Protecting IM From Big Brother

holden writes "Ian Goldberg, leading security researcher, professor at the University of Waterloo, and co-creator of the Off-the-Record Messaging (OTR) protocol recently gave a talk on protecting your IM conversations. He discusses OTR and its importance in today's world of warrant-less wire tapping. OTR users benefit from being able to have truly private conversations over IM by using encryption to obtain authentication, deniability, and perfect forward secrecy, while working within their existing IM infrastructure. With the recent NSA wiretapping activities and increasing Big Brother presence, security and OTR are increasingly important. An avi of the talk is available by http as well as by bittorrent and a bunch of other formats."

Encryption

Its time to implement encryption of ALL traffic from ALL applications. Perhaps even IPC encryption incase you have some sort of 'tap' installed on your computer.

Sure, it eats resources, but do you want others reading your information? I dont. Not even when its "we are out of milk, please pick some up on the way home", as its NONE OF THEIR BUSINESS.

Re:Encryption

Check out SiMP-Lite [secway.fr]

It's a fantastic product, I just wish it was multi-platform... Really nice for Windows though...

Re:Encryption

Encrypting by default still doesn't prove the *log* is legit and only prevents a 3rd party from secretly watching along the way, so i don't see me encrypting everything effecting that.

Huh? OTR is specifically designed not to prove that the log is legit. It goes to a lot of work, actually, to ensure that there's a trivial way to fake messages after the fact, just not when a conversation is occurring.

That means that when you're having a chat with someone, you know that what they're saying to you is their actual words, but that the same cryptography that's giving you privacy can't (theoretically) be used to hang you later, by proving absolutely that you said certain things.

OTR's logs are designed to be easily forgeable. This is a major difference in its design from many corporate IM clients (e.g. Sametime), which offer encryption but also create authoritative logs that can be referred back to later.

The point of OTR Messaging is to allow you to have the equivalent of a face-to-face, "off the record" conversation, in the digital, computer-mediated world. Just like when you have an in-person conversation, there's nothing stopping the other person from walking back to their car and blabbing about the whole thing to anyone who'll listen, the encryption itself tries to not serve as authentication after the fact as to what was said.

Re:Encryption

Blah, that's a load of shit. It's an academic answer to how to fix the problem of people logging your conversation with them.

When the log is presented in court the person who logged it will be asked "is this log an accurate representation of the conversation you had with the accused?" and they say "yes, it is" and the defense then has to show not that it is possible that the log was doctored but that person who has just sworn, under penalty of perjury, is lying. They typically do this by showing instances in the past where the person has submitted false evidence to a court, or they can try to show that the person has something to gain by changing the log and that they had the skills (if any special skills are required, which they wouldn't be). It would be a very tough sell and a jury is more likely to believe that the log is accurate because what kind of idiot would lie in court when the punishment is so severe.

Consider that email is so trivial to fake and yet emails are considered official correspondence in many many many court cases. It's not about the technology, it's about the people making the claims.

Re:Encryption

The beauty of OTR messaging is that it claims to guarantee perfect forward secrecy. In other words, if you lose control of your private keys no previous conversation is compromised. This is a big plus, because even if they force you to turn over the keys they can't see the previous conversations.

It works (as I understand) by using your key pair to derive and exchange public session keys. The session keys then are used to do actual encryption and are changed frequently. The private key at each end is only ever stored in RAM and is discarded when the session ends or after a timeout.

It's neat because even listening in to the whole session and obtaining the public session keys isn't enough to compromise the session. Of course, having the public keys and obtaining the master private key may go a long way to helping with a mathematical attack of the algorithm.

Encrypted RAM and HDD Storage

You can't have perfect secrecy unless your RAM contents are also encrypted. Wasn't there some case recently where the RAM contents of some server were subpoenaed in a court case? If your RAM is unencrypted, then your IM conversation is stored in plain text SOMEWHERE, even if it is encrypted on the network stack. Of course, having encrypted RAM would be a HUMONGOUS performance hit, but it could be done. Hmmm..

