RELATED LITERATURE AND STUDIES

PROTECTING INTELLECTUAL PROPERTY RIGHTS THROUGH INFORMATION POLICY By Karthik Raman

In today's electronic world, an organization's intellectual property is sometimes its biggest asset. Much time and money can be saved, and frustration and litigation avoided if company policy dictates ownership and use of intellectual property. The advent of the Internet has revolutionized the way information is exchanged between people. Few other tools have changed our perceptions about quick access to information as the Internet has. However, the spread of computing and the Internet have made it difficult to apply traditional intellectual property laws. Despite popular belief, just because it's easy to distribute information using the Internet does not mean that it's right to do so. In this paper I argue that writing corporate policy protecting intellectual property rights is essential for many reasons. First I define intellectual property. Next, I explain why corporate security policy is central to information assurance within an organization. Then I survey computing policy at a few institutions of higher education and examine their efforts to protect intellectual property rights through computing policy. Next, I examine violations of intellectual property rights using examples from academia and business. Finally, I present some methods for protecting intellectual property rights through computing policy. Intellectual Property Intellectual Property (IP) is defined as any "original creative work manifested in a tangible form that can be legally protected". When we speak of IP rights, we refer to controlling the way IP is used, accessed or distributed. The World Intellectual Property

Organization (WIPO), an organ of the United Nations, suggests laws to enforce IP rights worldwide. The convention establishing the WIPO concluded on July 14, 1967 that: "Intellectual property shall include rights relating to: * Literary, artistic and scientific works, * Performances of performing artists, phonograms and broadcasts, * Inventions in all fields of human endeavour, * Scientific discoveries, * Industrial designs, * Trademarks, service marks and commercial names and designation, * Protection against unfair competition, and all other rights relating to intellectual activity in the industrial, scientific, literary or artistic fields." IP is divided into two categories: a) Industrial Property - patents, trademarks and industrial designs. b) Copyright - includes works of art, literature, music and more recently computer programs. Why IP Rights Should Be Protected: The Classic Argument One reason for IP laws is to allow IP creators to benefit from their work. If artists create paintings after months of labor, then they deserve credit for painting them and the income from selling or exhibiting them. If a business comes up with an attractive marketing logo, then no other businesses should be allowed to use that logo to promote their own products without permission. Protecting IP is also seen as a method of promoting creativity. If no one is allowed to copy another person's work without permission then creativity is encouraged for everybody.

A flyer on IP rights protection published by Los Alamos National Laboratories, one of the premier research facilities in the nation, notes the financial value of intellectual property accrued from licenses and patents as a reason to protect IP rights. IP Protection in the United States In the United States, IP rights are protected by: a) Industrial property * Patents - United States Code, Title 35 * Trademarks - United States Code, Title 15 * Industrial designs - As above, under Patents b) Copyright and related rights * Copyright - United States Code, Title 17, the Digital Millennium Copyright Act (DMCA) * Related rights - As above, under Copyright c) Other * Design protection - Vessel Hull Design Protection Act * Computer programs - Semiconductor Chip Protection Act of 1984 * Plant variety protection - United States Code, Title 7 In addition to these laws, the US abides by WIPO and other international treaties relating to IP rights. It is important to note that copyright is a time-limited right. This means that the rights to any copyrighted work pass into the public domain after a period of time specified by law. Currently in the US, works produced after January 1, 1978 are protected during the

author's lifetime and for a period of 70 years after his/her death. For works created before January 1, 1978, the period of protection varies. http://ubiquity.acm.org/article.cfm?id=1008537

Use a VPN to bypass ISP issues and restrictions By Jawish Hameed So apparently Dhiraagu has been under some sort of attack since day before yesterday and that is the reason Dhiraagu Internet subscribers are getting patchy Internet connectivity. I am not sure what kind of attack it is under but I presume it is of the DoS variety aimed at driving down their QoS levels. From the looks of it, the attack seems to be being targetted at, or atleast affecting, the Internet proxy/filters and DNS servers at Dhiraagu. Anyway, if you are as frustrated as me with patchy Internet then here's a quick fix solution: install and use a VPN.

