This forum is in permanent archive mode. Our new active community can be found here.

Secure Communication

edited August 2013 in Technology
With the closing of several secure email companies and the coming death of cloud storage in the US (from a global market perspective) I came up with an idea. I do not know if this idea has been implemented before but I think it might allow a certain level of privacy and security to email-like communications.

Currently you can encrypt the contents of your message but the sender and recipient information is not. Something that gets encrypted. Often the knowledge that two people are in communication is enough and the contents do not need to be deciphered for the message to have value to those who are watching.

What if there were a way to encrypt everything about the message?

If there were a secure message server that a person could connect to via an encrypted and secure connection with all communication only staying on that server (or servers all with secure links) would that be secure enough? It wouldn't be email because the messages would never travel over the internet in an email form as such no one could pull the 'envelope' data from the messages.
«1

Comments

  • edited August 2013
    Or we could just use PGP. The trouble is you pretty much have to give up webmail, which is what makes modern email so easy and awesome.
    Post edited by George Patches on
  • Even with PGP isn't the 'envelope' information still unencrypted?
  • edited August 2013
    There are already secure IM protocols (or ways to piggy back on existing IM protocols to make them more secure) such as OTR.

    Silent Circle offers full secure messaging, phone, etc., at least according to their website. One of the founders is Phil Zimmerman, the guy who invented PGP, so odds are pretty good they're doing things right. The only problem is that it ain't super cheap at $120/year.

    Edit: yes, with PGP the envelope information is still unencrypted. Although, you don't need to give up webmail with PGP. For one thing, there is the Mailvelope Firefox and Chrome extension that gives you PGP access to most webmail accounts. Of course, if you don't trust that extension, PGP is just plain text, so you can just copy and paste from your webmail window to your PGP window as necessary.
    Post edited by Dragonmaster Lou on
  • Someone needs to revive WASTE.
    http://en.wikipedia.org/wiki/WASTE

    Also, just use GPG encryption and signing of important email. Give up on the metadata aspect (who you're emailing) and secure the data aspect (what you're saying).

    You can use GPG with webmail easily.
  • edited August 2013
    Crypto.cat is a pretty legit and easy encrypted instant messaging service. Just make sure to tell the other person the conversation name in a secure or offline manner, to be safe.
    Post edited by ninjarabbi on
  • The funny thing is that the people most likely to do us harm (or at least most likely to succeed in doing us harm) already know all this crap. The low-level terrorists may be morons (cause you need to be either pretty dumb or pretty desperate to be willing to blow yourself up), but as you go up the chain, the ones calling the shots are much more likely to be "evil geniuses" (or, even if they aren't geniuses, they're at least smart enough to run what is in effect a global criminal organization while avoiding getting caught/droned/etc.). The low-level morons will screw up on their own and get caught without any of this spying and the high-level ringleaders are smart enough to use crypto or other methods of communications such as trusted couriers.
  • But today using encryption makes your traffic stick out above 99% of other people's traffic. Unless everyone uses it, I'm not sure it helps that much.
  • They're already likely capturing your traffic anyway, so you might as well encrypt it. Plus, the amount of money it costs to decrypt a lot of shit is probably more than most of us are worth.
  • So we should encrypt lolcats and email them around?
  • So we should encrypt lolcats and email them around?
    Probably.

    Ideally, you send all emails to a big list of people, and everyone important does the same. If all emails are encrypted, and all go to this list, then the metadata is munged. An observer can neither determine the contents of the communication, nor reliably who is communicating with whom. They can only tell that this list of email addresses is somehow linked.

    By sending cats on a regular basis, you also obscure when you are communicating.
  • If we sent large enough encrypted files the government would quickly run out of storage space.

    Is there 'expansion' software? The opposite of compression? Make a 75kb lolcat file into 10MB and then email it in an encrypted message?
  • If we sent large enough encrypted files the government would quickly run out of storage space.

    Is there 'expansion' software? The opposite of compression? Make a 75kb lolcat file into 10MB and then email it in an encrypted message?
    They will not run out of storage.
  • Suddenly anticipating the prices of storage going up.
  • While they can continue to add more storage their initial amount of storage can be filled.

    Think of the lols among NSA staffers when they finally break the encryption and see a picture of a cat asking for tuna samiches.
  • While they can continue to add more storage their initial amount of storage can be filled.

    Think of the lols among NSA staffers when they finally break the encryption and see a picture of a cat asking for tuna samiches.
    Trust me dude, you can't fill their storage.
  • edited August 2013
    Is there 'expansion' software? The opposite of compression? Make a 75kb lolcat file into 10MB and then email it in an encrypted message?
    There are "zipbombs." Basically a specially constructed zip (or other compressed file format) that while in compressed format only occupies maybe a few K at most but can be expanded to any arbitrary size -- up to 2^64-1 bytes, I believe, using current compression algorithms. However, that gives you in the ballpark of 18 exabytes, which is certainly well within the amount of storage the NSA probably has available.
    Trust me dude, you can't fill their storage.
    At least not for any meaningful period of time. Hypothetically, you could fill it at some point between storage upgrades, but you'd need absolutely ridiculous timing to do so as you'd better believe their sysadmins are proactively ordering more storage long before their current storage fills up.
    Post edited by Dragonmaster Lou on
  • edited August 2013
    Is there 'expansion' software? The opposite of compression? Make a 75kb lolcat file into 10MB and then email it in an encrypted message?
    There are "zipbombs." Basically a specially constructed zip (or other compressed file format) that while in compressed format only occupies maybe a few K at most but can be expanded to any arbitrary size -- up to 2^64-1 bytes, I believe, using current compression algorithms. However, that gives you in the ballpark of 18 exabytes, which is certainly well within the amount of storage the NSA probably has available.
    Ultimately that's pretty easy to test for, and they can just store them in compressed form.

