1) help prevent illegal activities, with an

1) Investigate what the “Nothing to hide” argument means regarding privacy
and     government/corporate
surveillance. List and analyse, giving your reasoned view, the arguments for
and against it.

The “Nothing to hide” argument is
primarily involved with debates over mass surveillance and its violation of
privacy. Governments and large corporations often use the phrase “if you’ve got
nothing to hide, you’ve got nothing to fear” 1, which implies that, unless
you are involved in illegal activities, there is no breach of privacy.

We Will Write a Custom Essay Specifically
For You For Only $13.90/page!

order now

The main argument for “Nothing to
hide” is to help prevent illegal activities, with an emphasis on stopping
terrorism. With regards to the National Security Agency (NSA) surveillance, it
is argued that the public must be surveyed in order to counter any terrorism
that could occur within the U.S borders 2. It is also mentioned in 2 that modern
technology has changed the war against terrorists, and the government must do
what is necessary. According to 3, “roughly 56 percent of Americans believe
it is “acceptable” for the spy agency to secretly collect the telephone call
records of millions of Americans” (statistics they acquired from Washington
Post 4). It is then mentioned that 45% of Americans believe the government
should monitor all activity, in order to prevent future terrorist attacks 3.
Prevention of terrorism is the strongest argument for surveillance, using the
“Nothing to Hide” statement to try and reassure the public that privacy is not
truly being breached unless the person in question is involved in illegal

On the other Hand, the “Nothing to
Hide” argument has a strong opposition, who firmly believe that the invasion of
privacy does not justify the actions of any body performing the surveillance.
In 5, examples are given of where protections of privacy are vital, such as
Doctor – Patient Confidentiality, Witness protection and online anonymity from
stalkers. 6 gives links to events where surveillance lead to a breach of
privacy, which ended detrimentally for the people it affected. One example
provided 7 gives details on how a disabled woman, claiming benefits, was
recorded on holiday moving unaided. The videos were then used against her in
court to charge her for fraud. In this case, surveillance had invaded her
privacy, which obtained information which was then used to prosecute her. A
very famous case is the Edward Snowden case, which involved him revealing that
the NSA was surveying the American public. He is strongly against the “Nothing
to Hide” statement, claiming “privacy isn’t about something to hide. Privacy is
about something to protect” 8.

In Conclusion, arguments for “Nothing
to hide” consist of preventing crimes and terrorist acts, using surveillance to
find the people related to illegal activity, stating that the innocent populace
have nothing to fear about their privacy. Arguments against the statement are
focused on the governments abuse of power, and misuse of information obtained
from surveillance. This also suggests there is a distinct lack of trust, on
both sides, between the government and general public 9.



2) Read and describe in your own words the paper “Impact of Artificial
“Gummy” Fingers on Fingerprint Systems”. What countermeasures would
you suggest to stop the attacks presented in this work?

The paper “Impact of
Artificial “Gummy” Fingers on Fingerprint Systems” 10  focuses
on the vulnerabilities of fingerprint systems – typically involving the use of
artificial fingerprints derived from genuine fingerprints. The paper emphasises
the security issues of fingerprints: How easily they can not only be obtained,
but forged as well. Using two examples (Silicon fingers and gummy fingers),
they proved that most commercial fingerprint scanners can be fooled by gummy
fingers, even those that claim to have “Live and Well” measures to prevent such
spoofing. Their conclusion is that manufacturers must take extra precautions to
eliminate, or at least lower the acceptance rate, of fake finger spoofing on
their scanners.

One paper, obtained from the IEEE, proposes an anti-spoofing device that can be
integrated simply into any commercial scanner, which uses capacitance and pulse
detection which they claim to have 100% accuracy 11. Figure 1, taken from
11, shows the design of the attachment. The capacitive sensor is insulated to
prevent any false positives from stray capacitance within the design. The dome
shape was used to protect the pulse sensor, which is sensitive to external
light. The device worked by scanning the finger for 5 seconds, if the device
doesn’t detect a “live” finger after 5 seconds, it is deemed a fail. The end
results are shown to have a 100% detection of artificial fingers, and a 97.2%
detection rate of live fingers. The use of this would prevent the use of any
artificial finger (and would also prevent the extreme event of a severed finger
being used) as they lack a pulse and would fail the device’s test. As a paper
published by the IEEE, this results of this source are likely to be reliable,
if this were to be used.