A Virtual Private Network working over the Internet connects one computer to another via a private virtual "tunnel" and routes data between the computers. A VPN will allow you to browse the Internet via the remote computer's Internet connection so you aren't affected by (some) issues affecting your ISP and bypasses restrictions imposed by your ISP. As opposed to using a remote proxy server, a VPN can route all your Internet traffic via the virtual tunnel allowing you to bypass all local restrictions entirely. Use of a VPN, on laptops and mobile phones, is highly recommended if you frequently connect to Wifi hotspots at restaurants, airports etc to keep your data secure from being snooped. Free VPN Services

There are many VPN service providers, including those that offer free services. A list of VPN providers is available at start-vpn.com. Here are a few I've used and tried.

Ivacy

Ivacy has both free and paid services. I quite like their volume-based paid plan which currently gives 1 GB for 0.67$ and a wide range of geographical locations for an endpoint. The geographical location allows you to access services such as BBC iPlayer and Hulu which are region restricted. They even have a Ivacy Firefox extension that integrates into Firefox, which is handy if you use the browser.

Ultrasurf Ultrasurf is extremely easy to use and their client, a 1.1 MB download, runs straight without requiring any installation.

UltraVPN

UltraVPN offers OpenVPN-based VPN access with a free registration process. They have a cross-platform open-source client allowing you to use it on Windows and Mac OS.

PacketiX VPN PacketiX VPN is free and offers several nifty featues. Their Secure Internet Test Service gives access to a secure VPN for web usage and, for the more geek minded, their VPN Online Test Environment allows you to create a virtual VPN hub that connects together several of your devices.
http://www.jawish.org/blog/archives/390-Use-a-VPN-to-bypass-ISP-issues-and-restrictions.html

Sharing and Stealing By Jessica Litman

The purpose of copyright is to encourage the creation and mass dissemination of a wide variety of works. Until recently, most means of mass dissemination required a significant capital investment. Disseminators needed printing presses, trains or trucks, warehouses, broadcast towers, or communications satellites. It made economic sense to

channel the lianas share of the proceeds of copyrights to the publishers and distributors, and the law was designed to facilitate that. Digital distribution raises the possibility of mass dissemination without the assistance of professional distributors, via direct authorto-consumer and consumer-to-consumer dissemination. Digital distribution, thus, invites us to reconsider the assumptions underlying the conventional copyright model. We are still in the early history of the networked digital environment, but already weve seen experiments with both direct and consumer-to-consumer distribution of works of authorship. Direct author distribution by itself has not yet garnered a lot of attention because the most publicized efforts have been less than wholly successful. When direct author distribution is augmented by consumer-to-consumer distribution, though, the combination has the potential to revolutionize the distribution chain. That potential has not escaped the attention of professional distributors. Consumer-to-consumer dissemination, especially in the form of peer-to-peer file sharing, has been met with hostility and panic. Legislation pending in Congress seeks to deter consumers from engaging in peer-to-peer file sharing. Meanwhile, representatives of the music, recording and file industry have sued the purveyors of peer-to-peer file sharing software, the Internet service providers who enable consumers to trade files, and 341 individual consumers accused of making recorded music available to other consumers over the Internet.
http://www.quicktopic.com/25/D/cD8dwc52A3p.html

Wi-Fi Security By Critlord

Wi-Fi Security Loop-Holes Accidental association

Violation of security perimeter of corporate network can come from a number of

different methods and intents. One of these methods is referred to as accidental association. When a user turns on a computer and it latches on to a wireless access point from a neighbouring companys overlapping network, the user may not even know that this has occurred. However, it is a security breach in that proprietary company information is exposed and now there could exist a link from one company to the other. This is especially true if the laptop is also hooked to a wired network. Accidental association is a case of wireless vulnerability called as "miss-association". Missassociation can be accidental, deliberate (for example, done to bypass corporate firewall) or it can result from deliberate attempts on wireless clients to lure them into connecting to attacker's APs.

