METADATA TRACKING AND ENCRYPTION METADATA EXAMPLES Microsoft Word

  • Slides: 13
Download presentation
METADATA: TRACKING AND ENCRYPTION

METADATA: TRACKING AND ENCRYPTION

METADATA EXAMPLES • • Microsoft Word document properties Telephone/email metadata Camera/image metadata Web browser

METADATA EXAMPLES • • Microsoft Word document properties Telephone/email metadata Camera/image metadata Web browser identification and tracking

MICROSOFT WORD – DOCUMENT INSPECTOR

MICROSOFT WORD – DOCUMENT INSPECTOR

TELEPHONE & EMAIL • Similar to postal mail: • Information needed to route and

TELEPHONE & EMAIL • Similar to postal mail: • Information needed to route and deliver the message • In many cases, content is less valuable than metadata

CAMERA / IMAGE METADATA • EXIF • Date & time • Camera settings (e.

CAMERA / IMAGE METADATA • EXIF • Date & time • Camera settings (e. g. aperture, shutter speed, ISO speed) • GPS location

WEBPAGE METADATA • Evercookie • Panopticlick • Do Not Track HTTP Header

WEBPAGE METADATA • Evercookie • Panopticlick • Do Not Track HTTP Header

SOCIAL NETWORKING METADATA • Sleeping Time • Please Rob Me

SOCIAL NETWORKING METADATA • Sleeping Time • Please Rob Me

INTERLUDE – SHOPPING METADATA

INTERLUDE – SHOPPING METADATA

METADATA PRIVACY LAWS • Video Privacy Protection Act (VPPA) • Driver's Privacy Protection Act

METADATA PRIVACY LAWS • Video Privacy Protection Act (VPPA) • Driver's Privacy Protection Act of 1994 (DPPA)

ENCRYPTION • Doesn’t apply to metadata that is needed for routing (in most cases)

ENCRYPTION • Doesn’t apply to metadata that is needed for routing (in most cases)

TOR – THE ONION ROUTER • Origin node randomly selects three network nodes •

TOR – THE ONION ROUTER • Origin node randomly selects three network nodes • Data is wrapped in three layers of encryption

TOR - WEAKNESSES • • • Tracking cookies Exit node eavesdropping Traffic (timing) analysis

TOR - WEAKNESSES • • • Tracking cookies Exit node eavesdropping Traffic (timing) analysis Site operators may block Tor traffic Heartbleed

HEARTBLEED • Exploits a flaw in TLS “heartbeat” extension • Affects servers and clients

HEARTBLEED • Exploits a flaw in TLS “heartbeat” extension • Affects servers and clients • Heartbeat message consists of a payload and a buffer • Attack consists of sending a maliciously constructed heartbeat message