At its heart, security risk assessment is a very simple business: You list all of the risks you can think of For each risk: You assign a probability to that risk You assign an impact, usually a financial impact, to the risk happening You multiply the impact by the probability You then order the risks by the weighted impact and deal with them in that order. Using this technique, three types of risks bubble to the top: Risks that are very likely and also have at least a moderate impact if they do happen. Risks that are very unlikely but have a huge impact if they happen. Risks that are moderately likely and have moderate impact if they do happen. This information is then used by risk managers who can use the weighted impact figure as an indication of the benefit of addressing a particular risk – one part of…
This is the second part of my analysis of Carrier-grade NAT source port re-identification implications. Before reading this, it is important that you have read the first part of this series. In this second post I analyse the re-identification characteristics of the various port selection methodologies described in the first part. Picking up from where the previous article left off, I mentioned that there are two categories of port assignment methodology used in Carrier-Grade NATs[1]: Dynamic assignment: whereby port allocations are made per-session or per-customer as required. This maximises port utilisation but generates substantial volumes of logs. To reduce the log volume, it is possible to allocate of a port range to each subscriber, rather than an individual port per session. Static assignment: whereby ports or port ranges are reserved for each internal address before subscriber connections are initiated. Port ranges can either be contiguous or non-contiguous. IP Address Selection…
I am of the opinion that the best approach that is available to address the Carrier-Grade NAT information gap is source port logging at Internet-facing servers. A question arose during a recent discussion on this topic where it was asserted to me that the storage of source port in Internet-facing server logs would necessarily increase the ability of a nefarious actor with access to the logs to re-identify someone from their activity at that Internet-facing server. Notwithstanding the point that source port logging is the “least worst” of the available options issue from a privacy point of view for addressing the Carrier-Grade NAT information gap, I am not willing to accept the assertion that source port logging increases re-identification power of Internet-facing server logs without seeing some evidence to support the claim. No evidence was provided at the time of the discussion, and although it is not my claim and…
In a previous article I described a situation I often encounter where discussions about law enforcement access to data immediately leap to wiretapping. Obviously wiretapping is worthy of careful consideration because it is a very intrusive measure and the oversight that is in place to prevent misuse of this measure must, of course, balance the needs of the investigation against the individual right to privacy of the suspect. I maintain that discussions about law enforcement access to data that focus exclusively on wiretapping grossly oversimplify of the situation. In this article I want to present some research that I have done to try to establish how much wiretapping is actually going on. The results below indicate that the overwhelming majority of law enforcement requests received by Facebook, Google and Microsoft in 2017 (almost 96%) related to subscriber identity information/non-content data. Only 4.3% of all requests received resulted in disclosure of…
There is hardly a criminal case these days that does not involve a component of electronic evidence – almost everybody has a smartphone, for instance, which is basically a small computer in our pockets. Electronic evidence raises some very interesting legal and practical challenges not the least of which is the skills and knowledge required by investigators to appropriately handle this type of evidence. The topic being covered in this article is whether and how electronic evidence is defined in the law as a category of evidence. It is generally accepted that, where possible, electronic evidence should be defined specifically in the law and I will describe below some of the challenges that can arise if this isn’t done.

What's so special about electronic evidence?

Some of the characteristics of electronic evidence make it difficult to collect and manage properly. First of all, it is invisible to the naked eye.…
Very often when I try to start a discussion about law enforcement access to data, the conversation immediately leaps to wiretapping as if this is a slam-dunk argument against any form of law enforcement access to data. For me, this indicates a narrowness of thinking that is prevalent in those who advocate for privacy rights above all others. The purpose of this article is to broaden the discussion by presenting a commonly used data categorisation and discussing the reasons why law enforcement agencies need access to data. One point on the scope of this article before I begin: the discussion below relates to electronic data and does not address the collection of other types of evidence such as statements, physical evidence, fingerprints, DNA, etc. Wiretapping is understandably an emotive topic to which people feel visceral suspicion – wondering who could be listening to, or monitoring, their communication without their knowledge…
The terms “Data Protection” and “Privacy” are often used together, and sometimes interchangeably, but it’s important to remember that they are two different things. This article provides definitions of both and describes some of the interesting current challenges in the areas of both data protection and privacy.

