SlideShare a Scribd company logo

Privacy is always a requirement

Eleanor McHugh
Eleanor McHugh

OSCON Amsterdam talk on secrecy, privacy and the security of user data with particular emphasis on practical techniques you can apply to your own system architecture, software development and operational working practices.

Software
1 of 47
Download to read offline
privacy is always a requirement Eleanor McHugh Romek Szczesniak
http://leanpub.com/GoNotebook
we all have secrets and these secrets matter to us that’s what makes them secrets software should keep our secrets
some secrets are awful conspiracy infidelity criminality
some secrets are banal bank account numbers embarrassing incidents sexual preferences
secrecy should be absolute our tech must protect the awful or it won’t protect the banal
but there are laws we must comply with these assist the legitimate deny the illegitimate
secrecy ——> privacy
privacy is not absolute privacy requires mutual trust mutual trust is a contract and contracts can be broken
famous broken contracts Office of Personnel Management Amazon Web Services Ashley-Madison
today’s topic is applied paranoia
paranoia Pronunciation: /ˌparəˈnɔɪə/ noun {mass noun} A mental condition characterized by delusions of persecution, unwarranted jealousy, or exaggerated self-importance, typically worked into an organized system. It may be an aspect of chronic personality disorder, of drug abuse, or of a serious condition such as schizophrenia in which the person loses touch with reality. Unjustified suspicion and mistrust of other people: mild paranoia afflicts all prime ministers 12
paranoia Pronunciation: /ˌparəˈnɔɪə/ noun {mass noun} The perfectly reasonable belief that someone, somewhere is watching your online behaviour with malicious and/or voyeuristic intent. It may be a result of reading a Hacking Exposed or Hacking for Dummies publication, experiencing the fallout from identity theft, or shopping with bitcoin. Justified suspicion and mistrust of other people: chronic paranoia afflicts all information security professionals accute paranoia afflicts the victims of hacking 16
18
we have to trust governments governments are privileged if we don’t obey they can hurt us not much we can do about that 19
20
our users have to trust us our services are privileged they store real-world secrets and identifying metadata 21
but who can we trust? technology bars the gates but people create the bars and people have to monitor them 22
as a visitor I want to remain anonymous when I interact with your service so I can get an idea of who you are without committing to anything but it’s okay if you know I visited or ask if I’d like to hear from you later so long as you don’t tell anyone else and you accept my answer
as a registered user I want my personal data to be secure when I entrust you with it so hackers can’t steal my identity or bully me for my views but it’s okay if you’re aware when I make changes and confirm them so long as that information is provably to my benefit
as a system administration I want to roll-back errors and monitor security breaches so I can protect my users and my business from fraud or loss but it’s okay if I can only see data relevant to a particular incident so that I know the bare minimum about you or any other user
as a law enforcement officer I want to perform lawful interception queries so I can catch criminals and terrorists but it’s okay if you control my access and require court orders so that criminal investigate is never a cover for political oppression
as a regulator I want to ensure this service complies with all applicable rules so I can catch prove that the service is trustworthy and legitimate but it’s okay if you restrict my access to how you operate this service so that I know neither your users nor their interactions
as a service owner I want you to use my most excellent service so we can build a business relationship from which we will both profit but it’s okay if you don’t trust me with the details of your personal life so long as you do trust me to run this service as advertised
as an aggressive marketeer I want to access your visitor data to guess who might pay for miracle product X don’t make my life difficult if it affects sales I’m higher up the food chain than you!
as a disgruntled employee I want to access your service to make you pay for the pain I’m feeling I’ve had privileged access in the past and you’re too dumb to have cancelled it
as a script kiddie I want to access your service because it’s a rush to break into your stuff I’ve lots of different scripts to play with coz all lolz belong to us
as an online fraudster I want to access your service so I can steal credentials and data if that’s hard I’ll move onto a fresh target there’s always another sucker ripe for scamming
as a malicious attacker I want to access your service to monitor user behaviour and steal identities I’m waaaay more skilled than your team and I’m being paid for results
so what do we do? dev practices architecture operational rules 34
privacy ——> dev practices
privacy ——> architecture
encrypt all transports • establish a secure channel by exchanging public keys • and check their validity against trusted certificates (SSL, TLS, etc.) • pin these certificates to an origin address (SSH) • then exchange symmetric keys for a private secure channel • change these keys frequently (cheap cipher streams) • and pin each distinct message to a distinct key (one-time pads) 40
encrypt all passwords • accept utf-8 to expand the symbol space • hash every new password before it’s submitted • always use cryptograpically secure hashes (HMAC) • and a fresh HMAC key for each password (which you must store) • salt the resulting hash when you receive it (and store the salt) • then hash again before storing in your database 41
require multi-factor authentication • have the user submit their password over a secure channel • then send them a confirmation code out-of-band • that’s an agreed trust anchor acting as a shared secret • the confirmation code should be big enough to generate a HMAC • and only the HMAC should be submitted • now you have two shared secrets 42
encrypt all storage • secured transport is useless without secured data stores • encrypt all sensitive fields - that probably means all fields • batch fields where they’re too small to encrypt (denormalise) • and store HMACs for desired search terms • otherwise your black box is secure but unsearchable • make sure you use different roles for reading, writing and searching 43
privacy ——> operational rules
anchor trust internally • establish a private certificate authority • assign fine-grained roles to different components • audit: requirements, code, operations & security logs • never deploy without a formal security audit • and make those deployments immutable for later confirmation • security audits best done by third parties with an attacker mentality 45
patents pending • 14/622527 Authentication of Bearer • 14/622709 uPass Claims • 14/622549 Confidence Values • 14/622737 uPass Registration • 14/622740 Web Content Authentication • 14/726333 Asset Tracking • 14/822803 Two-factor Liveness Detection 46
slideshare://feyeleanor

