7CCSMSEN Security Engineering

Homework 7

MSc Computing and Security

Q1: What are good uses of anonymity services like TOR?

A: TOR is a network re-routes your traffic through other users’ machines. This enables you to use other people’s internet connections to browse the internet thus giving you greater anonymity. One downside to this is that being a member of this network enables other people who you may not trust to use your internet connection and your ISP may make you liable for what a stranger does using your connection.

Q2: What is meant by the notion forward privacy?

A: Forward privacy means that no-one can invade an individual’s privacy from a given data set as well as including other information that may be released in the future.

Q3: What is a re-identification attack?

A: A re-identification attack is where an adversary is able to identity an individual from anonymised data sets.

Q4: Imagine you have a completely ‘innocent’ email message, like birthday wishes to your grandmother. Why should you still encrypt this message and your grandma take the effort to decrypt it?

A: If you send plain emails to your grandma and then start to send encrypted ones, it will flag you as someone with something to hide. Also, through the use of public-key encryption, your grandma will be able to verify that it was you who sent it.

Q5: One part of achieving privacy (but not the only one) is to properly encrypt your conversations on the internet. But this is fiercely resisted by some spy agencies. These agencies (and some politicians for that matter) argue that, for example, ISIL’s recruiters broadcast messages on Twitter, and get people to follow them. Then they move potential recruits to Twitter Direct Messaging to evaluate if they are a legitimate recruit. If yes, they move them to an encrypted mobile-messaging app. The spy agencies argue that although they can follow the conversations on Twitter, they “go dark” on the encrypted message app. To counter this “going-dark problem”, the spy agencies push for the implementation of back-doors in iMessage and Facebook and Skype and everything else UK or US-made, which they can use to eavesdrop on conversations without conversants’ knowledge or consent.

What is the fallacy in the spy agencies “going-dark” argument?

A: If they create a back-door, they rely on security-by-obscurity. i.e. anyone who knows the backdoor will be able to decrypt anything where that cipher is used. This would likely end up in the wrong hands and be abused. Also, the terrorist groups are probably more than capable of creating their own messaging-app which they can trust.

Q6: DNA data is very sensitive and can easily violate the privacy of living people. To get around this, two scientists from Denmark proposed to create a necrogenomic database which would record the DNA data of all Danish citizens and residents at the time of their death. By matching these to information about illnesses and ailments in life, helpful evidence could be gathered about the genetic origins of diseases. The idea is that the privacy of dead people cannot be violated. What is the fallacy behind this reasoning?

A: Their children or off-spring may carry the same gene, and that may increase their health premiums.

Q7: A few years ago a Google executive tried to allay worries about Google pouring over all your emails on Gmail. He said something along the lines: You are watched by an algorithm; this is like being naked in front of your dog. What is wrong with this argument?

A: Google are more intelligent than a dog would be, in the sense that they may have their own motivations to blackmail you with what you’ve exposed to them.

Q8: This question is for you to provide regular feedback to me, for example what were the most interesting, least interesting, or confusing parts in this lecture? Is there anything you like to have explained in the handouts? Please feel free to share any other questions or concerns.

A: I found forward privacy really interesting to learn about!