Malicious association Malicious associations are when wireless devices can be actively made by attackers to connect to a company network through their cracking laptop instead of a company access point (AP). These types of laptops are known as soft APs and are created when a cybercriminal runs some software that makes his/her wireless network card look like a legitimate access point. Once the thief has gained access, he/she can steal passwords, launch attacks on the wired network, or plant trojans. Since wireless networks operate at the Layer 2 level, Layer 3 protections such as network authentication and virtual private networks (VPNs) offer no barrier. Wireless 802.1x authentications do help with protection but are still vulnerable to cracking. The idea behind this type of attack may not be to break into a VPN or other security measures. Most likely the criminal is just trying to take over the client at the Layer 2 level.
http://www.studymode.com/essays/Wifi-Security-1050952.html

Wireless under attack By Seth Rosenblatt ISE

Trivial attacks can be launched directly against the router with no human interaction or access to credentials. Unauthenticated attacks require some form of human interaction, such as following a malicious link or browsing to an unsafe page, but do not require an active session or access to credentials. Authenticated attacks require that the attacker have access to credentials (or that default router credentials are used an all-too-common situation) or that a victim is logged in with an active session at the time of the attack. The attacks were performed under both local adversary and remote adversary situations. A remote adversary is a threat that is not connected to the router via Wi-Fi, while the local adversary is. The most common form of successful attack ISE used was the "oneclick attack" known as a cross-site request forgery. Holcomb explained the testing methodology went beyond one-click attacks in an e-mail to CNET: Cross-site request forgery was the first component of all of our attacks. After that, our standard attack was to reset the administrative password to a known value, or add a new administrator, and then enable remote management. Only when this was not possible (e.g., some routers require the old password as part of the request to change it) did we try other attacks. Those included: shell command injection, directory traversal to share the root of the file system over an Internet-accessible ftp server, exploiting a race condition to upload shell scripts over ftp and then have them execute, enabling additional vulnerable services, and some more. While none of the trivial attacks -- the weakest ones -- worked from a remote adversary, they were successful about one-third of the time from a local attacker. Unauthenticated attacks were rarely successful from a remote attacker, but locally reached the same level of completion as local trivial attacks. Authenticated attacks were almost always successful from both adversaries. "When you're remote, there's very little attack surface," explained Tactical Network Solutions' Heffner. Routers tested included units such as the Linksys WRT310Nv2, Netgear WNDR4700, Belkin N300 and N900, TP-Link WR1043N, and Verizon Actiontec, but Heffner cautioned that this was no guarantee that your router wouldn't be affected. "In my

experience... you should worry about your router. If my device is in this list, you should be concerned. If not, you still may want to be concerned, although it's more difficult to say." The report noted several caveats. Client-side attacks were considered fair game, as long as they were running in a browser and based in HTML and JavaScript. The routers were not extensively tested for other vulnerabilities, and none of them had the remote administration features activated by default. This means that although many modern routers come with the ability to control them when not directly connected to the network, that feature is not active by default. Activating it decreases the router's security level. Also, before testing, the firmware for all the routers tested was upgraded to the most recent version.
http://news.cnet.com/8301-1009_3-57579981-83/top-wi-fi-routers-easy-to-hack-says-study/

Packet Sniffing All network data travels across the Internet, and then into and out of PC's, in the form of individual, variable size, "data packets" like the one shown above. Since the typical PC user never "sees" any of this raw data, many spyware systems covertly send sensitive information out of the user's computer without their knowledge. Packet sniffers expose this raw Internet dialog to the light of day. A "Packet Sniffer" is a utility that sniffs without modifying the network's packets in any way. By comparison, a firewall sees all of a computer's packet traffic as well, but it has the ability to block and drop any packets that its programming dictates. Packet sniffers merely watch, display, and log this traffic. One disturbingly powerful aspect of packet sniffers is their ability to place the hosting machine's network adapter into "promiscuous mode." Network adapters running in promiscuous mode receive not only the data directed to the machine hosting the sniffing

software, but also ALL of the traffic on the physically connected local network. Unfortunately, this capability allows packet sniffers to be used as potent spying tools. This is obviously not an activity that I wish to promote on this site, and if nonpromiscuous sniffing software were available I would be recommending it. But, unfortunately, all of the tools I have located avidly feature promiscuous sniffing capabilities. One note of warning before we go any further: The use of powerful packet sniffing software by people who lack a thorough understanding of TCP/IP and Internet protocols will without question create significant confusion and raise a large number of questions. At the end of this page I have assembled references to a number of extremely good texts. Everything you could want to know is spelled out in those volumes. We have also created a private "packet sniffing" newsgroup forum for the discussion of packet sniffing software, findings, and questions. But please understand that GRC CAN NOT PROVIDE any other form of technical support for users of packet sniffing software.
https://www.grc.com/oo/packetsniff.htm

