SlideShare ist ein Scribd-Unternehmen logo

Communication Privacy for Free Societies at Harvard

Als ODP, PDF herunterladen
David Sugar
David Sugar

My presentation on communication privacy and how we are creating wiretap immune peer-to-peer communication services for direct public use in GNU Telephony. This was presented at Harvard University as part of LibrePlanet2010

Technologie
1 von 22
    GNU Telephony Telephony for a free world Communication Privacy For Free Societies David Sugar #0 “Privacy is ultimately about liberty Surveillance is always about control” http://www.gnutelephony.org/data/harvard2010.odp
    GNU Telephony Mission Statement #1 SECURE CALLING PROJECT GOALS: To empower people, individually and collectively, to communicate and collaborate privately and securely in real- time worldwide To establish secure communications as the default communication infrastructure To enable secure anonymous communication worldwide and protect users who exercise their basic human freedom of privacy To provide secure communication services universally on all computing platforms http://www.gnutelephony.org/data/harvard2010.odp
    GNU Telephony Why free software #2 Anyone can review what they receive; no hidden backdoors Anyone can modify the software for their specific needs or for specific platforms Anyone can redistribute the software and help make it widely available Everyone has universal and unrestricted access to the software worldwide Everyone can participate on an equal basis in it's development No-one can remove the software from availability once distributed http://www.gnutelephony.org/data/harvard2010.odp
    GNU Telephony Challenges we face #3 Software Patents and Intellectual Monopolies Anti-privacy laws effecting communication services Service Blocking and Net Neutrality Private commercial data mining The need for Zero-Knowledge Systems to protect users, zero forward knowledge to protect past conversations, etc Peer review-able code and verifiable algorithms Verifiable end-user client software Trustworthy hardware and client operating systems http://www.gnutelephony.org/data/harvard2010.odp
    GNU Telephony Why privacy matters #4 Everyone has secrets Some want to know your secrets to do you harm Freedom is responsibility, and when others become responsible for your privacy, you loose both The dilemma of false positives Securing your borders Casper is not the friendly ghost Universal encryption is asymmetric warfare against mass surveillance What protects freedom of speech in the Internet age is the munitions of encryption, as the first amendment merges with the 2nd http://www.gnutelephony.org/data/harvard2010.odp
    GNU Telephony How we started #5 1949 George Orwell publishes “1984” 1994 Calea Act introduced into law with promise never to be used for mass domestic surveillance 2001 (spring) Mass domestic communication intercept begins using Calea mandated backdoors 2004 CALEA proposed for VoIP, Internet Common Congress Held 2006 GNU ZRTP stack Introduced 2007 GNU Secure Calling Project started 2008 GNU SIP Witch Introduced as secure phone switch 2010 Secure Calling in Ubuntu 10.04 and Fedora F13 GNU/Linux http://www.gnutelephony.org/data/harvard2010.odp
    GNU Telephony Classic Media Insecurity #6 User 1 User 2 Operator has knowledge of keys Netherlands United States “Secure” Audio Path Symmetric Encryption Realtime mitm uses intercepted keys, undetectable http://www.gnutelephony.org/data/harvard2010.odp
    GNU Telephony SDES Media Insecurity #7 User 1 User 2 TCP Snooping SIP Exchange of Private Keys Netherlands United States UDP Realtime Audio Per Session Symetric Encryption Realtime mitm uses intercepted keys, undetectable http://www.gnutelephony.org/data/harvard2010.odp
    GNU Telephony S-RTP & PKI Media Insecurity #8 User 1 User 2 Certificate Stolen or “RIPA” all Past & Present calls compromised United Kingdom Netherlands UDP Realtime Audio PKI Encryption Static Certificates Certificate Authority Poisoned/Weak Certificates or copied to third party outright. All Past & Present calls compromised Realtime mitm False identity or decrypting compromised certs http://www.gnutelephony.org/data/harvard2010.odp
    GNU Telephony ZRTP and SAS #9 “XX” Sends Local Public Key XX Has Local Private Key for XX Gets Remote Public Key YY SAS Generated Hash XXYY SAS Matches, confirmed over voice “YY” Sends Local Public Key YY Has Local Private Key for YY Gets Remote Public Key XX SAS Generated Hash XXYY SAS Matches on voice Sending Public Key XX SendingPublicKeyYY “XX” Sends Local Public Key XX Has Local Private Key for XX Gets Remote Public Key ZZ SAS Generated Hash XXZZ SAS does not match when checked over voice! “YY” Sends Local Public Key YY Has Local Private Key for YY Gets Remote Public Key ZZ SAS Generated Hash ZZYY SAS does not match! MITM does not have private keys for XX or YY, so must create a new fake key ZZ Sending Key XX Sends Key ZZ SendKeyYYSendKeyZZ http://www.gnutelephony.org/data/harvard2010.odp