Recommended

DIPLOMA Certificte
DIPLOMA CertificteDIPLOMA Certificte
DIPLOMA Certifictemasthan213
 
Creating a Dynamic, Reactive Communication Model from Scratch
Creating a Dynamic, Reactive Communication Model from ScratchCreating a Dynamic, Reactive Communication Model from Scratch
Creating a Dynamic, Reactive Communication Model from ScratchHobsons
 
WRT 205 U3
WRT 205 U3WRT 205 U3
WRT 205 U3Vincent Perez
 
resume (3)
resume (3)resume (3)
resume (3)Kamahl Walker
 
MSU Transcript
MSU TranscriptMSU Transcript
MSU TranscriptKate Nelson
 
Websites with Tiffany Truffo PBC
Websites with Tiffany Truffo PBCWebsites with Tiffany Truffo PBC
Websites with Tiffany Truffo PBCcaseytruffo
 
Implementing Software Machines in Go and C
Implementing Software Machines in Go and CImplementing Software Machines in Go and C
Implementing Software Machines in Go and CEleanor McHugh
 
Assmang Vacation Training Certificate
Assmang Vacation Training CertificateAssmang Vacation Training Certificate
Assmang Vacation Training CertificatePieter Storm
 

Recommended

DIPLOMA Certificte
DIPLOMA CertificteDIPLOMA Certificte
DIPLOMA Certifictemasthan213
 
Creating a Dynamic, Reactive Communication Model from Scratch
Creating a Dynamic, Reactive Communication Model from ScratchCreating a Dynamic, Reactive Communication Model from Scratch
Creating a Dynamic, Reactive Communication Model from ScratchHobsons
 
WRT 205 U3
WRT 205 U3WRT 205 U3
WRT 205 U3Vincent Perez
 
resume (3)
resume (3)resume (3)
resume (3)Kamahl Walker
 
MSU Transcript
MSU TranscriptMSU Transcript
MSU TranscriptKate Nelson
 
Websites with Tiffany Truffo PBC
Websites with Tiffany Truffo PBCWebsites with Tiffany Truffo PBC
Websites with Tiffany Truffo PBCcaseytruffo
 
Implementing Software Machines in Go and C
Implementing Software Machines in Go and CImplementing Software Machines in Go and C
Implementing Software Machines in Go and CEleanor McHugh
 
Assmang Vacation Training Certificate
Assmang Vacation Training CertificateAssmang Vacation Training Certificate
Assmang Vacation Training CertificatePieter Storm
 
b-TECH DEGREE
b-TECH DEGREEb-TECH DEGREE
b-TECH DEGREEABILASH VARUGHESE
 
Report w13
Report w13Report w13
Report w13Thanh Luan Nguyen
 
Internal Communication Plan
Internal Communication PlanInternal Communication Plan
Internal Communication PlanSal Hosny
 
TokyoR LT Rで連続データを離散化
TokyoR LT Rで連続データを離散化TokyoR LT Rで連続データを離散化
TokyoR LT Rで連続データを離散化tetsuro ito
 
Artículo ley de reforma al código del trabajo (revisado)
Artículo ley de reforma al código del trabajo (revisado)Artículo ley de reforma al código del trabajo (revisado)
Artículo ley de reforma al código del trabajo (revisado)Gabriel Recalde Bolaños
 
エクセル統計の使い方(重回帰分析編)
エクセル統計の使い方(重回帰分析編)エクセル統計の使い方(重回帰分析編)
エクセル統計の使い方(重回帰分析編)Social Survey Research Information Co., Ltd.
 
how to use the virtual keyboard
how to use the virtual keyboardhow to use the virtual keyboard
how to use the virtual keyboardSri Rakesh
 
[2023] Putting the R! in R&D.pdf
[2023] Putting the R! in R&D.pdf[2023] Putting the R! in R&D.pdf
[2023] Putting the R! in R&D.pdfEleanor McHugh
 
