LEAP Encryption Access Project. Αλέξανδρος Αφεντούλης

LEAP Encryption Access Project Αλέξανδρος Αφεντούλης

The state of the internet Quite dystopic at the moment Mass surveillance as a status quo, states' and corporal spying on netizens Censorship, access blocks Centralized corporal services, central points of failure/surveillance Insecure protocols, applications, software, practices Snowden did confirm some of our worst fears

Why's internet like that? Some make profit from surveillance/censorship: Money Power/social control The internet was not designed with respect to privacy and security. Major part of netizens still don't care about their digital rights/existence. A lot of things are broken in our world.

What should we do? Digital communications is still a very important issue. People have the right to communicate in a private, secure way. Have the right to whisper or shout when they want. Back up and consider radical solutions to build a better internet/world. Decentralize! Diversity! Understand our digital rights, the importance of our digital existence. In the meantime... use Crypto!

Ok, let's encrypt all the things! But...

Security vs Usability A all time classic hard problem. Ways/software/practices to securely communicate already exist, but... Most of the time not easy to reach the average user Hard to use a specific tool or coordinate usage of a bunch of tools that provide security Usability is a factor of adoption

Security vs Usability Snowden tried hard to persuade Greenwald to use OpenPGP in email communication. There's no point to have cool secure tools if nobody uses them In communications' security is bound to the weakest link Anonymity loves company, Dingledine, Mathewson Well, security too!

Big problems in secure digital communications Usability user experience Adoption we need company! Data availability multiple devices used Forward Secure & Asynchronous (OTR vs OpenPGP) Binding key to identity trust a key Metadata problem who's talking to whom Difficulty to deploy and maintain a secure service provider

So, what is LEAP anyway? LEAP is a project dedicated to give all internet users access to secure communications in a userfriendly way LEAP tries to address the aforementioned problems LEAP produces open/libre software both client side and server side A community of people around the world fighting for the right to whisper

LEAP Goals People be able to deploy a service provider in a structured way (Leap Platform) A user will have transparently & securely VPN Encrypted & signed email (Bitmask client) Users be able to choose from a variety of federated providers More services to come: chat, file sync, mailing list, voice More providers, perhaps federated

LEAP Overview LEAP has a bunch of components, client side, server side or both LEAP is written in Python, Ruby, Puppet Use of open standards and open/libre software LEAP uses existing software/technology such as GPG, TLS, SRP, OpenVPN, CouchDB, Twisted Also introduces new ones: Soledad, Nicknym, Tapicero, leap_cli, Bitmask Client

LEAP Basic Components Bitmask client (desktop & android) Soledad, IMAP, SMTP, Nicknym-agent, GPG, OpenVPN Leap Platform a set of nodes (puppet recipes) with different services (webapp, soledad, vpn, mx, nickserver) WebApp User registration, management, tickets, REST API Nicknym Key discovery, validation, identity-to-key pairing Soledad U1DB, CouchDB, Tapicero Leap cli admin tool to deploy leap nodes

LEAP Platform Provider in a box A set of server recipes to manage, deploy, maintain services in provider's nodes Recipes define an abstract provider with some predefined sane values in Debian environment Puppet Custom recipes if desired Services already included: vpn, couchdb, soledad, mx, webapp, monitoring, Tor, static site

LEAP Provider instance Essentially a directory with all a provider needs Contains provider's global configuration files Contains configuration for every node, service Contains keys for admins and nodes Contains certificates Most confs are.json files Has a pointer to where Platform recipes reside Managed with leap cli

LEAP cli Written in ruby Used by a leap provider sysadmin on their desktop Create a provider instance Create, init, deploy, remove nodes/services Manage keys and certificates General control over a provider instance A master less puppet strategy is followed by pushing changes to every node Compiles configuration files before deploying

