|
|
|
|
|
Tiger Envelopes: Security |
Tiger Privacy
|
Tiger Privacy |
If speech isn't private, it isn't very free.
Free speech in public often doesn't exist. Censorship and its little brother, the chilling effect, are strongest in public. Protecting free speech requires protecting private speech. Unencrypted email isn't private.
Attackers vacuum up as much personal communications as their resources allow.
Attackers include governments, backbone providers, isps, companies and other organizations, and even individual crackers. Their powerful vacuum cleaners mean that you can't rely on hiding in the crowd. Hiding might work for docile citizens with nothing to steal, or for those who look enough like them. Governments often require others to provide surveillance for them.
One example of a powerful commercial vacuum cleaner is the NarusInsight 5 Intercept Suite. It handles real time content analysis "at speeds up to OC-48 (2.5Gb/sec)" and traffic analysis "at speeds up to OC-192 (10Gb/sec)". "Capabilities include playback of streaming media (for example, VoIP calls), rendering of Web pages, examination of e-mails and the ability to analyze the payload/attachments of e-mail [emphasis added] or file transfer protocols." More than a dozen vendors make this kind of equipment.
Attackers are limited by the volume, velocity, and variety of traffic.
The vacuum cleaners don't work well, particularly over time. Encryption is effective even if it can be cracked in the future, because the message probably won't be around that long. Stored messages should be rewrapped with fresh encryption periodically.
Encrypted messages are not decoded except when someone is targeted.
Attackers don't have the resources to read, much less analyze, everything. They choose their targets carefully. The rest of the traffic is scanned automatically, if at all. Encryption protects message content against automated scanning. And if it can't, the attacker will be extremely hesitant about using the material in any way that exposes their capability, so the encryption is still very helpful.
For targets, an attacker will bypass the encryption by attacking the endpoints.
If you're a target, ordinary encryption by itself won't help much. Attackers will work hard to bypass the encryption. They'll crack your or your correspondents' systems. They may bribe or coerce the people you communicate with. They'll attack your software, particularly security software, at the source or in transit. But no one has the resources to process the take from massive numbers of sources, so relatively few are targeted.
Since the risk is greatest when you're a target, it's a good idea not to become one. A low profile is the best solution. Much more work is needed on steganography.
Attacks on the systems and people at each end.
Because cracking encryption directly is hard, the standard remote attacks when a target uses encryption don't even try. Instead the endpoints are attacked to acquire the cleartext.
Traffic analysis
Traffic analysis looks at who a message is from, who it's to, when it was sent, and other information outside what was said. For example, the U.S. NSA traces all phone calls. It spies on email the same way. That doesn't mean they analyze all content. No one has the resources to do that yet. Attackers use traffic analysis to automatically select targets for further processing. Mass surveillance also helps scare a populace into submission. Several countries spy on their own people this way. Countermeasures beyond encryption include padding, packetization, and mixing. These are also useful for anonymity, but require a significant installed base to work well.
Denial of service
Denial of service is sometimes applied to encrypted streams in an attempt to force targets into the clear. Deletion and delay of encrypted messages in transit are becoming more common. We need the equivalent of TCP for email. Today email is just datagrams. Some IM comes close to a solution.
Weaknesses in underlying encryption
We rely on crypto packages such as gpg and pgp. We also use the jvm's random number generator to create passphrases.
Thompsoned tools
Low level trojans
Sun's jvm could be fine, but because it's not open source it hasn't been well audited. Until a free/libre java has good support for 1) the Runtime class on Windows and 2) Swing, we are distributing Sun's java for Windows and Linux. Sun java is bundled with every Mac. We're almost desperate enough to take on these java enhancements ourselves to get away from Sun's jvm, although that seems like a very bad use of time.
ROM, particularly CPU microcode
EEPROM rewrites
OS installers
Easy ways to bypass most security
Con job
Social engineering
Ruse
Pretext
A fraudulent attack related to Envelopes would be to spoof users who are not running Envelopes into believing their messages are private. The countermeasure is to run Envelopes, which exposes the attack.
Burglary
For example, breaking into your system to steal information.
Bribery
Blackmail
Brute force
Big Iron
Data mining
USA Today reports: "It's the largest database ever assembled in the world," said one person, who, like the others who agreed to talk about the NSA's activities, declined to be identified by name or affiliation. The agency's goal is "to create a database of every call ever made" within the nation's borders, this person added.
Automated system cracking
The cracking attacks known as Titan Rain "were in and out with no keystroke errors and left no fingerprints, and created a backdoor in less than 30 minutes."
Precalculation of encryption keys
More keys are precalculated every day. This is a much bigger risk than an attacker directly cracking encryption. Long keys help.
Plomo o plata
"Lead or silver". Thugs worldwide give their victims a simple choice: accept death or accept bribes.
Rubber hose cryptanalysis
Torture has come back to the world's darker societies. Victims tend to say anything, true or not, that they think the torturers want to hear. Although the primary use of torture is to force false confessions, unfortunately it is also an effective way to acquire information that is easily verified, such as passphrases and bank account information.
Keep a low profile.
If you can't or won't, assume you're a target. An effective, if extreme, general solution is the PT lifestyle.
Protect what you can.
You put locks on your home even though you know they won't stop a determined burglar. Decide what will be most effective for your budget, and do it.
Encrypt your communications.
We strongly recommend that any encryption should only be used on a properly configured system.
Keep all your software, particularly your security software, up to date.
Don't use "security" software without source code. It isn't secure.
Monitor your system for attacks and breaches.
A firewall is essential, but not enough by itself.
To reduce trojans use an anti-virus package.
Ideally run software in a sandbox.