    GNU Telephony ZRTP Media Security #10 User 1 User 2 Per session keys not static, no user keys for RIPA United Kingdom United States UDP Realtime Audio PKI Encryption & Key Exchange Certificate Authority Locally generated keys no authority to compromise Realtime mitm for key exchange vs SAS validation Locally user generated keys Keys generated per session User has zero knowledge of keys Users can validate each others keys Peer reviewable and verifiable http://www.gnutelephony.org/data/harvard2010.odp
    GNU Telephony ZRTP & PBX enrollment #11 Ext 11 Remote United Kingdom United States Local IP-PBX uses pre-connect Remote IP-PBX uses pre-connect Ext 10 ?“Appears secure” Audio path decrypted in server Destination insecure! But also no SAS to confirm SAS relay valid if switch trusted Interconnect maybe insecure. SAS cannot relay cross-node ? Destination insecure! But no SAS to confirm Cannot call securely between nodes IP-PBX Server must be “trusted” http://www.gnutelephony.org/data/harvard2010.odp
    GNU Telephony ZRTP & PBX Passthrough #12 Ext 11 Remote United Kingdom United States Local IP-PBX uses pre-connect Remote IP-PBX uses pre-connect Ext 10 ?“Appears secure” Audio path should remain encrypted in server, but what if config is falsified? Destination insecure! But also no SAS to confirm SAS relay valid if switch trusted Interconnect maybe insecure. SAS cannot relay cross-node ? Destination insecure! But no SAS to confirm ? Cannot call securely between nodes Enrollment is used, IP-PBX holds keys, can falsify encrypted path in switch http://www.gnutelephony.org/data/harvard2010.odp
    GNU Telephony SIP Witch & Media Security #13 Ext 11 Remote Local SIP Witch Remote SIP Witch Ext 10 PSTN Gateway No uncertainty about end-to-end security in voip media path No audio to centrally decrypt PSTN gateway path may be secure but destination is not but clear boundaries between secure & insecure domains No audio to centrally decrypt, no media interconnect Secure with direct media path & zrtp Secure with direct media path & zrtp http://www.gnutelephony.org/data/harvard2010.odp
    GNU Telephony NAT and Media Proxy #14 Remote Local SIP Witch Nat port fwd 5060 For SIP, rewrite fw rules for rtp media Ext 10 Local Network Behind NAT Remote Network Behind NAT Public Internet Remote SIP Witch Nat port fwd 5060 for SIP, rewrite fw rules for rtp media Rewrite of firewall rules to packet forward rtp media on the fly Integrated rewrite of SIP SDP based on public appearing addresses Clients have no need for NAT support; all done in one place in sipwitch! Low cpu overhead, minimal latency, and stateful; server dies but calls remain alive! http://www.gnutelephony.org/data/harvard2010.odp
    GNU Telephony Traditional Roles #15 SIP Telephone Switch: * call forward and multi-nodal * multi-party ring & registration * multi-node and routing * class of service/profiles * reduced traffic on trusted nets * feature code dialing (todo) * hunting & acd (todo) * speed dialing (todo) SIP Embedded Gateway: * map subscriber to multi-party * arm, mips port proven * compilable for embedded * rtp media proxy * very low overhead * xmlrpc remote management Internet Hosted Service: * media peering possible * virtualizes well * can run as user w/o root Secure Call Domain adjunct: * cross-register with IP-PBX * fwd insecure to IP-PBX * clean domain division http://www.gnutelephony.org/data/harvard2010.odp
    GNU Telephony SIP Witch on the Desktop #16 Use existing SIP softphone clients Use your system Login account as a SIP login Single sign-on for multiple remote accounts Single place to implement NAT correctly! Automatic self configuration! Simplified service provider provisioning Creative routing and redirection; a “Gstreamer” for VoIP! http://www.gnutelephony.org/data/harvard2010.odp
    GNU Telephony Domain Calling #17 Ext 210 Local SIP Phone SIPWitch + RTP proxy User Agent Someone@somewhere Peer Service Providers me@mydomain Peer User Agent Ubuntu 10.04 GNU/Linux Fedora F13 GNU/Linux http://www.gnutelephony.org/data/harvard2010.odp
    GNU Telephony The VoIP Desktop #18 Ext 200 Paired desktop sip phone Ofono/GW Devices (modem, cell) GNU SIP Witch NAT Media Proxy Automatic routing DBUS Messaging VoIP Indicator DBUS Applet OSD Notify events User Agent: Empathy SIP Comm. Twinkle etc Private Switch Service Providers Peer to Peer SIP Media Or Device http://www.gnutelephony.org/data/harvard2010.odp
    GNU Telephony How you can help #19 How you can help Create domain calling networks bottom-up Test and use various deployment models Report bugs to sipwitch-devel@gnu.org Document using different GNU/Linux distros Help us document basic sipwitch use cases Test SIP clients and devices Contribute code to the community Communicate freely using free software http://www.gnutelephony.org/data/harvard2010.odp
    GNU Telephony Contacting #20 GNU Telephony http://www.gnutelephony.org mailto:dyfet@gnutelephony.org mailto:sipwitch-devel@gnu.org Free World Dialup: 688841 sip:dyfet@sip.gnutelephony.org irc:#bayonne irc.freenode.net jabber:gnudyfet@gmail.com http://www.gnutelephony.org/data/harvard2010.odp
    GNU Telephony Freedom to communicate #21 HAPPY Hacking http://www.gnutelephony.org/data/harvard2010.odp