    If you want to fill up lots of bytes, you need to either randomly generate them or get them from somewhere else.
    Trust me dude, you can't fill their storage.
    At least not for any meaningful period of time. Hypothetically, you could fill it at some point between storage upgrades, but you'd need absolutely ridiculous timing to do so as you'd better believe their sysadmins are proactively ordering more storage long before their current storage fills up.
    Yeah, that kind of approach works only if you have enough people doing it. In fact, if only a few people do it you may only attract more attention to yourselves because you're taking those extra measures.
    Post edited by lackofcheese on
  • edited August 2013
    But today using encryption makes your traffic stick out above 99% of other people's traffic. Unless everyone uses it, I'm not sure it helps that much.
    So we should encrypt lolcats and email them around?
    Probably.

    Ideally, you send all emails to a big list of people, and everyone important does the same. If all emails are encrypted, and all go to this list, then the metadata is munged. An observer can neither determine the contents of the communication, nor reliably who is communicating with whom. They can only tell that this list of email addresses is somehow linked.

    By sending cats on a regular basis, you also obscure when you are communicating.
    Read "Little Brother." One of the characters works for an ISP and they start encrypting random traffic so encrypted traffic doesn't stand out.
    Post edited by Pegu on
  • edited August 2013
    I don't think some of you understand how encryption works, and some of you don't understand how goddamn expensive large-scale storage is.

    For a properly-implemented standard encryption, if all you have access to is a set of encrypted messages, it is simply infeasible break the encryption in a reasonable amount of time, because the only way to do so is effectively brute force. You can glean information from the metadata and message lengths, which are un-hideable, but encrypted emails are safe unless they access your computer and get your encryption key.

    In short, encryption is not really breakable unless the listeners have access to a large amount of sideband information.

    Also, hard drive companies charge ludicrous amounts for enterprise-class storage, I'm talking the dollars per gigabyte range. If the NSA is just picking up all the traffic it can get their storage costs would very rapidly outpace the entire agency's budget.
    However, that gives you in the ballpark of 18 exabytes, which is certainly well within the amount of storage the NSA probably has available.
    Loooooooooooool.
    Post edited by Linkigi(Link-ee-jee) on
  • edited August 2013
    However, that gives you in the ballpark of 18 exabytes, which is certainly well within the amount of storage the NSA probably has available.
    Loooooooooooool.
    EMC makes a storage array that can hold up to 500 or so drives, Let's assume those are 2 TB drives. So that gives you 1 petabyte for the storage array. Said storage array is about the size of 3 refrigerators. So let's say about 27 square feet per array.

    So you need about 27,000 square feet to hold one exabyte using said array. 18 exabytes is about 486,000 square feet. The NSA's Utah datacenter alone is estimated to have from 3-12 exabytes of capacity. Now I'm not saying that the NSA has thousands of exabytes of capacity, however, given how a single datacenter could potentially hold 2/3 of that amount, it's possible that they could easily meet 18 exabytes when spread out across multiple datacenters. I wouldn't be surprised if the NSA has multiple 10's of exabytes of storage available spread across multiple data centers.

    That said, and I am embarrassed somewhat at this, I did miscalculate just how big an exabyte was per se. The point was even a zip bomb wouldn't be able to do significant damage to the NSA and I just used a simple 2^64 maximum file size to express how much that could potentially be without stepping back to think exactly how big that was. Extra embarrassing since I've worked in enterprise storage for my entire career.

    Part of my miscalculation was that I was remembering my then employer's petabyte lab (as in it literally held one petabyte of storage) back in 2000 (when the largest drives said employer was shipping were around 30GB or so), and then expanding that in my mind somewhat based on how much storage capacity had increased without doing any hard calculations as to just how much it has increased like I sort of did above. My quick thinking turned out to underestimate just how much more space an exabyte today would take over a petabyte in 2000, even with improvements in capacity since then. My mistake, although I don't think I was that far off, given what we know about the Utah datacenter and current storage capacities. Even if they don't have 18 exabytes available now, odds are they will relatively soon, unless their funding gets cut dramatically.
    Post edited by Dragonmaster Lou on
  • That Forbes estimate itself is probably high by around a factor of two, considering you also need space between the racks for cooling systems and maintenance access.

    But I'm talking about the cost of buying that storage - if you're buying disk drives at enterprise prices, which the NSA probably is, you're paying on the order of a dollar per gigabyte (no, I'm not joking), and 1.5 exabytes of storage runs you $1.5 billion - around the cost of the entire rest of the center. If you can somehow make the drives last on average five years, you're looking at a $300 million annual equipment replacement cost.

