Mist2012 panel discussion-ruo ando
Download as PPT, PDF•0 likes•369 views
The document discusses key challenges in defending against insider threats, specifically the problem of information leakage. It notes that once sensitive data is leaked online through means like file sharing networks, it can circulate forever on the internet. Technological solutions for tracking data spread, like provable data possession, and legal approaches around "right to be forgotten" are discussed. Examples of data leaks from government and healthcare organizations in Japan that occurred through peer-to-peer networks are also provided.
Mist2012 panel discussion-ruo ando
- 1. MIST 2012 Panel Discussion: “Key Challenges in Defending Against Insider Threats” Ruo Ando National Institute of Information and Communication Technology Tokyo, Japan
- 3. Outline: insider threat and data leakage Information leakage is one of the most serious damages caused by insider threat. In this talk, I will introduce some key issues about ex-post countermeasures of information leakage ①First, "Data lives forever" problem is introduced. Once sensitive information is leaked over Internet, we have no effective countermeasures to nullify it. Some topics such as advanced secret sharing and right to be forgotten will be noted. ②Second, I will talk briefly about "Data sovereignty" to provide a logical and technical basis for tracking spread information. PDP (provable data possession) could be one of solutions. Finally, I will present some actual cases about these problems.
- 4. Insider Threats and Information leakage LostTape 14% Incidents by Breach Type Stolen document 14% Attacks from outside by hacking is motivated for botNet, FaaS etc. Data Leakage is one of the main purpose of insider attack. Besides, this kind of threat causes retroactive disclosure. Disposal Document 14% 2012/11 http://www.datalossdb.org Data lives forever:Once sensitive data is released to network, Social Engineering it circulates forever. And APT is sometimes So hard to be prevented Technically. Information leak: retroactive disclosure Sensitive data could retrieved and retroactivated as offense.
- 5. Can retroactivation as offense be mitigated ? Is ex-post countermeasure possible ? Is it unstoppable even if we adopt domain seizure in Amazon EC2 ? DLP can protect sensitive data sent from SNS ? 2012/08 Top threats to enterprise security Dropbox Confirms IDC’s survey User Email Leaks 2008 2010 – Adds Additional Trojans, Virtuses, other malware 54 78 Protection Spyware 48 74 Hackers 41 67 Employees exposing information 52 66 Equipment misconfiguration 41 61 Application Vulnerabilities 44 59 Spam 39 58 Data stolen by trusted party 38 53 Is it possible to prevent Insider sabotage 34 49 Uploading sensitive files ?
- 6. Japan’s case: information leakage via P2P networks 2008/03/22 National Bank of 2009/04/02: Tokyo Japan leaks Rinkai Hospital – Confidential insider information a list of 598 inpatients information 2005/06 Documents of nuclear power plant of Mitsubishi was leaked. 2010/10/30 Metropolitan Police 2009/01/08: National Information- Department taking charge of Technology Promotion Agency - a international terrorism splits a database of Ministry of Internal Affiars confidential list over P2P and National Patent Office networks
- 7. Data Sovereignty in Cloud computing era A Position Paper on Data Data Sovereignty :- Sovereignty: The Importance of Geolocating Data in the Cloud the coupling of stored data authenticity Zachary N. J. Peterson, Mark and geographical location in the cloud Gondree, and Robert Beverly. USENIX HotCloud 2011 However, as Cloud computing environment has become international, securing data sovereignty is harder and harder. Giuseppe Ateniese, Randal C. Technology of geolocation could be Burns, Reza Curtmola, Joseph Herring, Lea Kissner, Zachary cheated. PDP (Provable Data Possession) N. J. Peterson, Dawn could be one of the solutions Xiaodong Song: Provable data for this problem. possession at untrusted stores. ACM CCS 2007
- 8. "Data lives forever" problem • Wiki Leaks WikiLeaks is an international organization that publishes submissions of otherwise unavailable documents from anonymous sources and leaks. On July 25, 2010, WikiLeaks released to The Guardian, The New York Times, and Der Spiegel over 92,000 documentsrelated to the war in Afghanistan between 2004 and the end of 2009. • “Right to forget and delete” European Commission sets out strategy to strengthen EU data protection rules Nov 2010. “Controlling your information, having access to your data, being able to modify or delete it – these are essential rights that have to be guaranteed in today's digital world. “
- 9. P2P security VANISH: self destructing data Roxana Geambasu, Tadayoshi Kohno, Amit Levy, Henry M. Levy. Vanish: Increasing Data Privacy with Self-Destructing Data. In Proceedings of the USENIX Security Symposium, Montreal, Canada, August 2009. Technology: Secret sharing protocol and DHT In vanish system, shared file is disappeared from network in a fixed interval. Bob sends {C,L} to Alice. VANISH is implemented for Vuse DHT. {C,L} Data, timeout Data, timeout KN RANDOM INDEXES (L) K2 RANDOM INDEXES (L) K1 C=Ek(data) data=Dk(C)
- 10. P2P security UNVANISH: reconstructing data Defeating Vanish with Low-Cost Sybil Attacks Against Large DHTs Scott Wolchok, Owen S. Hofmann, Nadia Heninger, Edward W. Felten, J. Alex Halderman, Christopher J. Rossbach, Brent Waters, and Emmett Witchel, Network and IT Security Conference: NDSS 2010 UNVANISH mounts sybil nodes into DHT to replicate Ek hash to reconstruct data. {C,L} UNVANISH Data, timeout Data, timeout KN RANDOM INDEXES (L) K2 RANDOM INDEXES (L) K1 C=Ek(data) data=Dk(C)
- 11. Example: Propagation speed over DHT network d if f 1 000000 1 00000 1 0000 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 nod e 12000000 10000000 8000000 6000000 4000000 2000000 Bit Torrent traffic rate of all internet 0 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 estimates ① “55%” - CableLabs About an half of upstream traffic of CATV. ② “35%” - CacheLogic “LIVEWIRE - File-sharing network thrives After 5 hours, beneath the Radar” Δ ( increasing) become ③ “60%” - documents in www.sans.edu stable In first 4 hours, we can “It is estimated that more than 60% of the traffic on obtain the internet is peer-to-peer.” more than 4000000 peers!