BCIT COMP 7036 Research Proposal by Wesley Kenzie Nov 2009

COMP 7036 Applied Research Methods in Software Development
Instructor Aman Abdulla

Assignment Final Project – Research Proposal
Due Date November 30, 2009 12:00 noon
Student ID A00242330
Student Name Arthur (Wesley) Kenzie
No Surveillance:
How, and how easily, can the privacy of Internet
access and usage be improved for desktop
computers, laptops, and mobile devices?
PDF created with pdfFactory Pro trial version www.pdffactory.com

“No Surveillance” Research Proposal
Abstract .............................................................................. 3
Introduction ......................................................................... 4
Objectives ........................................................................... 7
Hypotheses ........................................................................... 7
Methodology and Process
Stage 1 – Descriptive Study ........................................... 8
Stage 2 – Explanatory Study .......................................... 16
Results and Discussion .......................................................... 19
Conclusion ........................................................................... 19
Appendices .......................................................................... 20
References ........................................................................... 37
page 2 of 37

Abstract
Almost all desktop, laptop and mobile device users of the Internet regularly
and inadvertently compromise their privacy, and thus increase their risk to
“security of person”.
There is also a trend, both within Canada, and in many other countries
throughout the world, to enable and to make legal the monitoring and
recording of essentially all Internet access, usage, and content.
This surveillance is an intrusion and violation of privacy, made under the

guise of the utilitarian argument that our society needs protection from the
illegal and dangerous activities that threaten us. One recent example of this
trend in Canada is the introduction of Bills C-46 and C-47 by the Federal
Government in June 2009. These proposed laws would require Internet
Service Providers to keep details of all communications by all of their
subscribers in case the police ever want this information.
Legitimate and legal use of the Internet, however, deserves and needs
greater protection of privacy and the corollary security of person. This
research study proposes to quantify how, and how easily, the privacy of
Internet access and usage can be improved for desktop computers, laptops,
and mobile devices.
page 3 of 37

Introduction
Almost all desktop, laptop and mobile device users of the Internet regularly
and inadvertently compromise their privacy, and thus increase their risk to
“security of person”. Security of person refers to the right to live in safety,
free from violence, free from harassment, and free from abuse.
There is also a trend, both within Canada, and in many other countries
throughout the world, to enable and to make legal the monitoring and
recording of essentially all Internet access, usage, and content.
This surveillance is an intrusion and violation of privacy, made under the

guise of the utilitarian argument that our society needs protection from the
illegal and dangerous activities that threaten us. Child pornography is
invariably held up as one of these threats, as is terrorism, organized crime
gangs, and neo-Nazism.
One recent example of this trend in Canada is the introduction of Bills C-46
and C-47 by the Federal Government in June 2009. These proposed laws,
among other things, would require Internet Service Providers to keep details
of all communications by all of their subscribers in case the police ever want
this information.
Legitimate and legal use of the Internet, however, deserves and needs
greater protection of privacy and the corollary security of person. In fact,
security of person and privacy are basic legal rights, enshrined in Sections 7
and 8 of the Canadian Charter of Rights and Freedoms.
Privacy is also a fundamental right identified in article 12 of the Universal

Declaration of Human Rights, in Article 8 of the European Convention on
Human Rights, in the Fourth Amendment and the Fourteenth Amendment of
the United States Constitution, and elsewhere. Security of person is a
fundamental right identified in article 3 of the Universal Declaration on
Human Rights, in Article 5 of the European Convention on Human Rights, in
article 9 of the International Covenant on Civil and Political Rights, in section
12 of the South Africa Bill of Rights, and elsewhere.
page 4 of 37

There are many legitimate reasons for protecting privacy, as indicated on

The Tor Project web site [1] and elsewhere:
• Normal people are concerned about unscrupulous marketers, identity

thieves, irresponsible corporations, child predators, adoption anonymity, and
oppressive governments.
• Activists and whistleblowers are concerned about their own and their
family’s safety and protection from repercussions.
• Bloggers are concerned about anonymity to protect themselves from

frivolous and expensive lawsuits, and from losing their jobs for speaking
their minds.
• Journalists and their audiences are concerned about freedom of

speech, safety of their writers and readers, and shining light on the complete
and accurate truth.
• Business executives have a need to see their competition’s web

presence in the same way that the general public sees them, and about the
confidentiality of outgoing web traffic patterns.
• Military personnel are concerned about protection of field agents,

location of command and control web sites, and anonymity of intelligence
gathering.
• Law enforcement is concerned about the availability of anonymous

tip lines, the stealth of undercover and sting operations, and the ability to
perform surveillance.
• Information Technology professionals are interested in testing IP

address firewall rules and security settings, and in having unfettered access
to Internet resources without being limited themselves by these rules and
security settings.
This research study proposes to quantify how, and how easily, the privacy of
Internet access and usage can be improved for desktop computers, laptops,
and mobile devices. A search and review of existing literature [2,3,4,5] found a
profound lack of data on this subject.
page 5 of 37

In the first, exploratory stage, a descriptive study will be done to investigate

and measure the current state of privacy. Current vulnerabilities will be
described and measured for each of the target hardware and software
platforms, using a range of standard “Use Cases” that are cross-referenced
against different categories of users.
This first stage of study will also include an overview of the legal and
regulatory environment as it pertains to Internet access and usage, in order
to describe the broader, societal context and constraints.
In the second stage, an explanatory study will be done with specific tests
performed to measure the effectiveness and usability of different
enhancements to improve or protect privacy. The same target Use Cases,
target categories of users, and target hardware and software platforms will
be studied as in the first stage. In fact, the first stage results will be used as
the control group for the second stage results.
The usability of these enhancements will be measured both subjectively and

objectively. Subjective measurements will come by way of a web survey of
users and potential users. Objective measurements will come from Timing
measurements and Vulnerability Change measurements. Timing
measurements will quantify how many seconds each of the Use Cases takes
to complete on the Hardware and Software Platforms. Vulnerability Change
measurements will specify whether each enhancement did or did not provide
protection for each vulnerability.
The enhancements to be tested for effectiveness and usability will first

include only current tools, solutions, and procedures such as proxy servers,
encryption, and anonymizing software. After this testing is completed, a
variety of open source software customizations and customized software
solutions will be developed and tested to measure their additional effects on
privacy protection.
page 6 of 37

