STRINT IETF / W3C Security Workshop London, UK, March 2014 Juan Carlos Zuniga 1 Threat Model • Five main classes of attack • Pervasive passive attack [metadata, • • • • 2 correlation] Pervasive active attack [access in the network core] Static key exfiltration Dynamic key exfiltration Content exfiltration Collaborators • A legitimate actor giving help to the attacker • Static: One-time help (e.g., private key) • Dynamic: Ongoing, per-session help • Content: The desired content itself • Witting or unwitting • Your IT can collaborate on your behalf • Real or virtual • Hand over key data or make it predictable 3 Summary • Attackers will do all five attack classes • Attacks can be performed in different ways • Threats to Objects – Metadata, content • Threats to Venue – Infrastructure and links (from TLS down) • Technology can be used to increase cost of attack • Tech cost (passive-> active) • Risk of exposure (static -> dynamic, target dispersal) 4 Possible implications /considerations for IEEE 802 • Generic protocol guidelines (e.g. Privacy) should • • • • 5 we equally applicable to most 802 protocols Link layer encryption (not only data) MAC addresses Broadcast identifiers Size and sequence of messages