Packet Sniffer Detection with Anti Sniff By Ryang Spangler Packet sniffing is a technique of monitoring every packet that crosses the network. A packet sniffer is a piece of software or hardware that monitors all network traffic. This is unlike standard network hosts that only receive traffic sent specifically to them. The security threat presented by sniffers is their ability to capture all incoming and outgoing traffic, including clear-text passwords and usernames or other sensitive material. In theory, its impossible to detect these sniffing tools because they are passive in nature, meaning that they only collect data. While they can be fully passive, some arent

therefore they can be detected. This paper discusses the different packet sniffing methods and explains how Anti Sniff tries to detect these sniffing programs.

Brute force tools crack Wi-Fi security in hours, millions of wireless routers vulnerable
By Darlene Storm If you set WPA/WPA2 security protocol on your home or small business wireless router, and you think your Wi-Fi is secure, there two recently released brute force tools that attackers may use to bypass your encryption and burst your security bubble. The irony is that the vulnerability which can be exploited was intended to be security strength, a usability issue to help the technically clueless setup encryption on their wireless networks. Wi-Fi Protected Setup(WPS) is enabled by default on most major brands of wireless routers including Belkin, Buffalo, D-Link, Cisco's Linksys and Netgear, leaving millions of wireless routers around the world vulnerable to brute force attacks which can crack the Wi-Fi router's security in two to ten hours. Most wireless routers come with a WPS personal identification number (PIN) printed on the device. When a user is setting up a wireless home network via a network setup wizard, enabling encryption is often as easy as pushing a button on the router and then entering the eight digit PIN which came with it. When an attacker is attempting to brute force the PIN and an incorrect value was entered, a message is sent that basically tells an attacker if the first half of the PIN was right or not. Additionally, according to Stefan Viehbock, the security researcher who reported the flaw, "The 8th digit of the PIN is always thechecksum of digit one to digit seven," meaning it only takes an attacker about 11,000 brute force guesses to own the password. Unfortunately most wireless routers don't have a lockout policy after several failed password attempts. Viehbock reported the Wi-Fi Protected Setup (WPS) PIN brute force vulnerability to the Department of Homeland Security's U.S. Computer Emergency Readiness Team (USCERT). US-CERT issued a warning which included, due to a "design flaw" in WPS, "an attacker within range of the wireless access point may be able to brute force the WPS PIN and retrieve the password for the wireless network, change the configuration of the access point, or cause a denial of service....The lack of a proper lock out policy after a certain

number of failed attempts to guess the PIN on some wireless routers makes this brute force attack that much more feasible." Viehbock released a whitepaper, "Brute forcing Wi-Fi Protected Setup - When poor design meets poor implementation" [PDF] as well as a proof-of-concept brute force tool called wpscrack which is capable of cracking a home Wi-Fi network in about two hours but does not work with all Wi-Fi adapters. Tactical Network Solutions (TNS), another security team, had also discovered the WPS wireless router flaw that comes enabled by default in "roughly 95% of modern consumergrade access points." After the vulnerability went public, TNS released Reaver, an opensource tool that also exploits the vulnerability via a brute force attack. "Once you have the WPS pin you can instantly recover the WPA passphrase, even if the owner changes the passphrase,"TNS reported. "Reaver is capable of breaking WPS pins and recovering the plain text WPA/WPA2 passphrase of the target access point in approximately 4-10 hours (attack time varies based on the access point)." The US-CERT advisory states, "We are currently unaware of a practical solution to this problem." The recommended workaround is to disable WPS. "Within the wireless router's configuration menu, disable the external registrar feature of Wi-Fi Protected Setup (WPS). Depending on the vendor, this may be labelled as external registrar, router PIN, or Wi-Fi Protected Setup."