Objectives
There are three primary objectives to this research study in the context of
Internet access and usage. First, the current state of privacy will be
extensively described and measured, so that, for example, users of each
major browser will be shown what information they disclose to both passive
and active observers when they browse the Internet. This objective will also
be met by an enumeration of current laws and regulations that form the
context and constraints of societies in a variety of countries around the
world.
The second objective is to extensively describe and measure the

effectiveness and usability of existing privacy protection measures.
Thirdly, additional privacy protection enhancements will be developed and

tested to demonstrate how they could be put to use, where and when they
would be useful or not useful, who could use them, who would not use them,
why they work, and what they would do, or not do, to better protect privacy.
Hypotheses
This research study will show that users of desktop computers, laptops and
mobile devices compromise their privacy when using the Internet, and that
there are many ways to better protect this privacy. A secondary hypothesis
is that privacy vulnerabilities vary in extent and in significance depending on
the task that is being performed, and the tools being used.
page 7 of 37

Methodology and Process
Stage 1 – Descriptive Study
Investigate and measure the current state of privacy. Current vulnerabilities

[Table 1]
will be described and measured for each of the target hardware
platforms [Table 3] and software platforms [Table 4] using a range of standard
“Use Cases” [Table 2] that are cross-referenced against different categories of
users [Table 5].
A non-probability, proportionate quota sampling of users is proposed, to

ensure a minimum of 40 members in each of the 7 categories of users listed
in Table 5 is included. Due to the significant amount of time required to
perform each vulnerability test, and presuming that there are sufficient
resources and time made available to undertake this part of the study, the
Stage 1 samples will be taken from geographically close populations in
Vancouver, Kelowna, and Whistler, British Columbia and from Seattle,
Washington. An equal number of males and females from each category will
be selected. This means that, for example, of the 40 “Youth” category users,
5 boys and 5 girls will be selected from each of the 4 geographic locations.
The sample frames for the user categories are also listed in Table 5. In the
case of the “Teen” category, for example, a list of students will be used from
a randomly selected high school and college in each of the 4 geographic
locations. The sample frame for the “Senior” category will be from a list of
residential addresses on randomly selected streets in each of the locations.
Due to the enormous number of possible Use Cases and Software Platform
combinations, however, development of a set of “test, measure, and record”
software applications is also proposed. These programs would be developed
to ensure there is testing and measurement coverage for each hardware and
software combination. These applications will be open source licensed, and
distributed to anyone who will agree to run them on their own computer,
laptop or mobile device for testing and research purposes. They will be
known as the “No Surveillance” sampling test suite. This will greatly expand
the sample size, improve the significance of results, and it is expected that
additional insights into vulnerabilities will be discovered.
page 8 of 37

Participants in this self-administered part of the study will be provided with

details of their own vulnerabilities along with aggregate vulnerability details
from all other participants. The No Surveillance sampling test suite programs
will initially be available with only an English interface, but support for
additional languages will be added based on demand and availability of
translation services. It is expected that translation to Spanish, Portuguese,
German, Simplified Chinese, Japanese, Korean, Italian, Hindi, Russian,
Arabic, and Swedish will be added.
For our purposes in Stage 1, the No Surveillance sampling test suite will be
made available for a period of no less than 12 months, after which the test
results will be combined for analysis with data from the initial personal
interviews. Individual participants will be asked to use the test suite software
for at least one day, and will be allowed to end their participation at any
time after that.
In the case of software platforms, there are often multiple versions of

operating systems and application software currently in use. For the
purposes of this study only software versions released in the previous 6
years will be targeted for sampling, unless there is evidence found of a
significant number of current users of software versions that are more than
6 years old.
This first stage will also include an overview of the legal and regulatory
environment as it pertains to Internet access and usage, in order to describe
the broader, societal context and constraints. This overview will cover North
America, Europe, Australia, Japan, India, Israel, and the 13 countries listed
as “enemies of the Internet” by the Paris-based non-governmental
organization “Reporters Without Borders” [6], which advocates for freedom of
the press.
page 9 of 37

Definitions
It is important to first clarify the definitions of concepts and constructs used

throughout this research study. The tables at the end of this document
provide details on the variables to be tested and measured.
(1) “Vulnerability” = weakness (also known as an “exploit”) which

increases the potential for an attacker or other possible adversary
to capture and analyze information about you. There are currently
nearly 60,000 known vulnerabilities, spanning over 25,000 different
software applications [8]. (see Table 1)
(2) “Use Case” = typical activity or task performed by computer, laptop

or mobile device user. (see Table 2)
(3) “Hardware platform” = underlying hardware being used, including

the computer or laptop or mobile device and any additional
hardware used for making a connection to the Internet. (see Table
3)
(4) “Software platform” = underlying software being used, including the

operating system, application software program, or any additional
software used for making a connection to the Internet. (see Table
4)
(5) “User category” = semi-arbitrary grouping of computer, laptop and

mobile device users into age, marital status, and parental status
groups based on the premise that these are differentiating factors
in a user’s attitude and aptitude. (see Table 5)
(6) “Attack” = targeted or purposive offensive behaviour intended to

identify vulnerabilities and/or take advantage of previously known
vulnerabilities.
(7) “Leak” = inadvertent or accidental disclosure of information or data.
(8) “Public IP address” = sequence of Internet Protocol numbers (and

letters if referring to a version 6 IP Address) uniquely identifying all
devices connected to the public Internet.
(9) “Private IP address” = similar to a “Public IP address” except is

used to uniquely identify devices connected to a private network
that is not accessible to or by the general public, and uses a limited,
standard subset of all possible IP address numbers.
page 10 of 37