Empfohlen

Libreplanet2012
Libreplanet2012Libreplanet2012
Libreplanet2012David Sugar
 
Ubuntu Desktop Telephony Stack
Ubuntu Desktop Telephony StackUbuntu Desktop Telephony Stack
Ubuntu Desktop Telephony StackDavid Sugar
 
Voip security
Voip securityVoip security
Voip securityShethwala Ridhvesh
 
VoIP Security
VoIP SecurityVoIP Security
VoIP SecurityDayanand Prabhakar
 
Introduction to IP telephony & VoIP
Introduction to IP telephony & VoIP Introduction to IP telephony & VoIP
Introduction to IP telephony & VoIP Kaushal Bhavsar
 
VOIP security
VOIP securityVOIP security
VOIP securityRohit Gurjar
 
VoIP
VoIPVoIP
VoIPPurushottam Dahal
 
VoIP security: Implementation and Protocol Problems
VoIP security: Implementation and Protocol ProblemsVoIP security: Implementation and Protocol Problems
VoIP security: Implementation and Protocol Problemsseanhn
 

Empfohlen

Libreplanet2012
Libreplanet2012Libreplanet2012
Libreplanet2012David Sugar
 
Ubuntu Desktop Telephony Stack
Ubuntu Desktop Telephony StackUbuntu Desktop Telephony Stack
Ubuntu Desktop Telephony StackDavid Sugar
 
Voip security
Voip securityVoip security
Voip securityShethwala Ridhvesh
 
VoIP Security
VoIP SecurityVoIP Security
VoIP SecurityDayanand Prabhakar
 
Introduction to IP telephony & VoIP
Introduction to IP telephony & VoIP Introduction to IP telephony & VoIP
Introduction to IP telephony & VoIP Kaushal Bhavsar
 
VOIP security
VOIP securityVOIP security
VOIP securityRohit Gurjar
 
VoIP
VoIPVoIP
VoIPPurushottam Dahal
 
VoIP security: Implementation and Protocol Problems
VoIP security: Implementation and Protocol ProblemsVoIP security: Implementation and Protocol Problems
VoIP security: Implementation and Protocol Problemsseanhn
 
smart ms voip for lte networks
smart ms voip for lte networkssmart ms voip for lte networks
smart ms voip for lte networksStreamWIDE
 
Vo ip
Vo ipVo ip
Vo ipData-Tel System Solutions, Inc.
 
