The Centre for Internet and Society
https://cis-india.org
These are the search results for the query, showing results 1 to 3.
The State of Secure Messaging
https://cis-india.org/internet-governance/blog/the-state-of-secure-messaging
<b>A look at the protections provided by and threats posed to secure communication online.</b>
<p><em>This blogpost was edited by Gurshabad Grover and Amber Sinha.</em></p>
<p dir="ltr">The current benchmark for secure communication online is
end-to-end encrypted messaging. It refers to a method of encryption
wherein the contents of a message are only readable by the devices of
the individuals, or endpoints, participating in the communication. All
other Internet intermediaries such as internet service providers,
internet exchange points, undersea cable operators, data centre
operators, and even the messaging service providers themselves cannot
read them. This is achieved through cryptographic <a href="https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange">mechanisms</a>
that allow independent devices to establish a shared secret key over an
insecure communication channel, which they then use to encrypt and
decrypt messages. Common examples of end-to-end encrypted messaging are
applications like Signal and WhatsApp.</p>
<p dir="ltr">This post attempts to give at-risk individuals, concerned
citizens, and civil society at large a more nuanced understanding of the
protections provided and threats posed to the security and privacy of
their communications online.</p>
<h4 dir="ltr">Threat Model</h4>
<p dir="ltr">The first step to assessing security and privacy is to
identify and understand actors and risks. End-to-end encrypted messaging
applications consider the following threat model:</p>
<ul><li style="list-style-type: disc;" dir="ltr">
<p dir="ltr">Device compromise: Can happen physically through loss or
theft, or remotely. Access to an individual’s device could be gained
through technical flaws or coercion (<a href="https://www.eff.org/wp/digital-privacy-us-border-2017">legal</a>, or <a href="https://xkcd.com/538/">otherwise</a>). It can be temporary or be made persistent by installing <a href="https://citizenlab.ca/2019/10/nso-q-cyber-technologies-100-new-abuse-cases/">malware</a> on the device.</p>
</li><li style="list-style-type: disc;" dir="ltr">
<p dir="ltr">Network monitoring and interference: Implies access to data
in transit over a network. All Internet intermediaries have such
access. They may either actively interfere with the communication or
passively <a href="https://www.theatlantic.com/international/archive/2013/07/the-creepy-long-standing-practice-of-undersea-cable-tapping/277855/">observe</a> traffic.</p>
</li><li style="list-style-type: disc;" dir="ltr">
<p dir="ltr">Server compromise: Implies access to the web server hosting
the application. This could be achieved through technical flaws,
insider access such as an employee, or through coercion (<a href="https://en.wikipedia.org/wiki/Investigatory_Powers_Act_2016">legal</a>, or otherwise). </p>
</li></ul>
<p dir="ltr">End-to-end encrypted messaging aims to offer complete
message confidentiality and integrity in the face of server and network
compromise, and some protections against device compromise. These are
detailed below.</p>
<h4 dir="ltr">Protections Provided</h4>
<p dir="ltr">Secure messaging services guarantee certain properties. For
mature services that have received adequate study from researchers, we
can assume them to be sound, barring implementation flaws which are
described later.</p>
<ul><li style="list-style-type: disc;" dir="ltr">
<p dir="ltr">Confidentiality: The contents of a message are kept private and the ciphers used are <a href="https://pthree.org/2016/06/19/the-physics-of-brute-force/">practically</a> unbreakable by adversaries.</p>
</li></ul>
<ul><li style="list-style-type: disc;" dir="ltr">
<p dir="ltr">Integrity: The contents of a message cannot be modified in transit.</p>
</li></ul>
<ul><li style="list-style-type: disc;" dir="ltr">
<p dir="ltr">Deniability: Aims to mimic unrecorded real-world
conversations where an individual can deny having said something.
Someone in possession of the chat transcript cannot <em>cryptographically</em>
prove that an individual authored a particular message. While some
applications feature such off-the-record messaging capabilities, the
legal applicability of such mechanisms is <a href="https://debian-administration.org/users/dkg/weblog/104">debatable</a>.</p>
</li></ul>
<ul><li style="list-style-type: disc;" dir="ltr">
<p dir="ltr">Forward and Future Secrecy: These properties aim to limit
the effects of a temporary compromise of credentials on a device.