(10) “MAC address” = Media Access Control address, which is a globally

unique identifier manufactured into all network interface cards.
(11) “DNS” = Domain Name System, which is an Internet directory

system that performs lookups on domain names to determine which
IP address they are associated with.
(12) “Router” = networking device whose hardware and software are

designed to route and forward information between computers (and
other devices) and the Internet. The connections between these
computers (and other devices) and the router are either by wire or
radio signals (“wireless”).
(13) “SSID” = Service Set Identifier, which is the name of an 802.11

wireless access point (usually a wireless router) used by all wireless
devices connected to it as part of a Local Area Network (“LAN”).
(14) “Operating system” = software which runs as an interface between

hardware and the application software run by a user of that
hardware, usually to provide underlying functionality that is
invisible to the user.
(15) “Application software” = software which runs as an interface

between a user of a computer or device and the operating system,
usually to perform certain tasks or activities for and by the user.
(16) “Encryption” = process of transforming information (referred to as

“plaintext”) into encrypted information (referred to as “ciphertext”)
that can only be understood by those who possess special
knowledge (referred to as a “key”) about the algorithm used to do
the transformation.
(17) “Decryption” = process of transforming ciphertext into plaintext

using a key.
(18) “Personally identifiable information” = also known as “personal

information” in some contexts, is information that can be used to
uniquely identify, distinguish or trace a person.
(19) “Malware” = malicious software that performs tasks without the

computer user’s or device user’s knowledge or informed consent.
page 11 of 37

The actual vulnerability testing will be done using a variety of testing tools,
based on the specific vulnerability being tested. These testing tools are listed
in Table 1 beside each of these vulnerabilities. This study proposes using
multiple testing tools in order to not be limited or biased by any single
testing tool. More importantly, none of these testing tools has been created
to cover all possible situations.
Testing Tools
Packet capture works by sniffing the IP traffic between the computer, laptop,
or mobile device and the router being used to connect to the Internet via the
Internet Service Provider. Sniffing in this context refers to the capturing of
Internet Protocol packets being sent and received. This packet capturing will
be done using programs similar to or based on libpcap and tcpdump, such as
Wireshark. Captured packets can potentially contain IP addresses, MAC
addresses, and leaked personal data such as login names, passwords, and
the actual contents of any correspondence or shared files.
Wireshark can capture packets both on the wire, and wirelessly. Kismet will
also be used for wireless sniffing. Both of these programs are open source
licensed software applications that can be run on almost any version of
Windows, Linux or Mac OS X. In this study, both will be used, along with
Scapy, Ettercap, Dsniff, and Core Impact to compare results and ease of
use. The packet capture software will be installed on a separate laptop that
will be connected to the same subnet (and router) as the target computer,
laptop or mobile device so that it can “listen” to all IP communications on
that subnet.
OS fingerprinting works by sending probe IP packets to the computer, laptop

or mobile device and analyzing responses to these probes and other
communications sent out by that machine. P0f, Nmap, Nessus and Core
Impact software will be used for these purposes.
Other vulnerability tests will be done using remote scanning software Nmap
and Scapy, which can be run on almost any version of Windows, Linux or
Mac OS X. Both Nmap and Scapy send raw IP packets over IP
communication links to test ports, services, and other characteristics of a
computer, laptop or mobile device. Remote scanning works similarly to OS
fingerprinting, by sending probe IP packets to test for known exploits, or
flaws, that exist in the operating system or application software being used.
page 12 of 37

These exploits are usually fixed by the software developer as soon as they
are able to, but there is a failure in many cases - by the user - to ensure
that these fixes are installed on their computer or device. Other vulnerability
scans and exploit discovery will be done using Nessus, Metasploit
Framework, Core Impact and Nbtscan.
Password analysis works in a variety of ways, including packet sniffing and

brute force. Dsniff, Cain and Abel, John the Ripper, Aircrack, AirSnort,
L0phtCrack and THC Hydra will all be used as testing tools for this type of
vulnerability. Like the packet capture programs, they will be installed on a
separate laptop that will be connected to the same subnet (and router) as
the target computer, laptop or mobile device so that they can “listen” to all
IP communications on that subnet.
WebScarab and Paros will be run as intercepting proxies on the same

computer, laptop or mobile device, allowing detailed monitoring of http and
https communications to and from the Internet. For wireless
communications, Karmetasploit will be used as an intercepting proxy in the
form of a spoofed access point to expose communications data that is
otherwise hidden and safe.
Keystroke logging (“keylogging”) works by recording the actual keystrokes

entered by the user, and saving them in an encrypted file for later analysis.
This logging has to be done on the same computer, laptop or mobile device
being tested. Perfect Keylogger, Ghost Keylogger, Spector CNE Investigator
and Invisible Keylogger Stealth are software-based keyloggers that will be
installed and used on Windows desktops and laptops. PyKeylogger is an
open source, Python-based keylogger that will be used to develop custom
keylogging software for any operating system. KeyCarbon is a hardware-
based keylogger that will be installed either into a PCI expansion slot in
desktops and laptops, or into a USB connection if a USB-based keyboard is
being used.
Malware works by performing malicious or mischievous tasks, but it first has

to be installed and run without the user’s consent. It is the intent of this
study to use the Metasploit Framework [7] as a launch pad for malware, and
to run tests for all known applicable exploits. Many of the Metasploit exploits
are not applicable for this study, because they are related to Oracle
databases, web servers, and other software not found on desktop
computers, laptops or mobile devices.
page 13 of 37

Use Cases
In terms of the Use Cases listed in Table 2, as many of these as is practical

will be tested to determine which of the vulnerabilities listed in Table 1 are
exposed. For example, for Use Case 2.1 “Power on hardware platform”,
packet capture and intercepting proxy tests will be run to see if Vulnerability
1.1 “Own public IP address leak” occurs. As with most of the vulnerability
tests, this measurement will give a true or false result – a nominal scale.
For this same Use Case 2.1, packet capture and intercepting proxy tests
would also be run to test Vulnerabilities 1.4 “Visited IP address leak”, 1.5
“DNS lookup leak”, 1.6, 1.7, 1.10, 1.11, 1.12, etc.
Any Use Cases that cannot be run will be skipped.
Sampling
Presuming there will be sufficient time and resources made available, there
will be 40 users selected from each User Category listed in Table 5, for a
total of 280 users to be sampled. Geographically, this would mean 70 users
selected from each of the four geographic locations. This works out to 10
users from each User Category in each geographic location.
Candidates will be selected randomly from each of the sample frames listed
in Table 5 until sufficient candidates have accepted the opportunity and
agreed to participate. Each potential candidate must be capable of
participating, and have access to at least one of the hardware and software
platforms listed in Tables 3 and 4. When the candidate has access to more
than one potential hardware and software platform, then they will be asked
to participate based on a hardware and software platform not already
selected for their geographic location and User Category. This will result in
an uneven distribution of hardware and software platforms, but it is
presumed that this bias will be reflective of the general population in these
geographic locations.
It is proposed that these 280 sample tests be done as personal interviews,

