Loading…

Flash Player 9 (or above) is needed to view presentations.
We have detected that you do not have it on your computer. To install it, go here.

Like this presentation? Why not share!

Communication Privacy for Free Societies at Harvard

on

  • 2,700 views

My presentation on communication privacy and how we are creating wiretap immune peer-to-peer communication services for direct public use in GNU Telephony. This was presented at Harvard University as ...

My presentation on communication privacy and how we are creating wiretap immune peer-to-peer communication services for direct public use in GNU Telephony. This was presented at Harvard University as part of LibrePlanet2010

Statistics

Views

Total Views
2,700
Views on SlideShare
2,699
Embed Views
1

Actions

Likes
0
Downloads
25
Comments
0

1 Embed 1

https://www.edu-apps.org 1

Accessibility

Categories

Upload Details

Uploaded via as OpenOffice

Usage Rights

CC Attribution License

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Communication Privacy for Free Societies at Harvard Communication Privacy for Free Societies at Harvard Presentation Transcript

  • GNU Telephony Telephony for a free world Communication Privacy For Free Societies David Sugar #0 “ Privacy is ultimately about liberty Surveillance is always about control” http://www.gnutelephony.org/data/harvard2010.odp
  • GNU Telephony Mission Statement #1 SECURE CALLING PROJECT GOALS: To empower people, individually and collectively, to communicate and collaborate privately and securely in real-time worldwide To establish secure communications as the default communication infrastructure To enable secure anonymous communication worldwide and protect users who exercise their basic human freedom of privacy To provide secure communication services universally on all computing platforms http://www.gnutelephony.org/data/harvard2010.odp
  • GNU Telephony Why free software #2 Anyone can review what they receive; no hidden backdoors Anyone can modify the software for their specific needs or for specific platforms Anyone can redistribute the software and help make it widely available Everyone has universal and unrestricted access to the software worldwide Everyone can participate on an equal basis in it's development No-one can remove the software from availability once distributed http://www.gnutelephony.org/data/harvard2010.odp
  • GNU Telephony Challenges we face #3 Software Patents and Intellectual Monopolies Anti-privacy laws effecting communication services Service Blocking and Net Neutrality Private commercial data mining The need for Zero-Knowledge Systems to protect users, zero forward knowledge to protect past conversations, etc Peer review-able code and verifiable algorithms Verifiable end-user client software Trustworthy hardware and client operating systems http://www.gnutelephony.org/data/harvard2010.odp
  • GNU Telephony Why privacy matters #4 Everyone has secrets Some want to know your secrets to do you harm Freedom is responsibility, and when others become responsible for your privacy, you loose both The dilemma of false positives Securing your borders Casper is not the friendly ghost Universal encryption is asymmetric warfare against mass surveillance What protects freedom of speech in the Internet age is the munitions of encryption, as the first amendment merges with the 2nd http://www.gnutelephony.org/data/harvard2010.odp
  • GNU Telephony How we started #5 1949 George Orwell publishes “1984” 1994 Calea Act introduced into law with promise never to be used for mass domestic surveillance 2001 (spring ) Mass domestic communication intercept begins using Calea mandated backdoors 2004 CALEA proposed for VoIP, Internet Common Congress Held 2006 GNU ZRTP stack Introduced 2007 GNU Secure Calling Project started 2008 GNU SIP Witch Introduced as secure phone switch 2010 Secure Calling in Ubuntu 10.04 and Fedora F13 GNU/Linux http://www.gnutelephony.org/data/harvard2010.odp
  • GNU Telephony Classic Media Insecurity #6 Operator has knowledge of keys Netherlands United States Realtime mitm uses intercepted keys, undetectable http://www.gnutelephony.org/data/harvard2010.odp
  • GNU Telephony SDES Media Insecurity #7 TCP Snooping SIP Exchange of Private Keys Netherlands United States Realtime mitm uses intercepted keys, undetectable http://www.gnutelephony.org/data/harvard2010.odp
  • GNU Telephony S-RTP & PKI Media Insecurity #8 Certificate Stolen or “RIPA” all Past & Present calls compromised United Kingdom Netherlands Poisoned/Weak Certificates or copied to third party outright. All Past & Present calls compromised Realtime mitm False identity or decrypting compromised certs http://www.gnutelephony.org/data/harvard2010.odp