Generics, Reflection, and Efficient Collections
Generics, Reflection, and Efficient CollectionsGenerics, Reflection, and Efficient Collections
Generics, Reflection, and Efficient CollectionsEleanor McHugh
 
The Relevance of Liveness - Biometrics and Data Integrity
The Relevance of Liveness - Biometrics and Data IntegrityThe Relevance of Liveness - Biometrics and Data Integrity
The Relevance of Liveness - Biometrics and Data IntegrityEleanor McHugh
 
The Browser Environment - A Systems Programmer's Perspective [sinatra edition]
The Browser Environment - A Systems Programmer's Perspective [sinatra edition]The Browser Environment - A Systems Programmer's Perspective [sinatra edition]
The Browser Environment - A Systems Programmer's Perspective [sinatra edition]Eleanor McHugh
 
The Browser Environment - A Systems Programmer's Perspective
The Browser Environment - A Systems Programmer's PerspectiveThe Browser Environment - A Systems Programmer's Perspective
The Browser Environment - A Systems Programmer's PerspectiveEleanor McHugh
 
Go for the paranoid network programmer, 3rd edition
Go for the paranoid network programmer, 3rd editionGo for the paranoid network programmer, 3rd edition
Go for the paranoid network programmer, 3rd editionEleanor McHugh
 
An introduction to functional programming with Go [redux]
An introduction to functional programming with Go [redux]An introduction to functional programming with Go [redux]
An introduction to functional programming with Go [redux]Eleanor McHugh
 
An introduction to functional programming with go
An introduction to functional programming with goAn introduction to functional programming with go
An introduction to functional programming with goEleanor McHugh
 
Implementing virtual machines in go & c 2018 redux
Implementing virtual machines in go & c 2018 reduxImplementing virtual machines in go & c 2018 redux
Implementing virtual machines in go & c 2018 reduxEleanor McHugh
 
Identity & trust in Monitored Spaces
Identity & trust in Monitored SpacesIdentity & trust in Monitored Spaces
Identity & trust in Monitored SpacesEleanor McHugh
 
Don't Ask, Don't Tell - The Virtues of Privacy By Design
Don't Ask, Don't Tell - The Virtues of Privacy By DesignDon't Ask, Don't Tell - The Virtues of Privacy By Design
Don't Ask, Don't Tell - The Virtues of Privacy By DesignEleanor McHugh
 
Don't ask, don't tell the virtues of privacy by design
Don't ask, don't tell the virtues of privacy by designDon't ask, don't tell the virtues of privacy by design
Don't ask, don't tell the virtues of privacy by designEleanor McHugh
 
Anonymity, identity, trust
Anonymity, identity, trustAnonymity, identity, trust
Anonymity, identity, trustEleanor McHugh
 
Going Loopy - Adventures in Iteration with Google Go
Going Loopy - Adventures in Iteration with Google GoGoing Loopy - Adventures in Iteration with Google Go
Going Loopy - Adventures in Iteration with Google GoEleanor McHugh
 
Distributed Ledgers: Anonymity & Immutability at Scale
Distributed Ledgers: Anonymity & Immutability at ScaleDistributed Ledgers: Anonymity & Immutability at Scale
Distributed Ledgers: Anonymity & Immutability at ScaleEleanor McHugh
 

More Related Content

Viewers also liked

Internal Communication Plan
Internal Communication PlanInternal Communication Plan
Internal Communication PlanSal Hosny
 
TokyoR LT Rで連続データを離散化
TokyoR LT Rで連続データを離散化TokyoR LT Rで連続データを離散化
TokyoR LT Rで連続データを離散化tetsuro ito
 
Artículo ley de reforma al código del trabajo (revisado)
Artículo ley de reforma al código del trabajo (revisado)Artículo ley de reforma al código del trabajo (revisado)
Artículo ley de reforma al código del trabajo (revisado)Gabriel Recalde Bolaños
 
how to use the virtual keyboard
how to use the virtual keyboardhow to use the virtual keyboard
how to use the virtual keyboardSri Rakesh
 

Viewers also liked (7)

b-TECH DEGREE
b-TECH DEGREEb-TECH DEGREE
b-TECH DEGREE
 
Report w13
Report w13Report w13
Report w13
 
Internal Communication Plan
Internal Communication PlanInternal Communication Plan
Internal Communication Plan
 
TokyoR LT Rで連続データを離散化
TokyoR LT Rで連続データを離散化TokyoR LT Rで連続データを離散化
TokyoR LT Rで連続データを離散化
 
Artículo ley de reforma al código del trabajo (revisado)
Artículo ley de reforma al código del trabajo (revisado)Artículo ley de reforma al código del trabajo (revisado)
Artículo ley de reforma al código del trabajo (revisado)
 
