tails security maintainability and usability
play

Tails: Security, Maintainability and Usability Pick three! Julien - PowerPoint PPT Presentation

Jun 04, 2023 •582 likes •1.53k views

Tails: Security, Maintainability and Usability Pick three! Julien Voisin Jrme Boursier July 4, 2016 Nuit du Hack Who are we ? Who are we ? Julien Voisin Radare2 NBS-System dustri.org Jrme Boursier AdwCleaner

  1. Tails: Security, Maintainability and Usability Pick three! Julien Voisin Jérôme Boursier July 4, 2016 Nuit du Hack

  2. Who are we ?

  3. Who are we ? Julien Voisin • Radare2 • NBS-System • dustri.org Jérôme Boursier • AdwCleaner • Student • fr33tux.org 1

  4. Who are we ? Julien Voisin • Radare2 • NBS-System • dustri.org Jérôme Boursier • AdwCleaner • Student • fr33tux.org 1

  5. Tails - The Amnesic Incognito Live System

  6. Tails - The Amnesic Incognito Live System What is Tails? Tails, born in 2009, is a live operating system, aiming at preserving your privacy and anonymity. 2

  7. Tails - The Amnesic Incognito Live System What is Tails? Tails, born in 2009, is a live operating system, aiming at preserving your privacy and anonymity. • All connections to the Internet are forced to go through • It leaves no trace on the computer you are using unless you ask it explicitly; • It provides cryptographic tools to encrypt your fjles, emails and IM. • Secure and usable by default 2 the Tor network;

  8. Tails - The Amnesic Incognito Live System According to the NSA (S//REL) Tails: Complete Bootable OS on CD for anonymity - includes Tor 1 Computer Network Exploitation 3 (S//REL) Adds Severe CNE 1 misery to equation

  9. Tails - The Amnesic Incognito Live System According to the NSA (S//REL) Tails: Complete Bootable OS on CD for anonymity - includes Tor (S//REL) Adds Severe CNE These variables defjne terms and websites relating to the TAILs (The Amnesic Incognito Live System) software program, a comsec mechanism advocated by extremists on extremist forums. 3

  10. Tails - The Amnesic Incognito Live System According to the NSA 1 (S//REL) Tails: Complete Bootable OS on CD for anonymity - includes Tor (S//REL) Adds Severe CNE These variables defjne terms and websites relating to the TAILs (The Amnesic Incognito Live System) software program, a comsec mechanism advocated by extremists on extremist forums. 1 Thanks to a famous Tails user for providing these documents. 3

  11. Tails - The Amnesic Incognito Live System The life of Tails • The core Tails Developers are anonymous, mysterious and friendly. • More than 17,000 boots per day! 2 Synchronized with Firefox/TBB 4 • A major/minor release every six weeks 2 • 2800 commits by 15+ people in the last 6 months

  12. Tails - The Amnesic Incognito Live System (Yes, the logo is a smiling USB-key) 5

  13. Maintainability Usability Security

  14. Maintainability - Usability - Security Maintainability Do you remember Haven, Anonym.OS, ParanoidLinux, onionOS, Phantomix, Liberté Linux, Mempo, ..., ? 6

  15. Maintainability - Usability - Security Usability If people can not use your software, they’ll use 6 something shitty else.

  16. Maintainability - Usability - Security Security • Collective matters, especially for anonymity: if • Your qubes-gentoo-hardened-1337 won’t do much if your email recipient gets pwned. 6 you don’t blend in the crowd, you’re a target.

