov.uk - - [05/Apr/2000:14:18:32 +0100] "GET /staff/i.brown/archives/ukcrypto/old/msg00112.html HTTP/1.0" 200 76986:proxy.hullcc.gov.uk - - [05/Apr/2000:16:50:21 +0100] "GET /staff/I.Brown/archives/ukcrypto/0497-1097/msg00014.html HTTP/1.0" 200 37257:Bouncer.nics.gov.uk - - [11/Apr/2000:10:31:17 +0100] "GET /staff/i.brown/archives/ukcrypto/1198-0299/msg00138.html HTTP/1.0" 200 43817:gateway1.gsi.gov.uk - - [11/Apr/2000:12:33:18 +0100] "GET /staff/I.Brown/archives/ukcrypto/0200-0500/threads.html HTTP/1.0" 200 1423897:gateway1.gsi.gov.uk - - [11/Apr/2000:14:35:19 +0100] "GET /staff/I.Brown/archives/ukcrypto/0200-0500/threads.html HTTP/1.0" 200 1426747:gtfw1.doh.gov.uk - - [12/Apr/2000:11:13:31 +0100] "GET /staff/I.Brown/archives/ukcrypto/0497-1097/msg00245.html HTTP/1.0" 200 47147:gtfw1.doh.gov.uk - - [12/Apr/2000:11:14:33 +0100] "GET /staff/I.Brown/archives/ukcrypto/0497-1097/msg00234.html HTTP/1.0" 200 4811

Freedom from ZeroKnowledge Systems can provide content and traffic analysis protection over the Internet

Automatically reroutes your traffic through the encrypted Freedom network

Works best with support at both ends

                                       

Freedom

Marked files and messages Be very careful about keeping

original messages and files from sources

They contain all sorts of hints that may lead back to their sender

Fingerprints may have been subtly inserted

Use secure delete; remember backups

E-mail trails

Messages are full of clues about their origins

Tracing IP addresses

Conclusions Communications security is

difficult! Traffic data may be more

important than content Security software will get better Legal environment may get worse

Links

http://www.pgp.com/http://www.hushmail.com/http://www.starium.com/http://www.freedom.net/http://www.cs.ucl.ac.uk/staff/I.Brown/

Top related

COMSEC (Communications Security)
Documents
Network and Communications Network Security
Documents
Communications Security
Documents
Communications Security Yaakov (J) Stein CTO. Communications Security 2 Communications security (COMSEC) means preventing unauthorized access to communications.
Documents
Chiron Security Communications Ltd
Documents
Information Security and Communications …library.iugaza.edu.ps/thesis/109747.pdfInformation Security and Communications Management in light ... ISO/IEC 27001 ... Information Security
Documents
INF3510 Information Security Lecture 10: Communications Security · INF3510 Information Security Lecture 10: Communications Security University of Oslo ... 10 . OSI model vs. TCP/IP
Documents
Security in V2X Communications
Technology
Communications-Electronics Security Group
Documents
ELECTRONIC COMMUNICATIONS SURVEILLANCE: WHAT JOURNALISTS ... · ELECTRONIC COMMUNICATIONS SURVEILLANCE: WHAT JOURNALISTS AND MEDIA ORGANIZATIONS NEED TO KNOW Jennifer R. Henrichsen
Documents
Information Security for Journalists · world. This could pose an information security risk to investigative journalists working on stories concerning the interests of those governments,
Documents
Communications Infrastructure Security
Documents
SECURITY & COMMUNICATIONS SYSTEMS SECURITY
Documents
COMMUNICATIONS HARDWARE - - Reliable Security
Documents
Communications Security Establishment (CSE)
Documents
COMMUNICATIONS - - Reliable Security Information
Documents
Regional journalists' source protection and information security practice
Education
Information Security for Journalists - tcij.org | for Journalists V1... · Information Security for Journalists ... stored and subject to analysis. As ... A general purpose browser
Documents
Tata Communications Managed Security Services...Tata Communications Managed Security Services. 2 Tata Communications Cloud-based Security Evolution Not Revolution. Executive Overview
Documents
Communications, Research, and Data Some Introductory Tips ......Apr 15, 2016  · SPJ Region 9 - April 15, 2016 Journalists and Security Tools Some Introductory Tips on Protecting
Documents

Copyright © 2018 DOCUMENTS