Vo Ip Trunk Products Short V1
Vo Ip Trunk Products Short V1Vo Ip Trunk Products Short V1
Vo Ip Trunk Products Short V1BobPetersen6467
 
Session initiation-protocol
Session initiation-protocolSession initiation-protocol
Session initiation-protocolSanthosh Somu
 
Introduction to VoIP
Introduction to VoIPIntroduction to VoIP
Introduction to VoIPPaloSanto Solutions
 
VoIP (Voice over Internet Protocol)
VoIP (Voice over Internet Protocol)VoIP (Voice over Internet Protocol)
VoIP (Voice over Internet Protocol)Abdullah Shah
 
Voice Over IP Overview w/Secuirty
Voice Over IP Overview w/SecuirtyVoice Over IP Overview w/Secuirty
Voice Over IP Overview w/SecuirtyChristopher Duffy
 
VoIP - Technology To Business Models
VoIP - Technology To Business ModelsVoIP - Technology To Business Models
VoIP - Technology To Business Modelsguesta5f2fb
 
Sip & its application
Sip & its applicationSip & its application
Sip & its applicationPoulami Pal
 
Wimax and VoIP Presentation
Wimax and VoIP PresentationWimax and VoIP Presentation
Wimax and VoIP PresentationMario B.
 
Apple’s facetime protocol
Apple’s facetime protocolApple’s facetime protocol
Apple’s facetime protocolIMTC
 
Voip introduction
Voip introductionVoip introduction
Voip introductiondaksh bhatt
 
ICE: The ultimate way of beating NAT in SIP
ICE: The ultimate way of beating NAT in SIPICE: The ultimate way of beating NAT in SIP
ICE: The ultimate way of beating NAT in SIPSaúl Ibarra Corretgé
 
Apple Facetime Protocol
Apple Facetime ProtocolApple Facetime Protocol
Apple Facetime Protocolkshitijmehta23
 
VOIP
VOIPVOIP
VOIPGruppo Banca Sella
 
VOIP Presentation
VOIP Presentation VOIP Presentation
VOIP Presentation tofael1
 
#MoreCrypto : Introduction to TLS
#MoreCrypto : Introduction to TLS#MoreCrypto : Introduction to TLS
#MoreCrypto : Introduction to TLSOlle E Johansson
 
Ip telephony
Ip telephonyIp telephony
Ip telephonyDeevena Dayaal
 
The legislative department
The legislative departmentThe legislative department
The legislative departmentQuennie Jane Siblos
 
Article 7 executive department
Article 7 executive departmentArticle 7 executive department
Article 7 executive departmentMara Angelica Refraccion
 
The legislative department
The legislative departmentThe legislative department
The legislative departmentloveandal
 
Executive Branch of the Government of the Philippines
Executive Branch of the Government of the PhilippinesExecutive Branch of the Government of the Philippines
Executive Branch of the Government of the PhilippinesApple Salva
 

Weitere ähnliche Inhalte

Was ist angesagt?

smart ms voip for lte networks
smart ms voip for lte networkssmart ms voip for lte networks
smart ms voip for lte networksStreamWIDE
 
Vo Ip Trunk Products Short V1
Vo Ip Trunk Products Short V1Vo Ip Trunk Products Short V1
Vo Ip Trunk Products Short V1BobPetersen6467
 
Session initiation-protocol
Session initiation-protocolSession initiation-protocol
Session initiation-protocolSanthosh Somu
 
VoIP (Voice over Internet Protocol)
VoIP (Voice over Internet Protocol)VoIP (Voice over Internet Protocol)
VoIP (Voice over Internet Protocol)Abdullah Shah
 
Voice Over IP Overview w/Secuirty
Voice Over IP Overview w/SecuirtyVoice Over IP Overview w/Secuirty
Voice Over IP Overview w/SecuirtyChristopher Duffy
 
VoIP - Technology To Business Models
VoIP - Technology To Business ModelsVoIP - Technology To Business Models
VoIP - Technology To Business Modelsguesta5f2fb
 
Sip & its application
Sip & its applicationSip & its application
Sip & its applicationPoulami Pal
 
Wimax and VoIP Presentation
Wimax and VoIP PresentationWimax and VoIP Presentation
Wimax and VoIP PresentationMario B.
 