  17. Maintainability

  18. Maintainability • The people behind Tails are a small team • With a lot of things to get done 3 . • So, contributors are welcome, and contributions appreciated. 1 1338 open issues in the bugtracker 7

  19. Maintainability • The people behind Tails are a small team • With a lot of things to get done 3 . • So, contributors are welcome, and contributions appreciated. 1 1338 open issues in the bugtracker 7 The less we do, the better we live

  20. Relationship with upstream Social work • Talk to (the right) people • Find skilled people • Keep people interested 8

  21. Relationship with upstream Social work • Talk to (the right) people • Find skilled people • Keep people interested Technical work • Backports, because Tails is based on Debian stable • Apparmor, libvirt, Debian, Puppet, Mumble, Tor, Thunderbird, Firefox,… 8 • Upstream as much as possible

  22. Unit test suite Testing a liveCD is hard • Cucumber for Behaviour Driven Development • Sikuli for UI testing • KVM for (nested) virtualisation • People for manual tests 4 this is why it takes 3 hours to run. 9 • Jenkins for running the test suite on every git push • Blackbox testing by emulating a real user 4

  23. Puppet everywhere Infrastructure as code • No privileges nor internet connection needed to contribute • Easy maintainability, (re)deployment and convergence. • Sharing and borrowing puppet manifests 10

  24. Open development Publish everything • Open Bugtracker • Monthly public meetings on XMPP • Public development channel on XMPP too • Public Git repositories 11

  25. Usability

  26. Translations • Tails is based on Debian, so as translated as Debian is. • English • French • Farsi • Italian • Portuguese 5 thanks to POEdit 12 • The website/documentation is available 5 in

  27. Installer • Installing an USB key isn’t straightforward • Especially on Windows • Especially when you need fancy encrypted partitions 13

  28. Installer • Installing an USB key isn’t straightforward • Especially on Windows • Especially when you need fancy encrypted partitions Hence the magical installer! 13

  29. Installer (magical) 14

  30. Incremental upgrades (IUK) • Tails is huge (1Gib) 15

  31. Incremental upgrades (IUK) • Tails is huge (1Gib) • Not everyone has fjber-powered internet 15

  32. Incremental upgrades (IUK) • Tails is huge (1Gib) • Not everyone has fjber-powered internet • Hence incremental upgrades! 15

  33. Incremental upgrades (IUK) • Tails is huge (1Gib) • Not everyone has fjber-powered internet • Hence incremental upgrades! • Based on: 15

  34. Incremental upgrades (IUK) • Tails is huge (1Gib) • Not everyone has fjber-powered internet • Hence incremental upgrades! • Based on: • TUF - The Upgrade Framework 15

  35. Incremental upgrades (IUK) • Tails is huge (1Gib) • Not everyone has fjber-powered internet • Hence incremental upgrades! • Based on: • TUF - The Upgrade Framework • Thandy: Automatic updates for Tor bundles 15

  36. Incremental upgrades (IUK) • Tails is huge (1Gib) • Not everyone has fjber-powered internet • Hence incremental upgrades! • Based on: • TUF - The Upgrade Framework • Thandy: Automatic updates for Tor bundles • Interesting threat model and challenges 15

  37. Cryptography is hard • Looking at people trying to explain how to GPG is fun. • This is why we have the OpenGPG applet • Automatic verifjcation of IUK • OTR by default in Pidgin 16

  38. UX testing • Give objectives to users, and watch them fail • Identify blocking points • Designing good UX is awfully hard 17

  39. Documentation • Document everything, and make this mandatory • For users, and contributors 18

  40. Accessibility • Follow GNOME’s User Interface Guidelines for Supporting Accessibility • Use GNOME :P • Drivers for accessibility devices • Do one thing, and do it right • Accessibility is super-hard 19

  41. Persistence • LUKS, dm-crypt and ext4 • UX and users are a living nightmare • Profjles for important software/components 20 • Allow Tails dev power-users to persist whatever they want

  42. Greeter 21

  43. Support (Un)fortunately, Tails has users • Whisperback to report bugs 22

  44. Support (Un)fortunately, Tails has users • Whisperback to report bugs • Frontdesk to answer emails 22

  45. Support (Un)fortunately, Tails has users • Whisperback to report bugs • Frontdesk to answer emails • Mailing lists 22

  46. Support (Un)fortunately, Tails has users • Whisperback to report bugs • Frontdesk to answer emails • Mailing lists • IRC / XMPP 22