Off to the patent office I go..

Re:Encrypted RAM and HDD Storage

Fine, let me get those chips out for you. Bring the back after you get the information off of them.

Encryption is only part of the solution

This is a good step, and I wish that more people would use encrypted messaging systems. This includes IM, e-mail, and voice.

However, while encryption can protect against "big brother", you can never eliminate the risk from the other end of the line. What happens if the person you are talking to has a rootkit, or prints out the conversation, or otherwise compromises the data? There's no real way to protect your entire conversation.

--
Educational microcontroller kits for the digital generation -- great gift! [nerdkits.com]

Deniability may sound fine

But, it WILL be hacked. Then, a user's smug denial could lead to obstruction of justice charges, or some such.

Re:Deniability may sound fine

"I do not recall." If it's good enough for the administration to use and get away with, it's good enough for me.

Unless you're in the administration, that will get you tossed in jail. Normal citizens require plausible deniability. For hard drive encryption, this can be accomplished by saving dummy data accessible with a second password. For IM, perhaps we need something similar. If an IM client were to give a user the option of using a dummy password which would still initiate encrypted messages, but with a warning flag to the user on the other end, we might have parity.

Encryption technologies that provide plausible deniability are possible, but I doubt they will enter widespread use (or even encryption in general) until the big players champion them. Why one of the major IM providers has not jumped on this as a differentiating feature is beyond me. I guess I see why Google would not include it in GTalk, seeing as they want to use the data to target ads (ditto yahoo and MS), but why isn't it built into ichat yet?

OTR is classy

OTR is a really cool program, I just wished more people used it.

Terrorist collaborator?

How long until this guy gets the attention of the government and is brought down as a terrorist collaborator? And if people actually start using this kind of software to make private conversations, how long until the presence of it on ones HD can be used against you? Wasn't there a case where the presence of an "Eraser" program on the defendants hard drive was used against him, because then he "Must have had something to hide"?

In the meantime...

... I hate to say it, but the most practical secure kind of IM right here right now is probably Skype. Well - you read that story about German police and Skype's chat traffic (like other kinds) is carried over the same encrypted p2p transport as its voice traffic.

Join the Encryps

It's like a Cypherpunk, but more likely to get shot (perhaps by the NSA).

AIM encryption

We use AIM for communication at my company. One problem is half the people use GAIM, the other half use Trillian, and each have separate standard encryption plug-ins which are incompatible. Of course it is free software and I could jump in and work on this but I am too busy. The main reason we had encrypted conversations was to send passwords to one another.

Zonealarm's IM security

I have the Zone-Alarm Security Suite software (software firewall, anti-virus, anti-spyware, Ad blocking, Cookie control, Identity protection), and it comes with "IM Security". It encrypts all IM conversations when both sides of the conversation have the software installed. I don't know how strong the encryption is, but it is something.. Makes me feel secure when I am talking about government conspiracies...

Just days before...

This slashdot story, just days before a talk [uwaterloo.ca] about how the csclub servers handled slashdot the last time [slashdot.org].

The real problem is U.S. government corruption.

Quote: "With the recent NSA wiretapping activities and increasing Big Brother presence, security and OTR are increasingly important."

The real problem is U.S. government corruption. See this example from Cooperative Research, a complete 911 Timeline of 3962 events: U.S. Government corruption TimeLines [cooperativeresearch.org].

The government should serve the people, not spy on them.

1984

I find it fitting that someone named Goldberg is warning us about Big Brother.

Re:1984

The person you are talking about was actually Emmanuel Goldstein [wikipedia.org]

Pfft. Don't talk to me, I log all my IM sessions

They are sitting in plain text on my HDD.

Anyone who is IM'ing with super-secret encoding and hoping that they are safe better not be IM'ing me, or someone like me who checks the "log" button...

