Dmitry Volkov - Private messengers: without pain??

Private messengers:
without pain??
Dmitriy Volkov
[email protected]
FB527CDAC1176535A4CF9B4C0E8CB6EC231EDDFE

View Slide

[email protected] 231EDDFE DEFCON Moscow XV
vectors Technical, hard, mathy: what crypto we
need in precise terms, metadata-leak-
minimizing routing, etc.
Publicism: what’s the problem, what to do both
concretely and generally, why are we where we
are, what to do for a better future
Politics and social sense
plan
“Building a messenger in three easy steps”
The Privacy Problem Abridged
Untrusting server
What To Do Right Tomorrow Morning
What To Do After That | A Vision Of Reasonably Better
And Very Specific Proposals
+°C
Untrusting more
Fun holes

View Slide

Messenger v0.1 (telnet)
TCP/HTTP

View Slide

ISP
СОРМ
РКН

View Slide

ISP
СОРМ
РКН
●
Confidentiality

View Slide

ISP
СОРМ
РКН
●
Confidentiality
●
Integrity

View Slide

ISP
СОРМ
РКН
●
Confidentiality
●
Integrity
●
Authentication

View Slide

Messenger v1.0
ISP
СОРМ
РКН
●
Confidentiality
●
Integrity
●
Authentication
TLS

View Slide

If, technologically, it is possible to make an
impenetrable device or system where the
encryption is so strong that there's no key -
there's no door at all - then how do we
apprehend the child pornographer? How
do we solve or disrupt a terrorist plot?
– Barack Obama

View Slide

Privacy w/o asbestos
●
Privacy Freedom, Private ~ Powerful
⇒
●
Positive right
●
CVC code, passport #, mother’s maiden name
●
“Mere collection of information”
●
Information Abuse (models): gov’t, corp, ind
⇒
●
Knowledge of ^ → Self-censorship
– → Erosion of std freedoms, i.e. Expression, Assembly, Association
– “Social credit”
●
Fatalism: just say no; and it’s not about you
●
Concrete examples seem to not help so much
https://www.abc.net.au/news/2015-08-24/metadata-what-you-found-will-ockenden/6703626
https://robindoherty.com/2016/01/06/nothing-to-hide.html
In the 1920s being Jewish in Germany was perfectly legal. Not long after it was not.
In the 1930s being Japanese in the USA was perfectly legal. After 1942 it was not.
1947 - “Hollywood Ten”
2008? - TSC No Fly
https://news.ycombinator.com/item?id=4105485
Doctorow, Schneier
https://moxie.org/blog/we-should-all-have-something-to-hide/

View Slide

Messenger v1.0
ISP
СОРМ
РКН
●
Confidentiality
●
Integrity
●
Authentication
TLS

View Slide

Messenger v1.0
I have dataz!
ISP
СОРМ
РКН
●
Confidentiality
●
Integrity
●
Authentication
TLS
I reliez on PKI!

View Slide

Messenger v1.0
I have dataz!
ISP
СОРМ
РКН
●
Confidentiality
●
Integrity
●
Authentication
TLS
I reliez on PKI!
HPKP

View Slide

Messenger v2.0 (Signal)
I have blobs.
ISP
СОРМ
РКН
TLS
I reliez on PKI!
HPKP
e2e
network
data

View Slide

Messenger v2.0 (Signal)
I have blobs.
ISP
СОРМ
РКН
TLS
I reliez on PKI!
HPKP
e2e
network
data
●
Only specific case
●
Metadata

View Slide

import Crypto.Saltine
import Crypto.Saltine.Core.Box
(pkA, skA) ← newKeyPair
(pkB, skB) ← newKeyPair
n ← newNonce
let ciphertext = box pkA skB n “mow”
print (boxOpen pkB skA n ciphertext)
NaCl / libsodium

