LEAP Encryption Access Project. Αλέξανδρος Αφεντούλης

Transcription

1 LEAP Encryption Access Project Αλέξανδρος Αφεντούλης

2 The state of the internet Quite dystopic at the moment Mass surveillance as a status quo, states' and corporal spying on netizens Censorship, access blocks Centralized corporal services, central points of failure/surveillance Insecure protocols, applications, software, practices Snowden did confirm some of our worst fears

3 Why's internet like that? Some make profit from surveillance/censorship: Money Power/social control The internet was not designed with respect to privacy and security. Major part of netizens still don't care about their digital rights/existence. A lot of things are broken in our world.

4 What should we do? Digital communications is still a very important issue. People have the right to communicate in a private, secure way. Have the right to whisper or shout when they want. Back up and consider radical solutions to build a better internet/world. Decentralize! Diversity! Understand our digital rights, the importance of our digital existence. In the meantime... use Crypto!

5 Ok, let's encrypt all the things! But...

6 Security vs Usability A all time classic hard problem. Ways/software/practices to securely communicate already exist, but... Most of the time not easy to reach the average user Hard to use a specific tool or coordinate usage of a bunch of tools that provide security Usability is a factor of adoption

7 Security vs Usability Snowden tried hard to persuade Greenwald to use OpenPGP in communication. There's no point to have cool secure tools if nobody uses them In communications' security is bound to the weakest link Anonymity loves company, Dingledine, Mathewson Well, security too!

8 Big problems in secure digital communications Usability user experience Adoption we need company! Data availability multiple devices used Forward Secure & Asynchronous (OTR vs OpenPGP) Binding key to identity trust a key Metadata problem who's talking to whom Difficulty to deploy and maintain a secure service provider

9 So, what is LEAP anyway? LEAP is a project dedicated to give all internet users access to secure communications in a userfriendly way LEAP tries to address the aforementioned problems LEAP produces open/libre software both client side and server side A community of people around the world fighting for the right to whisper

10 LEAP Goals People be able to deploy a service provider in a structured way (Leap Platform) A user will have transparently & securely VPN Encrypted & signed (Bitmask client) Users be able to choose from a variety of federated providers More services to come: chat, file sync, mailing list, voice More providers, perhaps federated

11 LEAP Overview LEAP has a bunch of components, client side, server side or both LEAP is written in Python, Ruby, Puppet Use of open standards and open/libre software LEAP uses existing software/technology such as GPG, TLS, SRP, OpenVPN, CouchDB, Twisted Also introduces new ones: Soledad, Nicknym, Tapicero, leap_cli, Bitmask Client

12 LEAP Basic Components Bitmask client (desktop & android) Soledad, IMAP, SMTP, Nicknym-agent, GPG, OpenVPN Leap Platform a set of nodes (puppet recipes) with different services (webapp, soledad, vpn, mx, nickserver) WebApp User registration, management, tickets, REST API Nicknym Key discovery, validation, identity-to-key pairing Soledad U1DB, CouchDB, Tapicero Leap cli admin tool to deploy leap nodes

13 LEAP Platform Provider in a box A set of server recipes to manage, deploy, maintain services in provider's nodes Recipes define an abstract provider with some predefined sane values in Debian environment Puppet Custom recipes if desired Services already included: vpn, couchdb, soledad, mx, webapp, monitoring, Tor, static site

14 LEAP Provider instance Essentially a directory with all a provider needs Contains provider's global configuration files Contains configuration for every node, service Contains keys for admins and nodes Contains certificates Most confs are.json files Has a pointer to where Platform recipes reside Managed with leap cli

15 LEAP cli Written in ruby Used by a leap provider sysadmin on their desktop Create a provider instance Create, init, deploy, remove nodes/services Manage keys and certificates General control over a provider instance A master less puppet strategy is followed by pushing changes to every node Compiles configuration files before deploying