http://blogs.computerworld.com/19518/brute_force_tools_crack_wifi_security_in_hours_millio ns_of_wireless_routers_vulnerable

How to: Sniff Wireless Packets with WireShark

By Jim Geier WireShark is freely-available software that interfaces with an 802.11 client card and passively captures (sniffs) 802.11 packets being transmitted within a wireless LAN. You may be familiar with using Ethereal software for sniffing wireless networks. Over a year ago, however, Ethereal's lead developer (Gerald Combs) re-released the software as

WireShark. WireShark provides the same (if not better) functionality as Ethereal. Ethereal doesnt appear to be supported anymore, so use WireShark instead. Installing WireShark WireShark software is easy to install. Simply go

to http://www.wireshark.org/download.html, download the software for your applicable operating system, and perform the installation. A problem youll likely run into is that WireShark may not display any packets after starting a capture using your existing 802.11 client card, especially if running in Windows. The issue is that many of the 802.11 cards dont support promiscuous mode. In this case, you can try turning promiscuous mode off (from inside WireShark), but youll only see (at best) packets being sent to and from the computer running WireShark. If you have trouble getting WireShark working with existing client cards, then consider purchasing AirPcap, which is a USB-based 802.11 radio designed to work effectively with WireShark. It comes with drivers tuned to WireShark and operates very well. An external antenna is also included with AirPcap, which increases the listening ability of the tool. Capturing packets Before capturing packets, configure WireShark to interface with an 802.11 client device; otherwise, youll get an alert No capture interface selected! when starting a packet capture. To select an interface, click the Capture menu, choose Options, and select the appropriate interface. Be certain to monitor the correct RF channel. For example, if the wireless network is set to channel 1 for the traffic youre interested in, then configure WireShark to monitor channel 1. To do this, click the Capture menu, choose Options, and click Wireless Settings. The menu Advanced Wireless Settings will appear where you can change the channel. Consider filtering the packet capture to reduce clutter when analyzing packet traces. For example, you may be troubleshooting a particular client device connecting to the

network. In this case, you can set a filter that excludes all packets except those associated with the IP address of the client youre troubleshooting. To set a filter, click the Capture menu, choose Options, and click WireShark: Capture Filter will appear where you can set various filters. To start the packet capturing process, click the Capture menu and choose Start. WireShark will continue capturing and displaying packets until the capture buffer fills up. The buffer is 1 MB by default. This size is generally good enough, but to change it, click the Capture menu, choose Options, and adjust the Buffer size value accordingly. When youre done capturing packets, click the Capture menu and choose Stop. Alternatively, you can set the capture run length (in packets or minutes), and the capture will automatically stop when that length has been met. Youll be prompted to save the capture for later viewing. The packet capture will display the details of each packet as they were transmitted over the wireless LAN. Figure 1 is a screenshot of a sample packet capture window. The top panel of the window identifies each packets source and destination nodes, protocol implemented, and information about each packet. You can select a specific packet to display more details. The one selected in Figure 1, packet 3, is an 802.11 beacon frame. The middle panel displays information about this packet, and you can choose a specific field of the packet (such as Duration field shown in the figure), and the contents of that field are displayed in hex and ASCII format in the bottom panel. As a result, youre able to analyze the flow and view each field (including data field payloads) of all packets. http://www.wi-fiplanet.com/tutorials/article.php/3791421/How-to-Sniff-WirelessPackets-with-WireShark.htm

Globe warns public over illegal Tattoo modem web trade MANILA, Philippines (UPDATE) - Globe Telecom is warning the public not to purchase tampered Tattoo Wimax modems being sold online.