with 10 tests each performed by 28 different researchers and assistants. A
single test is expected to take approximately 4 hours, with an additional 4
page 14 of 37

hours required to prepare reports on the findings, other observations and

unexpected results.
Any bias amongst these 280 candidates will be made clear when compared
to the larger, random sampling via the self-administered testing.
Development of the No Surveillance software test suite is to be completed
after the initial 280 sample results are compiled, in order to better
understand the limitations and opportunities of self-administered testing. It
is expected that 5-6 months of development effort will be required to
complete development of this software, which will include a web site and
web service to allow aggregation of the collected data. Individual
participants in this part of the study will also be provided with their
individual results, which will form part of the motivation for them to
participate and to continue participating. Their ability to monitor their own
vulnerabilities as they use the Internet is expected to be an attractive
opportunity for them, although it is expected there will be a bias in this
larger sample towards more sophisticated users who are more concerned
about their privacy.
The majority of Internet users who are less concerned about their privacy
will be largely absent from this study, other than those randomly selected in
the 280 personal interview testing phase.
Any Hardware or Software Platform combinations or Use Cases that cannot

be run will be skipped.
page 15 of 37

Stage 2 – Explanatory Study
Investigate and measure the effectiveness and usability of different

enhancements to improve or protect privacy. The same target
Vulnerabilities, Use Cases, User Categories, Hardware Platforms, and
Software Platforms will be studied as in Stage 1. In fact, the Stage 1 results
will be used as the control group for Stage 2.
The usability of these enhancements will be measured both subjectively and

objectively. Subjective measurements will come by way of a web survey of
users. This web survey will ask users to provide a ratio scale answer for each
of the privacy protection measures listed in Table 6, in terms of how
acceptable and usable they are, with 0 being no change in usability, -1 to -5
being impaired usability, and +1 to +5 being improved usability.
Objective measurements of the usability of these enhancements will come

from Timing measurements and Vulnerability Change measurements. Timing
measurements will quantify how many seconds each of the Use Cases takes
to complete on the Hardware and Software Platforms. Vulnerability Change
measurements will specify whether each enhancement did or did not provide
protection for each vulnerability.
For example, using Tor, Vidalia and polipo (Existing Privacy Protection 6.1)
to protect privacy will be measured in terms of how many seconds it takes to
use Firefox (Software Platform 4.14) on a PC (Hardware Platform 3.1)
running Microsoft Windows (Software Platform 4.1) to do a search on Google
(Use Case 2.5). These Timing measurements will be compared to the same
scenario without use of the privacy protection.
In this same example, Vulnerability Change will be measured by seeing

whether each applicable Vulnerability listed in Table 1 is eliminated - or not -
by this privacy protection.
page 16 of 37

Existing Privacy Protection
The enhancements to be tested for effectiveness and usability will include

current tools, solutions, and procedures such as proxy servers, encryption,
and anonymizing software [Table 6].
Testing Tools
The same testing tools used in Stage 1 will be used in Stage 2 to test the
same Vulnerabilities listed in Table 1.
Sampling
The subjective measurements of usability in Stage 2 will be done on a

random sampling of Internet users by way of a web survey over a 3-4
month period. This web survey will be available translated into multiple
languages in order to broaden the scope of the sample frame beyond
English-speaking users. Participants will be limited to those who have
personal experience using one or more of the Existing Privacy Protections
listed in Table 6. This survey will ask about each Vulnerability, Use Case,
Hardware Platform, and Software Platform they have recent personal
experience with, as well as solicit participants for additional comments and
other observations they wish to make.
Objective measurements of effectiveness (Timing and Vulnerability Change)

will be done in a controlled lab environment to reduce the effects of
moderating and extraneous variables. There is no requirement for
randomness in these samples, but rather a requirement for accurate
measurement of effectiveness in a variety of configurations and
combinations.
page 17 of 37

Customized Privacy Protection
In addition to existing privacy protection, a variety of open source software

customizations and customized software solutions will be developed and
tested to measure their additional effects on privacy protection. It is
expected that this development effort will take 12 additional months after
the Existing Privacy Protection testing has been completed.
These customized solutions will involve modifications to existing open source

projects such as Mozilla Firefox and Thunderbird, Google Chrome and
Android, OpenSSH, OpenVPN, stunnel, Tor and Vidalia, polipo, Qt, tcpdump,
Wireshark, and others. The goal at this final stage of the study is to use the
results found to date as the basis for designing and developing potentially
better solutions to protect privacy.
This customized privacy protection should address both the initially identified
vulnerabilities and any others that may have been discovered along the way.
In particular, one potential new class of vulnerabilities that might come to
the surface at this point will be those associated with “cloud computing”
platforms. Google Gmail and Google Docs are two current cloud computing
services that are included as Software Platforms in this study, but not
enough is currently known about this class of software to directly address all
possible vulnerabilities they may enable.
Objective measurement of the effectiveness of these custom solutions will be

done in the same controlled lab environment. Any improvements over
existing privacy protection measures will be made available for anyone to
test for himself or herself in exchange for a commitment to provide their
subjective feedback on usability.
page 18 of 37

Results and Discussion
It is expected that a significant quantity of data will be compiled for this

study. Details on current vulnerabilities will be correlated with specific User
Categories, Use Cases, Hardware Platforms and Software Platforms. The
intention is to provide an authoritative review that will better educate users
of the Internet and increase awareness of the critical issue of privacy before
this fundamental right is lost or given up for dead. Without awareness, new
legal and regulatory frameworks are expected to continue their
encroachment on privacy.
It is hoped that software developers will also take note, and use the results
of this study to provide better privacy protection for their customers and
users.
Conclusions
Ultimately, it is only through education that we can make better choices.