  • GNU Telephony ZRTP and SAS #9 Sends Local Public Key XX Has Local Private Key for XX Gets Remote Public Key YY SAS Generated Hash XXYY SAS Matches, confirmed over voice Sends Local Public Key YY Has Local Private Key for YY Gets Remote Public Key XX SAS Generated Hash XXYY SAS Matches on voice Sends Local Public Key XX Has Local Private Key for XX Gets Remote Public Key ZZ SAS Generated Hash XXZZ SAS does not match when checked over voice! Sends Local Public Key YY Has Local Private Key for YY Gets Remote Public Key ZZ SAS Generated Hash ZZYY SAS does not match! MITM does not have private keys for XX or YY, so must create a new fake key ZZ http://www.gnutelephony.org/data/harvard2010.odp
  • GNU Telephony ZRTP Media Security #10 Per session keys not static, no user keys for RIPA United Kingdom United States Locally generated keys no authority to compromise Realtime mitm for key exchange vs SAS validation Locally user generated keys Keys generated per session User has zero knowledge of keys Users can validate each others keys Peer reviewable and verifiable http://www.gnutelephony.org/data/harvard2010.odp
  • GNU Telephony ZRTP & PBX enrollment #11 United Kingdom United States ? “ Appears secure” Audio path decrypted in server Destination insecure! But also no SAS to confirm SAS relay valid if switch trusted Interconnect maybe insecure. SAS cannot relay cross-node ? Destination insecure! But no SAS to confirm Cannot call securely between nodes IP-PBX Server must be “trusted” http://www.gnutelephony.org/data/harvard2010.odp
  • GNU Telephony ZRTP & PBX Passthrough #12 United Kingdom United States ? “ Appears secure” Audio path should remain encrypted in server, but what if config is falsified? Destination insecure! But also no SAS to confirm SAS relay valid if switch trusted Interconnect maybe insecure. SAS cannot relay cross-node ? Destination insecure! But no SAS to confirm ? Cannot call securely between nodes Enrollment is used, IP-PBX holds keys, can falsify encrypted path in switch http://www.gnutelephony.org/data/harvard2010.odp
  • GNU Telephony SIP Witch & Media Security #13 No uncertainty about end-to-end security in voip media path No audio to centrally decrypt PSTN gateway path may be secure but destination is not but clear boundaries between secure & insecure domains No audio to centrally decrypt, no media interconnect Secure with direct media path & zrtp Secure with direct media path & zrtp http://www.gnutelephony.org/data/harvard2010.odp
  • GNU Telephony NAT and Media Proxy #14 Local Network Behind NAT Remote Network Behind NAT Public Internet Rewrite of firewall rules to packet forward rtp media on the fly Integrated rewrite of SIP SDP based on public appearing addresses Clients have no need for NAT support; all done in one place in sipwitch! Low cpu overhead, minimal latency, and stateful; server dies but calls remain alive! http://www.gnutelephony.org/data/harvard2010.odp
  • GNU Telephony Traditional Roles #15 SIP Telephone Switch: * call forward and multi-nodal * multi-party ring & registration * multi-node and routing * class of service/profiles * reduced traffic on trusted nets * feature code dialing (todo) * hunting & acd (todo) * speed dialing (todo) SIP Embedded Gateway: * map subscriber to multi-party * arm, mips port proven * compilable for embedded * rtp media proxy * very low overhead * xmlrpc remote management Internet Hosted Service: * media peering possible * virtualizes well * can run as user w/o root Secure Call Domain adjunct: * cross-register with IP-PBX * fwd insecure to IP-PBX * clean domain division http://www.gnutelephony.org/data/harvard2010.odp
  • GNU Telephony SIP Witch on the Desktop #16 Use existing SIP softphone clients Use your system Login account as a SIP login Single sign-on for multiple remote accounts Single place to implement NAT correctly! Automatic self configuration! Simplified service provider provisioning Creative routing and redirection; a “Gstreamer” for VoIP! http://www.gnutelephony.org/data/harvard2010.odp
  • GNU Telephony Domain Calling #17 Local SIP Phone Ubuntu 10.04 GNU/Linux Fedora F13 GNU/Linux http://www.gnutelephony.org/data/harvard2010.odp SIPWitch + RTP proxy User Agent [email_address] Peer Service Providers [email_address] Peer User Agent
  • GNU Telephony The VoIP Desktop #18 Paired desktop sip phone http://www.gnutelephony.org/data/harvard2010.odp GNU SIP Witch NAT Media Proxy Automatic routing DBUS Messaging VoIP Indicator DBUS Applet OSD Notify events User Agent: Empathy SIP Comm. Twinkle etc Private Switch Service Providers Peer to Peer SIP Media Or Device
  • GNU Telephony How you can help #19 How you can help Create domain calling networks bottom-up Test and use various deployment models Report bugs to [email_address] Document using different GNU/Linux distros Help us document basic sipwitch use cases Test SIP clients and devices Contribute code to the community Communicate freely using free software http://www.gnutelephony.org/data/harvard2010.odp
  • GNU Telephony Contacting #20 GNU Telephony http://www.gnutelephony.org mailto:dyfet@gnutelephony.org mailto:sipwitch-devel@gnu.org Free World Dialup: 688841 sip: [email_address] irc:#bayonne irc.freenode.net jabber:gnudyfet@gmail.com http://www.gnutelephony.org/data/harvard2010.odp
  • GNU Telephony Freedom to communicate #21 HAPPY Hacking http://www.gnutelephony.org/data/harvard2010.odp