In a statement, Globe said it is closely coordinating with authorities and online buy-andsell stores to put a stop to the illegal sale of hacked Tattoo modems. A number of individuals were arrested last month following separate entrapment operations by the Criminal Investigation and Detection Group (CIDG) and Globe security officers. Three suspects were nabbed for illegally selling tampered Wimax items. A stolen modem was being sold at P3,500. The modus operandi involved the illegal pull out of the modems from Globe subscribers by individuals posing as Globe technicians armed with a counterfeit letter. The modems are then re-programmed and subsequently sold online, promising unlimited internet with no regular monthly bills. Globe cautioned potential buyers of these devices that it constantly monitors its network and is able to disconnect and disable fraudulent connections immediately without notice. "This unlawful activity is actually in violation of Republic Act No. 8484, otherwise known as the Access Devices Regulation Act of 1998, which protects the rights and defines the liabilities of parties in such commercial transactions by regulating the issuance and use of access devices. In this case, its the willful tampering of our devices, selling of these items and using them to illegally tap on our signals. Buyers of hacked Tattoo Wimax modems may also be held liable for the purchase and use of these tampered devices," Nikko Acosta, Head of Tattoo, said. http://www.abs-cbnnews.com/business/05/12/13/globe-warns-public-over-illegal-tatoomodem-web-trade

How a VPN Will Bypass Censorship in China By Peter 0 China has one of the most protective firewalls in the world. This censorship program prevents everyone inside the country from viewing anything the government deems unnecessary, including video streaming sites, social networking websites and every outside news website. The government wants their residents to only see what they want them to see. Because of this, many Internet users inside the country are using a Virtual Private Network, VPN, to bypass censorship in China.

Bypass Censorship in China A VPN is a newer technology that lets you make a direct connection to its server and get around your ISP providers server in China. Since China uses software that only censors IP addresses that are inside the country, you can get around this by going on the Internet through the VPNs equipment and getting a new IP address from another country. You become anonymous and invisible to the Chinese firewall. This lets you bypass censorship in China.

Connecting to a VPN to Bypass Censorship in China The major thing you need to know about VPN providers is that they are not all the same. Most use a protocol called PPTP, but to bypass censorship in China, you will need a more secure protocol, like an SSL or better. Without this, the VPN is useless. Many of the free VPN services only have PPTP available and these will not work for you. The next important thing is the connection speed. This is the amount of bandwidth the VPN service provides. The more bandwidth, the faster your connection speed will be. If you plan on watching videos online, then you will want the fastest connection speed, but this also comes at a cost. There are several good VPN services that offer enough bandwidth to watch videos, but the movies will download slower.

Finally, the next thing you need to do before connecting to a China VPN is how easy it is to make the connection. Not all VPN services will allow you to connect to your Internet device. Most will make a connection to a computer, but not to an iPad, iPhone, Galaxy Phone, Xbox, PS3 or other unique Internet accessing device. So make sure the VPN will can make that direct line to your Internet accessing equipment. Finding a best VPN to in China Keeping everything that was said earlier in mind, it is difficult to find the right VPN to bypass censorship in China. This is one of the main reasons we started this site.

Information is key. We engaged the services of hundreds of experts around the world, including inside China. These experts spent weeks using each VPN that would bypass the censorship software in China. After all of this research, we came up with the best VPN services to get through the Chinese firewall.
http://countriesvpn.com/bypass-censorship-in-china/

Illegal Internet Networks in the Developing World By Joshua Gordon Abstract:

Enabled by falling costs associated with constructing international voice and data networks, and motivated by high fees charged by incumbents for international telecom services, illegal Internet network operators are proliferating in many developing countries. Unlicensed international data networks are commonly used by competitive local Internet Service Providers (ISPs) who do not have the means to obtain an international gateway license, and by Internet Telephony Service Providers (ITSPs) that deliver international calling services utilizing Voice-over-Internet Protocol (VoIP) technology. Incumbent telecom operators and regulatory authorities in countries where unlicensed international networks are prevalent claim that these networks deprive local governments of badly needed revenue. However, unlicensed international network operators also offer a new, market-oriented model for bringing the developing world online. This model is not without political, economic, and legal risks. For example, illegal Internet networks pose a potential global security hazard as data transmitted over these networks can be difficult to monitor by intelligence agencies. Voice calls made using Internet telephony technology over these networks can be doubly difficult to track using existing legal intercept technology. As evinced by a recent WTO ruling, growing recognition of illegal telecom networks may lead the international community to push governments of developing countries to adopt more liberal pricing and licensing policies

and to pressure governments of developed countries to crack down on companies in their jurisdiction that partner with illegal network operators.
http://papers.ssrn.com/sol3/papers.cfm?abstract_id=510323