エクセル統計の使い方(重回帰分析編)
エクセル統計の使い方(重回帰分析編)エクセル統計の使い方(重回帰分析編)
エクセル統計の使い方(重回帰分析編)
 
how to use the virtual keyboard
how to use the virtual keyboardhow to use the virtual keyboard
how to use the virtual keyboard
 

More from Eleanor McHugh

[2023] Putting the R! in R&D.pdf
[2023] Putting the R! in R&D.pdf[2023] Putting the R! in R&D.pdf
[2023] Putting the R! in R&D.pdfEleanor McHugh
 
Generics, Reflection, and Efficient Collections
Generics, Reflection, and Efficient CollectionsGenerics, Reflection, and Efficient Collections
Generics, Reflection, and Efficient CollectionsEleanor McHugh
 
The Relevance of Liveness - Biometrics and Data Integrity
The Relevance of Liveness - Biometrics and Data IntegrityThe Relevance of Liveness - Biometrics and Data Integrity
The Relevance of Liveness - Biometrics and Data IntegrityEleanor McHugh
 
The Browser Environment - A Systems Programmer's Perspective [sinatra edition]
The Browser Environment - A Systems Programmer's Perspective [sinatra edition]The Browser Environment - A Systems Programmer's Perspective [sinatra edition]
The Browser Environment - A Systems Programmer's Perspective [sinatra edition]Eleanor McHugh
 
The Browser Environment - A Systems Programmer's Perspective
The Browser Environment - A Systems Programmer's PerspectiveThe Browser Environment - A Systems Programmer's Perspective
The Browser Environment - A Systems Programmer's PerspectiveEleanor McHugh
 
Go for the paranoid network programmer, 3rd edition
Go for the paranoid network programmer, 3rd editionGo for the paranoid network programmer, 3rd edition
Go for the paranoid network programmer, 3rd editionEleanor McHugh
 
An introduction to functional programming with Go [redux]
An introduction to functional programming with Go [redux]An introduction to functional programming with Go [redux]
An introduction to functional programming with Go [redux]Eleanor McHugh
 
An introduction to functional programming with go
An introduction to functional programming with goAn introduction to functional programming with go
An introduction to functional programming with goEleanor McHugh
 
Implementing virtual machines in go & c 2018 redux
Implementing virtual machines in go & c 2018 reduxImplementing virtual machines in go & c 2018 redux
Implementing virtual machines in go & c 2018 reduxEleanor McHugh
 
Identity & trust in Monitored Spaces
Identity & trust in Monitored SpacesIdentity & trust in Monitored Spaces
Identity & trust in Monitored SpacesEleanor McHugh
 
Don't Ask, Don't Tell - The Virtues of Privacy By Design
Don't Ask, Don't Tell - The Virtues of Privacy By DesignDon't Ask, Don't Tell - The Virtues of Privacy By Design
Don't Ask, Don't Tell - The Virtues of Privacy By DesignEleanor McHugh
 
Don't ask, don't tell the virtues of privacy by design
Don't ask, don't tell the virtues of privacy by designDon't ask, don't tell the virtues of privacy by design
Don't ask, don't tell the virtues of privacy by designEleanor McHugh
 
Anonymity, identity, trust
Anonymity, identity, trustAnonymity, identity, trust
Anonymity, identity, trustEleanor McHugh
 
Going Loopy - Adventures in Iteration with Google Go
Going Loopy - Adventures in Iteration with Google GoGoing Loopy - Adventures in Iteration with Google Go
Going Loopy - Adventures in Iteration with Google GoEleanor McHugh
 
Distributed Ledgers: Anonymity & Immutability at Scale
Distributed Ledgers: Anonymity & Immutability at ScaleDistributed Ledgers: Anonymity & Immutability at Scale
Distributed Ledgers: Anonymity & Immutability at ScaleEleanor McHugh
 
Go for the paranoid network programmer, 2nd edition
Go for the paranoid network programmer, 2nd editionGo for the paranoid network programmer, 2nd edition
Go for the paranoid network programmer, 2nd editionEleanor McHugh
 
Going Loopy: Adventures in Iteration with Go
Going Loopy: Adventures in Iteration with GoGoing Loopy: Adventures in Iteration with Go
Going Loopy: Adventures in Iteration with GoEleanor McHugh
 
Finding a useful outlet for my many Adventures in go
Finding a useful outlet for my many Adventures in goFinding a useful outlet for my many Adventures in go
Finding a useful outlet for my many Adventures in goEleanor McHugh
 
Anonymity, trust, accountability
Anonymity, trust, accountabilityAnonymity, trust, accountability
Anonymity, trust, accountabilityEleanor McHugh
 

More from Eleanor McHugh (20)

[2023] Putting the R! in R&D.pdf
[2023] Putting the R! in R&D.pdf[2023] Putting the R! in R&D.pdf
[2023] Putting the R! in R&D.pdf
 