  47. Support Speaking of users… 23

  48. Support (Un)fortunately, Tails has users that play < lskitto> Just a suggestion but in the next update can you include Minecraft? 24

  49. Support (Un)fortunately, Tails has users that know better (cont.) 22:41 eborberma> there may be fewer security issues if tails used more python software 22:42 ghetto> or less java software 22:43 eborberma> there is no java in tails 25

  50. Support (Un)fortunately, Tails has users that know better < Shikila> There are many papers, don’t act so blind < BitingBird> ... < Shikila> If I actualy studied computers I myself would have proably wrote one 26

  51. Support (Un)fortunately, Tails has users that want fmash < t4nk860> hello have a question < t4nk860> how do i install fmash player in tails 27

  52. Support (Un)fortunately, Tails has users that are looking for fancy things 02:28 xecuter > how i fjnd the secret communications of us military forces in the deep web? 28

  53. Support (Un)fortunately, Tails has users that, err, well… 23:07 PETE255 > hi you assholes HOW THE FUCK DO YOU INSTALL AN UNOFFICIAL DEBIAN FUCKING PAGKAGE DICKHEADS 29

  54. Support (Un)fortunately, Tails has users that are creative < ghetx> can i use a _ for password? 30

  55. Support (Un)fortunately, Tails has users that are candid < klapaucius> is there a good tor website for saving passwords? 31

  56. Support Fortunately, we have popcorn patience! 32

Recommend

User search and free sofuware culture by sajolida 1. What is Tails 2. Our usability process 3.

User search and free sofuware culture by sajolida 1. What is Tails 2. Our usability process 3.

https://tails.boum.org/ User search and free sofuware culture by sajolida 1. What is Tails 2. Our usability process 3. User research and free sofuware culture Tails Tails is a portable operating system that protects your privacy and avoids

717 views • 24 slides
Security and Usability from the Frontlines of Enterprise IT Jon Oberheide CTO, Duo Security

Security and Usability from the Frontlines of Enterprise IT Jon Oberheide CTO, Duo Security

Security and Usability from the Frontlines of Enterprise IT Jon Oberheide CTO, Duo Security Browser SSL Password Encryption warnings schemes usability IT Security 40M consumer 153M end user Thousands of credit cards credentials

785 views • 39 slides
Part 5 Usability and Security Cognitive Errors, Usability vs. Security, Groupware Antonio Cerone

Part 5 Usability and Security Cognitive Errors, Usability vs. Security, Groupware Antonio Cerone

Phd course on Formal modelling and analysis of interactive systems Part 5 Usability and Security Cognitive Errors, Usability vs. Security, Groupware Antonio Cerone United Nations University International Institute for Software Technology

1.76k views • 109 slides
Security and Usability: Analysis and Evaluation Ronald Kainda, Ivan Flechais, and A.W. Roscoe

Security and Usability: Analysis and Evaluation Ronald Kainda, Ivan Flechais, and A.W. Roscoe

Introduction Security-usability threat model Security and usability evaluation Summary Security and Usability: Analysis and Evaluation Ronald Kainda, Ivan Flechais, and A.W. Roscoe Oxford University Computing Laboratory Availability,

829 views • 23 slides
Outline Usability and security CSci 5271 Introduction to Computer Security Announcements

Outline Usability and security CSci 5271 Introduction to Computer Security Announcements

Outline Usability and security CSci 5271 Introduction to Computer Security Announcements intermission Day 24: Usability and security Stephen McCamant Usable security example areas University of Minnesota, Computer Science &amp; Engineering

219 views • 5 slides
Outline Usability and security CSci 5271 Introduction to Computer Security Announcements

Outline Usability and security CSci 5271 Introduction to Computer Security Announcements

Outline Usability and security CSci 5271 Introduction to Computer Security Announcements intermission Day 25: Usability and security Stephen McCamant Usable security example areas University of Minnesota, Computer Science &amp; Engineering

419 views • 4 slides
Outline Tor experiences and challenges (contd) Usability and security CSci 5271

