Secured communications for activism

From Hackerspace Brussels
Revision as of 03:18, 30 July 2011 by 78.129.3.14 (Talk) (Gobby)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search


Secured communications for activism
Fri 29 Jul 2011 19:30
till Fri 29 Jul 2011 23:59
Norbertgothisbrainmachine2.png
What:
Secured communication for activism
Tagline:
Yet another Hsb Meetup!
Where:
HSB Brussels,Belgium
Cost:
0
Who:
ZipionLive
URL:


The goal of this meetup is to discuss ways to define a common, user-friendly and secured way for activist groups to communicate between each other, if possible before the CCC camp so we can determine what infos and techniques could be interesting to focus on when we'll be there. The time and day are still subject to change, we'll discuss them during the next TechTuesday.

EDIT : Finally we keep the date, so the meeting will be held this Friday. Let's make it a FrHackNight :-P !


sources for inspiration:

Time for debriefing !

secure communications[edit]

we'll check out collaboration tools and their secure uses

what's to say about secure communication:

  • encryption (rsa vs dh vs block ciphers)
  • authentication (strong authentication, prevent mitm/man in the middle)
  • integrity
  • perfect forward secrecy
  • how is this different from anonymous communication ?


collaboration tools[edit]

we just noted down some of the collaboration tools we use, and had a look at if they provide any level of security.


email[edit]

  • thunderbird+enigmail(GPG) -- people create trusted relations -


one-to-one chat[edit]

  • pidgin+OTR: off-the-record is a plugin for pidgin, which allows you to strongly authenticate your chat-buddy, provide encryption & perfect forward secrecy and deniability.

http://www.cypherpunks.ca/otr/ http://www.cypherpunks.ca/otr/Protocol-v2-3.1.0.html

socialist millionaire protocol  ?

group chat[edit]


online storage / file exchange[edit]


browsing[edit]

  • ssl/tls : setup a authenticated & encrypted TCP stream (most known from https) client & server can authenticate using public/private keys -- public trust is artificially created by centralized 'certification authorities'.
  • proxy :
  • tor : https://trac.torproject.org/projects/tor/wiki/doc/SupportPrograms -- tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet.
  • vpn/darknet - several softwares exist, most known opensource tools are openvpn, tinc-vpn -- clients create authenticated & encrypted tunnels to the server(s), server will
  • freenet -- anonimity, anti-censorship, gore

voice communication[edit]

  • skype -- this is a closed source protocol, so it's not know if there are backdoors,

neither known are the parties involved into skype, who has access to the communication content

  • mobile phone : throw it

wireless mesh networks[edit]

general meditation points

  • security needs organization : key -pgpkey etc ... certificates ...

so in general people forgot what about stolen computer or saisie/derequisition 'police, enemy)


  • what about something small quick to help organizing a event .... delay in hours ?

or something easy to put in the computer and have "communication" with your peers (over internet, private network or lan ....) ?

Q : anonymity needs encryption - T/F ?


collaborative editors[edit]

Gobby[edit]

  • investigation about security : Gobby can use GNUTLS

http://www.absoluteastronomy.com/topics/Gobby based on TLS, transport layer protocol -- http://en.wikipedia.org/wiki/Transport_Layer_Security juste to have an idea tls 1 is the same as ssl 3 - later for a workshop ? people need to take care about exchanging public keys to provide strong authentication, this needs some setup (key exchange / setup a Certificate Authority/ trust an existing CA)

another question : how to setup a real gobby for several people ? we know we need a pair of key for the creator of the seassion, what about authentication of the other participants, need to be well prepared ... (thing to do)

etherpad[edit]

SSL could be provided by webserver

practical case[edit]

apache ssl, enforcing client certificate auth users need: - their client certificate and - to check the server certificate

to trust the browser? 'portable app?'

Linux Tails[edit]

  • Live distribution of linux bundled with TOR and encryption software (TrueCrypt).
  • Can be used from anywhere or almost.
  • Check these pages for details :

- http://thegeniusfilesblog.blogspot.com/2011/04/tails-linux-privacy-oriented-os.html - https://tails.boum.org/about/index.en.html - https://tails.boum.org/doc/warning/index.en.html

You can download it from here (torrent available) : https://tails.boum.org/download/index.en.html