Another paper proposes the use of 3rd Level
features of a fingerprint, primarily pores 12. Detection of pores requires a
higher resolution (a minimum of 500 DPI, 1000 recommended 13). Seen as pores
are very small, often less than 1mm 12, it would be very difficult to
recreate them with easily obtainable equipment, such as gelatine. Pore perspiration
would cause variation in the grey level of the fingerprint, seen as artificial
fingers do not perspire, they will not have this variation. This method
requires a change to software, instead of hardware, so would be cheaper and,
potentially, easier. However, this is dependent on the skill of the programmer.
Both solutions are methods of “Live and Well” detection, which is proposed to
be implemented as a defence against artificial finger spoofing in 11.


3) Write an in-depth
description of the FREAK SSL/TLS Vulnerability, describing its potential impact
and the countermeasures/mitigation techniques used

Secure Sockets Layer (SSL) and Transport Layer Security
(TSL) are cryptographic protocols used to add a level of security to
communications over a network 14. An exploit of these protocols was found in
2015, known as the Factorising Attack on RSA-Export Keys (FREAK), which
involves a Man in the Middle (MITM) attack to weaken the level of cryptography
used for encryption 15. The issue originates from the 1990’s, when the U.S
government limited the length of RSA keys for cryptographic exports to 512 bits
16 17. The limit made export RSA keys weaker than keys used internally
within the U.S; as such, protocols were required to allow servers to support
both ciphers, and decide the best cipher possible between the server and the
client 17. “Cipher Suites” were developed, which are a set of cryptographic
algorithms for key exchange, encryption and authentication 17 18 19.

Cipher suites for export RSA keys are still existent in
SSL/TLS protocols, which is the vulnerability 20. A MITM attack can be done
to lower the grade of encryption. This is done by intercepting the handshake
between the client and the server. Instead of requesting the best cipher
solution 21, the attacker would change the request to an export RSA cipher
17. As this cipher is limited to 512 bits, it is far weaker than any other
available cipher and can be factored within hours 22, dependant on
computation capability, revealing the RSA decryption key. Once decrypted, the
attacker can decrypt the “pre-master secret”, encrypted by the client,
revealing the TLS “master secret” 17. The attacker can now see everything in
plaintext, allowing them to inject anything. Around 36% of 14 million websites
are vulnerable to this attack 15 17 22 23; browsers affected include:
Internet Explorer, Safari, Chrome, Android browser and Opera 22 (All of which
use OpenSSL).

The most common solution to preventing a FREAK attack, is to
disable any export cipher suites 15 20 server- side, preventing any
degradation of cryptography. Forward secrecy is also recommended 22 24
25, which protects past session keys from future attacks/compromises 25 by
generating a random secret key for key agreement during a session 26. Many
patches have also been released for browsers, removing the weakness 27 28,
as well as OpenSSL also having released an update, mitigating the FREAK
vulnerability 30.










4) How can attackers bypass firewalls? Describe at least 4 possibilities
providing enough technical details and some tools and countermeasures, if

A common method for bypassing
firewalls is to perform an idle (zombie) scan. This works by taking advantage
of an “idle” computer within the network, where an idle computer is a host with
very low network traffic 28 29 30. The bypass starts by observing the IP
ID (used for identifying each source address, as well as enabling fragmentation
and reassembly  31 32) of the users
on the network which, while initially random, increments for each IP packet
received 28 29 30, hence the need for an idle host – as an active host
will have an unpredictably incrementing IP ID. Once a valid idle host has been
found, the attacker spoofs the source address of the host, using it to send a
synchronise (SYN) message to the victim 28. If the port is open, the victim
will respond to the host machine with a SYN and acknowledgement (ACK) message,
which will cause the IP ID of the host to increment by 1. The attack then
probes the zombie computer with a SYN/ACK message, incrementing the IP ID again
by 1. Therefore if the host’s IP ID has increased by 2, an open port has been
found (anymore incrementing is either from other probes for open ports, or
other traffic being received by the host) 28 29 30. From there, the
attacker can now exploit the open port. This method is only effective if the
host isn’t blocked by the firewall by connecting to the victim. Ingress 33
34 and Egress 33 35 filters are capable of preventing such attacks.

Another method used is the Overlapping
Fragment Attack. IP packets are often fragmented, in order to pass through a
link with a smaller Maximum Transmission Unit (MTU) 36 than IP packet size. Each
fragment contains the IP (and TCP if used) header, which contains the IP ID 37.
An offset is also provided by each fragment, giving the start of that
particular fragment 38 39. By setting the offset of the second fragment to
overlap the initial fragments IP/TCP header, the source and destination can be
changed to that stored in the second fragment 39, giving the attacker the
chance to inject a malicious source to the victim behind the firewall. This
bypass can easily be protected against, simply by having the firewall perform the
reassembly of fragmentation, or having a filtering method that checks the size
of the IP (and TCP) header, as they should have a minimum size, and checking it
against the offset 39 40.