Wrap old stored data, such as messages, in new encryption.
Remember there are always ways around any security. Net security can be bypassed by insiders, physical access, fraud, etc.
Defense in depth, layered security, multiply redundant systems. The label isn't important. The practice is.
If you just use encryption and don't do any of this extra stuff, you'll still have protection as good as paper envelopes give you. Without encryption every email you send is on a postcard.
Locks, bars and alarms
Lights and motion detectors
If it's serious enough
Cameras and microphones
Shredders and fires
Guards, weapons, physical defense in depth
Use Tiger Envelopes. Tiger provides end-to-end encryption. That means it doesn't protect the ends. You and your machine are one end.
Use P2P key exchange instead of centralized key servers.
Peer-to-peer key exchange is safer than a key server because lots of small targets are much harder to hit than one big one.
Key servers are a relic of the era before we knew how well P2P scaled.
Even if you don't check the fingerprint on a key you got through P2P, it's probably safer than one you didn't check from a key server because just one successful attack on a key server compromises all of its keys. But an attack against a P2P network has to compromise every key separately. So any single P2P key is much likelier to be safe.
Crackers like centralized key servers the way bank robbers like banks.
Shut off all forms of embedded executables in your browser and mail client
Use Muffin http proxy with the PlainHtml filter
Some types of executables
Java
Javascript
plugins
macros
ActiveX, DirectX, etc.
If you need to use a site that demands one of these, ideally go to a net café and use a LiveCD
Machines at net cafés are often infested with malware. A LiveCD on your own system may be a good substitute, if you have a dynamic IP address.
Consider shutting off graphics, and enabling them only temporarily as needed
Use a firewall
Unless you're an expert at configuring firewalls, use a wizard to set it up
On Windows, you'll have to ask someone to help you, or wait for an open source wizard.
ZoneAlarm is spyware. Once again, "security" software without source code isn't secure.
On Linux, Firestarter
Tiger's mail encryption goes inside your firewall and outside your anti-virus/anti-trojan/spam detection
This lets you ignore the "If you use encryption you get no virus protection!" wolf cry
Make sure your anti-virus/anti-trojan checks Tiger too
Use layered encryption from different vendors for maximum protection.
The most effective firewalls are layered, with different layers from different vendors.
This is how the most tempting targets such as stock exchanges protect themselves.
Tiger Envelopes supports layered encryption for your mail, with each layer from a different vendor.
If you're running Windows, consider Linux, or a *BSD system such as Macintosh
Reduce virii
Reduce trojans
Use anti-virus package and keep database up to date
Run code in a sandbox
Most important measure
Least often available
Simple alternatives
non-root userids
chroot
Use open source whenever possible
Avoid closed source hidden in open source, such as binary firmware in Linux drivers
If you have the skills, review the code
The weakest link in encryption is your passphrase
Ideally:
Don't write it down where others might find it
Don't tell anyone else what it is
Don't let anyone see you type it in
Use the longest and most obscure passphrase that you can easily remember
Include letters, numbers, and punctuation
One possible approach is a memorable segment from a TV show, movie, song, etc.
But add a unique twist to how you use it, to fight straight database lookups
You can check for known compromised passphrases at Rainbow Crack.
Change it periodically
"Security" software without source code isn't secure
Try to only use signed code, whether binaries or source
Check the signatures
Try to verify key's fingerprint through separate channel
Fingerprint is often unavailable
Avoid channels that are easily compromised by a Man-in-the-middle attack
Web
Ftp
Unsigned
Signed by an untrusted key
Ideally, keep your encryption keys on write protected removable media, or on an unconnected machine
System security configurator, e.g. Bastille
Firewall tester, e.g. Nessus
Virtual private network, e.g. OpenVPN
Intrusion detection system, e.g. Snort
File system checker, e.g. AIDE
Sandbox, e.g. LIDS
There are no good sandboxes for Windows or Mac OSX. Linux has multiple choices
SELinux is the NSA's alternative to systems such as LIDS
This is "security" software from people who have chosen lying and stealing as a career.
NSA has a tiny corner that works on increasing security, but the primary purpose of the organization is to destroy privacy.
They may use SELinux themselves, but it's highly unlikely that they provide the same version to the public.
The SELinux security model has a central "security server" designed for remote control.
Linux Security Module
The Linux Security Module, LSM, was developed to work with the NSA's SELinux. It could also have backdoors.
As of kernel 2.6, Linux has SELinux and LSM built in. When SELinux was first suggested on the kernel mailing list, there were many questions. Then silence for a year, until Linus announced that it was now a standard part of Linux. Who did the work? What else in the kernel did they touch?
LSM's standard hooks in Linux make rootkits easy.
LSM requires that security software be loaded as modules. The kernel is unprotected until the module is loaded. Kernels without loaded modules are more secure.
The RSBAC and GRSecurity projects have also decided to avoid LSM. Among other reasons, both point out that it makes rootkits easy.
Stay with kernel 2.4, or find a version of 2.6 or later that has had probable NSA code, including LSM, stripped out.
Avoid keyboard sniffers
Some antivirus vendors won't block state-sponsored malware
Use a file system checker such as Tripwire or AIDE
Check for physical changes or additions to your keyboard and cable
Avoid brute forcing keys
Use long keys
Brute force attacks are unlikely for any reasonable length of key
What's "reasonable" keeps growing
Currently at least 1024, much larger for secrets that need to be kept for years
The key must be long enough to defeat both cracking and precalculation
Watch developments such as quantum computing and customized parallel processors
Wrap data in multiple layers, each with a different long key
|
Privacy policy
Copyright © 2005-2007 Tiger Privacy |
|