Apple’s facetime protocol
Apple’s facetime protocolApple’s facetime protocol
Apple’s facetime protocolIMTC
 
Voip introduction
Voip introductionVoip introduction
Voip introductiondaksh bhatt
 
ICE: The ultimate way of beating NAT in SIP
ICE: The ultimate way of beating NAT in SIPICE: The ultimate way of beating NAT in SIP
ICE: The ultimate way of beating NAT in SIPSaúl Ibarra Corretgé
 
Apple Facetime Protocol
Apple Facetime ProtocolApple Facetime Protocol
Apple Facetime Protocolkshitijmehta23
 
VOIP Presentation
VOIP Presentation VOIP Presentation
VOIP Presentation tofael1
 
#MoreCrypto : Introduction to TLS
#MoreCrypto : Introduction to TLS#MoreCrypto : Introduction to TLS
#MoreCrypto : Introduction to TLSOlle E Johansson
 

Was ist angesagt? (18)

smart ms voip for lte networks
smart ms voip for lte networkssmart ms voip for lte networks
smart ms voip for lte networks
 
Vo ip
Vo ipVo ip
Vo ip
 
Vo Ip Trunk Products Short V1
Vo Ip Trunk Products Short V1Vo Ip Trunk Products Short V1
Vo Ip Trunk Products Short V1
 
Session initiation-protocol
Session initiation-protocolSession initiation-protocol
Session initiation-protocol
 
Introduction to VoIP
Introduction to VoIPIntroduction to VoIP
Introduction to VoIP
 
VoIP (Voice over Internet Protocol)
VoIP (Voice over Internet Protocol)VoIP (Voice over Internet Protocol)
VoIP (Voice over Internet Protocol)
 
Voice Over IP Overview w/Secuirty
Voice Over IP Overview w/SecuirtyVoice Over IP Overview w/Secuirty
Voice Over IP Overview w/Secuirty
 
VoIP - Technology To Business Models
VoIP - Technology To Business ModelsVoIP - Technology To Business Models
VoIP - Technology To Business Models
 
Sip & its application
Sip & its applicationSip & its application
Sip & its application
 
Wimax and VoIP Presentation
Wimax and VoIP PresentationWimax and VoIP Presentation
Wimax and VoIP Presentation
 
Apple’s facetime protocol
Apple’s facetime protocolApple’s facetime protocol
Apple’s facetime protocol
 
Voip introduction
Voip introductionVoip introduction
Voip introduction
 
ICE: The ultimate way of beating NAT in SIP
ICE: The ultimate way of beating NAT in SIPICE: The ultimate way of beating NAT in SIP
ICE: The ultimate way of beating NAT in SIP
 
Apple Facetime Protocol
Apple Facetime ProtocolApple Facetime Protocol
Apple Facetime Protocol
 
VOIP
VOIPVOIP
VOIP
 
VOIP Presentation
VOIP Presentation VOIP Presentation
VOIP Presentation
 
#MoreCrypto : Introduction to TLS
#MoreCrypto : Introduction to TLS#MoreCrypto : Introduction to TLS
#MoreCrypto : Introduction to TLS
 
Ip telephony
Ip telephonyIp telephony
Ip telephony
 

Andere mochten auch

The legislative department
The legislative departmentThe legislative department
The legislative departmentloveandal
 
Executive Branch of the Government of the Philippines
Executive Branch of the Government of the PhilippinesExecutive Branch of the Government of the Philippines
Executive Branch of the Government of the PhilippinesApple Salva
 
Philippine Constitution 1987 (Article 3 - Bill of Rights)
Philippine Constitution 1987 (Article 3 - Bill of Rights)Philippine Constitution 1987 (Article 3 - Bill of Rights)
Philippine Constitution 1987 (Article 3 - Bill of Rights)Charmaine Camilo
 
Concept of Bill of Rights (Philippines)
Concept of Bill of Rights (Philippines)Concept of Bill of Rights (Philippines)
Concept of Bill of Rights (Philippines)Rich Elle
 
Philippine Government: The Executive Branch
Philippine Government: The Executive BranchPhilippine Government: The Executive Branch
Philippine Government: The Executive Branchbrianbelen
 
ARTICLE 7. EXECUTIVE BRANCH
ARTICLE 7. EXECUTIVE BRANCHARTICLE 7. EXECUTIVE BRANCH
ARTICLE 7. EXECUTIVE BRANCHjundumaug1
 
Article VI - Legislative Department
Article VI - Legislative DepartmentArticle VI - Legislative Department
Article VI - Legislative DepartmentChristian Almazon
 
Branches of the philippine government
Branches of the philippine governmentBranches of the philippine government
Branches of the philippine governmentLormel Gesite
 
Freedom of Expression is a Human Right
Freedom of Expression is a Human RightFreedom of Expression is a Human Right
Freedom of Expression is a Human RightStresemann Stiftung
 

Andere mochten auch (11)

