How Ring Could Really Protect Its Users: Encrypt Footage End-To-End - EFF

How Ring Could Really Protect Its Users: Encrypt Footage End-To-End - EFF

How Ring Could Really Protect Its Users: Encrypt Footage End-To-End - EFF

Posted: 26 Feb 2020 03:59 PM PST

Last week, we responded to recent changes Amazon's surveillance doorbell company Ring made to the security and privacy of their devices. In our response, we made a number of suggestions for what Ring could do to be responsive to the privacy and security concerns of its customers and the larger community. One of our suggestions was for Ring to implement measures that require warrants to be issued directly to device owners in order for law enforcement to gain access to footage. This post will elaborate on this suggestion by introducing a technical scheme that would serve to protect both Ring's customers and the wider community by employing end-to-end encryption between doorbells and user devices.

Introduction: The Cloud and User Notification

In traditional surveillance systems, law enforcement had to approach the owners of footage directly in order to gain access to it. In so doing, law enforcement informed owners of the fact their footage was being requested and the scope of the request. This also served as a de facto rate-limiting of surveillance requests: a certain amount of real-world legwork had to be done to gain access to private footage. Even then, the footage was most likely granted once, and subsequent requests would have to be made for more material.

With the advent of cloud storage, access to raw footage moved from individual, private surveillance systems to the cloud provider. Once on the cloud, law enforcement can go straight to the cloud provider with a warrant for user footage, without informing the user. And footage on the cloud also makes it available to cloud employees—who can access the footage without permission from the user.

End-to-End Encryption Can Protect Footage and Feeds

End-to-end encryption (E2EE) allows devices to communicate with one another directly with the assurance of security and authenticity. This means that a user can encrypt data in a way that only the direct recipient can decrypt, and no one else—including the cloud storage provider that she uploads to and the manufacturer of the device she uses—can see what was sent. All they'll see is undecipherable "ciphertext."

Usually, end-to-end encryption happens between two or more devices owned by different people, and is implemented in communication apps like Signal and WhatsApp. E2EE can also happen between two devices owned by the same person to share sensitive data. Backup software SpiderOak One and tresorit use E2EE to back up files to the cloud in a secure way, and password managers like Dashlane and LastPass use it to store your passwords in the cloud securely. The backed-up files or passwords will be retrievable by multiple devices the user owns, but not by any other device. Not only does this protect the communication from the employees of these services, it also means that data breaches like the one LastPass experienced in 2015 do not result in any compromise of the sensitive encrypted data.

Ring has already experienced its share of data breaches and hacks in recent months, and responded by blaming its users and downplaying the dangers. The data breach resulted in username and password information on 3,600 customers being divulged, which put these users' footage in direct reach of hackers and the shadiest of data miners. Employees of Ring were found spying on customers through their doorbell cameras. Ring's history of lax security has made it the subject of a number of lawsuits, and a salient target for future hacks. To turn the tide and show that it's serious about security, the absolute best thing Ring could do is employ E2EE in its video feeds and AWS-based storage.

Not only would employing E2EE protect its users against their footage being divulged by a hack on user accounts or the AWS cloud, it would also implement just the kind of measure EFF calls for in ensuring law enforcement is required to request data directly from device owners. In E2EE schemes, the keys for the encrypted data are stored on users' devices directly, and are not held by the service provider. If a member of law enforcement wishes to obtain footage from a user's camera, they would have to ask the device owner to hand that footage over. This means that Ring would no longer provide law enforcement with a national video and audio surveillance system, since footage would have to be requested and delivered on an individual basis. It would be a return to the benefits that de facto rate-limiting of traditional surveillance systems provided, while retaining the convenience that Ring hinges its success on.

Moreover, this wouldn't necessarily be a very difficult system to implement. E2EE video feeds have been implemented in open-source encrypted communication platforms like Signal already, and encrypting stored video files with end-to-end can easily be done with inclusion of libraries made for just this purpose. In fact, some services seem to specialize in helping businesses with exactly this transition, intending to facilitate compliance with privacy legislation like HIPAA and GDPR.

