dimecres, 4 de novembre de 2009

El cap de l´APDA i els inspectors a Madrid - Espanya -


Madrid, 4, 5 y 6 de noviembre de 2009 

PRIMERA SESIÓN PLENARIA

¿UNA SOCIEDAD VIGILADA? EN BUSCA DEL EQUILIBRIO ENTRE SEGURIDAD Y PRIVACIDAD.
Vivimos en la sociedad del riesgo. El bienestar económico y el desarrollo social hacen que las sociedades modernas estén menos preparadas para aceptar el riesgo y la incertidumbre. Nuevas amenazas, como el terrorismo, el cibercrimen o los desastres ambientales han venido a unirse a riesgos más tradicionales como las enfermedades o la delincuencia.
Por ello la seguridad se erige en uno de los grandes valores de nuestro tiempo y las tecnologías de la información, proporcionan herramientas que facilitan la labor de los servicios de seguridad. Sin embargo, se trata de tecnología altamente invasiva que pone en riesgo el derecho a la vida privada y a la protección de datos de los ciudadanos y obliga a ponderar, a adoptar decisiones que establezcan una situación de equilibrio en el conflicto privacidad/seguridad.
11’15-12’05: PONENCIAS
  • Alfredo Pérez Rubalcaba. Ministro del Interior. Presidencia de la Unión Europea 2010. España.
  • ...

Mòbils compromesos?

http://www.cryptography.com/newsevents/prel/20091013-T-Systems.html

Security researchers have discovered a way to steal cryptographic keys that are used to encrypt communications and authenticate users on mobile devices by measuring the amount of electricity consumed or the radio frequency emissions.

The attack, known as differential power analysis (DPA), can be used to target an unsuspecting victim either by using special equipment that measures electromagnetic signals emitted by chips inside the device or by attaching a sensor to the device's power supply, Benjamin Jun, vice president of technology at Cryptography Research, said on Tuesday. Cryptography Research licenses technology that helps companies prevent fraud, piracy, and counterfeiting.

An oscilloscope can then be used to capture the electrical signals or radio frequency emissions and the data can be analyzed so that the spikes and bumps correlate to specific activity around the cryptography, he said.

An oscilloscope and simple antenna can capture electromagnetic emissions from mobile devices. The large spikes correspond to secret keys used during cryptographic activity.

For instance, someone with the proper equipment could steal the cryptographic key from a device three feet away in a cafe in as short a time as a few minutes.
An attacker could replicate the key with the information and use it to read a victim's e-mail or pretend to be the user in sensitive online transactions.

Smartphones and PDAs have been found to leak data unless they have countermeasures in place to protect against it,

He would not say exactly which devices could be snooped on in this manner and said he did not know of any attacks in the wild using this method.

This type of attack first surfaced about 10 years ago on cash register terminals and postage meters. Similar data leakage was found with smartIDs, secure USB tokens, smart cards, and cable boxes, he said.