The legislative department
The legislative departmentThe legislative department
The legislative department
 
Article 7 executive department
Article 7 executive departmentArticle 7 executive department
Article 7 executive department
 
The legislative department
The legislative departmentThe legislative department
The legislative department
 
Executive Branch of the Government of the Philippines
Executive Branch of the Government of the PhilippinesExecutive Branch of the Government of the Philippines
Executive Branch of the Government of the Philippines
 
Philippine Constitution 1987 (Article 3 - Bill of Rights)
Philippine Constitution 1987 (Article 3 - Bill of Rights)Philippine Constitution 1987 (Article 3 - Bill of Rights)
Philippine Constitution 1987 (Article 3 - Bill of Rights)
 
Concept of Bill of Rights (Philippines)
Concept of Bill of Rights (Philippines)Concept of Bill of Rights (Philippines)
Concept of Bill of Rights (Philippines)
 
Philippine Government: The Executive Branch
Philippine Government: The Executive BranchPhilippine Government: The Executive Branch
Philippine Government: The Executive Branch
 
ARTICLE 7. EXECUTIVE BRANCH
ARTICLE 7. EXECUTIVE BRANCHARTICLE 7. EXECUTIVE BRANCH
ARTICLE 7. EXECUTIVE BRANCH
 
Article VI - Legislative Department
Article VI - Legislative DepartmentArticle VI - Legislative Department
Article VI - Legislative Department
 
Branches of the philippine government
Branches of the philippine governmentBranches of the philippine government
Branches of the philippine government
 
Freedom of Expression is a Human Right
Freedom of Expression is a Human RightFreedom of Expression is a Human Right
Freedom of Expression is a Human Right
 

Ähnlich wie Communication Privacy for Free Societies at Harvard

2014 innovaphone different protocols for different things
2014 innovaphone different protocols for different things2014 innovaphone different protocols for different things
2014 innovaphone different protocols for different thingsVOIP2DAY
 
VPN presentation
VPN presentationVPN presentation
VPN presentationRiazehri
 
Voice over IP: Issues and Protocols
Voice over IP: Issues and ProtocolsVoice over IP: Issues and Protocols
Voice over IP: Issues and ProtocolsVideoguy
 
Videoconference
VideoconferenceVideoconference
Videoconferenceeonx_32
 
Understanding VoIP - 1
Understanding VoIP - 1Understanding VoIP - 1
Understanding VoIP - 1Adebayo Ojo
 
The 5 most dangerous proxies
The 5 most dangerous proxiesThe 5 most dangerous proxies
The 5 most dangerous proxiesseldridgeD9
 
How To Successfully Implement IP Video
How To Successfully Implement IP VideoHow To Successfully Implement IP Video
How To Successfully Implement IP VideoVideoguy
 
IMA/Thales EchoVoice (VOIP) for OpenSimulator Presentation at OSCC19
IMA/Thales EchoVoice (VOIP) for OpenSimulator Presentation at OSCC19IMA/Thales EchoVoice (VOIP) for OpenSimulator Presentation at OSCC19
IMA/Thales EchoVoice (VOIP) for OpenSimulator Presentation at OSCC19Lisa Laxton
 
Tor: How it works to keep you safe online. PhutureCon 2014
Tor: How it works to keep you safe online. PhutureCon 2014Tor: How it works to keep you safe online. PhutureCon 2014
Tor: How it works to keep you safe online. PhutureCon 2014IceQUICK
 
H323 Video PPT
H323 Video PPTH323 Video PPT
H323 Video PPTVideoguy
 
Site to-multi site open vpn solution with mysql db
Site to-multi site open vpn solution with mysql dbSite to-multi site open vpn solution with mysql db
Site to-multi site open vpn solution with mysql dbChanaka Lasantha
 
HEAnets' Video Conferencing Service
HEAnets' Video Conferencing ServiceHEAnets' Video Conferencing Service
HEAnets' Video Conferencing ServiceVideoguy
 

Ähnlich wie Communication Privacy for Free Societies at Harvard (20)

2014 innovaphone different protocols for different things
2014 innovaphone different protocols for different things2014 innovaphone different protocols for different things
2014 innovaphone different protocols for different things
 