View Slide

Only specific case
●
Search
●
Aggregation
●
Compression
●
Anything you could want in a normal client-
server application
https://eprint.iacr.org/curr/
Homomorphic
encryption
SGX
DO
NT
WO
RK

View Slide

Metadata
I have blobs.
ISP
СОРМ
РКН
TLS
I reliez on PKI!
HPKP
e2e
network
data
Me loggin’
dem packezz
Me loggn’ app-specific
datas! User1→user2 at t!
https://secushare.org/2011-FSW-Scalability-Paranoia

View Slide

Metadata
●
“Who, to whom, when”
●
Information exchange graph * t
●
Social graph * t
●
Juicy to connect to other info, like phone
numbers → cell towers → position
●
You using a burner phone doesn’t help ‘cause
social graph
Metadata absolutely tells you everything about somebody’s life.
If you have enough metadata, you don’t really need content.
– NSA General Counsel Stewart Baker
We kill people based on metadata.
– CIA General Michael Hayden

View Slide

View Slide

WhatsApp
●
E2E with “return True” device verification
●
Leaks contacts
●
Proprietary (i.e. unsecure and only available on
blessed platforms)
●
Facebook

View Slide

Telegram
●
Unsecure by default
●
Secret chats can’t really be used
●
Phone#s
●
Stores contacts in plain-text
●
Weird crypto
●
https://news.ycombinator.com/item?id=6936539
●
https://habr.com/post/206900/
●
https://eprint.iacr.org/2015/1177
●
Doesn’t guarantee ordering

View Slide

Skype
●
http://habrahabr.ru/post/133555/
●
https://twitter.com/navalny/status/2686457792
19030016
●
http://community.skype.com/t5/Security-Privacy
-Trust-and/Vulnerability-allows-to-permanently
-delete-any-skype-account-by/td-p/4222445
●
https://windowsreport.com/recognize-sign-in-de
tails-skype-windows-10/
@zhovner

View Slide

XMPP
●
UX very much
●
Lack of coordination at times, OTR / OMEMO
●
Doesn’t build reliability in
●
/me hasn’t seen working AV in a few years
●
“Advanced” features require work to work

View Slide

/

View Slide

What to do.

View Slide

What to do.
Now-ish.

View Slide

Mainstream
Viber, WhatsApp, Skype, etc.
Activists
XMPP
Fringe
IRC over Tor?, XMPP, Tox
Mainstream
Signal/Wire, Matrix
Activists
Matrix, XMPP
Fringe
XMPP, Briar
WhatsApp Signal
Telegram Matrix, Wire
XMPP Matrix
XMPP XMPP (Conversations.im, Dino.im)
IRC/Tor Briar
Transient chats
Secret chats
(journalists)
General tech-y
General
“I don’t have a computer”
Unsustainable?

View Slide

XMPP
Wire
Matrix
IMO

View Slide

View Slide

Sociohistoric context
●
Unregulated. Ish. “Mass media”?
●
External funding, by parent company or investors;
exceptions few (Threema)
●
Lowest common denominator isn’t worth much
●
Corps want walled gardens
●
Govts want censorship & surveillance
●
Enthusiasts have limited time and coordination
●
Innovators want money and cheap PR, not public good
●
Tools have narratives and agendas
●
YA “Tragedy of commons”

View Slide

Metadata
●
“Who, to whom, when”
●
Information exchange graph * t
●
Social graph * t
●
Juicy to connect to other info, like phone
numbers → cell towers → position
●
You using a burner phone doesn’t help ‘cause
social graph
Metadata absolutely tells you everything about somebody’s life.
If you have enough metadata, you don’t really need content.
– NSA General Counsel Stewart Baker
We kill people based on metadata.
– CIA General Michael Hayden

View Slide

Metadata
I have blobs.
ISP
СОРМ
РКН
TLS
I reliez on PKI!
HPKP
e2e
network
data
Me loggin’
dem packezz
Me loggn’ app-specific
datas! User1→user2 at t!
https://secushare.org/2011-FSW-Scalability-Paranoia

View Slide

Solving (for) metadata
●
Strategy: encrypt and obfuscate every thing not
on a trusted device
●
In transit and at rest
●
Open or closed network?

