Tag Archives: TLS

Here it is: my book Securing Private Communications

After the publication of my Ph.D. thesis in November 2015, at long last my book ‘Securing Private Communications’ is available in stores near you.

Boek

You can order the book here, have a look at the marketing flyer here, download the full academic version for free here and read the odd spiffy testimonial below.  Continue reading Here it is: my book Securing Private Communications

Ph.D. Defense: Pics, Slides ‘n’ Thanks

On 25 November, I defended my thesis and obtained my degree as a doctor in law during a public ceremony in the University of Amsterdam church aula. And a ceremony it was: a rather dramatic affair, complete with magic wands, fake candles, druid robes, hobbit-hats and sciency spells – all set in holy surroundings. I couldn’t have imagined a more suitable finale to the innings. Here are some pics and the slides of my introductory talk. Thanks to my Committee and all of you for being there in spirit, or in the flesh. You’ve all made this a finale I’ll always remember fondly.  Continue reading Ph.D. Defense: Pics, Slides ‘n’ Thanks

BREAKING :) abstract and download of my Ph.D. thesis ‘Securing Private Communications’ [open access]

The academic version of my thesis — titled ‘Securing Private Communications’ — is available online. I already committed it to the web in my previous blogpost on my public Ph.D. defense on 25 November 2015 (open to the public). But a friend of mine told me to once again post my abstract and download link for my thesis separately and make that clear in the title of the post. And make it BREAKING news. Ha! Here goes.  Continue reading BREAKING :) abstract and download of my Ph.D. thesis ‘Securing Private Communications’ [open access]

Join me for my public Ph.D. defense ceremony on 25/11 – 11am

My four-year research project ‘Securing Private Communications’ is coming to an end. A grande finale of sorts is my public defense ceremony on 25 November. The ceremony is open to the general public, and the venue is humongous, so you’re all very welcome to join me. Continue reading Join me for my public Ph.D. defense ceremony on 25/11 – 11am

Expert Panel Report: A New Governance Model for Communications Security?

Published 5 December 2014 on Freedom to Tinker.

Today, the vulnerable state of electronic communications security dominates headlines across the globe, while surveillance, money and power increasingly permeate the ‘cybersecurity’ policy arena. With the stakes so high, how should communications security be regulated? Deirdre Mulligan (UC Berkeley), Ashkan Soltani (independent, Washington Post), Ian Brown (Oxford) and Michel van Eeten (TU Delft) weighed in on this proposition at an expert panel on my doctoral project at the Amsterdam Information Influx conference. Continue reading Expert Panel Report: A New Governance Model for Communications Security?

New Paper ‘Security Collapse in the HTTPS Market’ Downloaded 30.000 Times in 3 Weeks

With my supervisor Nico van Eijk and co-authors Hadi Asghari and Michel van Eeten at Delft University of Technology, I’ve published a centerpiece of my doctoral project in the Communications of the ACM: ‘Security Collapse in the HTTPS Market’ [link to pdf].

In three weeks, the new article has been downloaded over 30.000 times. I didn’t quite believe that number, but the folks at the ACM have actually confirmed it. Blows my mind, really. Has been covered in the media and on Reddit and Slashdot, wich probably explains the download count. Visual artist Willow Brugh made a mesmerizing vizthink animation as a teaser to the article:

A.M. Arnbak, H. Asghari, M. van Eeten, N.A.N.M. van EijkSecurity Collapse in the HTTPS Market, Communications of the ACM, 2014-10, vol. 57, p. 47-55. Also published in: ACM Queue – Security, 2014-8, vol. 12.

From the abstract:

HTTPS (Hypertext Transfer Protocol Secure) has evolved into the de facto standard for secure Web browsing. However, widely reported security incidents-such as DigiNotar’s breach, Apple’s #gotofail, and OpenSSL’s Heartbleed-have exposed systemic security vulnerabilities of HTTPS to a global audience. The Edward Snowden revelations-notably around operation BULLRUN, MUSCULAR, and the lesser-known FLYING PIG program to query certificate metadata on a dragnet scale-have driven the point home that HTTPS is both a major target of government hacking and eavesdropping, as well as an effective measure against dragnet content surveillance when Internet traffic traverses global networks. HTTPS, in short, is an absolutely critical but fundamentally flawed cybersecurity technology.

To evaluate both legal and technological solutions to augment the security of HTTPS, our article argues that an understanding of the economic incentives of the stakeholders in the HTTPS ecosystem, most notably the CAs, is essential. We outline the systemic vulnerabilities of HTTPS, map the thriving market for certificates, and analyze the suggested regulatory and technological solutions on both sides of the Atlantic. Our findings show existing yet surprising market patterns and perverse incentives: not unlike the financial sector, the HTTPS market is full of information asymmetries and negative externalities, as a handful of CAs dominate the market and have become “too big to fail.” Unfortunately, proposed E.U. legislation will reinforce systemic vulnerabilities, and the proposed technological solutions that mostly originate in the U.S. are far from being adopted at scale. The systemic vulnerabilities in this crucial technology are likely to persist for years to come.