Internet Security By Radu Bucea-Manea-Tonis Abstract: The focus is set on the browser as the main source of information risk due to the access provided to the web users. This section assesses the practical arrangements for a secured Internet connection - secure socket layer, avoiding practices like spoofing and phishing with Java script, digital signature authentication technology for ActiveX. Finally it describes configuration techniques for safe use of the PHP language and ends with an example code to counter attacks of SQL Injection.
http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1422719

Lawful Hacking: Using Existing Vulnerabilities for Wiretapping on the Internet

Steven M. Bellovin Columbia University - Department of Computer Science Matt Blaze

University of Pennsylvania - School of Engineering & Applied Science Sandy Clark University of Pennsylvania - School of Engineering & Applied Science

Susan Landau Harvard University ; Sun Microsystems, Inc.

Abstract:

For years, legal wiretapping was straightforward: the officer doing the intercept connected a tape recorder or the like to a single pair of wires. By the 1990s, though, the changing structure of telecommunications there was no longer just Ma Bell to talk to and new technologies such as ISDN and cellular telephony made executing a wiretap more complicated for law enforcement. Simple technologies would no longer suffice. In response, Congress passed the Communications Assistance for Law Enforcement Act (CALEA), which mandated a standardized lawful intercept interface on all local phone switches. Technology has continued to progress, and in the face of new forms of communication Skype, voice chat during multi-player online games, many forms of instant messaging, etc. law enforcement is again experiencing problems. The FBI has called this Going Dark: their loss of access to suspects communication. According to news reports, they want changes to the wiretap laws to require a CALEA-like interface in Internet software.

CALEA, though, has its own issues: it is complex software specifically intended to create a security hole eavesdropping capability in the already-complex environment of a phone switch. It has unfortunately made wiretapping easier for everyone, not just law enforcement. Congress failed to heed experts warnings of the danger posed by this mandated vulnerability, but time has proven the experts right. The so-called Athens Affair, where someone used the built-in lawful intercept mechanism to listen to the cell

phone calls of high Greek officials, including the Prime Minister, is but one example. In an earlier work, we showed why extending CALEA to the Internet would create very serious problems, including the security problems it has visited on the phone system.

In this paper, we explore the viability and implications of an alternative method for addressing law enforcement's need to access communications: legalized hacking of target devices through existing vulnerabilities in end-user software and platforms. The FBI already uses this approach on a small scale; we expect that its use will increase, especially as centralized wiretapping capabilities become less viable.

Relying on vulnerabilities and hacking poses a large set of legal and policy questions, some practical and some normative. Among these are: Will it create disincentives to patching? Will there be a negative effect on innovation? (Lessons from the so-called Crypto Wars of the 1990s, and, in particular, the debate over export controls on cryptography, are instructive here.) Will law enforcements participation in vulnerabilities purchasing skew the market? Do local and even state law enforcement agencies have the technical sophistication to develop and use exploits? If not, how should this be handled? A larger FBI role? Should law enforcement even be participating in a market where many of the sellers and other buyers are themselves criminals? What happens if these tools are captured and re-purposed by miscreants? Should we sanction otherwise-illegal network activity to aid law enforcement?

 Is the probability of success from such an approach too low for it to be useful?

As we will show, though, these issues are indeed challenging. We regard them, on balance, as preferable to adding more complexity and insecurity to online systems.
http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2312107

Security issues in networks with Internet access

This paper describes the basic principles of designing and administering a relatively secure network. The principles are illustrated by describing the security issues a hypothetical company faces as the networks that support its operations evolve from strictly private, through a mix of Internet and private nets, to a final state in which the Internet is finally integrated into its operations and the company participates in international electronic commerce. At each stage, the vulnerabilities and threats that the company faces, the countermeasures that it considers, and the residual risk the company accepts are noted. Network security policy and services are discussed, and a description of Internet architecture and vulnerabilities provides additional technical detail underlying the scenario. Lastly, a number of building blocks for secure networks are presented that can mitigate some of the vulnerabilities.
http://ieeexplore.ieee.org/xpl/login.jsp?tp=&arnumber=650183&url=http%3A%2F%2Fieeexplor e.ieee.org%2Fxpls%2Fabs_all.jsp%3Farnumber%3D650183