Browse wiki

Threat analysis - Information Mapping II
Kind of learning session Holistic  +
Learning objectives To understand how data travels electronica
To understand how data travels electronically and the points at which it can be subjected to surveillance, adding important actors including internet service providers, online service providers etc. to the actor maps. To detect basic threats to sensitive information for responses.
ts to sensitive information for responses.  +
Methodology Methodology == Activity/Discussion: Romeo
Methodology == Activity/Discussion: Romeo and Juliet (10 minutes) == '''Step 1.''' Get participants to sit around in a 'U' shape facing the flipchart. Designate a “Romeo” and a “Juliet” at both extremities of the group of participants (can also be “Romeo and Romeo”, “Juliet and Julia”, or any other combination). '''Step 2.''' Explain that we will explore how the internet works, as an example of how data is transferred digitally, the threats to its integrity, and the potential ways of protecting it. Participants will map out a 'political' version of how the internet works, while the facilitator can map out the 'technical' version. '''Step 3.''' Instruct 'Romeo' to write a message to 'Juliet'. Romeo and Juliet will communicate, and since there is no internet, they depend on us to help them. == Input: How the Internet Works (45 minutes) == '''Steps & Input'''. Information, such as an e-mail, passes through at least the following points as it is transferred electronically over the internet. Once Romeo/Juliet have written their first message, have them pass it around the 'U' until it reaches the other. For each, ask them what they can read of the message and give them a sheet indicating their role. 1. '''Computer''' of the sender of the message (i.e. Romeo) 2. The '''router''' in the building or area where Romeo connects to the internet 3. The '''Internet Service Provider''', who owns the router. The ISP is usually a large company which must comply with the laws of the country. 4. The '''National Gateways''': part of the telecommunication infrastructure of the country, where the optic cables enter the territory of the country. It is often controlled by the State, or may be operated by a private company. The data may pass through several countries, ISPs and Gateways as it travels to the servers of the online service. 5. Eventually the email will arrive at the Gateway, and the '''ISP of the email provider''' (e.g. Yahoo!, in the United States) 6. It arrives at the '''servers of Yahoo'''! 7. When Juliet checks her email, the mail will pass through a combination of the above again before arriving at her ISP, her router and her computer. While in real life we send postcards referring to real physical addresses, devices also have addresses to send data around the internet: these are called '''IP addresses'''. IP addresses usually refer to concrete physical addresses too. Demonstrate: http://whatismyipaddress.com ''HTTP Traffic: A Postcard'' The first round of passing messages between Romeo and Juliet, they pass a message with content (a message) and an address, just like a postcard. And, like a postcard, this can be read at every point along the way. This kind of traffic is called HTTP Traffic. ''HTTPS Traffic: An Envelope'' '''Step 1.''' Ask participants – what is the first step that should be taken to protect the postcard? They should respond with the idea of putting it into an envelope – so provide an envelope to the person in the role of Yahoo! '''Step 2 Input.''' The difference with the internet is that the envelope is provided by the online service provider (the website). Romeo or Juliet must **ask for the envelope** and then write another message, inside the envelope, with an address on it. In this case, only Yahoo can read the message, since they provided the envelope. They can also copy and share this content. '''Step 3 Input.'''Everyone else can only read the address and the names of the sender and recipient. That is, the metadata. Metadata is still important and widely used for surveillance. We must not think about the sensitivity of our content in isolation, as metadata is often 'enough' for many State surveillance programs. ''Encrypted Traffic: A lockbox'' '''Step 1.''' Imagine that one day a magical 'gnome' (the facilitator) appears to Juliet and says to her: Juliet! Do you want Romeo to send you a note so that no one along the way can tell what it is? Then you should give him this, your very own open lockbox. This is a magical lockbox. '''Step 2''' Hand 'Juliet' the open box. Your lockbox is magical because: You have as many of the same lockbox as you want. You can give it to whomever you want to have send you confidential messages. Once they put their message in your lockbox and send it to you, another lockbox is magically there for them to use. Once they close and lock your lockbox, only its PRIVATE key can open it. '''Step 3''' Hand 'Juliet' the key. This is your Private key. ONLY YOU have this key. It is yours, and it is private. Keep your private key very safe. DON'T lose or share your private key. It will always open this lockbox and all of its copies. If you lose this private key, you will NOT be able to open the lockboxes associated with it. NEVER. (Optional) The private key will imprint itself on you the first time, with your kiss. Thereafter it will only work after you kiss it to tell it that it is you who are using it and no one else (metaphor for self-authentication via password). From this point on, the key will only work with your kiss. '''Step 4''' Concept checking. Ask participants: What does Romeo need in order to send Juliet a message? (her lockbox) Can Juliet send him a private message back? (Not yet). In order for both sides to be able to communicate privately, they both need a lock box and they both need a key. So, the gnome repeats the process above with Romeo. Repeat the process above with Romeo. '''Step 5''' Romeo and Juliet now have everything they need in order to communicate securely. All they need to do is exchange lockboxes! How can they do this? In person / Through the postal system like before. Have Romeo and Juliet exchange lockboxes and have Juliet send Romeo a message in his lockbox. '''Step 6 Input''' This process is how a kind of email encryption known as GPG works. Each of us has a public 'lockbox' which we share with everyone, and a private key which is password-protected which we maintain for ourselves and share with nobody. In order to communicate securely, we exchange our public lockboxes. After that, we can use them in certain computer programs to encrypt and send messages. However when a 'lockbox' (encrypted message) goes through the postal system, it's clear what it is, at least to Yahoo! Therefore it could be suspicious and draw attention to yourself. ''Circumvention and Anonymity'' We can circumvent the system of IP addresses which facilitates censorship and online tracking through using softwares such as a VPN or TOR. A VPN is less effective at anonymizing, although it is not suspicious. TOR is more effective at anonymizing, but also more suspicious. == Deepening: Written Information Map – Information in Motion (30 minutes) == Summarise the threats to sensitive information in motion, potential tactics and their advantages and pitfalls after the exercise. You may want to create a table such as the below: HTTP / HTTPS / End-to-end Encryption / TOR Content protected from ISP (and whomever No / Yes / Yes / Yes they share it with) Content protected from website/service owners No / No / Yes / No (and whomever they share it with) Metadata protected No / No / No / Yes Introduce the information map for information in motion, explaining each of its parts. Participants fill out the map for information in motion (see handout) for 15 minutes and share reflections. == Synthesis: Return to Actor Map == Participants return to their Actor Maps and add any important new actors according to the map of how the internet works. Suspicious Depends on content / No / Potentially / Potentially
No / Potentially / Potentially  +
Number of facilitators involved 1  +
Prerequisites Better to do it after actor mapping session.  +
Technical needs Flipchart/Whiteboard, markers, envelopes, postcards/small sheets of paper, pens, cipher OR two small boxes with keys  +
Theoretical and on line resources Holistic Security Guide Security in a Box https://securityinabox.org  +
Title of the tutorial Information Mapping Part 2  +
Tutorial category Discussion  +
Has improper value for
"Has improper value for" is a predefined property to track input errors for irregular value annotations that was likely caused by type or allowed value restrictions.
Duration (hours)  +
Categories Tutorials
Modification date
This property is a special property in this wiki.
27 August 2015 16:06:50  +
hide properties that link here 
  No properties link to this page.


Enter the name of the page to start browsing from.