Eerste Column voor het Financieele Dagblad: Cybersecurity als Dekmantel voor Digitale Boterberg

Vorige week ben ik begonnen als columnist voor het Financieele Dagblad. Eens in de zoveel weken probeer ik vanuit een wat onverwachte hoek actuele kwesties aan te snijden rondom internetbeveiliging, -privacy en -politiek in wat bredere zin. M’n eerste stukje gaat over hoe cybergrootmachten, onder het mom van ‘beveiliging’ en nationale veiligheid, momenteel in een ordinaire handeloorlog zijn verwikkeld, met name de V.S. en China. Ondertussen hebben alle betrokkenen boter op het hoofd – iedereen hackt iedereen – en is internetbeveiliging het kind van de rekening. Continue reading Eerste Column voor het Financieele Dagblad: Cybersecurity als Dekmantel voor Digitale Boterberg

‘Behind the Scenes of the Internet’: Participate in a Critical Engineering NETworkshop 5-8 July

Some time ago, I blogged about how the art projects of Critical Engineers Julian Oliver and Danja Vasiliev give us a provoking window pane on an increasingly technology-mediated world. I’m happy they will be keynoting on Information Influx, a three-day international conference the Institute for Information Law is putting together from 2-4 July in Amsterdam. Moreover, they will be giving another NETworkshop on 5-8 July in Amsterdam, promising no little than a peek ‘Behind the Scenes of the Internet’. There are still about three open slots  for anyone interested in this unique opportunity to join us in building and hacking the net from the ground (or, the command line) up. [UPDATE: the workshop is fully booked.] Continue reading ‘Behind the Scenes of the Internet’: Participate in a Critical Engineering NETworkshop 5-8 July

Opinie FD en Lezing Eerste Kamer: ‘Nederland als Internetdokter tussen Cybergrootmachten’

Op 6 mei mocht ik een bijdrage leveren aan de expertsessie ‘Cyberintelligence en Publiek Belang’ in de Eerste Kamer. Het ontwikkelen van inzicht in de Snowden-onthullingen stond daarin centraal. Het Financieel Dagblad publiceerde gisteren een bewerking van mijn lezing op de Opiniepagina. Klik op het plaatje hieronder om het stuk te lezen, waarin ik probeer in te gaan op welke rol voor Nederland is weggelegd nu we ons geconfronteerd zien met genetwerkte communicatie-omgeving van totale surveillance. De opinie is voor een breed publiek en daarom wat simpeler. De volledige tekst van mijn langere lezing heb ik daaronder integraal opgenomen. De lezing is wat anders van toon, want gericht aan senatoren, en bevat meer technische en juridische lagen.

UPDATE: Mede op basis van mijn lezing, heeft de Eerste Kamer een aantal moties aangenomen over privacy en security na Snowden.

Continue reading Opinie FD en Lezing Eerste Kamer: ‘Nederland als Internetdokter tussen Cybergrootmachten’

Slides Hoorcollege over Snowden-onthullingen: ‘Internationale Dataflows & Cloud Surveillance’

Net twee uur college gegeven bij het vak ‘privacy & gegevensbescherming’ aan masterstudenten infomatierecht van de Universiteit van Amsterdam. Het college geeft een overzicht van een paar belangrijke onthullingen rondom de praktijk van intelligence surveillance, plaatst ze in politiek-historisch perspectief en gaat wat dieper in op de beweegredenen van inlichtingendiensten ‘to know it all’. Na de pauze bespreek ik welke oplossingsrichtingen recht, beleid en technologie bieden. Ook een aantal nieuwe onthullingen in het gisteren gepubliceerde boek van Greenwald komen aan bod. Klik op de openingsslide hieronder om alle 100+ slides te zien (geen zorgen, veel plaatjes).

Any Colour You Like: the History (and Future?) of Internet Security Policy [talk]

Yesterday, I did a first in a series of talks on over four decades of internet security policies. A tedious piece of research, that I don’t think anyone has done before.  It’s a cornerstone of my thesis, and I’m currently finishing a draft chapter/paper on the topic under the same title – borrowing names from Pink Floyd seems to become a tradition of sorts.

So here’s my slides for the 27 March Cyberscholars Working Group at Harvard’s Berkman Center [pdf]. The talk was aimed to be 15 minutes long for a small and general audience, so obviously it’s a bit shallow. Questions, feedback, all more than welcome! I hope to get the paper out by the end of April. The abstract: Continue reading Any Colour You Like: the History (and Future?) of Internet Security Policy [talk]