Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Securing XMPP

Securing XMPP

With the huge obsession with various messaging platforms out there, I wondered if I could roll my own based on XMPP, but do so securely. Follow me trials, errors, and frustrations as I dig through XMPP and try to deploy a modern messaging service using an antiquated standard.

Avatar for Tom Webster

Tom Webster

April 13, 2017
Tweet

More Decks by Tom Webster

Other Decks in Technology

Transcript

  1. What Is XMPP? • An Open Source IM Protocol •

    Started in 1999 (Paleozoic Era) • Built as a “Living Standard” thanks to XEPs (XMPP Extension Protocols) • Today it supports group chat, various E2E schemes, file transfers, public chat rooms, and more.
  2. Why Do We Care? • This is an Open Standard.

    • If Signal or WhatsApp are compromised or closed, our communication goes away. • We can more easily verify the code if we build the service ourselves. • Ephemeral Handles and Servers
  3. Isn’t Signal Open Source? • Launching your own Signal server

    is non- trivial • It isn’t built to be self-deployed (yet) • It isn’t easy to de-centralize (yet) • Still phone number based • Increased anonymity is difficult / impossible to achieve
  4. My Research • I need a Signal Protocol library •

    Writing your own crypto is bad, I need an idiot-proof library (like NaCl) • None currently exist in a stable form • I could build my own but… • I’m not a cryptographer • I know my limits
  5. My Research • How does existing XMPP crypto look? •

    PGP: Obvious problems here • OTR: • Single Device • Always Online • No Attachments
  6. My Research • OMEMO Discovered! • Uses a similar double-ratchet

    Signal-like algorithm • Not as well tested • Fixes most problems with previous libraries • Awful UX • Few XMPP clients have decent UX for it
  7. The Setup • Install XMPP server (Prosody) and dependencies •

    Generate new SSL cert • Deploy XEPs and configuration • Set up clients
  8. Automated Deployment • Manual deployment is LAME! I wrote an

    Ansible playbook • NOW WITH TOR! • samurailink3.com/blog/2016/11/12/tor- hidden-xmpp-server/
  9. Results • Interface Woes • You won’t ever get your

    dad to use this • It is pretty easy to hurt yourself • Lack of Easy Buttons • You need your own • Hostnames • Usernames • Passwords • Friends Usernames
  10. Results • Lack of Easy Buttons • Compare this to

    Signal: • You already have a phone number • You already have an address book • There are so many caveats, asterisks, important notes, and user warnings with XMPP. It is so easy to hurt yourself.
  11. Caveats • Literally half of my blog post is a

    list of caveats… that’s not usually a good sign.
  12. Caveats • You have to secure your own server (or

    trust someone else to secure theirs) • XEP compatibility is not guaranteed, some clients can silently ignore or treat features differently. • Group chat not encrypted • Open registration by default (you can change this)
  13. Caveats • The HTTP-Upload XEP could turn your server into

    an illegal-data host very easily. • Encryption could get turned off by your client or an error somewhere. Unless you’re looking for it, XMPP lets you hurt yourself. • Signal and WhatsApp don’t allow you to send plain text, even if you want to.
  14. Lessons Learned • Cool experiment, but don’t do this. •

    Seriously, don’t. • This has a very narrow set of use-cases that Signal/WhatsApp don’t cover already. • Ephemeral chat servers • Increased temporary anonymity • This is for technical users only
  15. Lessons Learned • XMPP is a dog. It was useful

    back in the day, but we need a new messenger protocol. • Federation is hard because updating everyone at the same time to the same feature set is almost impossible • Use Signal • Use Tor