3. Be wary of one-time pads and other crypto unicorns

Be wary of one-time pads and other crypto unicorns

What will happen, is TAO operative sees connection of Jericochat server from XKEYSCORE, sighs and clicks on a button. The next time user of Jericochat browses to youtube.com, QUANTUMSQUIRREL will automatically prented it's the youtube server, it'll forge the TLS cert with key obtained from server / produce a fake cert signed by key obtained from Google CA. It'll then do a deep packet Injection with TURBINE, and inject a transparent exploit that uses a known / 0-day vulnerability of user's browser, and with that, it'll inject UNITEDRAKE to the computer. UNITEDRAKE's plugin SALVAGERABBIT will exfiltrate the OTP-keyfile and it's a game over.

This is likely true for any encryption protocol that the TLAs have difficulty cracking (or it's more time consuming and expensive for them to crack). Therefore it's cheaper and more effective to just plant malware on the machine and capture plaintext as it's being typed at the source. I think TFC does have a good solution in this area with the one-way Transmitter and Receiver modules with the keys and plaintext being prevented from exfiltration. It would be nice if TFC was commercialized and made into a product though. Not a lot of people have the time or inclination to build a TFC setup which will hinder adoption. If you could miniaturize it into a phone/tablet like device, without closed baseband, including screen and keyboard that would be excellent. Then people can use it as a dedicated secure messaging device.

Even TFC I don't think is bulletproof. If the TLA detects a TFC packet fingerprint in XKEYSCORE they can always exploit their privileged network position and use their systems like QUANTUMINSERT to reroute the packets to a FOXACID server, or just drop them completely, preventing two parties from communicating securely altogether. There's not much you can do when that happens. That's why I think it's critical to obfuscate/hide the protocol meta data as much as possible so these automated detection and interference systems never work. In future versions of Jericho I have some plans to make the TLA's jobs practically impossible. You should consider implementing some of these as well:

  • Encrypt one-time pads before transit on portable media using a cascade stream cipher with independent keys e.g. Skein-512 XOR Keccak-512 XOR Plaintext. The keys themselves can be protected by 40 char+ password, key file and slow PBKDF. The key file can be a long salt for the PBKDF and hidden separately.

  • Encrypt and authenticate the one-time pads as they reside on the end points using the same method. Don't discount the TLAs getting malware or cameras in via physical infiltration at your house if they detect you're using such protocols.

  • Encryption of the client-server protocol using the same cascade stream cipher and MAC. The server and clients can have pre shared keys and decrypt/decode the packet to decide which user it's meant to go to. The server responds with the same encryption. Therefore all a TLA sees is a socket being opened up on a user chosen port, then an IV + ciphertext concatenated together in Base64 being sent across the internet to some IP address. They have no idea who the packet is for, what chat group it's for or what encryption protocol is being used exactly. The server acts as an encrypted switchboard. Only the users of the server have the key to communicate with the server. It's important to disguise any meta data which could allow TURBULENCE, TURMOIL and TUMULT to distinguish it from other regular traffic and feed it into XKEYSCORE. So if you're prepending "TFC_" to the beginning of the ciphertext then that's a pretty significant clue. Even subtle protocol details which make it unique from other regular traffic helps them. If they don't know exactly what protocol you're using then it's much harder to target you with an automatic exploit and exfiltrate keys.

  • Send fake messages at random intervals. The other client will know they are fake and can ignore them automatically. Traffic analysis meta data (how often and when users are communicating) is almost as important as the contents.

  • Use anonymous proxies like Tor so all traffic goes over the anonymity network. Even the server could be running on a Tor hidden server. This prevents the TLA from knowing where users are and who exactly is communicating. That way it is also harder to target the user with specific exploits, or physical surveillance.

  • Single use devices. The machine with the OTP chat is not used for other activities e.g. general web surfing. This prevents TLAs serving up malware from YouTube etc.

/r/netsec Thread Parent Link - freedom-to-tinker.com
Previous
Next

Recently removed from /r/netsec

Tracking Anonymized Bluetooth Devices via BLE security flaw PoC || GTFO 0x19 (Github Mirror) /r/netsec's Q1 2019 Information Security Hiring Thread The /r/netsec Monthly Discussion Thread - December 2018 /r/netsec's Q3 2018 Information Security Hiring Thread Simple hack bypasses iOS passcode entry limit, opens door to brute force hacks Google bug bounty for security exploit that influences search results Cybereason RansomFree detects and blocks WannaCry using behavioral based detection (video link, details in comment) PINs and passwords can be stolen just by watching the way a phone tilts Bella: A pure python, post-exploitation, data mining tool and remote administration tool for macOS. 2015 Vice article reveals Spotify allows for brute-force password collection. There is still no login failure/password reset to this day. More details in comments. Cryptkeeper Sets the same password "p" for everything independently of user input /r/netsec's Q1 2017 Information Security Hiring Thread A Formal Security Analysis of the Signal Messaging Protocol [PDF] Warberry Pi- Tactical Exploitation

More Random Comments

YSK that the newer methods of teaching math in elementary schools has nothing to do with Common Core standards, and that these new methods are actually vastly improved over the "old fashioned" ways. [event] JOUST!!!!! Présentation et idées What are some of the best Paradox you know? I've been trying to collect good Lovecraftian films. Why are they so rare? Russia Frees Itself From Oil's Curse; "Signs are multiplying that the Russian economy will not die a painful death, but is just taking some long-overdue strong medicine. The country posted unexpected growth in the fourth quarter of 2014, and it can now look beyond oil for drivers of recovery." So I signed Antti Raanta as my backup. Along with keeping his Hawks mask, the game had a seizure and gave him this gear. Mark Hammill gets his Darth Vader moment on 'The Flash'. In Response to the Trevor Noah Controversy, Patton Oswalt Went on an Epic Twitter Rampage, Satirizing the Ongoing Death of Comedy [Game of Thrones episode 3 spoilers] Okay, I'm curious. Outside of playable characters, who of the OC's do you trust? Defense is the best Offense! [Contest] [Mercs] 1.8 Released! UPDATE YOUR SERVERS! 2h sword timing changes, 1h damage buffs, archer adjustments. The Combat Update: Hopes and Speculations Who is the best ILB in the Draft? Maybe not Eric Kendricks Daily advice thread. All questions about your personal situation should be asked here