IP spoofing can also be used to
penetrate a firewall. Usually a firewall will block any unknown, or
unauthorised, IP addresses, to prevent any untrusted machine access to the
network. By sending traffic with an IP address of an internal machine, an
attacker would easily bypass the firewall 41. This can be prevented
relatively easily, by dropping any outbound packets that have sensitive
information (such as an IP address), while also dropping any packets that come
externally with a known internal IP address 42.

SSH Tunnelling is a less seen method
of getting passed a firewall. The success of this exploit is dependent on the
victim getting exposed to the attackers malware, either through email, fake
website or physically using a USB 43 etc. Once exposed, the attacker can use the
victims Secure Shell (SSH) connection to the server to exploit an open port (or
simply use the victims connection if already established). This bypasses the
firewall as the port is forwarded 44 on a (supposedly) secure channel. As
previously mentioned, this fails instantly if the victim is not tricked.

5) Write an in-depth description of one of the
POODLE/Heartbleed/Shellshock vulnerabilities against SSL/TLS, extracting
possible security lessons from them and detailing how they have been stopped.

Heartbleed was a vulnerability that
took advantage of a single flaw within OpenSSL 44. The exploit originates
from OpenSSL’s implementation of a SSL/TLS protocol called heartbeat (hence the
name). The heartbeat protocol was used to maintain a connection which hasn’t
been used (i.e. no uploads or downloads) for a while, by sending a fixed size
message – up to 64 KB, in which the receiver would reply with the exact same
message 44 45. The major issue arises when the sender requests a reply that
is longer than the initial message (a 20 KB message was sent, but requested a
64KB reply), as the protocol never actually checked the length of the initial
message, meaning it would simply reply the message along with the anything else
stored next to the message in the memory buffer 44 45. An attacker could
simply send a very small message and request a 64KB reply, providing them with
whatever was stored within the buffer 46. While the data could be useless, it
could also potentially contain any usernames and passwords entered during the
session, as well as encryption keys used. Not only does this put the
connection, and both users, at risk, it can also be used to obtain sensitive
information about either user, that could be used in other fields (such as bank
details, email passwords etc.) 44 45 46.

The function within OpenSSL was
patched to check the size of the initial message – if it wasn’t the size
initially requested as a reply, drop the message 44. The patch was applied to
the OpenSSL library, as it was the implementation of the protocol, rather than
the protocol itself, that led to the vulnerability 44 46. This shows that
even if protocols have been designed securely, they can still become a weakness
if not integrated securely within the libraries/programs that utilise them. The
error could only be temporarily mitigated by altering the OpenSSL library being
used: there was no way of disabling the extension 46. Websites dedicated to
stopping Heartbleed (such as heartbleed.com 46) encourage the community to
work together to sooner rectify any human error that goes unnoticed by the
















1 https://en.wikipedia.org/wiki/Nothing_to_hide_argument  Accessed 01/12/2017

2 http://edition.cnn.com/2013/06/10/opinion/sulmasy-nsa-snowden/index.html  Accessed 01/12/2017

3 http://www.theblaze.com/news/2013/06/10/here-is-the-pro-nsa-surveillance-argument  Accessed 01/12/2017

4 https://www.washingtonpost.com/politics/most-americans-support-nsa-tracking-phone-records-prioritize-investigations-over-privacy/2013/06/10/51e721d6-d204-11e2-9f1a-1a7cdee20287_story.html?utm_term=.24fe0788c908  Accessed 01/12/2017

5 https://www.openrightsgroup.org/blog/2015/responding-to-nothing-to-hide-nothing-to-fear  Accessed

6 https://www.openrightsgroup.org/blog/2015/the-real-impact-of-surveillance Accessed 02/12/2017

7 https://www.theguardian.com/commentisfree/2011/dec/06/disabled-people-benefits-dla Accessed 02/12/2017

8 http://uk.businessinsider.com/edward-snowden-privacy-argument-2016-9  Accessed 02/12/2017

9 https://www.aclu.org/blog/national-security/you-may-have-nothing-hide-you-still-have-something-fear  Accessed 02/12/2017

10  Tsutomu
Matsumoto, Hiroyuki Matsumoto, Koji Yamada, Satoshi Hoshino. Impact of Artificial
“Gummy” Fingers on Fingerprint Systems. 25 January 2002

Kishor Kumar
Sadasivuni et al. Anti-Spoo?ng Device for
Biometric Fingerprint Scanners. 9 August 2017

12 Maneesh Kumar Sharma. Detection and Prevention of Fingerprint
Altering / Spoofing Based on Pores (Level-3) with the Help of Multimodal
Biometrics. 7 July 2014