Generics, Reflection, and Efficient Collections
Generics, Reflection, and Efficient CollectionsGenerics, Reflection, and Efficient Collections
Generics, Reflection, and Efficient Collections
 
The Relevance of Liveness - Biometrics and Data Integrity
The Relevance of Liveness - Biometrics and Data IntegrityThe Relevance of Liveness - Biometrics and Data Integrity
The Relevance of Liveness - Biometrics and Data Integrity
 
The Browser Environment - A Systems Programmer's Perspective [sinatra edition]
The Browser Environment - A Systems Programmer's Perspective [sinatra edition]The Browser Environment - A Systems Programmer's Perspective [sinatra edition]
The Browser Environment - A Systems Programmer's Perspective [sinatra edition]
 
The Browser Environment - A Systems Programmer's Perspective
The Browser Environment - A Systems Programmer's PerspectiveThe Browser Environment - A Systems Programmer's Perspective
The Browser Environment - A Systems Programmer's Perspective
 
Go for the paranoid network programmer, 3rd edition
Go for the paranoid network programmer, 3rd editionGo for the paranoid network programmer, 3rd edition
Go for the paranoid network programmer, 3rd edition
 
An introduction to functional programming with Go [redux]
An introduction to functional programming with Go [redux]An introduction to functional programming with Go [redux]
An introduction to functional programming with Go [redux]
 
An introduction to functional programming with go
An introduction to functional programming with goAn introduction to functional programming with go
An introduction to functional programming with go
 
Implementing virtual machines in go & c 2018 redux
Implementing virtual machines in go & c 2018 reduxImplementing virtual machines in go & c 2018 redux
Implementing virtual machines in go & c 2018 redux
 
Identity & trust in Monitored Spaces
Identity & trust in Monitored SpacesIdentity & trust in Monitored Spaces
Identity & trust in Monitored Spaces
 
Don't Ask, Don't Tell - The Virtues of Privacy By Design
Don't Ask, Don't Tell - The Virtues of Privacy By DesignDon't Ask, Don't Tell - The Virtues of Privacy By Design
Don't Ask, Don't Tell - The Virtues of Privacy By Design
 
Don't ask, don't tell the virtues of privacy by design
Don't ask, don't tell the virtues of privacy by designDon't ask, don't tell the virtues of privacy by design
Don't ask, don't tell the virtues of privacy by design
 
Anonymity, identity, trust
Anonymity, identity, trustAnonymity, identity, trust
Anonymity, identity, trust
 
Going Loopy - Adventures in Iteration with Google Go
Going Loopy - Adventures in Iteration with Google GoGoing Loopy - Adventures in Iteration with Google Go
Going Loopy - Adventures in Iteration with Google Go
 
Distributed Ledgers: Anonymity & Immutability at Scale
Distributed Ledgers: Anonymity & Immutability at ScaleDistributed Ledgers: Anonymity & Immutability at Scale
Distributed Ledgers: Anonymity & Immutability at Scale
 
Hello Go
Hello GoHello Go
Hello Go
 
Go for the paranoid network programmer, 2nd edition
Go for the paranoid network programmer, 2nd editionGo for the paranoid network programmer, 2nd edition
Go for the paranoid network programmer, 2nd edition
 
Going Loopy: Adventures in Iteration with Go
Going Loopy: Adventures in Iteration with GoGoing Loopy: Adventures in Iteration with Go
Going Loopy: Adventures in Iteration with Go
 
Finding a useful outlet for my many Adventures in go
Finding a useful outlet for my many Adventures in goFinding a useful outlet for my many Adventures in go
Finding a useful outlet for my many Adventures in go
 
Anonymity, trust, accountability
Anonymity, trust, accountabilityAnonymity, trust, accountability
Anonymity, trust, accountability
 

Recently uploaded

Powering Real-Time Decisions with Continuous Data Streams
Powering Real-Time Decisions with Continuous Data StreamsPowering Real-Time Decisions with Continuous Data Streams
Powering Real-Time Decisions with Continuous Data StreamsSafe Software
 
Precise and Complete Requirements? An Elusive Goal
Precise and Complete Requirements? An Elusive GoalPrecise and Complete Requirements? An Elusive Goal
Precise and Complete Requirements? An Elusive GoalLionel Briand
 
Revolutionizing the Digital Transformation Office - Leveraging OnePlan’s AI a...
Revolutionizing the Digital Transformation Office - Leveraging OnePlan’s AI a...Revolutionizing the Digital Transformation Office - Leveraging OnePlan’s AI a...
Revolutionizing the Digital Transformation Office - Leveraging OnePlan’s AI a...OnePlan Solutions
 
2024-04-09 - From Complexity to Clarity - AWS Summit AMS.pdf
2024-04-09 - From Complexity to Clarity - AWS Summit AMS.pdf2024-04-09 - From Complexity to Clarity - AWS Summit AMS.pdf
2024-04-09 - From Complexity to Clarity - AWS Summit AMS.pdfAndrey Devyatkin
 