This study is about empowering citizens and organizations, about making
them better informed, and helping them recognize how, and how easily,
they can better protect themselves in a world of increasing surveillance and
intrusion.
page 19 of 37

Appendices
Table 1 Vulnerability Risk Testing Tools
1.1 Own public IP Can be used to learn the name of the Packet capture,
address leak Internet Service Provider (“ISP”) intercepting proxy
connecting this IP address to the Internet;
the name of the Organization (“Org”)
owning this IP address; the continent,
country, state, city, latitude and longitude
geographical location of this IP address;
the Autonomous System Number (“ASN”)
network this IP address is part of; and the
domain name which this IP address
resolves to.
1.2 Own private IP Can be used to identify the specific Packet capture,
address leak computer or device being used behind the remote scanning
public IP address.
1.3 Own MAC Same as “Own private IP address leak” Packet capture,
address leak vulnerability, and can be used to identify remote scanning,
the unique network interface card (“NIC”) malware
hardware being used.
1.4 Visited IP Can be used to learn the Internet web Packet capture,
address leak site(s) and service(s) being used, or intercepting proxy
previously were used; and what software
may be in use.
1.5 DNS lookup Same as “Visited IP address leak” Packet capture,

leak vulnerability. intercepting proxy
1.6 User login leak Can be used to learn authentication Packet capture,
or weak user credentials for access to controlled or password
login restricted content or services. analysis, remote
scanning,
intercepting
proxy, keylogging,
malware
page 20 of 37

1.7 User password Same as “User login leak” vulnerability. Packet capture,
leak or weak password
password analysis,
intercepting
proxy, keylogging,
malware
1.8 Name leak Can be used to personally identify you, Packet capture,
your employment, interests, place of remote scanning,
residence, and other activities. keylogging,
malware
1.9 Alias leak Same as “Name leak” and “User login Packet capture,
leak” vulnerability, though not with the remote scanning,
same level of certainty. password
analysis, malware,
keylogging
1.10 Email address Same as “Name leak” vulnerability, Packet capture,

leak though not with the same level of intercepting
certainty. proxy, keylogging
1.11 Home address Same as “Name leak” vulnerability. Packet capture,

or phone intercepting
number leak proxy, keylogging
1.12 Employer name Can be used to learn about place of Packet capture,
or address or employment, job responsibilities, or intercepting
phone number employer’s business activities. proxy, keylogging
or email
address leak
1.13 Computer Can be used to learn what operating OS fingerprinting,

operating system may be in use; and possibly what remote scanning
system leak hardware may be in use.
1.14 Application Can be used to learn what software may Packet capture,
software leak be in use; and what tasks the software remote scanning,
has been used for. intercepting proxy
1.15 Router leak Can be used to learn about the identity of Packet capture,
the router used to connect the computer remote scanning,
or device to the Internet. malware
page 21 of 37

1.16 SSID leak Can be used to learn the name(s) of Packet capture,
wireless routers that were previously malware
being used or are currently being used.
1.17 Mapped drive Can be used to learn what remote Packet capture,
leak systems were previously being used or are keylogging
currently being used. Remote systems
could identify an employer or school or
client.
1.18 Temporary files Same as “Application software leak” Malware

leak vulnerability.
1.19 Clipboard data Can be used to learn what data has Keylogging,
leak previously been copied or cut and pasted. malware
1.20 Recycle bin leak Can be used to learn what data files have Malware
previously been deleted.
1.21 Log file leak Same as “Application software leak” Malware

vulnerability.
1.22 Encrypted Can be saved for future possible Packet capture,

transmission decryption, in which case the vulnerability intercepting
discovery would be the same as “Unencrypted proxy, malware
communication leak” vulernability.
1.23 Encrypted file Same as “Encrypted transmission Keylogging,

discovery discovery” vulnerability. malware
1.24 Execution of Execution of any untrusted software could Remote scanning,

malware perform malicious damage or disclosure. malware
1.25 Cookie leak Same as “Visited IP address leak” and Packet capture,
“Alias leak” vulnerabilities but in addition remote scanning,
can be used to identify when each web intercepting
site or service was first or last visited. proxy, malware
1.26 Cache leak Same as “Visited IP address leak”, Malware

“Application software leak” and “Cookie
leak” vulnerabilities.
page 22 of 37

1.27 Download files Same as “Application software leak” Remote scaning,

leak vulnerability. intercepting
proxy, keylogging
1.28 Unencrypted Arguably the highest risk vulnerability, Packet capture,

communication since the content of communication can remote scanning,
leak be used for a wide range of malicious intercepting
purposes. proxy, keylogging
1.29 Drive-by Downloads or installs of some software Packet capture,

download or can be done by malicious web sites remote scanning,
install without knowledge or authorization by the malware
user.
1.30 Known exploit Operating system software or application Remote scanning,

software with exploit that has not been intercepting
patched can be used for malicious proxy, malware
purposes.
page 23 of 37

Table 2 Use Case Details
2.1 Power on Turn power on and wait for starting sequence to finish. Auto
hardware startup programs should be kept to a minimum for initial
platform testing and measurement, but then added to emulate a variety
of standard configurations.
2.2 Connect to Initiate connection to Internet, if not already done as part of

Internet power on sequence.
2.3 Read email Start email client or other software and fetch email from POP or
IMAP email server. This would include popular web-based email
such as Gmail, Hotmail, and Yahoo!, as well as client-server
email such as Outlook and Thunderbird.
2.4 Send email Send email message using email client or other software.
2.5 Use search Start Internet browser software and perform search on Google,
engine Bing, Yahoo!, and other search engines.
2.6 Download Start music client software and download song.

music
2.7 Receive file Receive file attachment from acquaintance.
2.8 Send local file Send file attachment to acquaintance.
2.9 Share local file Share local file for access by acquaintance.
2.10 Purchase Make online purchase of software using credit card and then
software and proceed to download to a local hard drive.
then download
2.11 Install new Install operating system and application software programs
program on from CD or DVD or ISO image. Testing and measurement of OS
local hard installations will be done by tools external to the computer,
drive laptop or device. Testing and measurement of application
software programs will be done by both external tools and tools
running concurrently on the same computer, laptop or device.
2.12 Open email Open file attachment received via email for testing and
spam virus measurement purposes. This should be done only on a
computer, laptop or mobile device that can be reformatted and
reinstalled afterwards.
page 24 of 37

