Introducing CloakcastSteve Phillips @ SB Hackerspaces      WebTech Wednesday          (hosted by Eucalyptus)             2...
Agenda● Cloakcast  ○ What it is  ○ How it works  ○ Which problem(s) it solves● Go  ○ What it is  ○ Why I used Go to build ...
Cloakcast
What is Cloakcast? Why use it?Cloakcast is a suite of tools for chattingencrypted-ly.Using (a soon-to-be-released version ...
Who cares if They know when Imchatting, and with whom?● Trivial to correlate web traffic with chat  traffic, encrypted or ...
How does/will Cloakcast work?1. Client Sending       2. Server                         3. Client Receiving● Original text ...
"Which connected user are youchatting with?"● ...only its better than this● Ive been talking about this like its a  conver...
Chat Demo
Cloakcast Release Schedule● Conceived, started July 9● v0.1  ○ Finished July 15  ○ Basic PGP-encrypted chatting in termina...
Future Feature Ideas● Multi-server support          ● Public key swapping within  ○ No server sees entire         Cloakcas...
Go
What is Go?● Programming language open sourced by  Google in 2009● Reached stable v1.0 in late March 2012● Qualities  ○   ...
Cloakcast Code Samples       (Emacs time...)
SOON: Run Cloakcast on your      Android deviceScreenshot taken 2012.07.03 (3 weeks ago)
Go Resources● Start here: http://tour.golang.org/● Articles: http://golang.org/doc/#articles  ○ Also see http://blog.golan...
Upcoming SlideShare
Loading in …5
×

Introducing Cloakcast

242
-1

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
242
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
2
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Introducing Cloakcast

  1. 1. Introducing CloakcastSteve Phillips @ SB Hackerspaces WebTech Wednesday (hosted by Eucalyptus) 2012.07.25
  2. 2. Agenda● Cloakcast ○ What it is ○ How it works ○ Which problem(s) it solves● Go ○ What it is ○ Why I used Go to build Cloakcast ○ The codez
  3. 3. Cloakcast
  4. 4. What is Cloakcast? Why use it?Cloakcast is a suite of tools for chattingencrypted-ly.Using (a soon-to-be-released version of) Cloakcast meansthat a malicious, totalitarian third party cant tell...● Who youre communicating with● What youre saying to them, nor● When youre communicating <-- the unique part...even if theyre sniffing the traffic of whoever youre talkingto. In a future iteration, they may not even be able to tellyoure using Cloakcast at all.
  5. 5. Who cares if They know when Imchatting, and with whom?● Trivial to correlate web traffic with chat traffic, encrypted or not ○ Creepy!● With no encryption over GTalk... ○ I visit URL govt considers suspicious (e.g. Wikileaks) ○ I send URL to $friend over GTalk ○ $friend visits URL● With Pidgin + OTR over GTalk... ○ I visit URL govt considers suspicious ○ I send URL to $friend over GTalk but its encrypted ○ $friend visits URL ○ ...still pretty damn obvious whos talking with who about what! Cloakcast solves this.
  6. 6. How does/will Cloakcast work?1. Client Sending 2. Server 3. Client Receiving● Original text (from ● Decrypts outer- ● Decrypts outer-most user, or random most layer layer (from Server) garbage/decoy) ● Re-encrypts with ● Decrypts inner layer● Encrypts using recipients PGP (encrypted by recipients PGP key key original sender)● Encrypts using ● Original text Servers PGP key Cloakcast Server Uniqueness: Client sends message to Server once per second. If the user types a message that second, thats what gets encrypted and My sent. If the user doesnt type Your anything, a "garbage", Client decoy message gets sent Client instead.
  7. 7. "Which connected user are youchatting with?"● ...only its better than this● Ive been talking about this like its a conversation happening in real-time● It doesnt have to be● Messages stay in a users inbox until read ○ [EDIT: this will likely change in an upcoming version]● Malicious parties only see data encrypted with the Servers key or recipients key ○ ...assuming youre using an uncompromised server, in which case they know whos chatting, but not when nor what about
  8. 8. Chat Demo
  9. 9. Cloakcast Release Schedule● Conceived, started July 9● v0.1 ○ Finished July 15 ○ Basic PGP-encrypted chatting in terminal● v0.2 ○ Expected out in late July or August ○ WebSocket chat in browser● v0.3 ○ Connect through Tor? ■ Cloakcast and Tor dont compose super nicely due to the 1-second pulse...
  10. 10. Future Feature Ideas● Multi-server support ● Public key swapping within ○ No server sees entire Cloakcast? conversation ● Use OTR (instead of● Request data from server at PGP/GPG)? adjustable rate ○ Maybe use mpOTR?● Use HTTPS on port 443 ● Multiple concurrent 2-person ○ Extra encryption layer chats ○ Hides destination url ● Group chat + PGP sucks● Can your ISP even tell ○ O(n^2) keys :- youre using Cloakcast? ● Platform??? ○ Maybe, using DPI, ○ Distributed system :-) maybe not (HTTPS) ○ Compute, scrape, etc● Tor tunneling ● Legit auth ○ Cloakcast will help ○ "Client: prove you can against timing attacks decrypt $this to check your inbox"
  11. 11. Go
  12. 12. What is Go?● Programming language open sourced by Google in 2009● Reached stable v1.0 in late March 2012● Qualities ○ Fast and Concurrent ○ Compiled ○ Statically typed (in a good way!) ○ Simple and Powerful ○ Avoids typical trade-offs ■ Fast, static typing, painful v. Slow, dynamic, fun● My favorite programming language ○ Thats right: Python is #2
  13. 13. Cloakcast Code Samples (Emacs time...)
  14. 14. SOON: Run Cloakcast on your Android deviceScreenshot taken 2012.07.03 (3 weeks ago)
  15. 15. Go Resources● Start here: http://tour.golang.org/● Articles: http://golang.org/doc/#articles ○ Also see http://blog.golang.org/● Then read http://golang.org/doc/effective_go.html● My Go snippets (in go/ and go-r60/ dirs): https://github.com/sbhackerspace/sbhx-snippets/● More at Go homepage: http://golang.org/

×