    Moreover, one can reliably half the actual storage content again on the assumption that the NSA will very likely have some redundancy in that data center.
  • message lengths, which are un-hideable
    They are if every message you send is the same lengthPADDEDWITHGARBAGETEXTHERE.

    At least you only reveal an upper bound on message lengths.
  • That Forbes estimate itself is probably high by around a factor of two, considering you also need space between the racks for cooling systems and maintenance access.

    But I'm talking about the cost of buying that storage - if you're buying disk drives at enterprise prices, which the NSA probably is, you're paying on the order of a dollar per gigabyte (no, I'm not joking), and 1.5 exabytes of storage runs you $1.5 billion - around the cost of the entire rest of the center. If you can somehow make the drives last on average five years, you're looking at a $300 million annual equipment replacement cost.

    Moreover, one can reliably half the actual storage content again on the assumption that the NSA will very likely have some redundancy in that data center.
    Some good points here, and again I should reiterate someone else's points that zipbombs are pretty easy to detect before unzipping them anyway, so even if the NSA had the capacity to hold a maximum sized zipbomb, it certainly wouldn't fool them. Short of the trivially blocked zipbomb, I don't know of any other way to effectively flood the NSA's data centers with that much data.

    As far as redundancy, they may have that for archival purposes (which they may compress/deduplicate/etc.), but they wouldn't need it for scratch space, but that all gets down to the nitty gritty as to how the NSA set up its storage hierarchy.

    Plus, there is plenty of wiggle room in pricing for enterprise storage, as I know first hand. Sure, the list price for enterprise storage is $1/gigabyte, but if you're buying enough of it, salespeople could give you a substantial discount as well. Heck, while this isn't a case of giving a discount on the storage itself, a enterprise software product I used to work on, which normally cost several tens of thousands of dollars to purchase on its own, was often thrown into the purchase like a Cracker Jack prize to sweeten the deal a salesperson was making to a customer buying an enterprise array from my then employer. I would be surprised if other things, such as discounts of drives, etc., weren't also thrown in -- especially when in a bidding war against other enterprise storage vendors.

    In addition, going back to the whole storage hierarchy thing, many enterprises use cheaper/lower grade storage for less critical data (such as scratch space) or use extra redundancy (RAID6 or similar) to get away with using cheaper grade storage on medium critical data (archival, backups, etc.). The really expensive stuff typically only gets deployed for the most important stuff, and sometimes they don't even bother with spinning disks and go straight to massive quantities of flash at that end. So while the NSA's most important stuff may use the $1/gig storage (or even pricier flash), there is also a very good chance they're using much cheaper stuff for less critical storage.

    But as I said, I also misestimated the amount of space an exabyte would take by expanding upon how much space a petabyte took 13 years ago and assumed, without thinking things through, that storage density increased by more than it actually did.
  • Discounts? Government contracts? What world are you living in?
  • edited August 2013
    Discounts? Government contracts? What world are you living in?
    I've seen our salesmen schmooze with military reps. :P I've also bent over backwards to try to come up with something for the IRS that would've basically been a "throw it in so they buy our product."

    Remember, the government always goes with the lowest bidder (or nearly lowest). If there was no bidding war, you may have a point there, but once you get into a bidding war, then all bets are off.
    Post edited by Dragonmaster Lou on
  • At least for the time being, it seems your email/data would have the most legal protection when avoiding 3rd party services altogether and running your own server located on your private property.
  • edited August 2013
    At least for the time being, it seems your email/data would have the most legal protection when avoiding 3rd party services altogether and running your own server located on your private property.
    Except that when the email transitions servers/routers/etc. on the public internet, it's apparently fair game. The only example of an email server that would have utmost legal protection would be something like a corporate email server, located on your own property, that only exchanges internal email that never goes out on a public network of any sort.

    That's part of the problem when people say "don't use Google/Microsoft/Yahoo/etc., it makes your email easy for the Feds to access." Sure, having all those emails in one place does make things slightly easier. However, it's not that much harder for someone, whether the Feds or a miscreant with the proper access, to simply put a tap on the upstream data lines coming out of Google/Microsoft/Yahoo/Your Personal Server and scoop up as much yummy data as they like. Heck, my house ran its own email server in college, and I (and others) would routinely packet sniff upstream of the server and show people just how insecure things were. Granted, that was small peanuts compared to what the NSA can do/is doing, but it's not exactly rocket science to do it either. The only significant differences between what I did back then and what the NSA is doing are a matter of scale (the NSA has much bigger hardware to scoop up data with) and access (the NSA can get upstream of major ISPs, whereas I could only get upstream of the server located in my house).
    Post edited by Dragonmaster Lou on
  • I was really only referring to email/data stored on the server. Once your traffic is monitored, the only option left is carrier pigeon or private wormholes.
  • Encryption works, guys.
  • Encryption works, guys.
    Email is a lost cause unless it's replaced with a more secure standard where encryption is the default. I just don't see people starting all of the sudden to use encryption.
Sign In or Register to comment.