2.13 Install and use Thousands of third-party add-ons, plugins, and ActiveX controls
Internet extend the functionality of Internet Explorer, Firefox, and other
browser add- browsers.
ons, plugins
and ActiveX
controls
2.14 Run Java Many Internet web sites make use of Java applets to perform
applet special functions. There are also multiple Java Virtual Machines
(“JVM”) used to run these applets.
2.15 Run Java Many software applications make use of Java running in a JVM
application on the client computer, laptop or device.
2.16 Run ECMA- Millions of different Javascript, Jscript, Actionscript, and other
262, edition 3 ECMA-262, edition 3 client-side scripts are used throughout the
client-side Internet.
scripts
2.17 Send Twitter Twitter.com is a micro blogging service, which allows up to 140
update characters of text to be entered in response to the question
“What’s happening?”
2.18 Receive Twitter Anyone with a twitter.com account can “follow” other twitter
update users, and receive updates on all new “What’s happening?”
posts they make.
2.19 Update own Facebook.com is a “social networking” service, which allows

Facebook page subscribers to stay connected with others by sharing parts of
their lives with pictures, stories and more.
2.20 Post to Anyone with a facebook.com account can post comments on

Facebook another subscriber’s “wall” if the two of them are “connected”,
friend’s wall with the goal being to stay in touch and simultaneously let
everyone else know what is current in your life.
2.21 Update own LinkedIn.com is a business connections service, self-described

LinkedIn as a professional network of trusted contacts.
profile
2.22 Receive RSS RSS is a simple method of automatically receiving updates from
update any web site or Internet service that you are subscribed to.
page 25 of 37

2.23 Send instant Instant messaging (“IM”) is an Internet service to send

message immediate messages (usually text) to others on your “contact”
list and learn about which of your contacts is currently available
for chatting.
2.24 Receive instant Instant messages and SMS (“small message service”) can be
message and received on a number of hardware platforms and software
SMS platforms.
2.25 View YouTube YouTube.com is a video sharing service.

video
2.26 Upload Subscribers to YouTube.com can upload their own videos for
YouTube video sharing with others.
2.27 Backup files on Making copies (“backups”) of data files from local hard drives to
local hard to remote servers can be done with a wide variety of Internet
remote server backup services.
2.28 Enable auto Many software applications and operating systems now make
update use of “auto update” functionality in order to use the Internet
for version checking, new version downloading, and patch
installation. Each program with this capability enabled must be
tested and measured.
2.29 Manual auto Rather than “auto update”, many software applications allow
update manually initiated update functionality for version checking,
new version downloading, and patch installation. Each program
with this capability must be tested and measured.
2.30 From home Where a home office exists, testing some of the Use Cases
office listed in this Table should be done from there.
2.31 From coffee Testing some of the Use Cases listed in this Table should be
shop done from a local coffee shop as well.
2.32 From Where a user has a workplace office, and permission has been
workplace obtained from the employer, testing some of the Use Cases
office listed in this Table should be done from there.
2.33 From public Testing some of the Use Cases listed in this Table should be
transportation done from some form of local public transportation as well.
page 26 of 37

2.34 From grocery Testing some of the Use Cases listed in this Table should be
store or done from a local grocery store or shopping centre as well.
shopping
centre
2.35 From school Where a user has access to a school library or public library,
library or and permission has been obtained from the school or library
public library operator, testing some of the Use Cases listed in this Table
should be done from there.
page 27 of 37

Table 3 Hardware Details

Platform
3.1 PC Desktop personal computer running one of a variety of

operating systems, and consisting of a separate keyboard and
mouse, a monitor, and a case or housing that holds the RAM,
hard drive, optical drive, processor, network interface card, and
expansion slots.
3.2 Laptop Portable personal computer running one of a variety of

operating systems, and made up of a single enclosure in a flip
form to protect the keyboard and screen when closed.
3.3 Netbook Essentially a smaller, minimalist version of laptop, running one

of a variety of operating systems, weighing about 2 pounds and
having about a 7-inch display.
3.4 Portable Hand-held consumer electronics device, running one of a

multimedia variety of operating systems, designed primarily to store and
player play digital media. The market leader in this category is the
Apple iPod. Some portable multimedia players are also
smartphones.
3.5 Smartphone Mobile, hand-held telephone device, running one of a variety of

operating systems, and including support for Wi-Fi for access to
the Internet. The current market leaders in this category are
devices made by Apple, Research In Motion, HTC, Nokia,
Motorola, Sony Ericsson and Palm. Some smartphones are also
portable multimedia players.
3.6 Video game The Sony PlayStation 2, 3 and Portable, the Microsoft Xbox and
console Xbox 360, and the Nintendo Wii and DS are the only game
consoles with the hardware and connectivity capable of
consideration in this study.
3.7 Appliances and Some devices and appliances like the TiVo DVR access the
other Internet in order to provide enhanced services. These hardware
platforms are varied and do not fit any of the other categories
in this Table. Smart cards and RFID technology are not
considered in this study.
3.8 USB storage Removable USB storage devices can be plugged into many of
devices the hardware platforms in this Table.
page 28 of 37

3.9 Optical storage Removable optical storage discs like CD, DVD and Blu-ray can
devices be used to transfer data between many of the hardware
platforms in this Table.
3.10 Flash memory Removable flash memory cards can be used to transfer data
devices between many of the hardware platforms in this Table.
page 29 of 37

Table 4 Software Details

Platform
4.1 Microsoft Microsoft has produced a number of software platforms in the

Windows Windows “family”, running on computers and laptops, the
major ones in current use being: Windows 7, Windows Vista,
Windows XP, and Windows NT.
4.2 Microsoft Microsoft has developed a separate version of Windows for