Implementation Scheme Suggestion

Readers not interested in specific technical suggestions can safely skip this section. The TL;DR: an E2EE scheme for home security systems can and should be implemented.

So, how would such a system be implemented? In specifying this implementation suggestion, specific details such as choice of algorithm or keysize is omitted. Best practices should be followed for these. The intention is not to provide a spec, but rather to give a broad overview of the various pieces of infrastructure and how they could communicate with the assurances E2EE provides.

Keybase provides a good template for how to ensure key material is not lost through user mismanagement, sharing key material between multiple devices and using physical artifacts like paper copies in combination with digital devices to provide a guarantee of secure key redundancy.

The doorbell device, upon first activation, would generate a new doorbell keypair. The public key for the doorbell can be shared with the smart device app where the feed and videos will be viewed via a direct connection in a shared trusted network setting.

Likewise, the first smart device app connecting to the doorbell will generate a keypair, and communicate its public key to the doorbell in the same shared trusted network setting. The user would also be prompted to back up their key with a paper copy, and tips on best practices in physical security could be communicated.

If the doorbell has a speaker, it can at this point read off the digest form of the doorbell public key concatenated with the digest form of the app public key it received. This is the equivalent of safety numbers in Signal, and could be presented modulo the diceware list to generate a series of words, for the sake of usability. This should be verified by the user on the smart device app. Otherwise, trust in the public keys will have to be derived from the trusted network setting in which they were exchanged.

If a secondary smart device is added to the account, it should be linked with the primary smart device. Since the secondary device does not yet trust the primary device, secure key discovery has to be performed. The primary device should generate a symmetric key, and display it to the user in the form of a code. It should then send a copy of the app keypair encrypted with the symmetric key to the secondary device, which will prompt the user to enter the code to decrypt and start using the keypair. Alternatively, the secondary device could derive the keypair from the paper copy.

Any additional devices added to the account can follow the same process to receive the app keypair.

At this point, trust is established between the doorbell and all connected devices' apps.

Upon activation, the doorbell would begin recording video (and possibly audio). The video should be encrypted to a random, newly-generated symmetric key. This symmetric key should then be encrypted to the app public key, signed by the doorbell private key, and saved as a separate file. Both files should then be stored on the cloud. Upon access of the video, the app will then decrypt the symmetric key with its private app key, and use that to decrypt and view the video. To share the video, the app can decrypt the symmetric key and share that with the server or whoever is requesting access.

Live video can also be provided to devices by encrypting it to the app public key directly and signing it with the doorbell private key. Likewise, if a two-way communication is desired, the app can encrypt any audio sent back to the doorbell with the doorbell public key.

Why Ring Won't Want To Implement This...

Ring brands itself as a security-focused company, despite its digital security record. It handles the footage of millions of customers. Given the benefits to its customers, use of E2EE would seem like a natural next step. We hope Ring takes this step for its customers—it would certainly be a welcome turn for a company plagued by recent bad press following its insecure practices. It would show a real willingness to protect its customers and their data. But unfortunately, Ring currently has a direct incentive not to implement this strong security measure.

In the spring of 2018, Ring began a partnership program with police departments across the U.S. This program has expanded dramatically since its introduction to over 900 departments. Ring has carefully cultivated these relationships, with the expectation of troves of information from Ring's system being available to law enforcement. Additionally, these relationships are largely secretive, with agreements requiring confidentiality be maintained.

They've also expressed interest in implementing facial recognition for footage. In our post last week, we expressed serious concerns about this technology, including that it exacerbates racial bias and overpolicing. In order to perform identification using Amazon's facial recognition infrastructure, Ring would need unencrypted access to user footage.

Privacy advocates and customers face an uphill battle to convince Ring to implement these features. In the past, Ring has been slow to take steps to address user security and privacy concerns. Their incentives are currently to maintain and expand the partnerships they've built, utilizing Amazon's infrastructure to process the footage they possess. It will take Ring a significant reprioritization of their customers over their partnerships in order to take the next step forward.

