Cyber Warfare - Milan 2015
-
Upload
marco-pozzato -
Category
Technology
-
view
31 -
download
2
Transcript of Cyber Warfare - Milan 2015
- 1. Cyberespionage and cryptography: protecting information in the Information Technology era June 2015 Marco Pozzato CTO PrivateWave Italia S.p.A.
- 2. Once upon a time... In old ages Paper and envelops Horses or vehicles Espionage was: expensive and time consuming no mass scale invasive and visible
- 3. 3rd Millennium Nowadays Voice: landline and mobile Asynchronous messaging: SMS, email Instant Messaging: whatsapp, facebook Communications are: digital espionage is transparent and undetectable pervasive mass wiretapping is cheap
- 4. Mobile Networks Are Insecure GSM is broken! Cracked in 2011 with 20$ hardware UMTS is theoretically flawed, practically secure Phones are dual mode a jammer forces them to GSM protocol
- 5. Threats Privacy, Business and national security threats: Government espionage Mass surveillance Industrial espionage Secure Voice & Text Communications
- 6. Choose Secure Communication Solution Define Risk Context Who are my attackers? Which factors affects decision?
- 7. Technologies & Networks Data Over Voice (DoV) codec impractical Circuit Switched Data (CSD) phased out TETRA expensive devices and poor network coverage Solution is Secure Voice over Internet Protocol
- 8. Usability and Devices Secure Phone: hard security Blackberry OS 5/6/7: push email Iphone: cool device Android: power users and geeks Blackberry 10: security & EMM Users want their beloved smartphone and apps
- 9. Software VS Hardware HW with Crypto SD card Expensive No SD card trend in new devices Not replaceable SW only Cheap Flexible Easily replaceable
- 10. Architecture
- 11. Architecture - Wiretapping Software as a Service in cloud Provider is responsible On premise Customer owns communication infrastructure
- 12. Communications Protocols Proprietary Geopolitical Standards SCIP SNS Internet Open Standards SIP/TLS SRTP SDES ZRTP
- 13. Vulnerability assessment Made by third party company Different methodologies