Transmissions

by Dragorn

For what should be obvious reasons, security, cryptography, anonymity, and identity protection has become a bit of an issue in the past few months.  Unfortunately, security is hard, cryptography is harder, and now that it's suddenly in the press, everyone is jumping on the encrypted, anonymous communication bandwagon.

There are two main concerns when considering what encryption tools are appropriate:

Of prime concern should be: What is the impact of failure?  The requirements for a hacker are different than the requirements for a political dissident or a corporate worker.  Not only are the challenges faced different, but the risks of compromise can range from lost money and embarrassment to possible imprisonment or even death for political dissidents in some parts of the world today.

Secondly, who are your adversaries?  Hard drive encryption, for example, provides excellent protection against a stolen device, but questionable protection against legal methods.  Case law is still being built, but it seems reasonable to say that unless prolonged detention for contempt of court is preferable to the results of decrypting a drive, it's unlikely to save you in criminal proceedings.

Similarly, it is relatively simple to provide local anonymity - such as obscuring your destination and identity from snoopers on a local network at a conference or other presumed hostile local network.  It is much harder (and possibly impossible at this point) to provide total anonymity between endpoints on the Internet if the snooper is able to grab a significant percentage of connection data, as it is claimed the U.S. government is able to do.  Even long-standing cloaking services such as Tor may have vulnerabilities when an unknown number of internal nodes in the network are controlled by a hostile agency.

Both of these must be considered when looking at what tools actually offer:

Firstly, validation: How confident are you that who you think you're talking to is who you're actually talking to?  How do you verify this?  For secure communications to take place, you must be able to verify that you're communicating with the proper entity, even if this validation is simply "Have I communicated with this entity in the past?"

Without validation of the endpoints, it's impossible to know if the encrypted session is between yourself and your intended, or between yourself and a "man-in-the-middle" attacker.  Validation of remote systems is supposed to be one of the advantages of SSL - we all trust the root authority servers to only hand out certificates to authenticated and validated entities - unfortunately, the combination of security breaches and government intervention has made the safety of these mechanisms highly suspect.  It's not unreasonable to assume that top-level SSL authorities have been compromised or have provided universal certificates either voluntarily or under subpoena.

Validation is so important, some tools offer it as a stand-alone feature - for example, PGP or GnuPG signing of emails provides validation of the author, while providing no encryption at all.

Anonymous message passing systems such as OTR still implement recipient validation - by requiring you to validate the user via some out-of-band mechanism and then authorize the key.  The same trick is used by SSH when connecting to a server for the first time.  Little can be done about securing communications without a method to validate the identity of the recipient.

For actual protection of content (or protection of content beyond the initial handshake), the data must be encrypted using something derived from validation of the recipient.  In the case of SSL, the handshake validates the certificates of the endpoints and then creates a new, temporary key, used to encrypt the traffic.  Any system which claims to validate the sender of a message must include validation of the entire message, validation of each message block in a stream, or must encrypt the stream.

The problem nearly all encryption systems face is that to communicate over the Internet (or to make a phone call), you need to send non-encrypted data - source, destination, and so on.  The collection of this metadata is at the heart of the controversy about governmental spying - even assuming that the government isn't able to break the encryption (which is a dangerous assumption), it's possible to build webs of interactions between people.

Email and instant messaging are even easier to track - an encrypted email has "To" and "From" addresses in the clear, as well as the IP of the sending server and any other headers that might be included (like email client, which can reveal OS version).  Instant messages include whatever account data the service places on them.  While it's possible to hide what you say, it's far, far more difficult to hide that you're saying something, and who you are saying it to.

This can be a concern even on a local network.  For example, if you're at a hacker con, you probably don't want to be connecting to your home system, no matter how good your security.  At the very least, domain records can identify you in a situation where you might not want to be identified.  At the worst, you've led a hostile audience directly to your door.  While relatively easy to mitigate on a local network, it can be extremely difficult to address when combating Internet-wide surveillance.

Let's consider some standard encryption and identity protection tech:

Hard Disk Encryption:  It's fantastic, and everyone should be doing it, but primarily it protects you against theft of the physical device.  Since the hard drive is decrypted on boot, there is zero protection against runtime exploits.  If someone owns your browser and gets all your files, it doesn't matter that when you turn it off, it's encrypted, does it?  The value of drive encryption is relatively unknown when facing criminal proceedings, as there is very little actual case law.  In general, it appears that in the United States, the Fifth Amendment protecting against self-incrimination has been ruled inapplicable when the authorities can already prove the existence of the data.  In a current case, they claim the files were visible before the system was rebooted.  Therefore, they classify refusal to decrypt as contempt of court.  In almost any situation, the only time hard disk encryption will help in a criminal case is when the results of decryption are worse than possibly indefinite detention for refusing to decrypt.

Tor:  The Onion Router attempts to protect the origin of communications by routing it through multiple nodes, protected with SSL, before releasing it to the Internet.  The biggest flaw in Tor is - us.  Insecure communications practices, like using the same browser for Tor and non-Tor purposes, expose tracking data like cookies, HTML5 storage, Flash cookies, etc.  It is unknown how effective Tor could be in cloaking activity if a government-level snooper can see a large percentage of traffic entering and exiting the Tor cloud.

VPN:  VPNs are fantastic for obscuring local traffic, but don't do much to hide behavior in general.  Unless you're paying for your VPN service in Bitcoins somewhere, traffic is hitting the Internet from an IP connected to you.  On the other hand, if your main goal is to prevent troublemakers on the local Wi-Fi from figuring out where you're going, an Amazon AWS microserver instance is free for a year and can run OpenVPN like a champ on an IP no one without a subpoena can track back to you.

PGP/GnuPG:  The de-facto standard for encrypting files and email.  They're great, but probably fall into the same problem as hard disk encryption.  It is likely you could be forced to provide the means for decryption in a criminal case.

OTR:  Off-the-Record, an instant-message encryption system, attempts to provide forward protection - each session is encrypted with a temporary key which is not kept.  In theory, this can provide deniability, and the inability to decrypt past messages; of course, this counts on both ends of the conversation turning off local logging of messages.  OTR can't do anything about hiding the fact that a conversation took place, but the contents will be protected.

So where does all this leave us?

Basically, with no good options - nothing is guaranteed against government-level snooping of metadata, but we can at least protect what is being said.  If you're in a high-risk situation, be extremely careful about what tools you use.  Now that security is a hot topic, lots of unreviewed tools are appearing that claim to protect identity.  Some are scams.  Some are simply naive.

In general, stick with well-known peer reviewed tools.  They may not be perfect, but at least we understand more about where they fall down.  If Tor hasn't fully solved the problem in five years, I'm pretty sure some guy making a random Android tool hasn't done it in a single revision.