13 Anil K. Jain, Yi Chen,
Meltem Demirkus. Pores and Ridges:
High-Resolution Fingerprint Matching Using Level 3 Features. January 2007

14 https://en.wikipedia.org/wiki/Transport_Layer_Security  Accessed 03/12/2017

15 https://www.globalsign.com/en/blog/is-your-ssl-server-vulnerable-to-a-freak-attack/  Accessed 03/12/2017

16 https://en.wikipedia.org/wiki/Export_of_cryptography_from_the_United_States  Accessed 03/12/2017

17 https://blog.cryptographyengineering.com/2015/03/03/attack-of-week-freak-or-factoring-nsa/  Accessed 03/12/2017

18 https://msdn.microsoft.com/en-us/library/windows/desktop/aa374757(v=vs.85).aspx  Accessed 03/12/2017

19 Jake A. Berkowsky, Thaier
Hayajneh. Security Isuues with
Certificate Authorties. 21 October 2017

20 https://commons.lbl.gov/display/cpp/Fixing+SSL+vulnerabilities  Accessed 04/12/2017

21 https://msdn.microsoft.com/en-us/library/windows/desktop/aa380161(v=vs.85).aspx  Accessed 04/12/2017

22 https://www.digicert.com/blog/freak-attack-need-know/  Accessed 04/12/2017

23 https://en.wikipedia.org/wiki/FREAK  Accessed 04/12/2017

24 https://censys.io/blog/freak  Accessed 04/12/2017

25 https://wiki.mozilla.org/Security/Server_Side_TLS#Forward_Secrecy  Accessed 05/12/2017

26 https://en.wikipedia.org/wiki/Forward_secrecy  Accessed 05/12/2017

27 https://www.pcworld.com/article/2895143/microsoft-fixes-freak-vulnerability-in-patch-tuesday-update.html  Accessed 05/12/2017

28 https://www.reuters.com/article/us-apple-cybersecurity/apple-plans-fix-next-week-for-newly-uncovered-freak-security-bug-idUSKBN0LZ2GA20150306  Accessed 08/12/2017

27 https://www.openssl.org/source/  Accessed 08/12/2017

28 http://blog.icterra.com/what-is-idle-scan/  Accessed 10/12/2017

29 https://security.stackexchange.com/questions/45381/how-does-nmap-do-a-zombie-and-decoy-scan  Accessed 10/12/2017

30 https://en.wikipedia.org/wiki/Idle_scan  Accessed 11/12/2017

31 https://tools.ietf.org/html/rfc6864  Accessed 12/12/2017

32 https://www.cellstream.com/intranet/reference-reading/tipsandtricks/314-the-purpose-of-the-ip-id-field-demystified.html  Accessed 12/12/2017

33 https://gbhackers.com/idle-zombie-scan-nmap/  Accessed 12/12/2017

34 http://searchnetworking.techtarget.com/definition/ingress-filtering  Accessed 13/12/2017

35 https://www.calyptix.com/how-to/egress-filtering-101-what-it-is-and-how-to-do-it/  Accessed 13/12/2017

36 https://en.wikipedia.org/wiki/IP_fragmentation  Accessed 03/01/2018

37 http://www.erg.abdn.ac.uk/users/gorry/course/inet-pages/ip-fragmentatiion.html

38 https://en.wikipedia.org/wiki/IPv4#Fragmentation_and_reassembly  Accessed 03/01/2018

39 https://books.google.co.uk/books?id=AO2fsAPVC34C&pg=PA259&lpg=PA259&dq=fragment+overlapping+firewall&source=bl&ots=LhSBZ76ZK9&sig=Y39np5VOZHgvE8JNXZaoK3flMXk&hl=en&sa=X&ved=0ahUKEwiOtYWhq9rYAhXjD8AKHZnWCK84ChDoAQguMAE#v=onepage&q=fragment%20overlapping%20firewall&f=false  Accessed 04/01/2018

40 https://tools.ietf.org/html/rfc1858  Accessed

41 http://www.itprotoday.com/management-mobility/external-firewall-attacks  Accessed 04/01/2018

42 https://tools.ietf.org/html/rfc1918  Accessed 06/01/2018

43 https://sathisharthars.com/2014/07/07/evade-windows-firewall-by-ssh-tunneling-using-metasploit/  Accessed 07/01/2018

44 https://www.csoonline.com/article/3223203/vulnerabilities/what-is-the-heartbleed-bug-how-does-it-work-and-how-was-it-fixed.html  Accessed 08/01/2018

45 https://www.acunetix.com/blog/articles/tls-vulnerabilities-attacks-final-part/  Accessed 09/01/2018

46 http://heartbleed.com/  Accessed 10/01/2018