• Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
160
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
1
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Introducing CloakcastSteve Phillips @ SB Hackerspaces WebTech Wednesday (hosted by Eucalyptus) 2012.07.25
  • 2. Agenda● Cloakcast ○ What it is ○ How it works ○ Which problem(s) it solves● Go ○ What it is ○ Why I used Go to build Cloakcast ○ The codez
  • 3. Cloakcast
  • 4. What is Cloakcast? Why use it?Cloakcast is a suite of tools for chattingencrypted-ly.Using (a soon-to-be-released version of) Cloakcast meansthat a malicious, totalitarian third party cant tell...● Who youre communicating with● What youre saying to them, nor● When youre communicating <-- the unique part...even if theyre sniffing the traffic of whoever youre talkingto. In a future iteration, they may not even be able to tellyoure using Cloakcast at all.
  • 5. Who cares if They know when Imchatting, and with whom?● Trivial to correlate web traffic with chat traffic, encrypted or not ○ Creepy!● With no encryption over GTalk... ○ I visit URL govt considers suspicious (e.g. Wikileaks) ○ I send URL to $friend over GTalk ○ $friend visits URL● With Pidgin + OTR over GTalk... ○ I visit URL govt considers suspicious ○ I send URL to $friend over GTalk but its encrypted ○ $friend visits URL ○ ...still pretty damn obvious whos talking with who about what! Cloakcast solves this.
  • 6. How does/will Cloakcast work?1. Client Sending 2. Server 3. Client Receiving● Original text (from ● Decrypts outer- ● Decrypts outer-most user, or random most layer layer (from Server) garbage/decoy) ● Re-encrypts with ● Decrypts inner layer● Encrypts using recipients PGP (encrypted by recipients PGP key key original sender)● Encrypts using ● Original text Servers PGP key Cloakcast Server Uniqueness: Client sends message to Server once per second. If the user types a message that second, thats what gets encrypted and My sent. If the user doesnt type Your anything, a "garbage", Client decoy message gets sent Client instead.
  • 7. "Which connected user are youchatting with?"● ...only its better than this● Ive been talking about this like its a conversation happening in real-time● It doesnt have to be● Messages stay in a users inbox until read ○ [EDIT: this will likely change in an upcoming version]● Malicious parties only see data encrypted with the Servers key or recipients key ○ ...assuming youre using an uncompromised server, in which case they know whos chatting, but not when nor what about
  • 8. Chat Demo
  • 9. Cloakcast Release Schedule● Conceived, started July 9● v0.1 ○ Finished July 15 ○ Basic PGP-encrypted chatting in terminal● v0.2 ○ Expected out in late July or August ○ WebSocket chat in browser● v0.3 ○ Connect through Tor? ■ Cloakcast and Tor dont compose super nicely due to the 1-second pulse...
  • 10. Future Feature Ideas● Multi-server support ● Public key swapping within ○ No server sees entire Cloakcast? conversation ● Use OTR (instead of● Request data from server at PGP/GPG)? adjustable rate ○ Maybe use mpOTR?● Use HTTPS on port 443 ● Multiple concurrent 2-person ○ Extra encryption layer chats ○ Hides destination url ● Group chat + PGP sucks● Can your ISP even tell ○ O(n^2) keys :- youre using Cloakcast? ● Platform??? ○ Maybe, using DPI, ○ Distributed system :-) maybe not (HTTPS) ○ Compute, scrape, etc● Tor tunneling ● Legit auth ○ Cloakcast will help ○ "Client: prove you can against timing attacks decrypt $this to check your inbox"
  • 11. Go
  • 12. What is Go?● Programming language open sourced by Google in 2009● Reached stable v1.0 in late March 2012● Qualities ○ Fast and Concurrent ○ Compiled ○ Statically typed (in a good way!) ○ Simple and Powerful ○ Avoids typical trade-offs ■ Fast, static typing, painful v. Slow, dynamic, fun● My favorite programming language ○ Thats right: Python is #2
  • 13. Cloakcast Code Samples (Emacs time...)
  • 14. SOON: Run Cloakcast on your Android deviceScreenshot taken 2012.07.03 (3 weeks ago)
  • 15. Go Resources● Start here: http://tour.golang.org/● Articles: http://golang.org/doc/#articles ○ Also see http://blog.golang.org/● Then read http://golang.org/doc/effective_go.html● My Go snippets (in go/ and go-r60/ dirs): https://github.com/sbhackerspace/sbhx-snippets/● More at Go homepage: http://golang.org/