Outline Tor experiences and challenges (contd) Usability and security CSci 5271

Outline Tor experiences and challenges (contd) Usability and security CSci 5271 Announcements intermission Introduction to Computer Security Usability and Voting combined slides Usable security example areas Stephen McCamant Elections

305 views • 8 slides
( ) ( | z ) P ( z ) P Y P Y z 3 Bayes Rule Inference We will write

( ) ( | z ) P ( z ) P Y P Y z 3 Bayes Rule Inference We will write

Full Joint Probability Distributions Coin Card Candy P(Coin, Card, Candy) tails black 1 0.15 tails black 2 0.06 The probabilities CS 331: Artificial Intelligence in the last column tails black 3 0.09 sum to 1 tails red 1 0.02

71 views • 4 slides
( ) ( | z ) P ( z ) P Y P Y z 3 Inference Independence We will write the

( ) ( | z ) P ( z ) P Y P Y z 3 Inference Independence We will write the

Full Joint Probability Distributions Coin Card Candy P(Coin, Card, Candy) tails black 1 0.15 tails black 2 0.06 The probabilities CS 331: Artificial Intelligence in the last column tails black 3 0.09 sum to 1 tails red 1 0.02

153 views • 4 slides
CS 331: Artificial Intelligence in the last column tails black 3 0.09 sum to 1 tails red 1

CS 331: Artificial Intelligence in the last column tails black 3 0.09 sum to 1 tails red 1

Full Joint Probability Distributions Coin Card Candy P(Coin, Card, Candy) tails black 1 0.15 tails black 2 0.06 The probabilities CS 331: Artificial Intelligence in the last column tails black 3 0.09 sum to 1 tails red 1 0.02

459 views • 5 slides
Evaluating the Android Security Key Scheme: An Early Usability, Deployability, Security

Evaluating the Android Security Key Scheme: An Early Usability, Deployability, Security

Evaluating the Android Security Key Scheme: An Early Usability, Deployability, Security Evaluation with Comparative Analysis Robbie MacGregor 5 th Who Are You?! Adventures in Authentication (WAY), Santa Clara, CA, USA, 2019. I did a thing so

132 views • 10 slides
Freight TAILS Presentation to: FREVUE London Partners Meeting 25th October 2016 Freight TAILS

Freight TAILS Presentation to: FREVUE London Partners Meeting 25th October 2016 Freight TAILS

Freight TAILS Presentation to: FREVUE London Partners Meeting 25th October 2016 Freight TAILS 1. Project Introduction cities &amp; URBACT funding 2. Freight TAILS Transnational Working FREVUE input 3. Freight TAILS Local Working central

243 views • 11 slides
Outline Usability and security (contd) Elections and their security CSci 5271 Introduction

Outline Usability and security (contd) Elections and their security CSci 5271 Introduction

Outline Usability and security (contd) Elections and their security CSci 5271 Introduction to Computer Security Announcements intermission Day 24: Electronic voting System security of electronic voting Stephen McCamant Exercise sets 2

424 views • 10 slides
On the Usability and Security of Password-Based User Authentication Maximilian Golla Thesis

On the Usability and Security of Password-Based User Authentication Maximilian Golla Thesis

On the Usability and Security of Password-Based User Authentication Maximilian Golla Thesis Defense, Bochum, Germany, May 29, 2019 User Authentication Competing requirements of security and usability . [1] Common Factors: Knowledge ( Password ,

619 views • 34 slides
Security and Usability: The Gap in Real-World Online Banking Mohammad Mannan and P . C. van

Security and Usability: The Gap in Real-World Online Banking Mohammad Mannan and P . C. van

Security and Usability Gap in Online Banking NSPW Presentation - Sep 19, 2007 Security and Usability: The Gap in Real-World Online Banking Mohammad Mannan and P . C. van Oorschot Carleton University Mohammad Mannan Sep 19, 2007 1 Security

544 views • 22 slides
Design for Security Serena Chen | @Sereeena | OReilly Velocity 2018 Usability Security

Design for Security Serena Chen | @Sereeena | OReilly Velocity 2018 Usability Security

Design for Security Serena Chen | @Sereeena | OReilly Velocity 2018 Usability Security Good user experience design and good security cannot exist without each other Everyone deserves to be secure without being experts We need to

1.34k views • 112 slides
Authentication Using Graphical Password: Effects of Increased Security on Usability William M.