16 Let's get it together $ cd ~/leap/unipi $ leap new. $ leap add user self $ leap node add web1 ip_address: services:webapp,mx tags:production $ leap node add vpn1 ip_address: openvpn.gateway_address: services:openvpn,tor tags:production $ leap init production $ leap deploy vpn1 $ leap list $ leap ssh vpn1

17 Let's get it together $ cd ~/leap/unipi $ leap new contacts admin@unipi domain leap.cs.unipi.gr name LeapUnipi platform=~/leap/leap_platform. $ leap add user pgp pub key=gpg.pub ssh pub key=ssh.pub alex $ leap node add web1 ip_address: services:webapp,mx tags:production $ leap node add vpn1 ip_address: openvpn.gateway_address: services:openvpn,tor tags:production $ leap init production $ leap deploy vpn1 $ leap list $ leap ssh vpn1

18 LEAP WebApp Written in ruby, rails Web interface of the provider Handles user registration/management Exposes a REST API that clients communicate with Help tickets Billing

19 LEAP WebApp Clients bootstrap with a provider via the API Clients authenticate using SRP (Secure Remote Password protocol) server never knows clients' passwords Clients fetch.json files containing necessary provider's descriptors, certificates, service definitions, services' details.

20 LEAP Soledad Rationale Availability/Recovery: data get synced with the cloud and user's devices Client side encryption: little trust in the server, no cleartext data online Used both in server and client Based on Ubuntu's U1DB, but client side encryption is added cross platform, cross device, syncable, document centric database api

21 LEAP Soledad in client U1DB api, SQLcipher, Sqlite, python gnupg, scrypt Python implementation Everything is stored in local database s Keys Gets encrypted before getting synced Provides a storage API for rest of client's application AES 256 CTR for encryption, HMAC with SHA256

22 LEAP Soledad in server CouchDB backend Python implementation Keeps replicas of users' databases Incoming s are stored as couchdb docs encrypted to user's public key Server doesn't have access to users' data, still can track changes to data Resistant to offline/online attacks

23 LEAP Nicknym Problem: bind an identity to a key Alice wants to communicate securely with Bob, how does she find and validate Bob's key? Many approaches exist: X.509, Web of Trust, Trust on First Use, DNSSEC, Network Perspective, physically meet Nicknym attempts to solve the binding problem Nickagent in client (python) Nickserver in server (ruby)

24 LEAP Nicknym Map a human memorable identity user@domain to public key Automatic discovery and validation of a cryptographic key TOFU, X.509, Network Perspective, Provider keys, Federated WoT Short lived keys instead of revocation Keys are stored in soledad

25 Bitmask client Written in python Multi platform OpenVPN, Soledad, GnuPG, Twisted, QT All a user needs to access LEAP services Let user pick a provider & bootstrap Local encrypted database (soledad) Keymanager

26 Bitmask client Minimal control interface IMAP service on localhost Fetches s stored in soledad SMTP service on localhost relay s to remote smtp Encrypted internet service (VPN) No GUI interface yet MUA pointed to localhost, e.g. Thunderbird Coworking with Mailpile

27 Encrypted Internet Proxy VPN service, OpenVPN Clients use certificates Clients pick a provider vpn gateway Traffic's routed encrypted till the gateway Simple interface No DNS leaks Optionally provider sets available bandwidth

28 Mails flow s arriving at MX get encrypted if not already Stored in a message queue, soledad Soledad client syncs with cloud News s get decrypted then stored in local soledad User reads them through IMAP Outgoing s get signed and encrypted, as long as nikcagent finds a valid recipient's key Sender's key is automatically linked

29 Want to give it try? Pick a provider: demo.bitmask.net (vpn only) or dev.bitmask.net (vpn+ , but volatile as dev)

30 How may I contribute? An overview of the project The source involved/source Project ideas involved/project ideas IRC: #leap on Freenode Mailing list: discuss@leap.se

31 Thanks!