Webwi Lernblog Wintersemester

Since the NSA scandal started to unwind beginning with June 2013, surveillance is an often present topic on various newspapers nowadays (Q1). Edward Snowden leaked secret papers about the ongoing mass surveillance in the United States by the National Security Agency (or for NSA for short). But the NSA wasn’t the only institution that applied mass surveillance techniques: The British GCHQ (Government Communications Headquarters) was also involved in this area and even cooperated with the NSA (Q2).

It’s an easy game for these institutions, if the traffic over the internet isn’t encrypted at all, as there is absolutely no effort to get the relevant data out of plain text. Even if the communication is encrypted, it depends on the type / technique of encryption which is used. Not only weak / old encryption standards could possibly be attacked successfully, but rather secure HTTPS connections might be under attack: The NSA forced some companies to reveal their private SSL key, which can be used to easily decode all the encrypted traffic (Q3). Even if the SSL key is save and has not yet given to any intelligence agency, there is a sort of nasty attack not involving the encrypted data payload at all: Traffic analysis (Q4).

Every data package which will be transmitted over the internet basically consists of two parts:

• The header part where the information about the destination and the source is manifested. This type of data can’t be encrypted, as every “relay” in the internet must now where the destination of the packet is, to ultimately deliver it. As there is no encryption involved in this part of the packet, it can be used for analysis right away.
• The data payload (the actual data), which might be encrypted, as the information can be decoded by the recipient using its private key.

Traffic analysis does not consider the payload at all, as it is practically intractable to break the encryption without knowing the keys. It rather concentrates on the header part, where not only censorship can be applied easily due to the known destination and source, but also user systematics can be tracked and statistical models of their behavior can be made. As there is no way to directly encrypt the header part, more sophisticated methods are needed to deal with this kind of attack.

The TOR (the onion router) project (Q5) provides way, to anonymize the traffic regarding the sender / receiver. The TOR network consist of many thousand relay station. If Bob wants to send Alice a message over that network, Bob’s client TOR software first gets the list of all available relays in the network. It then selects a random path through that network consisting of at least 3 relays before the message will be passed to Alice. If that path has been selected, the software first establishes a secret connection with the first client, which knows the actual sender and the next relay in the network. Then the client establishes another secret connection with the second relay, which only knows the first relay and the last relay (also called exit relay). In the last round the client establishes another secure connection with the exit relay, which knows the middle relay and the recipient. The message which will be sent from the client will be wrapped in three envelopes, where each relay can only unpack one layer, as the other layers are secured using a different key. As each TOR relay knows exactly two relays (counting the client / the destination as relay in this scenario) only the client knows the exact path to the destination. The only problem in this scenario is an attack, where the entry relay and the exit relay is under the control of an attacker, as this causes the anonymity to break. Furthermore, one only stays really anonymous on the internet using TOR, if this person does not provide personal information through web forms.

Sources:

Q1: http://www.bbc.com/news/world-us-canada-23123964 (visited on 2016/01/10)

Q2: https://theintercept.com/2015/12/23/juniper-firewalls-successfully-targeted-by-nsa-and-gchq/ (visited on 2016/01/10)

Q3: http://www.dailytech.com/FBI+NSA+Want+Master+Encryption+Keys+from+Internet+Companies/article32046.htm (visited on 2016/01/10)

Q4: https://www.torproject.org/about/overview.html.en (visited on 2016/01/10)

Q4: https://www.torproject.org (visited on 2016/01/10)