Sorry, sometimes I like to refer back to them, and that is the way they are kept. I am too lazy to do anything about it.

I always assume I am just part of the noise in the s/n ratio that "they" are listening to.

What's the opposite of tin-foil hat?

Re:Pfft. Don't talk to me, I log all my IM session

I log all my IM messages too. But you can not prove those messages are written by some specific person. They are plaintext and everyone can edit them. The "problem" with most encryption protocols is signing. If I write a message to you and I sign it, you can prove I wrote it. OTR provides encryption and authentication that can't be used to prove to anyone else you wrote it. I suggest you watch the video for more information.

I downloaded the ogg

The Presentation in the video appears completely blank to me. Anybody else see this?

Semi-random (webcam of the CSC office)

The organization that is serving the talk has a <a href="http://csclub.uwaterloo.ca/office/webcam.html">wecbcam ( http://csclub.uwaterloo.ca/office/webcam.html )</a> in there office. Despite serving an avi file linked directly from the slashdot page, there doesn't seem to be fire :P

Shared Secret FTW (no more finger print checking)

One of the really cool things I think with the new versions of OTR is the shared secret. How many people actually bothered identifying the hash fingerprints? I'd bet almost none. However, with a simple shared secret it becomes very easy to protect against man in the middle attacks.

how to boil a frog

Isn't EVERYONE very upset that we need these types of applications these days? Why does it seem reasonable that EVERYONE needs to hide their communications from their own governments? Shouldn't we be more upset that things have gotten so out of hand?

HR 1955

If this bill [govtrack.us] passes, you won't be able to use OTR without being carted off. Call your senator and tell them to vote NO.

Ian Goldberg

..lectures to me Tuesdays and Thursdays. I'm in his undergraduate course "Computer Security and Privacy". Cool to log on Slashdot and see your prof on the front page.

-Ryan

Testing out IM spying

A friend of mine recently questioned whether all our IM conversations were being watched by the NSA. I said most likely it all runs through a computer of theirs at some point thanks to AT&T. He decided the best way to find out was to say everything that we could think of that might throw some red flags and see what happened.

Needless to say neither one of us vanished in the night, and neither of us received any unwanted visitors.

Pidgin w/encryption

Maybe a bit off topic (I haven't watched the lecture yet either) but anyone using Pidgin with the Pidgin-encryption plugin?

I've used it for about a half a year (via Jabber's servers), and it has been a great experience.

However, I only use it w/one of my other nerd IM contacts. There's just no way I could get everyone else to get this set-up. That's the problem.

Same goes for encrypted email. Encryption just needs to be baked in from the get go.

https://mail.google.com/mail/

Encrypted chat. Case closed.

Hmm

Nice how a Canadian researcher is looking into solutions to a mostly US problem, at least it is always US media talking about wiretaps. Perhaps if ~21% of the US budget wasn't blown on the military and God knows how much more on espionage, everyone wouldn't have to be as paranoid. My solution: if big brother gets the brillant idea to tap innocent people for no reason, big brother should invest in a gun and blow his brains out.

Nearly all ssh clients have built-in SSH proxy

Putty and openssh clients can act as a SOCKS proxy server.

Simply ssh to your machine at home... direct Pidgin / GAIM / MSN (or any SOCKS capable app) to use your new local proxy server and your traffic is hidden from corporate big brother.

Once traffic leaves your machine to the internet, it's goes out unencrypted as usual... only useful to not let the boss know you've got to pick up milk on the way home.

Also, careful this doesn't hide DNS traffic.

Why does it use a separate keyring?

I have four sets of keys on my machine--keys for SSH, for PGP, for WASTE and for OTR. Why does every app using encryption insist on using its own wrappers for public keys? What's wrong with the infrastructure already present in the OpenPGP standards?

Trivial

Simple encryption added to IM, and a professor claims to have created/co-created this. Pick a coder and coder, very trivial stuff. Arrogant bunch of people those professors over there in Waterloo.

some solutions...