Data Protection

If you decide to give some personal information to an organisation, that organisation has a legal obligation to look after your data, and that responsibility is codified in data protection law. First there is the relationship between you - the data subject - and the organisation that you provide your personal data to - the data controller. Under European legislation when you provide your data to an organisation, you provide your data for a particular purpose and the organisation must only use the data for that purpose. As well as this, the organisation must look after the security of your data…
The need for individual right to privacy and the need for law enforcement to be able to effectively investigate crime are sometimes portrayed as being irreconcilably in direct conflict with each other. Both needs are legitimate and ignoring the challenges presented by areas of conflict will not make the problem go away. My recently published Internet Draft presents a conceptual model that allows for both sets of requirements to be met simultaneously. The reason for this publication is to show that, with some creative thinking, it is possible to identify win-win solutions that simultaneously achieve both privacy and law enforcement goals. This post contains a summary of the main ideas presented in that paper. Current regulatiory regimes typically oblige ISPs to keep records to facilitate identification of subscribers if necessary for a criminal investigation and in the case of IPv6 this will mean recording the prefix(es) have been assigned to…
Large-scale IP address sharing technologies (such as "Carrier-Grade NAT" and “Address plus Port”) are a helpful tool for extending the life of IPv4 addresses by allowing multiple endpoints to share a small number of IPv4 addresses. There is also a related category of technologies, used in the transition from IPv4 to IPv6, that also involve large-scale address sharing (including, amongst others, “ISATAP”, “Teredo” and “6rd”). All of these technologies involve extending the space of available IPv4 addresses by mapping communication from multiple endpoints to a single, or small number of shared addresses through the use of port numbers. The detail of how this is achieved in each technology varies, but the principle remains the same in all cases. Whilst not universally the case, the overwhelming majority of organisations that operate large-scale address sharing infrastructure are Internet Service Providers (ISPs). In practically every jurisdiction there is a legal or regulatory requirement…
The migration from IPv4 to IPv6 is intended to fix a large number of problems that have been identified through many years of global use, not least of which is the shortage of available IPv4 addresses. One of the challenges with IPv4 that has not, apparently, been adequately considered is the crime attribution characteristics of IPv6 technologies. The challenge of crime attribution on the Internet is an important one and a careful balance needs to be struck between the needs of law enforcement, the rights of crime victims and the right to privacy of the vast majority of Internet users who have no involvement in any sort of criminality.

Publications

Analysis of the Crime Attribution Characteristics of Various IPv6 Address Assignment Techniques IPv6 provides several mechanisms through which hosts can be assigned an IP address including manual configuration, DHCPv6 and Stateless Address Autoconfiguration (SLAAC). This document examines the crime attribution…
The use of large-scale IP address sharing technologies (such as "Carrier-Grade NAT" and "A+P") present a challenge for law enforcement agencies due to the fact that the information required to attribute criminal activity based on IP address is not commonly recorded. Specifically, incoming source port information is not routinely logged by Internet-facing servers. The absence of this information means that it is becoming increasingly difficult for law enforcement agencies to identify suspects in criminal activity online. FTR Solutions has been working for some time to address this challenge. This page provides references to the various publications and other resources that have been produced as part of that initiative.

Articles

The Carrier-Grade NAT Information Gap A brief introduction to the crime attribution challenge that is introduced by Carrier-Grade NAT. Carrier-Grade NAT Source Port Re-Identification - Part 1 Carrier-Grade NAT Source Port Re-Identification - Part 2 Analysis of the re-identitification risk of…

Download the ATM Fraud Prevention Framework Here

There is a great deal of inconsistency in the ATM industry when it comes to specifying/testing/evaluating the security and anti-fraud measures that are applied to ATMs and other self-service terminals. Best practice is available and many types of fraud could be easily prevented simply by appropriate use of already well-understood and widely available countermeasures. To address this issue, and to make ATMs a less attractive target for criminals, FTR Solutions has developed the ATM Fraud Prevention Framework. This document serves several purposes. Firstly, and most importantly, it provides a basis for institutions to develop a comprehensive anti-fraud specification for their ATMs. When an institution is planning the purchase of new ATMs, the requirements related to anti-fraud measures are often omitted, unclear, or left to the vendor(s) to specify. It is also common for groups of ATM operating institutions (or a banking association) to…
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site you are accepting the use of cookies in accordance with our privacy policy.
Privacy Policy Accept