Authentication Using Graphical Password: Effects of Increased Security on Usability William M.

Authentication Using Graphical Password: Effects of Increased Security on Usability William M. Martin Aaron G. Cass March 3, 2018 Introduction 01 Human Computer Interface Security (HCIsec) 02 Password Problem 03 Graphical User

633 views • 31 slides
Do gma 1 Deliverables from usability professionals must be highly usable Reports,

Do gma 1 Deliverables from usability professionals must be highly usable Reports,

Myths about usability testing Copies of Slides U X Day Graz 2013 F ive use rs will find 85% o f the usability pro ble ms Rolf Molich - and o the r myths abo ut DialogDesign usability te sting Do gma 1 Deliverables from

659 views • 18 slides
1 Usability - Usage - Security Workflow RESTful interface 2 What is AHE - Virtualises

1 Usability - Usage - Security Workflow RESTful interface 2 What is AHE - Virtualises

1 Usability - Usage - Security Workflow RESTful interface 2 What is AHE - Virtualises Application on the computational resource - Show components diagram 3 A number of constraints were placed on the design of AHE to ensure it met our

444 views • 32 slides
Outline Tor basics CSci 5271 Tor experiences and challenges Introduction to Computer Security

Outline Tor basics CSci 5271 Tor experiences and challenges Introduction to Computer Security

Outline Tor basics CSci 5271 Tor experiences and challenges Introduction to Computer Security Announcements intermission Day 23: Usability and security Stephen McCamant Usability and security University of Minnesota, Computer Science &amp;

391 views • 8 slides
The Usability, Security, and Privacy Limits of Blockchain J I B E . C O M P A N Y Codiax 2019

The Usability, Security, and Privacy Limits of Blockchain J I B E . C O M P A N Y Codiax 2019

The Usability, Security, and Privacy Limits of Blockchain J I B E . C O M P A N Y Codiax 2019 Hello! Im Joris van Rooij Software Architect at Jibe.Company From Eindhoven, the Netherlands J I B E . C O M P A N Y I like...

1.72k views • 144 slides
Developer Centered Security MOHAMMAD TAHAEI , KAMI VANIEA, NAOMI SAPHRA

Developer Centered Security MOHAMMAD TAHAEI , KAMI VANIEA, NAOMI SAPHRA

Technology Usability Lab in Privacy and Security Developer Centered Security MOHAMMAD TAHAEI , KAMI VANIEA, NAOMI SAPHRA {FIRSTNAME.LASTNAME}@ED.AC.UK End users requirement of usability is starting to be acknowledged as a serious market

490 views • 23 slides
Balancing Usability and Security in a Video CAPTCHA Kurt Alfred Kluever Richard Zanibbi

Balancing Usability and Security in a Video CAPTCHA Kurt Alfred Kluever Richard Zanibbi

Balancing Usability and Security in a Video CAPTCHA Kurt Alfred Kluever Richard Zanibbi Google, Inc. Rochester Institute of Technology kak@google.com rlaz@cs.rit.edu Symposium on Usable Privacy and Security (SOUPS) 2009 July 15th-17th,

272 views • 26 slides
CSCI E-170 L13: Aligning Security and Usability Simson L. Garfinkel Center for Research on

CSCI E-170 L13: Aligning Security and Usability Simson L. Garfinkel Center for Research on

CSCI E-170 L13: Aligning Security and Usability Simson L. Garfinkel Center for Research on Computation and Society Harvard University 1 Administrivia Final Project Presentation Schedules are on the website. HW4 2 Tonight we will look at

520 views • 35 slides

More recommend