Correct me if I'm wrong, but I think that jabber can be turned into an encrypted protocol. In other news, if you want your IM to be kinda "secure" meaning hiding it from you employers, you could use Tor + Privoxy . I know Tor was in a bad light recently because of some misuse, but, then again, IM is not for transmitting top secret information. For passwords i use an SMS or other not-TCP solution . Just an idea.

Kopete

Well, I know that at least Kopete have PGP-encrypted chat. It automagically encrypt/decrypt messages using public-key/private-key. I think it's DSA or RSA keys, pretty secure...

So whats the difference..

.. between OTR and simp lite [secway.fr]?
I've been using simp for ages, and it even encrypts the logs (in a sense that the logs appear as gobbledegook).

Oh wait.. I guess its only for msn messenger / yahoo / icq /jabber / google.. its not like anyone uses those clients.

IRC + SSL

Seems like a good way to go, just make sure your server isn't hax0red.

how about messenger plus scripts?

messenger plus live scripts [msgpluslive.net] securePLUS 1.0 securePLUS can encrypt your chat messages so a Messenger sniffer can't read it and CryptoPack 1.01 This script makes it possible to encrypt text with various encryption types. (SHA1, MD4, MD5, Base64, Binary, Hex and URL-encoding) crYpt 1.0 Encrypt/Decrypt which enables you to secure your messages from sniffers and such using an advanced 128+ bit encryption engine. three flavours of encryption for MSN messenger at any rate.

Broken

OTR exchanges the keys when done, okay. It also does the public key hand-shake on conversation start-- with new keys (no PKI or anything), so a MitM attack works great (heh yeah). Jabber's TLS is horribly broken too, if a MitM happens it doesn't detect it (it can, it should, it won't, sorry, Pidgin doesn't alert you for crap; I filed a bug on Trac though).

A lot of people think encryption == secure; it doesn't.

Re:Ok

d41d8cd98f00b204e9800998ecf8427e

Re:Ok

d008960fa6b395dca1c8362165bb31be!

Your "!" was not hashed and you should start sentences off with a big letter. In your case, a large "F".

Re:Or, technology for terrorists

In amongst all your right-wing smearing and ranting, I discern one valid point: that the most repressive governments are likely to declare encryption illegal and punish all encryptors as harshly as they punish people caught openly opposing them. This would render encryption useless.

However, few governments are quite that bad. Most will punish encryptors less harshly. Furthermore, most governments (such as the Western ones that we are able to put political pressure on) can be forced not to criminalise encryption. Encryption can then help to avoid government interference in certain protests.

Note that it is these very governments that kill thousands, and more. If you are worried about the almost negligible amount of private terrorism in the West, then you ought to be trying to stop the killing that fuels it.

Re:Or, technology for terrorists

INEVITABLY, this encryption will be used to kill people. Lots of them. Let's not delude ourselves.

Toss toss. Everyone keeps bringing up that piss-ant September 11 event. 3000 people is not a lot in the grand scheme of things. How many people has the Farce on Terror killed? How many died in Vietnam or Hiroshima? How many people die of cancer or AIDS related problems each year? Let's stop and look at how many people die on the roads or from gunshot wounds (non war) annually around the world.

Encryption can certainly be used by the bad guys, but the bad guys are used as an excuse by the government for reigning in civil liberties and spying on the citizens. The book should have been called 2014 because that's about how far I see we have left at the current rate before they listen and log everything you do in your shitty little life to use against you.

If the government (particularly the US gumbiment) were serious about saving lives wouldn't they implement stricter gun control laws? Wouldn't they spend more money on cancer and HIV research instead of blowing it all on a farce against some unknown army of people who don't actually exist. Can't they build safer roads and find ways of solving problems that don't involve invading other countries shooting up the place and taking what they want.