Forward secrecy ensures messages collected over the network, which were
sent before the compromise, cannot be decrypted. Future secrecy ensures
messages sent post-compromise are protected. These mechanisms are easily
circumvented in practice as past messages are usually stored on the
device being compromised, and future messages can be obtained by gaining
persistent access during compromise. These properties are meant to
protect individuals <a href="https://hal.inria.fr/hal-01966560/document">aware</a> of these limitations in exceptional situations such as a journalist crossing a border.</p>
</li></ul>
<h4 dir="ltr">Shortcomings</h4>
<p dir="ltr">While secure messaging services offer useful protections
they also have some shortcomings. It is useful to understand these and
their mitigations to minimise risk.</p>
<ul><li style="list-style-type: disc;" dir="ltr">
<p dir="ltr">Metadata: Information about a communication such as <strong>who</strong> the participants are, <strong>when</strong> the messages are sent, <strong>where</strong> the participants are located, and <strong>what</strong>
the size of a message is can offer important contextual information
about a conversation. While some popular messaging services <a href="https://signal.org/blog/sealed-sender/">attempt</a>
to minimize metadata generation, metadata leakage, in general, is still
considered an open problem because such information can be gleaned by
network monitoring as well as from server compromise. Application
policies around whether such data is stored and for how long it is
retained can improve privacy. There are also <a href="https://ricochet.im/">experimental</a> approaches that use techniques like onion routing to hide metadata.</p>
</li></ul>
<ul><li style="list-style-type: disc;" dir="ltr">
<p dir="ltr">Authentication: This is the process of asserting whether an
individual sending or receiving a message is who they are thought to
be. Current messaging services trust application servers and cell
service providers for authentication, which means that they have the
ability to replace and impersonate individuals in conversations.
Messaging services offer advanced features to mitigate this risk, such
as notifications when a participant’s identity changes, and manual
verification of participants’ security keys through other communication
channels (in-person, mail, etc.).</p>
</li></ul>
<ul><li style="list-style-type: disc;" dir="ltr">
<p dir="ltr">Availability: An individual’s access to a messaging service
can be impeded. Intermediaries may delay or drop messages resulting in
what is called a denial of service attack. While messaging services are
quite resilient to such attacks, governments may censor or completely
shut down Internet access.</p>
</li></ul>
<ul><li style="list-style-type: disc;" dir="ltr">
<p dir="ltr">Application-level gaps: Capabilities offered by services in
addition to messaging, such as contact discovery, online status, and
location sharing are often <a href="https://www.forbes.com/sites/thomasbrewster/2017/01/22/whatsapp-facebook-backdoor-government-data-request/">not covered</a>
by end-to-end encryption and may be stored by the application server.
Application policies around how such information is gathered and
retained affect privacy.</p>
</li></ul>
<ul><li style="list-style-type: disc;" dir="ltr">
<p dir="ltr">Implementation flaws and backdoors: Software or hardware
flaws (accidental or intentional) on an individual’s device could be
exploited to circumvent the protections provided by end-to-end
encryption. For mature applications and platforms, accidental flaws are
difficult and <a href="https://arstechnica.com/information-technology/2019/09/for-the-first-time-ever-android-0days-cost-more-than-ios-exploits/">expensive</a> to exploit, and as such are only accessible to Government or other
powerful actors who typically use them to surveil individuals of
interest (and not for mass surveillance). Intentional flaws or backdoors
introduced by manufacturers may also be present. The only defence
against these is security researchers who rely on manual inspection to
examine software and network interactions to detect them.</p>
</li></ul>
<h4 dir="ltr">Messaging Protocols and Standards</h4>
<p dir="ltr">In the face of demands for exceptional access to encrypted
communication from governments, and risks of mass surveillance from both
governments and corporations, end-to-end encryption is important to
enable secure and private communication online. The signal protocol,
which is open and adopted by popular applications like WhatsApp and
Signal, is considered a success story as it brought end-to-end
encryption to over a billion users and has become a de-facto standard.</p>
<p dir="ltr">However, it is unilaterally developed and controlled by a single organisation. Messaging Layer Security (or <a href="https://datatracker.ietf.org/wg/mls/about/">MLS</a>)
is a working group within the Internet Engineering Task Force (IETF)
that is attempting to standardise end-to-end encryption through
participation of individuals from corporations, academia, and civil
society. The draft protocol offers the standard security properties
mentioned above, except for deniability which is still being considered.
It incorporates novel research that allows it to scale efficiently for
large groups up to thousands of participants, which is an improvement
over the signal protocol. MLS aims to increase adoption further by
creating open standards and implementations, similar to the Transport
Layer Security (TLS) protocol used to encrypt much of the web today.
