Securing XMPP

Transcript

1. Securing XMPP Or How I Stopped Worrying and Learned to

   Love WhatsApp

2. [email protected] SamuraiLink3.com @SamuraiLink3 Me

3. What Is XMPP? • An Open Source IM Protocol •

   Started in 1999 (Paleozoic Era) • Built as a “Living Standard” thanks to XEPs (XMPP Extension Protocols) • Today it supports group chat, various E2E schemes, file transfers, public chat rooms, and more.

4. Why Do We Care? • This is an Open Standard.

   • If Signal or WhatsApp are compromised or closed, our communication goes away. • We can more easily verify the code if we build the service ourselves. • Ephemeral Handles and Servers

5. Isn’t Signal Open Source? • Launching your own Signal server

   is non- trivial • It isn’t built to be self-deployed (yet) • It isn’t easy to de-centralize (yet) • Still phone number based • Increased anonymity is difficult / impossible to achieve

6. My Research • I need a Signal Protocol library •

   Writing your own crypto is bad, I need an idiot-proof library (like NaCl) • None currently exist in a stable form • I could build my own but… • I’m not a cryptographer • I know my limits

7. My Research • How does existing XMPP crypto look? •

   PGP: Obvious problems here • OTR: • Single Device • Always Online • No Attachments

8. My Research • OMEMO Discovered! • Uses a similar double-ratchet

   Signal-like algorithm • Not as well tested • Fixes most problems with previous libraries • Awful UX • Few XMPP clients have decent UX for it

9. The Setup • Install XMPP server (Prosody) and dependencies •

   Generate new SSL cert • Deploy XEPs and configuration • Set up clients

10. Automated Deployment • Manual deployment is LAME! I wrote an

    Ansible playbook • NOW WITH TOR! • samurailink3.com/blog/2016/11/12/tor- hidden-xmpp-server/

11. Pretty Screenshots

12. Results

13. Results

14. Results

15. Pretty Screenshots

16. Pretty Screenshots

17. Pretty Screenshots

18. Pretty Screenshots

19. Results • Interface Woes • You won’t ever get your

    dad to use this • It is pretty easy to hurt yourself • Lack of Easy Buttons • You need your own • Hostnames • Usernames • Passwords • Friends Usernames

20. Results • Lack of Easy Buttons • Compare this to

    Signal: • You already have a phone number • You already have an address book • There are so many caveats, asterisks, important notes, and user warnings with XMPP. It is so easy to hurt yourself.

21. Caveats • Literally half of my blog post is a

    list of caveats… that’s not usually a good sign.

22. Caveats • You have to secure your own server (or

    trust someone else to secure theirs) • XEP compatibility is not guaranteed, some clients can silently ignore or treat features differently. • Group chat not encrypted • Open registration by default (you can change this)

23. Caveats • The HTTP-Upload XEP could turn your server into

    an illegal-data host very easily. • Encryption could get turned off by your client or an error somewhere. Unless you’re looking for it, XMPP lets you hurt yourself. • Signal and WhatsApp don’t allow you to send plain text, even if you want to.

24. Caveats • Tor Specific • Hidden Services aren’t bulletproof (they

    probably make you a bigger target)

25. Lessons Learned • Cool experiment, but don’t do this. •

    Seriously, don’t. • This has a very narrow set of use-cases that Signal/WhatsApp don’t cover already. • Ephemeral chat servers • Increased temporary anonymity • This is for technical users only

26. Lessons Learned • XMPP is a dog. It was useful

    back in the day, but we need a new messenger protocol. • Federation is hard because updating everyone at the same time to the same feature set is almost impossible • Use Signal • Use Tor

27. Thanks, Jesse! END OF FILE