There are so many things that kill more and regularly than a couple of planes crashed into a couple of buildings. This continual using it as an excuse for all the bullshit that governments are doing is just frustrating. We all know that pollies have small cocks. When the two American penises were leveled the pollies all got together and needed to find new ways of proving the enormity of their willies. It shits me!!

We have a very US friendly government here. It's also election day and people have the shits with all of the things our current government has done to bring us more in line with the US. There's workplace reform, terrorism legislation that really means nothing, copyright reform, free trade agreements that actually impede more on our rights and give the US whatever they wanted, etc. At least the people here haven't bought into the "we'll keep you safe" arguments that I heard from the current government during the campaign. It'll be interesting to see who actually wins the election and what the new evil overlords of the country do in their first term toward reversing some of the anti-terror rules that have come about and dont' really add anything to security.

End rant!

Now, don't get me wrong; I don't support extremists killing innocent people for whatever reason it is they dream up. There needs to be some law allowing control and prosecution of people like that. I just don't believe that the government needs far reaching and sweeping authoritarian power to do it.

It's enough in many places to simply say "we think you're a terrorist" and get someone. If they can't catch you in the act of planning or committing some event (with actual written plans, explosives, weapons, etc in your possession) then they shouldn't catch you.

Re:Here's My Big Question

I want the government watching you just in case you're one of the bad guys. I'll gladly give up a bit of my own privacy to make sure they don't have any.

Here's the thing: "Bad guys" are rare. As a result, the majority of people the government would end up watching are "good guys". Let's say that 1 in 100 users being watched is a "bad guy", and the government gets the "good guy/bad buy" decision right 99% of the time. That implies that about 1 "good guy" is incorrectly labeled a "bad guy" for every "bad guy" correctly labeled a "bad guy". I'd rather minimize the information the government might use to incorrectly label me a "bad guy", even if it means increasing the very slight risk that one of the "bad guys" will hurt me or someone I care about.

Or, in Franklin's words: "Those who would give up Essential Liberty to purchase a little Temporary Safety, deserve neither Liberty nor Safety."

Live Free or Die

An all powerful, tyrannical government is far and away more dangerous than terrorism. If we didn't have the former, we wouldn't be experiencing the later. Citizens must control their governments, not the other way around. Period.

Class Project: Explain why America is called 'The Land of The Free' & give examples.

But what if everyone is a 'Bad Guy'?

That is an incredibly unimpressive statement. Ugghh. Please study more history & well thought out science fiction. Maybe Patrick Henry or Philip K. Dick. Try perusing the Anti-Federalist Papers. Stop parroting these talking heads on network television. You really need to work your brain somewhat or we are all in trouble.

Re:Overkill

That's a fallacy that assumes that storage, network bandwidth, and search CPU time cost what they did in 1980. Whether one has anything to hide or not, knowing that an IM with a high school friend could be dredged up forty years later in a political contest or a lawsuit should scare the beejezus out of anyone.

Re:Or, technology for terrorists

I call troll.

Although there does seem to be a REMARKABLE metal disconnect for an amazing number of brownshirts in this country. Ones that will say at first, "If you outlaw guns, only outlaws will have guns!!!111oneone!" then turn around and say, "If you outlaw encryption, daddy president will make us all nice and safe and happy from terrorists". Unbelievably deluded. (Of course, as crypto is digital, you can't even restrict by physical means or material cost).

Terrorists funded by $10 billion (well a shitload more, now that American pumped up the price of oil) rich oil or ancillary industry magnates is hardly going to be deterred. They weren't then, they aren't now.

WTF does restricting encryption accomplish? SPECIFICS please. A suicide bomber on American soil will be deterred suddenly becuase they found out the encrypted messages they were using results in a $1000 fine and a year in jail? What, the gonna scrape up the giblets and put them in a bucket in a prison cell? I'm sorry, but you are either a troll or f'ing retarded.

It's like outlawing baseball bats to prevent death-by-Slugger-to-skull. The tool itself is not the problem here, or there, nor is it the only means to accomplish the undesired behavior.