Large Language Models for Test Case Evolution and Repair
Large Language Models for Test Case Evolution and RepairLarge Language Models for Test Case Evolution and Repair
Large Language Models for Test Case Evolution and RepairLionel Briand
 
Keeping your build tool updated in a multi repository world
Keeping your build tool updated in a multi repository worldKeeping your build tool updated in a multi repository world
Keeping your build tool updated in a multi repository worldRoberto Pérez Alcolea
 
Zer0con 2024 final share short version.pdf
Zer0con 2024 final share short version.pdfZer0con 2024 final share short version.pdf
Zer0con 2024 final share short version.pdfmaor17
 
SAM Training Session - How to use EXCEL ?
SAM Training Session - How to use EXCEL ?SAM Training Session - How to use EXCEL ?
SAM Training Session - How to use EXCEL ?Alexandre Beguel
 
The Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptx
The Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptxThe Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptx
The Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptxRTS corp
 
What’s New in VictoriaMetrics: Q1 2024 Updates
What’s New in VictoriaMetrics: Q1 2024 UpdatesWhat’s New in VictoriaMetrics: Q1 2024 Updates
What’s New in VictoriaMetrics: Q1 2024 UpdatesVictoriaMetrics
 
Tech Tuesday Slides - Introduction to Project Management with OnePlan's Work ...
Tech Tuesday Slides - Introduction to Project Management with OnePlan's Work ...Tech Tuesday Slides - Introduction to Project Management with OnePlan's Work ...
Tech Tuesday Slides - Introduction to Project Management with OnePlan's Work ...OnePlan Solutions
 
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full Recording
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full RecordingOpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full Recording
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full RecordingShane Coughlan
 
Patterns for automating API delivery. API conference
Patterns for automating API delivery. API conferencePatterns for automating API delivery. API conference
Patterns for automating API delivery. API conferencessuser9e7c64
 
Real-time Tracking and Monitoring with Cargo Cloud Solutions.pptx
Real-time Tracking and Monitoring with Cargo Cloud Solutions.pptxReal-time Tracking and Monitoring with Cargo Cloud Solutions.pptx
Real-time Tracking and Monitoring with Cargo Cloud Solutions.pptxRTS corp
 
Introduction to Firebase Workshop Slides
Introduction to Firebase Workshop SlidesIntroduction to Firebase Workshop Slides
Introduction to Firebase Workshop Slidesvaideheekore1
 
Simplifying Microservices & Apps - The art of effortless development - Meetup...
Simplifying Microservices & Apps - The art of effortless development - Meetup...Simplifying Microservices & Apps - The art of effortless development - Meetup...
Simplifying Microservices & Apps - The art of effortless development - Meetup...Rob Geurden
 
GraphSummit Madrid - Product Vision and Roadmap - Luis Salvador Neo4j
GraphSummit Madrid - Product Vision and Roadmap - Luis Salvador Neo4jGraphSummit Madrid - Product Vision and Roadmap - Luis Salvador Neo4j
GraphSummit Madrid - Product Vision and Roadmap - Luis Salvador Neo4jNeo4j
 
Strategies for using alternative queries to mitigate zero results
Strategies for using alternative queries to mitigate zero resultsStrategies for using alternative queries to mitigate zero results
Strategies for using alternative queries to mitigate zero resultsJean Silva
 
Ronisha Informatics Private Limited Catalogue
Ronisha Informatics Private Limited CatalogueRonisha Informatics Private Limited Catalogue
Ronisha Informatics Private Limited Catalogueitservices996
 
VictoriaMetrics Q1 Meet Up '24 - Community & News Update
VictoriaMetrics Q1 Meet Up '24 - Community & News UpdateVictoriaMetrics Q1 Meet Up '24 - Community & News Update
VictoriaMetrics Q1 Meet Up '24 - Community & News UpdateVictoriaMetrics
 

Recently uploaded (20)

Powering Real-Time Decisions with Continuous Data Streams
Powering Real-Time Decisions with Continuous Data StreamsPowering Real-Time Decisions with Continuous Data Streams
Powering Real-Time Decisions with Continuous Data Streams
 
Precise and Complete Requirements? An Elusive Goal
Precise and Complete Requirements? An Elusive GoalPrecise and Complete Requirements? An Elusive Goal
Precise and Complete Requirements? An Elusive Goal
 
Revolutionizing the Digital Transformation Office - Leveraging OnePlan’s AI a...
Revolutionizing the Digital Transformation Office - Leveraging OnePlan’s AI a...Revolutionizing the Digital Transformation Office - Leveraging OnePlan’s AI a...
Revolutionizing the Digital Transformation Office - Leveraging OnePlan’s AI a...
 