There is also a need to look beyond end-to-end encryption to address its
shortcomings, particularly around authentication and metadata leakage.</p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/blog/the-state-of-secure-messaging'>https://cis-india.org/internet-governance/blog/the-state-of-secure-messaging</a>
</p>
No publisherdivyankFreedom of Speech and ExpressionEncryptionIETF2020-07-17T08:12:15ZBlog EntryRegulating the Internet: The Government of India & Standards Development at the IETF
https://cis-india.org/internet-governance/blog/regulating-the-internet-the-government-of-india-standards-development-at-the-ietf
<b>The institution of open standards has been described as a formidable regulatory regime governing the Internet. Given the regulatory and domestic policy implications that technical standards can have, there is a need for Indian governmental agencies to focus adequate resources geared towards achieving favourable outcomes at standards development fora.</b>
<p>This brief was authored by Aayush Rathi, Gurshabad Grover and Sunil Abraham. Click <a class="external-link" href="http://cis-india.org/internet-governance/files/regulating-the-internet">here</a> to download the policy brief.</p>
<hr />
<h2>Executive Summary</h2>
<div> </div>
<p style="text-align: justify;">The institution of open standards has been described as a formidable regulatory regime governing the Internet. As the Internet has moved to facilitate commerce and communication, governments and corporations find greater incentives to participate and influence the decisions of independent standards development organisations.</p>
<p style="text-align: justify;">While most such bodies have attempted to systematise fair and transparent processes, this brief highlights how they may still be susceptible to compromise. Documented instances of large private companies like Microsoft, and governmental instrumentalities like the US National Security Agency (NSA) exerting disproportionate influence over certain technical standards further the case for increased Indian participation.</p>
<p style="text-align: justify;">The debate around Transport Layer Security (TLS) 1.3 at the Internet Engineering Task Force (IETF) forms an important case for studying how a standards body responded to political developments, and how the Government of India participated in the ensuing discussions. Lasting four years, the debate ended in favour of greater communications security. One of the security improvements in TLS 1.3 over its predecessor is that is makes less information available to networking middleboxes. Considering that Indian intelligence agencies and government departments have expressed fears of foreign-manufactured networking equipment being used by foreign intelligence to eavesdrop on Indian networks, the development is potentially favourable for the security of Indian communication in general, and the security of military and intelligence systems in particular. India has historically procured most networking equipment from foreign manufacturers. While there have been calls for indigenised production of such equipment, achieving these objectives will necessarily be a gradual process. Participating in technical standards can, then, be an effective interim method for intelligence agencies, defence wings and law enforcement for establishing trust in critical networking infrastructure sourced from foreign enterprises.</p>
<p style="text-align: justify;">Outlining some of the existing measures the Indian government has put in place to build capacity for and participate in standard setting, this brief highlights that while these are useful starting points, they need to be harmonised and strengthened to be more fruitful. Given the regulatory and domestic policy implications that technical standards can have, there is a need for Indian governmental agencies to focus adequate resources geared towards achieving favourable outcomes at standards development fora.</p>
<hr />
<p>Click <a class="external-link" href="http://cis-india.org/internet-governance/files/regulating-the-internet">here</a> to download the policy brief.</p>
<p style="text-align: justify;">Note: The recommendations in the brief were updated on 17 December 2018 to reflect the relevance of technical standard-setting in the recent discussions around Indian intelligence concerns about foreign-manufactured networking equipment.</p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/blog/regulating-the-internet-the-government-of-india-standards-development-at-the-ietf'>https://cis-india.org/internet-governance/blog/regulating-the-internet-the-government-of-india-standards-development-at-the-ietf</a>
</p>
No publisherAayush Rathi, Gurshabad Grover and Sunil AbrahamOpen StandardsCryptographyCybersecurityInternet GovernanceSurveillanceIETFEncryption Policy2019-01-22T07:29:39ZBlog EntryIPv6 in India: The promises and challenges
https://cis-india.org/internet-governance/blog/ipv6-in-india
<b>Newspapers have been reporting that IPv4 addresses will get over soon, and that we will have to shift to IPv6. In this short piece, Pranesh Prakash gives a layperson's introduction to the IPv6 Internet we will be entering into soon, and what that means for you.</b>
<p>Reports suggest that the global pool of IPv4 addresses <a class="external-link" href="http://arstechnica.com/web/news/2009/09/2010-could-be-the-last-year-for-ipv4-as-we-know-it.ars">will run dry by 2011</a>, and thus the shift to IPv6 is imminent. But what does that mean? There are <a class="external-link" href="http://arstechnica.com/hardware/news/2007/03/IPv6.ars">excellent resources</a> that explain this in technical language. Below I shall try to do so in non-technical language.</p>
<h2>What is IPv6?</h2>
<p>Internet Protocol version 4 (IPv4) is a standard defined in 1981, which
is central to the Internet, allowing vastly different computers on
vastly different kinds of networks to communicate with each other.
