Privacy and Secrets

1
Chapter 11

• Privacy and Secrets

2
Chapter Outline

• Privacy and Regulation
• What to do about passwords
• Random Number generation
• Cryptography
• Secrets in Memory

3
What is Privacy?
4
What is Privacy?

• An expectation of non-dissemination of
  information without consent.
• What information?

5
What is Privacy?

• An expectation of non-dissemination of
  information without consent.
• What information?
• Confidential data about the program
• Data users think is private
• Data required by law to be kept as confidential

6
What is Privacy?

• An expectation of non-dissemination of
  information without consent.
• What information?
• Confidential data about the program
• Data users think is private
• Data required by law to be kept as confidential
• Social Security Numbers
• Account numbers/credit card numbers, DL numbers
• Security codes, access codes, PINs, passwords,
  etc.
• Grades

7
Which laws?

• California's SB-1386 http//info.sen.ca.gov/pub/01
  -02/bill/sen/sb_1351-1400/sb_1386_bill_20020926_ch
  aptered.html
• Children's Online Protection Act (COPPA)
  http//www.ftc.gov/ogc/coppa1.htm
• Federal Information Security Management Act
  (FISMA) http//csrc.nist.gov/drivers/documents/FIS
  MA-final.pdf
• Gramm-Leach-Bliley Act (GLBA) http//www.ftc.gov/p
  rivacy/glbact/index.html
• Health Insurance Portability and Accountability
  Act (HIPAA) http//www.hhs.gov/ocr/hipaa/
• Payment Card Industry (PCI) Data Security
  Standard https//www.pcisecuritystandards.org
• Safe Harbor Privacy Framework http//www.export.go
  v/safeharbor/
• Family Educational Rights and Privacy Act
  (FERPA) http//www.ed.gov/policy/gen/guid/fpco/pd
  f/ferparegs.pdf

8
Where does private data enter?

• Directly
• Persisting from a DB or other data store
• Indirectly

9
How to handle Private data

• Label it as such, don't hide it. Be aware at all
  times of which variables carry private data and
  which don't.
• Privacy violations stem, for the most part,
  from misplaced trust.
• Minimize exposure of private data.
• Private data should be kept out of logs.
• Be aware of threads and re-entrant code.

10
Outbound Passwords

• Keep Passwords out of the source code.
• They are easy to find, even without the source
  code.
• Don't store Clear-text Passwords
• Store them, encrypted, in a configuration file.
• Store the encryption key in a different file.
• This can be repeated a few times.

11
Random Numbers

• Necesary for
• Cryptography (key generation)?
• Password generation
• Port randomization (for security)?
• Unique session identifiers
• Etc.
• Need good entropy generators.

12
Some notes

• If there are N possible choices, there are log N
  bits of entropy
• Expect things to go wrong.
• Watch out for lack of independence
• Be conservative.

13
Cryptography

• Choose a good algorithm
• Watch what the standards organizations (ISO,
  NIST, etc) say.
• Researchers may publish attacks on certain codes
  that does not invalidate the code.
• At the present time, recommended are
• AES
• RSA
• SHA-2 (SHA-224, SHA-256, SHA-384, SHA-512)?

14
Cryptography

• Don't roll your own
• Don't
• Invent your own algorithm
• Create your own implementation
• Concoct your own key exchange protocol.
• Security through obscurity is a delusion.

15
Secrets in Memory
16
How do attackers get secrets from memory?

• Remote exploits such as buffer overflow or format
  string attacks
• Physical attacks, such as stealing or discarded
  machines.
• Accidental leakage as in core dumps or page files.

17
How to control Information in Memory

• Minimize the time the secret is held in memory
• Lock the memory
• Share secrets sparingly
• Erase secrets securely
• Easier said than done beware of optimizing
  compilers!
• Prevent unnecesary duplication.