Let's get it together $ cd ~/leap/unipi $ leap new. $ leap add user self $ leap node add web1 ip_address:10.1.1.1 services:webapp,mx tags:production $ leap node add vpn1 ip_address:10.1.1.3 openvpn.gateway_address:10.1.1.4 services:openvpn,tor tags:production $ leap init production $ leap deploy vpn1 $ leap list $ leap ssh vpn1

Let's get it together $ cd ~/leap/unipi $ leap new contacts admin@unipi domain leap.cs.unipi.gr name LeapUnipi platform=~/leap/leap_platform. $ leap add user pgp pub key=gpg.pub ssh pub key=ssh.pub alex $ leap node add web1 ip_address:10.1.1.1 services:webapp,mx tags:production $ leap node add vpn1 ip_address:10.1.1.3 openvpn.gateway_address:10.1.1.4 services:openvpn,tor tags:production $ leap init production $ leap deploy vpn1 $ leap list $ leap ssh vpn1

LEAP WebApp Written in ruby, rails Web interface of the provider Handles user registration/management Exposes a REST API that clients communicate with Help tickets Billing

LEAP WebApp Clients bootstrap with a provider via the API Clients authenticate using SRP (Secure Remote Password protocol) server never knows clients' passwords Clients fetch.json files containing necessary provider's descriptors, certificates, service definitions, services' details.

LEAP Soledad Rationale Availability/Recovery: data get synced with the cloud and user's devices Client side encryption: little trust in the server, no cleartext data online Used both in server and client Based on Ubuntu's U1DB, but client side encryption is added cross platform, cross device, syncable, document centric database api

LEAP Soledad in client U1DB api, SQLcipher, Sqlite, python gnupg, scrypt Python implementation Everything is stored in local database Emails Keys Gets encrypted before getting synced Provides a storage API for rest of client's application AES 256 CTR for encryption, HMAC with SHA256

LEAP Soledad in server CouchDB backend Python implementation Keeps replicas of users' databases Incoming emails are stored as couchdb docs encrypted to user's public key Server doesn't have access to users' data, still can track changes to data Resistant to offline/online attacks

LEAP Nicknym Problem: bind an identity to a key Alice wants to communicate securely with Bob, how does she find and validate Bob's key? Many approaches exist: X.509, Web of Trust, Trust on First Use, DNSSEC, Network Perspective, physically meet Nicknym attempts to solve the binding problem Nickagent in client (python) Nickserver in server (ruby)

LEAP Nicknym Map a human memorable identity user@domain to public key Automatic discovery and validation of a cryptographic key TOFU, X.509, Network Perspective, Provider keys, Federated WoT Short lived keys instead of revocation Keys are stored in soledad

Bitmask client Written in python Multi platform OpenVPN, Soledad, GnuPG, Twisted, QT All a user needs to access LEAP services Let user pick a provider & bootstrap Local encrypted database (soledad) Keymanager

Bitmask client Minimal control interface IMAP service on localhost Fetches emails stored in soledad SMTP service on localhost relay emails to remote smtp Encrypted internet service (VPN) No GUI email interface yet MUA pointed to localhost, e.g. Thunderbird Coworking with Mailpile

Encrypted Internet Proxy VPN service, OpenVPN Clients use certificates Clients pick a provider vpn gateway Traffic's routed encrypted till the gateway Simple interface No DNS leaks Optionally provider sets available bandwidth

Mails flow Emails arriving at MX get encrypted if not already Stored in a message queue, soledad Soledad client syncs with cloud News emails get decrypted then stored in local soledad User reads them through IMAP Outgoing emails get signed and encrypted, as long as nikcagent finds a valid recipient's key Sender's key is automatically linked

Want to give it try? https://dl.bitmask.net Pick a provider: demo.bitmask.net (vpn only) or dev.bitmask.net (vpn+email, but volatile as dev)

How may I contribute? An overview of the project https://leap.se/en/docs/design/overview The source https://leap.se/en/docs/get involved/source Project ideas https://leap.se/en/docs/get involved/project ideas IRC: #leap on Freenode Mailing list: discuss@leap.se

Thanks!