(Think of how diplomatic protocols enables diplomats from vastly
different cultures to communicate effectively by agreement on certain
common minimums (such as a handshake, etc.).) IPv4 was defined when
there were relatively few computers, and even fewer connected to
networks. Many things have changed since then, with one of the most
important change being the burgeoning of the Internet and the World
Wide Web. Each computer on the Internet has something known as an IP
address. Each 'packet' of data transmitted over the Internet must have
associated from and to IP addresses (which can sometimes be ranges of
addresses). IPv4 can accommodate 4,294,967,296 (2^32) unique IP
addresses, whereas IPv6 can handle 340 undecillion (2^128) unique
addresses. When you consider that every device with Internet
connectivity has an IP address (from laptops to Blackberries to even
alarm clocks), a lot of IP addresses are required. Since the early
1990s, people have been talking about some of the limitations of IPv4,
the primary one being the lack of expandability of IPv4.</p>
<h2>
Benefits of IPv6</h2>
<ol><li>
Greater number of computers on the Internet, as it uses more</li><li>
Better reliability and security, as IPSec, a protocol for
authenticating and securing all IP data, is built into IPv6 as a
default.</li><li>
More efficient and thus faster than IPv4. Despite carrying much
more data, IPv6 packets are simpler to route (just as addresses with
pincodes are easier for post offices to handle).</li><li>
More features can be added more easily. If at a later point of time
more features are required, those can be added without a whole new
protocol being designed.</li></ol>
<h2>
What all does IPv6 require?</h2>
<ol><li>
IPv6-capable Internet Service Providers providing consumers IPv6 addresses</li><li>
IPv6-capable networking hardware (modems, routers)</li><li>
IPv6-capable operating systems on consumer devices (smartphones, computers, etc.)</li><li>
IPv6-capable websites, which depends on (1)</li></ol>
<h2>The shift to IPv6</h2>
Apart from IPv6 <em>capability</em>, at some point the <em>shift</em>
to IPv6 must happen, since IPv4 and IPv6 are not compatible.
Translators, which allow an IPv6 address to be understood by a computer
using IPv4, do exist, but they are quite expensive to deploy.
Currently, it is estimated that around 1% of the world's Internet
traffic is conducted using IPv6. The most successful example of IPv6
being used on a large scale was the 2008 Olympics where <em>all</em>
network operations (from security camera transmissions to a special
IPv6 website). So why haven't more ISPs shifted to IPv6? Because of
network externalities. While telephones make sense, being the only
person in the world with a telephone doesn't. Similarly, while IPv6 is
the way for the future, it only makes economic sense for ISPs to shift
(or even prepare for the shift, by using translators) when there are
plenty of others using IPv6. While some ISPs (like Sify) are already
prepared for the shift, others need to gear up. Importantly, the
government step in to encourage (and, perhaps, at some point, mandate)
this transition. Following the governments of the US, EU, and China,
the Indian government too sees the immensity of this shift, and has
tasked the Telecommunication Engineering Centre (TEC) of the Department
of Telecommunications to take the lead in this. The <a id="ay-p" title="TEC has convened meetings with experts" href="http://www.tec.gov.in/seminar.html">TEC has convened meetings with experts</a>, and thus India seems to be on the right track.
<h2>
What does all this mean for you?</h2>
Perhaps a lot or not very much, depending on how you look at things.
Most modern modems and routers (which are usually provided by your ISP) <em>support</em> IPv6, but are, by default, configured for IPv4. Many
smartphones don't work on IPv6, but generally phones have a shorter
shelf life and chances are that market forces will goad manufacturers
to support IPv6 by the time the IPv6 Internet becomes more popular.
Thus, while IPv4 addresses might be find themselves near the end of
their natural life within one to three years, they will live on thanks
to various mechanisms that translate IPv4 to IPv6 (which won't work
well with certain applications such as peer-to-peer file-sharing).
Eventually, even those translators will have to be abandoned if we are
to embrace a brave new Internet.
<p> </p>
<p> </p>
<p> </p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/blog/ipv6-in-india'>https://cis-india.org/internet-governance/blog/ipv6-in-india</a>
</p>
No publisherpraneshIETFIntroductionIPv62011-08-02T07:16:50ZBlog Entry