STRINT
IETF / W3C Security Workshop
London, UK, March 2014
Juan Carlos Zuniga
1
Threat Model
• Five main classes of attack
• Pervasive passive attack [metadata,
•
•
•
•
2
correlation]
Pervasive active attack [access in the network
core]
Static key exfiltration
Dynamic key exfiltration
Content exfiltration
Collaborators
• A legitimate actor giving help to the attacker
• Static: One-time help (e.g., private key)
• Dynamic: Ongoing, per-session help
• Content: The desired content itself
• Witting or unwitting
• Your IT can collaborate on your behalf
• Real or virtual
• Hand over key data or make it predictable
3
Summary
• Attackers will do all five attack classes
• Attacks can be performed in different ways
• Threats to Objects
– Metadata, content
• Threats to Venue
– Infrastructure and links (from TLS down)
• Technology can be used to increase cost of
attack
• Tech cost (passive-> active)
• Risk of exposure (static -> dynamic, target dispersal)
4
Possible implications
/considerations for IEEE 802
• Generic protocol guidelines (e.g. Privacy) should
•
•
•
•
5
we equally applicable to most 802 protocols
Link layer encryption (not only data)
MAC addresses
Broadcast identifiers
Size and sequence of messages