...And A Competitor Just Might

Luckily, Ring isn't the only game in town. The field of smart home-security systems is filled with competitors, such as Google's Nest. These competitors, for whatever reason, haven't been as willing or able to build out a mass surveillance system for police use. This leaves them unencumbered by the agreements and expectations Ring has tied itself down with. A competitor in the field could implement a system that provided E2EE guarantees to its customers, protecting their feeds and footage in a very comprehensive way—from nosy employees, malicious hackers, and police agents all too eager to have this mass of data at their fingertips.

Whoever ends up implementing this forward-thinking system would signal that they are ready to take the sensitive data of their customers seriously. This would be a big step forward for the privacy and security of not just device owners, but also the community as a whole.

Good Luck Hacking My Alexa Microwave Now - Popular Mechanics

Posted: 21 Feb 2020 06:30 AM PST

  • Researchers at Rice University have come up with custom circuits that make internet-of-things (IoT) devices up to 14,000 times more secure.
  • Hardware makes this all possible. Energy-efficient circuits manage the power in processing chips, leading to tightened security.
  • The paper describing the findings will be published later this year in 2020 IEEE International Solid-State Circuits Conference.

Without you knowing it, hackers can hang outside your home—all thanks to what's known as a side-channel attack.

These attacks detect some of the invisible radiation coming from your Internet-of-Things (IoT) devices, like your Alexa voice assistant, smart TV, or even your home security system, just by picking up on electromagnetic field radiation. It's a lot easier than resorting to illegal tactics like rubber hose cryptoanalysis, which is basically just torturing victims for a password, and takes way less time than brute force attacks, which look through all possible encryption keys that could have been used.

"Once they've found a hole, there are so many things [hackers] can do," Kaiyuan Yang, an assistant professor of electrical and computer engineering at Rice University, said in a prepared statement. "And they don't need to get into a computer system or a cell phone. For instance, a thermostat connected to the network can become an access point to a home, a company, a hospital or a city."

Thankfully, scientists are coming up with new ways to help you arm yourself against these bad actors. Yang and Yan He of Rice University have developed a hardware solution that focuses on the power management circuitry found in most central processing chips in IoT devices.

Their endeavor builds on a previous breakthrough exactly one year ago, wherein the Rice lab generated paired security keys based on fingerprint-like defects that are inherent in computer chips. Each has its own particular flaws. Only this time, they're trying to prevent side-channel attacks on IoT and mobile devices, not creating security keys.

Here's the kicker: their new method makes IoT devices 14,000 times more secure.

Side Channel Attacks

Per the National Institute of Standards and Technology (NIST), a side-channel attack is enabled through "leakage of information from a physical cryptosystem," which is basically a set of cryptographic algorithms that implement a security service, typically encryption. In other words, information somehow leeches out of the security infrastructure itself.

"Characteristics that could be exploited in a side-channel attack include timing, power consumption, and electromagnetic and acoustic emissions," the NIST notes.

In practice, that may look like that van we mentioned earlier, sitting by idly while monitoring the electromagnetic field radiation emitted by a computer screen to view information before it's encrypted. This is also known as a Transient Electromagnetic Pulse Emanation Standard (TEMPEST). In other cases, hackers may spy on the power consumption of your IoT device to steal an encryption key or use an acoustic attack that can record the sound of a user's key strokes to steal their password.

"In power and electromagnetic side-channel attacks, the attackers can figure out a secret key when your device is running without opening up the device," Yang said. "Once they have your key they can decrypt everything, no matter how good your security software is."

These kinds of attacks work because screens, like the ones on your Alexa Show or perhaps that new Roku TV, emit EMF radiation that can be detected from as far away as a few hundred meters. It's even widely speculated that intelligence agencies around the world use these kinds of attacks in investigations where they must spy on criminals or journalists.