Windows CE smartphones and portable media players called Windows CE.
This is a real-time operating system, which is also the basis for
Windows Mobile/Phone.
4.3 Apple Mac OS Apple has a single operating system, Mac OS X, which runs on
X all its computers and laptops.
4.4 Apple iPhone This is the operating system based on Apple Mac OS X which
OS runs on the iPhone and iPod devices.
4.5 Linux Linux OS is the poster child open source operating system that
runs on almost all hardware platforms. It is at the core of a
number of Linux “distributions” from Red Hat, Debian, Ubuntu,
openSUSE, Gentoo, Oracle, and nearly 300 other organizations.
4.6 Android Android OS is an open source platform for smartphones

developed by Google, and now owned by the Open Handset
Alliance, which is a business alliance of 50 different hardware,
software and wireless companies.
4.7 Symbian Symbian OS currently has the largest market share in the
smartphone market, but its owner, Nokia, has announced that
it will be replaced by Maemo. Both Symbian and Maemo are
owned by Nokia.
4.8 Maemo Nokia runs the open source Maemo operating system on its
high-end smartphones and its Internet tablet hardware
platforms.
4.9 Palm webOS Operating system running on Palm smartphones.
page 30 of 37

4.10 Qt Nokia bought Trolltech in June 2008, the company that

developed Qt, which is a widely used open source cross-
platform application development framework. Qt runs on almost
all hardware platforms listed in Table 3, and on most of the
other software platforms listed in this Table.
4.11 Java Java is currently the most popular cross-platform software

environment, and like Qt, runs on almost all hardware
platforms listed in Table 3, and on most of the other software
platforms listed in this Table.
4.12 Gears Gears is an open source, optional, enhancement technology

developed by Google for some Internet browsers and web sites
that allows local caching and data storage for offline (not
connected to Internet) processing, as well as automatic client
Geolocation identification.
4.13 Internet The most popular Internet browser in use today. Runs only on
Explorer Windows software platform.
4.14 Firefox The second most popular Internet browser in use today, and
the most popular open source browser. Runs on most of the
software OS platforms listed in this Table.
4.15 Chrome Relatively new Internet browser developed by Google. Runs on

Windows, Linux and Mac OS X software platforms.
4.16 Safari Internet browser developed by Apple. Runs on many software

platforms. Multiple versions of this software must be tested and
measured.
4.17 Opera Popular Internet browser which runs on many software and
hardware platforms. Multiple versions of this software must be
tested and measured.
4.18 Computrace These software applications developed by Absolute Software

and LoJack allow computers, laptops, netbooks and smartphones to be
tracked and recovered if stolen.
4.19 Google Toolbar Google has developed a useful toolbar that can be installed into
for IE Internet Explorer.
4.20 Yahoo Toolbar Yahoo has also developed a useful toolbar that can be installed
for IE into Internet Explorer.
page 31 of 37

4.21 Skype Skype is a Voice Over Internet Protocol (“VOIP”) software

application that allows free voice calls over the Internet
between Skype users.
4.22 Cerulean Trillian is a multi-protocol Instant Messaging software

Studios Trillian application that allows real-time chat and sharing between
users of ICQ, AOL Instant Messenger, Windows Live Messenger,
Yahoo! Messenger, Jabber, Google Talk, IRC, Twitter, Facebook,
MySpaceIM, Bonjour, Skype, and Trillian.
4.23 Windows Live Formerly MSN Messenger, Windows Live Messenger is

Messenger Microsoft’s instant messaging software application for real-time
chat and sharing.
4.24 Yahoo! Yahoo! Messenger is Yahoo’s instant messaging software

Messenger application for real-time chat and sharing.
4.25 AOL Instant AIM is America Online’s instant messaging software application
Messenger for real-time chat and sharing.
4.26 Adobe Portable PDF is a ubiquitous standard document format developed by

Document Adobe.
Format (“PDF”)
4.27 Adobe Flash Flash is a ubiquitous standard interactive file format developed
by Adobe.
4.28 Microsoft Silverlight is Microsoft’s competition to Adobe Flash in creating

Silverlight a standard interactive file format.
4.29 Facebook Facebook.com is more than a simple web site, since it is an

extensive development platform as well, and according to
Alexa.com is the second most popular web site on the Internet
after Google.
4.30 MySpace Myspace.com competes in the same space as Facebook, and

according to Alexa.com is the twelfth most popular web site on
the Internet.
4.31 Google Gmail Google has a very popular and free email service that is web-
based, rather than client-based or server-based.
page 32 of 37

4.32 Google Docs Google Docs is a suite of web-based applications that allow
collaborative creation and use of document, spreadsheet, and
presentation files.
page 33 of 37

Table 5 User Category Sample frame Casual Moderate Frequent

user user user
5.1 Youth, 12 and List of students in Less than 7 to 15 More than

younger randomly selected 7 hours hours per 15 hours
elementary school per week week per week
5.2 Teen, 13 to 19 List of students in Less than 10 to 20 More than

randomly selected 10 hours hours per 20 hours
secondary school and per week week per week
college
5.3 Single Adult, List of employees in Less than 15 to 30 More than

20 to 60, not randomly selected 15 hours hours per 30 hours
married, no businesses from telephone per week week per week
children directory
5.4 Married List of employees in Less than 15 to 30 More than

Family Adult, randomly selected 15 hours hours per 30 hours
20 to 60, 1 or businesses from telephone per week week per week
more children directory
5.5 Adult Parent, List of employees in Less than 15 to 30 More than

20 to 60, not randomly selected 15 hours hours per 30 hours
married, 1 or businesses from telephone per week week per week
more children directory
5.6 Married, no List of employees in Less than 15 to 30 More than

Children, 20 randomly selected 15 hours hours per 30 hours
to 60 businesses from telephone per week week per week
directory
5.7 Senior, age List of residential Less than 15 to 30 More than

60+ addresses on randomly 15 hours hours per 30 hours
selected streets per week week per week
page 34 of 37

Table 6 Existing Details

Privacy
Protection
6.1 Tor, Vidalia, This open source software application protects TCP protocol-
and polipo based communications from traffic analysis. Vidalia functions as
an optional controller application for the Tor software. Polipo
functions as a caching proxy to allow faster access to repeated
Internet resources.
6.2 JAP Anon Software application which facilitates anonymous browsing of

Proxy Internet web sites.
6.3 Stunnel Open source encryption software application to provide a secure

SSL “wrapper” around an otherwise unencrypted IP
communications connection, without requiring any modification
of the target service.
6.4 OpenVPN Open source Virtual Private Network (“VPN”) software

application.
6.5 OpenSSH Open source Secure Shell (“ssh”) software application.
6.6 TrueCrypt Open source disk encryption software application.
6.7 GNU Privacy Open source file and email encryption software application.
Guard
6.8 Anonymizer Commercial one-hop proxy service.

