Successfully reported this slideshow.
Your SlideShare is downloading. ×

Introducing Cloakcast

Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Loading in …3
×

Check these out next

1 of 15 Ad
Advertisement

More Related Content

Slideshows for you (17)

Similar to Introducing Cloakcast (20)

Advertisement

Introducing Cloakcast

  1. 1. Introducing Cloakcast Steve Phillips @ SB Hackerspace's WebTech Wednesday (hosted by Eucalyptus) 2012.07.25
  2. 2. Agenda ● Cloakcast ○ What it is ○ How it works ○ Which problem(s) it solves ● Go ○ What it is ○ Why I used Go to build Cloakcast ○ The codez
  3. 3. Cloakcast
  4. 4. What is Cloakcast? Why use it? Cloakcast is a suite of tools for chatting encrypted-ly. Using (a soon-to-be-released version of) Cloakcast means that a malicious, totalitarian third party can't tell... ● Who you're communicating with ● What you're saying to them, nor ● When you're communicating <-- the unique part ...even if they're sniffing the traffic of whoever you're talking to. In a future iteration, they may not even be able to tell you're using Cloakcast at all.
  5. 5. Who cares if They know when I'm chatting, and with whom? ● Trivial to correlate web traffic with chat traffic, encrypted or not ○ Creepy! ● With no encryption over GTalk... ○ I visit URL gov't considers suspicious (e.g. Wikileaks) ○ I send URL to $friend over GTalk ○ $friend visits URL ● With Pidgin + OTR over GTalk... ○ I visit URL gov't considers suspicious ○ I send URL to $friend over GTalk but it's encrypted ○ $friend visits URL ○ ...still pretty damn obvious who's talking with who about what! Cloakcast solves this.
  6. 6. How does/will Cloakcast work? 1. Client Sending 2. Server 3. Client Receiving ● Original text (from ● Decrypts outer- ● Decrypts outer-most user, or random most layer layer (from Server) garbage/decoy) ● Re-encrypts with ● Decrypts inner layer ● Encrypts using recipient's PGP (encrypted by recipient's PGP key key original sender) ● Encrypts using ● Original text Server's PGP key Cloakcast Server Uniqueness: Client sends message to Server once per second. If the user types a message that second, that's what gets encrypted and My sent. If the user doesn't type Your anything, a "garbage", Client decoy message gets sent Client instead.
  7. 7. "Which connected user are you chatting with?" ● ...only it's better than this ● I've been talking about this like it's a conversation happening in real-time ● It doesn't have to be ● Messages stay in a user's inbox until read ○ [EDIT: this will likely change in an upcoming version] ● Malicious parties only see data encrypted with the Server's key or recipient's key ○ ...assuming you're using an uncompromised server, in which case they know who's chatting, but not when nor what about
  8. 8. Chat Demo
  9. 9. Cloakcast Release Schedule ● Conceived, started July 9 ● v0.1 ○ Finished July 15 ○ Basic PGP-encrypted chatting in terminal ● v0.2 ○ Expected out in late July or August ○ WebSocket chat in browser ● v0.3 ○ Connect through Tor? ■ Cloakcast and Tor don't compose super nicely due to the 1-second pulse...
  10. 10. Future Feature Ideas ● Multi-server support ● Public key swapping within ○ No server sees entire Cloakcast? conversation ● Use OTR (instead of ● Request data from server at PGP/GPG)? adjustable rate ○ Maybe use mpOTR? ● Use HTTPS on port 443 ● Multiple concurrent 2-person ○ Extra encryption layer chats ○ Hides destination url ● Group chat + PGP sucks ● Can your ISP even tell ○ O(n^2) keys :- you're using Cloakcast? ● Platform??? ○ Maybe, using DPI, ○ Distributed system :-) maybe not (HTTPS) ○ Compute, scrape, etc ● Tor tunneling ● Legit auth ○ Cloakcast will help ○ "Client: prove you can against timing attacks decrypt $this to check 'your' inbox"
  11. 11. Go
  12. 12. What is Go? ● Programming language open sourced by Google in 2009 ● Reached stable v1.0 in late March 2012 ● Qualities ○ Fast and Concurrent ○ Compiled ○ Statically typed (in a good way!) ○ Simple and Powerful ○ Avoids typical trade-offs ■ Fast, static typing, painful v. Slow, dynamic, fun ● My favorite programming language ○ That's right: Python is #2
  13. 13. Cloakcast Code Samples (Emacs time...)
  14. 14. SOON: Run Cloakcast on your Android device Screenshot taken 2012.07.03 (3 weeks ago)
  15. 15. Go Resources ● Start here: http://tour.golang.org/ ● Articles: http://golang.org/doc/#articles ○ Also see http://blog.golang.org/ ● Then read http://golang.org/doc/effective_go.html ● My Go snippets (in go/ and go-r60/ dirs): https://github.com/sbhackerspace/sbhx-snippets/ ● More at Go homepage: http://golang.org/

×