Sure, a Faraday cage—an enclosure that blocks all electromagnetic fields—can help, but that makes the entire point of IoT devices for the connected home moot. Enter Yang and He's solution.

Encryption Circuits

image

Jeff Fitlow/Rice University

The scientists discovered they could use power regulators to obfuscate information that's otherwise leaked through the power consumption of encryption circuits, which bad actors may pick up on in one of those van attacks. IoT devices each have their own onboard computing chip, and Yang and He want to alter the power circuits on them.

"By replacing existing power management circuitry with our unit, we not only provide a much better way to defend against powerful threats, but also provide a much more energy-efficient solution," Yang said. The new circuits should take up no more room on a chip than current power management units.

With each continuing iteration of this design, Yang said he hopes Rice will get closer to working with manufacturers to implement the circuits into their fabrication processes. Especially because, as Yang said, side-channel attacks are becoming ubiquitous, as even YouTube videos can show you how to pull them off.

"This is a real threat, and we're in a fight to make it much more difficult and expensive for attackers to succeed," he said.
-

Comments

Post a Comment

Popular Posts

6 Anti-forensic techniques that every cyber investigator dreads | EC-Council Official Blog - EC-Council Blog

Image
6 Anti-forensic techniques that every cyber investigator dreads | EC-Council Official Blog - EC-Council Blog 6 Anti-forensic techniques that every cyber investigator dreads | EC-Council Official Blog - EC-Council Blog 5 best TrueCrypt alternatives | Encrypt your computer with these apps - proprivacy.com The Best Way to Encrypt Email in Outlook - Security Boulevard 6 Anti-forensic techniques that every cyber investigator dreads | EC-Council Official Blog - EC-Council Blog Posted: 23 Nov 2019 12:00 AM PST Anti-forensic techniques can make a computer investigator's life difficult. From committing fraud in an organization to stealing crucial data, cybercriminals can perform a wide range of nefarious activities. In some cases, these perpetrators try to cover their tracks by deleting browser history, cache memory, and even cookies. But with an upward trend , it is now much convenient for cyber attackers to use already progr...
Read more

How to Encrypt Your iPhone or iPad Backup - MUO - MakeUseOf

Image
How to Encrypt Your iPhone or iPad Backup - MUO - MakeUseOf How to Encrypt Your iPhone or iPad Backup - MUO - MakeUseOf Physical and Digital Safety: Arrest and detention - CPJ Press Freedom Online Mobile Encryption Market – Key Players, Size, Trends, Growth Opportunities, Analysis and Forecast To 2027 – The Courier - The Courier Fleeing WhatsApp for Better Privacy? Don't Turn to Telegram - WIRED How to Encrypt Your iPhone or iPad Backup - MUO - MakeUseOf Posted: 23 Feb 2021 12:00 PM PST [unable to retrieve full-text content] How to Encrypt Your iPhone or iPad Backup    MUO - MakeUseOf Physical and Digital Safety: Arrest and detention - CPJ Press Freedom Online Posted: 24 Feb 2021 06:14 AM PST Share this: Covering certain stories–such as human rights abuses, corruption, or civil unrest–can place you at a higher risk of arrest and detention, particularly...
Read more

A Look At Blockchain Smartphones Available Now - I4U News

Image
A Look At Blockchain Smartphones Available Now - I4U News A Look At Blockchain Smartphones Available Now - I4U News Posted: 09 Oct 2019 06:19 AM PDT There is probably no one in the world who has not heard of cryptocurrencies. In the past few years, the general public's awareness of the likes of Bitcoin and Ethereum has skyrocketed. This has happened to such a degree that there are literally millions of us using Bitcoin wallets offered by Luno and other well established names in the industry. On the other hand, blockchain is not necessarily that well known and its capabilities maybe a little less. So although we know that blockchain is the basis of cryptocurrencies, many of us know little more than that. Anyways, this technology is extremely adaptable and is being applied to many industries/sectors from health to disaster recovery. So that it will come as no surprise that blockchain is shifting its attention to mobile. This has resul...
Read more