2024-04-09 - From Complexity to Clarity - AWS Summit AMS.pdf
2024-04-09 - From Complexity to Clarity - AWS Summit AMS.pdf2024-04-09 - From Complexity to Clarity - AWS Summit AMS.pdf
2024-04-09 - From Complexity to Clarity - AWS Summit AMS.pdf
 
Large Language Models for Test Case Evolution and Repair
Large Language Models for Test Case Evolution and RepairLarge Language Models for Test Case Evolution and Repair
Large Language Models for Test Case Evolution and Repair
 
Keeping your build tool updated in a multi repository world
Keeping your build tool updated in a multi repository worldKeeping your build tool updated in a multi repository world
Keeping your build tool updated in a multi repository world
 
Zer0con 2024 final share short version.pdf
Zer0con 2024 final share short version.pdfZer0con 2024 final share short version.pdf
Zer0con 2024 final share short version.pdf
 
SAM Training Session - How to use EXCEL ?
SAM Training Session - How to use EXCEL ?SAM Training Session - How to use EXCEL ?
SAM Training Session - How to use EXCEL ?
 
The Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptx
The Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptxThe Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptx
The Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptx
 
What’s New in VictoriaMetrics: Q1 2024 Updates
What’s New in VictoriaMetrics: Q1 2024 UpdatesWhat’s New in VictoriaMetrics: Q1 2024 Updates
What’s New in VictoriaMetrics: Q1 2024 Updates
 
Tech Tuesday Slides - Introduction to Project Management with OnePlan's Work ...
Tech Tuesday Slides - Introduction to Project Management with OnePlan's Work ...Tech Tuesday Slides - Introduction to Project Management with OnePlan's Work ...
Tech Tuesday Slides - Introduction to Project Management with OnePlan's Work ...
 
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full Recording
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full RecordingOpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full Recording
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full Recording
 
Patterns for automating API delivery. API conference
Patterns for automating API delivery. API conferencePatterns for automating API delivery. API conference
Patterns for automating API delivery. API conference
 
Real-time Tracking and Monitoring with Cargo Cloud Solutions.pptx
Real-time Tracking and Monitoring with Cargo Cloud Solutions.pptxReal-time Tracking and Monitoring with Cargo Cloud Solutions.pptx
Real-time Tracking and Monitoring with Cargo Cloud Solutions.pptx
 
Introduction to Firebase Workshop Slides
Introduction to Firebase Workshop SlidesIntroduction to Firebase Workshop Slides
Introduction to Firebase Workshop Slides
 
Simplifying Microservices & Apps - The art of effortless development - Meetup...
Simplifying Microservices & Apps - The art of effortless development - Meetup...Simplifying Microservices & Apps - The art of effortless development - Meetup...
Simplifying Microservices & Apps - The art of effortless development - Meetup...
 
GraphSummit Madrid - Product Vision and Roadmap - Luis Salvador Neo4j
GraphSummit Madrid - Product Vision and Roadmap - Luis Salvador Neo4jGraphSummit Madrid - Product Vision and Roadmap - Luis Salvador Neo4j
GraphSummit Madrid - Product Vision and Roadmap - Luis Salvador Neo4j
 
Strategies for using alternative queries to mitigate zero results
Strategies for using alternative queries to mitigate zero resultsStrategies for using alternative queries to mitigate zero results
Strategies for using alternative queries to mitigate zero results
 
Ronisha Informatics Private Limited Catalogue
Ronisha Informatics Private Limited CatalogueRonisha Informatics Private Limited Catalogue
Ronisha Informatics Private Limited Catalogue
 
VictoriaMetrics Q1 Meet Up '24 - Community & News Update
VictoriaMetrics Q1 Meet Up '24 - Community & News UpdateVictoriaMetrics Q1 Meet Up '24 - Community & News Update
VictoriaMetrics Q1 Meet Up '24 - Community & News Update
 