Total Net
Shield
6.9 LogMeIn Web-hosted VPN service with both free and commercial
Hamachi2 licenses.
6.10 F-Secure Commercial security and privacy software suite.

Internet
Security and
Mobile Security
6.11 Norton 360 Commercial security and privacy software suite.

and Internet
Security
page 35 of 37

6.12 Internet Feature of Microsoft Internet Explorer browser introduced in

Explorer version 8, which prevents storage of data which might
InPrivate compromise privacy.
Browsing
6.13 Chrome Feature of Google Chrome browser which prevents storage of

InCognito data which might compromise privacy.
mode
6.14 Safari Private Feature of Apple Safari browser which prevents storage of data
Browsing which might compromise privacy.
page 36 of 37

References
[1] The Tor Project, Who uses Tor?, Reference found on November 25, 2009
at http://www.torproject.org/torusers.html.en
[2] The Free Haven Project, Anonymity Bibliography, Reference found on

November 27, 2009 at http://freehaven.net/anonbib/full/date.html
[3] Electronic Frontier Foundation, Privacy, Reference found on November

27, 2009 at http://www.eff.org/issues/privacy
[4] IBM Privacy Research Institute, Projects, Reference found on November

27, 2009 at http://www.zurich.ibm.com/pri/projects
[5] Carnegie Mellon, Data Privacy Lab Research Results, Reference found on
November 26, 2009 at
http://privacy.cs.cmu.edu/dataprivacy/projects/index.html
[6] Reporters Without Borders, Enemies of the Internet, Reference found on

November 20, 2009 at
http://www.rsf.org/IMG/pdf/Internet_enemies_2009_2_-3.pdf or at
http://www.rsf.org/en-ennemi26134-China.html
[7] Rapid7 LLC, The Metasploit Framework, Reference found on November

26, 2009 at http://www.metasploit.com/framework/
[8] The Open Security Foundation, Open Source Vulnerability Database,

Reference found on November 28, 2009 at http://osvdb.org/
page 37 of 37

BCIT COMP 7036 Research Proposal by Wesley Kenzie Nov 2009

Caricato da

Informazioni sul documento

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

BCIT COMP 7036 Research Proposal by Wesley Kenzie Nov 2009

Caricato da

Copyright:

Formati disponibili

COMP 7036 Applied Research Methods in Software Development

Instructor Aman Abdulla

PDF created with pdfFactory Pro trial version www.pdffactory.com

PDF created with pdfFactory Pro trial version www.pdffactory.com

This surveillance is an intrusion and violation of privacy, made under the

PDF created with pdfFactory Pro trial version www.pdffactory.com

This surveillance is an intrusion and violation of privacy, made under the

Privacy is also a fundamental right identified in article 12 of the Universal

PDF created with pdfFactory Pro trial version www.pdffactory.com

There are many legitimate reasons for protecting privacy, as indicated on

• Normal people are concerned about unscrupulous marketers, identity

• Bloggers are concerned about anonymity to protect themselves from

• Journalists and their audiences are concerned about freedom of

• Business executives have a need to see their competition’s web

• Military personnel are concerned about protection of field agents,

• Law enforcement is concerned about the availability of anonymous

• Information Technology professionals are interested in testing IP

PDF created with pdfFactory Pro trial version www.pdffactory.com

In the first, exploratory stage, a descriptive study will be done to investigate

The usability of these enhancements will be measured both subjectively and

The enhancements to be tested for effectiveness and usability will first

PDF created with pdfFactory Pro trial version www.pdffactory.com

The second objective is to extensively describe and measure the

Thirdly, additional privacy protection enhancements will be developed and

PDF created with pdfFactory Pro trial version www.pdffactory.com

Methodology and Process

Stage 1 – Descriptive Study

Investigate and measure the current state of privacy. Current vulnerabilities

A non-probability, proportionate quota sampling of users is proposed, to

PDF created with pdfFactory Pro trial version www.pdffactory.com

Participants in this self-administered part of the study will be provided with

In the case of software platforms, there are often multiple versions of

PDF created with pdfFactory Pro trial version www.pdffactory.com

It is important to first clarify the definitions of concepts and constructs used

(1) “Vulnerability” = weakness (also known as an “exploit”) which

(2) “Use Case” = typical activity or task performed by computer, laptop

(3) “Hardware platform” = underlying hardware being used, including

(4) “Software platform” = underlying software being used, including the

(5) “User category” = semi-arbitrary grouping of computer, laptop and

(6) “Attack” = targeted or purposive offensive behaviour intended to

(7) “Leak” = inadvertent or accidental disclosure of information or data.

(8) “Public IP address” = sequence of Internet Protocol numbers (and

(9) “Private IP address” = similar to a “Public IP address” except is

PDF created with pdfFactory Pro trial version www.pdffactory.com

(10) “MAC address” = Media Access Control address, which is a globally

(11) “DNS” = Domain Name System, which is an Internet directory

(12) “Router” = networking device whose hardware and software are

(13) “SSID” = Service Set Identifier, which is the name of an 802.11

(14) “Operating system” = software which runs as an interface between

(15) “Application software” = software which runs as an interface

(16) “Encryption” = process of transforming information (referred to as

(17) “Decryption” = process of transforming ciphertext into plaintext

(18) “Personally identifiable information” = also known as “personal

(19) “Malware” = malicious software that performs tasks without the

PDF created with pdfFactory Pro trial version www.pdffactory.com

OS fingerprinting works by sending probe IP packets to the computer, laptop

PDF created with pdfFactory Pro trial version www.pdffactory.com

Password analysis works in a variety of ways, including packet sniffing and

WebScarab and Paros will be run as intercepting proxies on the same

Keystroke logging (“keylogging”) works by recording the actual keystrokes

Malware works by performing malicious or mischievous tasks, but it first has

PDF created with pdfFactory Pro trial version www.pdffactory.com

In terms of the Use Cases listed in Table 2, as many of these as is practical

Any Use Cases that cannot be run will be skipped.