View Slide

Solving metadata: transit
1)Cover traffic
2)Framing
3)Mixnets
4)Unpredictable routing
Tor doesn’t solve all problems,
but “the solution” seems conceivable
(some would argue existing)
https://www.schneier.com/blog/archives/2011/03/detecting_words.html

View Slide

Solving metadata: rest
●
Users’ devices and non-users’
●
A “classical” server clearly doesn’t cut it
(moreso a VPS from BigUSCo)
●
More servers–more trouble
●
One solution: SGX https://signal.org/blog/private-contact-discovery/

View Slide

Solving metadata: rest
●
Users’ devices and non-users’
●
A “classical” server clearly doesn’t cut it
(moreso a VPS from BigUSCo)
●
More servers–more trouble
●
One solution: SGX
●
Other solution: P2P*
https://signal.org/blog/private-contact-discovery/

View Slide

The Vision
●
Centralization is doomed to fail;
●
Federation* is doomed to centralize;
●
Only Swarm prevails.
*”Classical”, like email or XMPP

View Slide

The Vision
●
Open P2P doesn’t work;
●
Should work;
●
Gotta get there.

View Slide

The Vision
●
To: make F2F work effortlessly,
●
And plan for P2P,
●
But remember and use CAP.

View Slide

The Vision
∧
Secure
∧
No centralized auth
∧
Log sync
∧
E2E
∧
AV
∧
Files
∧
FS
∧
Rooms
∧
FLOSS
∧
Simple clients
∧
Servers are, but unnecessary
∧
Self-hosting made great again
https://github.co
m/ChALkeR/whining
s/blob/9b960462bc
2de685f118f0ccb46
095aeeda99e01/Ins
tant-messaging.md
(abridged)
Mobile devices: if no direct
connection, then their
“guard” through the very
same net level as S2S, but
tweaked for power (i.e.
less cover traffic)

View Slide

The Vision
●
Beyond messaging: applications
●
v0: trusted servers (better than now ‘cause they
belong to users)
●
vN: new crypto and data structures galore

View Slide

vN example: Tinder’
●
Secure dot product:
https://grothoff.org/christian/habil.pdf, p7.4
●
Symmetric smth ZK with blind arbiter: @chalker

View Slide

View Slide

voting
consensus
identity cadet
secretsharing
set
dht
core
block
fs
datastore
ats
nse
datacache
peerinfo
hello
transport
exit
tun dnsstub
vpn
regex
pt
dns dnsparser
gnsrecord
zonemaster
namestore
gns
revocation
conversation
speaker microphone
nat
fragmentation
topology
hostlist
scalarproduct
secushare
social
multicast
psyc
psycstore
rps

View Slide

WhatsApp Signal
Telegram Matrix, Wire
XMPP Matrix
XMPP XMPP (Conversations.im, Dino.im)
IRC/Tor Briar
Transient chats
Secret chats
(journalists)
General tech-y
General
“I don’t have a computer”
https://docs.google.com/spreadsheets/d/1-UlA4-tslROBDS9IqHalWVztqZo7uxlCeKPQ-8uoFOU/edit
https://github.com/ChALkeR/whinings/blob/9b960462bc2de685f118f0ccb46095aeeda99e01/Instant-messaging.md

View Slide

Additional time
●
Ones I didn’t mention
●
More on this “new internets” business and
applications
●
More on $msg_name
●
Blockchain iNnOvAtIoN
●
Even more speculative ideas (secushare)

View Slide

Dmitry Volkov - Private messengers: without pain??

Dmitry Volkov - Private messengers: without pain??

DC7499

More Decks by DC7499

Other Decks in Research

Featured

Transcript