Privacy is always a requirement

  • 1. privacy is always a requirement Eleanor McHugh Romek Szczesniak
  • 3. we all have secrets and these secrets matter to us that’s what makes them secrets software should keep our secrets
  • 4. some secrets are awful conspiracy infidelity criminality
  • 5. some secrets are banal bank account numbers embarrassing incidents sexual preferences
  • 6. secrecy should be absolute our tech must protect the awful or it won’t protect the banal
  • 7. but there are laws we must comply with these assist the legitimate deny the illegitimate
  • 9. privacy is not absolute privacy requires mutual trust mutual trust is a contract and contracts can be broken
  • 10. famous broken contracts Office of Personnel Management Amazon Web Services Ashley-Madison
  • 11. today’s topic is applied paranoia
  • 12. paranoia Pronunciation: /ˌparəˈnɔɪə/ noun {mass noun} A mental condition characterized by delusions of persecution, unwarranted jealousy, or exaggerated self-importance, typically worked into an organized system. It may be an aspect of chronic personality disorder, of drug abuse, or of a serious condition such as schizophrenia in which the person loses touch with reality. Unjustified suspicion and mistrust of other people: mild paranoia afflicts all prime ministers 12
  • 13.
  • 14.
  • 15.
  • 16. paranoia Pronunciation: /ˌparəˈnɔɪə/ noun {mass noun} The perfectly reasonable belief that someone, somewhere is watching your online behaviour with malicious and/or voyeuristic intent. It may be a result of reading a Hacking Exposed or Hacking for Dummies publication, experiencing the fallout from identity theft, or shopping with bitcoin. Justified suspicion and mistrust of other people: chronic paranoia afflicts all information security professionals accute paranoia afflicts the victims of hacking 16
  • 17.
  • 18. 18
  • 19. we have to trust governments governments are privileged if we don’t obey they can hurt us not much we can do about that 19
  • 20. 20
  • 21. our users have to trust us our services are privileged they store real-world secrets and identifying metadata 21
  • 22. but who can we trust? technology bars the gates but people create the bars and people have to monitor them 22
  • 23. as a visitor I want to remain anonymous when I interact with your service so I can get an idea of who you are without committing to anything but it’s okay if you know I visited or ask if I’d like to hear from you later so long as you don’t tell anyone else and you accept my answer
  • 24. as a registered user I want my personal data to be secure when I entrust you with it so hackers can’t steal my identity or bully me for my views but it’s okay if you’re aware when I make changes and confirm them so long as that information is provably to my benefit
  • 25. as a system administration I want to roll-back errors and monitor security breaches so I can protect my users and my business from fraud or loss but it’s okay if I can only see data relevant to a particular incident so that I know the bare minimum about you or any other user
  • 26. as a law enforcement officer I want to perform lawful interception queries so I can catch criminals and terrorists but it’s okay if you control my access and require court orders so that criminal investigate is never a cover for political oppression
  • 27. as a regulator I want to ensure this service complies with all applicable rules so I can catch prove that the service is trustworthy and legitimate but it’s okay if you restrict my access to how you operate this service so that I know neither your users nor their interactions
  • 28. as a service owner I want you to use my most excellent service so we can build a business relationship from which we will both profit but it’s okay if you don’t trust me with the details of your personal life so long as you do trust me to run this service as advertised
  • 29. as an aggressive marketeer I want to access your visitor data to guess who might pay for miracle product X don’t make my life difficult if it affects sales I’m higher up the food chain than you!
  • 30. as a disgruntled employee I want to access your service to make you pay for the pain I’m feeling I’ve had privileged access in the past and you’re too dumb to have cancelled it
  • 31. as a script kiddie I want to access your service because it’s a rush to break into your stuff I’ve lots of different scripts to play with coz all lolz belong to us
  • 32. as an online fraudster I want to access your service so I can steal credentials and data if that’s hard I’ll move onto a fresh target there’s always another sucker ripe for scamming
  • 33. as a malicious attacker I want to access your service to monitor user behaviour and steal identities I’m waaaay more skilled than your team and I’m being paid for results
  • 34. so what do we do? dev practices architecture operational rules 34
  • 35. privacy ——> dev practices
  • 36.
  • 37.
  • 39.
  • 40. encrypt all transports • establish a secure channel by exchanging public keys • and check their validity against trusted certificates (SSL, TLS, etc.) • pin these certificates to an origin address (SSH) • then exchange symmetric keys for a private secure channel • change these keys frequently (cheap cipher streams) • and pin each distinct message to a distinct key (one-time pads) 40
  • 41. encrypt all passwords • accept utf-8 to expand the symbol space • hash every new password before it’s submitted • always use cryptograpically secure hashes (HMAC) • and a fresh HMAC key for each password (which you must store) • salt the resulting hash when you receive it (and store the salt) • then hash again before storing in your database 41
  • 42. require multi-factor authentication • have the user submit their password over a secure channel • then send them a confirmation code out-of-band • that’s an agreed trust anchor acting as a shared secret • the confirmation code should be big enough to generate a HMAC • and only the HMAC should be submitted • now you have two shared secrets 42
  • 43. encrypt all storage • secured transport is useless without secured data stores • encrypt all sensitive fields - that probably means all fields • batch fields where they’re too small to encrypt (denormalise) • and store HMACs for desired search terms • otherwise your black box is secure but unsearchable • make sure you use different roles for reading, writing and searching 43
  • 45. anchor trust internally • establish a private certificate authority • assign fine-grained roles to different components • audit: requirements, code, operations & security logs • never deploy without a formal security audit • and make those deployments immutable for later confirmation • security audits best done by third parties with an attacker mentality 45
  • 46. patents pending • 14/622527 Authentication of Bearer • 14/622709 uPass Claims • 14/622549 Confidence Values • 14/622737 uPass Registration • 14/622740 Web Content Authentication • 14/726333 Asset Tracking • 14/822803 Two-factor Liveness Detection 46