Vpn presnt
Vpn presntVpn presnt
Vpn presnt
 
Vpn presnt
Vpn presntVpn presnt
Vpn presnt
 
VPN presentation
VPN presentationVPN presentation
VPN presentation
 
Voice over IP: Issues and Protocols
Voice over IP: Issues and ProtocolsVoice over IP: Issues and Protocols
Voice over IP: Issues and Protocols
 
Videoconference
VideoconferenceVideoconference
Videoconference
 
VPN.pptx
VPN.pptxVPN.pptx
VPN.pptx
 
Understanding VoIP - 1
Understanding VoIP - 1Understanding VoIP - 1
Understanding VoIP - 1
 
The 5 most dangerous proxies
The 5 most dangerous proxiesThe 5 most dangerous proxies
The 5 most dangerous proxies
 
Cn file
Cn fileCn file
Cn file
 
ppt
pptppt
ppt
 
Digital self defense
Digital self defenseDigital self defense
Digital self defense
 
VOIP BASIC
VOIP BASICVOIP BASIC
VOIP BASIC
 
How To Successfully Implement IP Video
How To Successfully Implement IP VideoHow To Successfully Implement IP Video
How To Successfully Implement IP Video
 
IMA/Thales EchoVoice (VOIP) for OpenSimulator Presentation at OSCC19
IMA/Thales EchoVoice (VOIP) for OpenSimulator Presentation at OSCC19IMA/Thales EchoVoice (VOIP) for OpenSimulator Presentation at OSCC19
IMA/Thales EchoVoice (VOIP) for OpenSimulator Presentation at OSCC19
 
Tor: How it works to keep you safe online. PhutureCon 2014
Tor: How it works to keep you safe online. PhutureCon 2014Tor: How it works to keep you safe online. PhutureCon 2014
Tor: How it works to keep you safe online. PhutureCon 2014
 
H323 Video PPT
H323 Video PPTH323 Video PPT
H323 Video PPT
 
VOIP
VOIPVOIP
VOIP
 
Site to-multi site open vpn solution with mysql db
Site to-multi site open vpn solution with mysql dbSite to-multi site open vpn solution with mysql db
Site to-multi site open vpn solution with mysql db
 
HEAnets' Video Conferencing Service
HEAnets' Video Conferencing ServiceHEAnets' Video Conferencing Service
HEAnets' Video Conferencing Service
 

Kürzlich hochgeladen

Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 

Kürzlich hochgeladen (20)

Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 

Communication Privacy for Free Societies at Harvard

  • 1.     GNU Telephony Telephony for a free world Communication Privacy For Free Societies David Sugar #0 “Privacy is ultimately about liberty Surveillance is always about control” http://www.gnutelephony.org/data/harvard2010.odp
  • 2.     GNU Telephony Mission Statement #1 SECURE CALLING PROJECT GOALS: To empower people, individually and collectively, to communicate and collaborate privately and securely in real- time worldwide To establish secure communications as the default communication infrastructure To enable secure anonymous communication worldwide and protect users who exercise their basic human freedom of privacy To provide secure communication services universally on all computing platforms http://www.gnutelephony.org/data/harvard2010.odp
  • 3.     GNU Telephony Why free software #2 Anyone can review what they receive; no hidden backdoors Anyone can modify the software for their specific needs or for specific platforms Anyone can redistribute the software and help make it widely available Everyone has universal and unrestricted access to the software worldwide Everyone can participate on an equal basis in it's development No-one can remove the software from availability once distributed http://www.gnutelephony.org/data/harvard2010.odp
  • 4.     GNU Telephony Challenges we face #3 Software Patents and Intellectual Monopolies Anti-privacy laws effecting communication services Service Blocking and Net Neutrality Private commercial data mining The need for Zero-Knowledge Systems to protect users, zero forward knowledge to protect past conversations, etc Peer review-able code and verifiable algorithms Verifiable end-user client software Trustworthy hardware and client operating systems http://www.gnutelephony.org/data/harvard2010.odp
  • 5.     GNU Telephony Why privacy matters #4 Everyone has secrets Some want to know your secrets to do you harm Freedom is responsibility, and when others become responsible for your privacy, you loose both The dilemma of false positives Securing your borders Casper is not the friendly ghost Universal encryption is asymmetric warfare against mass surveillance What protects freedom of speech in the Internet age is the munitions of encryption, as the first amendment merges with the 2nd http://www.gnutelephony.org/data/harvard2010.odp
  • 6.     GNU Telephony How we started #5 1949 George Orwell publishes “1984” 1994 Calea Act introduced into law with promise never to be used for mass domestic surveillance 2001 (spring) Mass domestic communication intercept begins using Calea mandated backdoors 2004 CALEA proposed for VoIP, Internet Common Congress Held 2006 GNU ZRTP stack Introduced 2007 GNU Secure Calling Project started 2008 GNU SIP Witch Introduced as secure phone switch 2010 Secure Calling in Ubuntu 10.04 and Fedora F13 GNU/Linux http://www.gnutelephony.org/data/harvard2010.odp
  • 7.     GNU Telephony Classic Media Insecurity #6 User 1 User 2 Operator has knowledge of keys Netherlands United States “Secure” Audio Path Symmetric Encryption Realtime mitm uses intercepted keys, undetectable http://www.gnutelephony.org/data/harvard2010.odp
  • 8.     GNU Telephony SDES Media Insecurity #7 User 1 User 2 TCP Snooping SIP Exchange of Private Keys Netherlands United States UDP Realtime Audio Per Session Symetric Encryption Realtime mitm uses intercepted keys, undetectable http://www.gnutelephony.org/data/harvard2010.odp
  • 9.     GNU Telephony S-RTP & PKI Media Insecurity #8 User 1 User 2 Certificate Stolen or “RIPA” all Past & Present calls compromised United Kingdom Netherlands UDP Realtime Audio PKI Encryption Static Certificates Certificate Authority Poisoned/Weak Certificates or copied to third party outright. All Past & Present calls compromised Realtime mitm False identity or decrypting compromised certs http://www.gnutelephony.org/data/harvard2010.odp
  • 10.     GNU Telephony ZRTP and SAS #9 “XX” Sends Local Public Key XX Has Local Private Key for XX Gets Remote Public Key YY SAS Generated Hash XXYY SAS Matches, confirmed over voice “YY” Sends Local Public Key YY Has Local Private Key for YY Gets Remote Public Key XX SAS Generated Hash XXYY SAS Matches on voice Sending Public Key XX SendingPublicKeyYY “XX” Sends Local Public Key XX Has Local Private Key for XX Gets Remote Public Key ZZ SAS Generated Hash XXZZ SAS does not match when checked over voice! “YY” Sends Local Public Key YY Has Local Private Key for YY Gets Remote Public Key ZZ SAS Generated Hash ZZYY SAS does not match! MITM does not have private keys for XX or YY, so must create a new fake key ZZ Sending Key XX Sends Key ZZ SendKeyYYSendKeyZZ http://www.gnutelephony.org/data/harvard2010.odp
  • 11.     GNU Telephony ZRTP Media Security #10 User 1 User 2 Per session keys not static, no user keys for RIPA United Kingdom United States UDP Realtime Audio PKI Encryption & Key Exchange Certificate Authority Locally generated keys no authority to compromise Realtime mitm for key exchange vs SAS validation Locally user generated keys Keys generated per session User has zero knowledge of keys Users can validate each others keys Peer reviewable and verifiable http://www.gnutelephony.org/data/harvard2010.odp
  • 12.     GNU Telephony ZRTP & PBX enrollment #11 Ext 11 Remote United Kingdom United States Local IP-PBX uses pre-connect Remote IP-PBX uses pre-connect Ext 10 ?“Appears secure” Audio path decrypted in server Destination insecure! But also no SAS to confirm SAS relay valid if switch trusted Interconnect maybe insecure. SAS cannot relay cross-node ? Destination insecure! But no SAS to confirm Cannot call securely between nodes IP-PBX Server must be “trusted” http://www.gnutelephony.org/data/harvard2010.odp
  • 13.     GNU Telephony ZRTP & PBX Passthrough #12 Ext 11 Remote United Kingdom United States Local IP-PBX uses pre-connect Remote IP-PBX uses pre-connect Ext 10 ?“Appears secure” Audio path should remain encrypted in server, but what if config is falsified? Destination insecure! But also no SAS to confirm SAS relay valid if switch trusted Interconnect maybe insecure. SAS cannot relay cross-node ? Destination insecure! But no SAS to confirm ? Cannot call securely between nodes Enrollment is used, IP-PBX holds keys, can falsify encrypted path in switch http://www.gnutelephony.org/data/harvard2010.odp
  • 14.     GNU Telephony SIP Witch & Media Security #13 Ext 11 Remote Local SIP Witch Remote SIP Witch Ext 10 PSTN Gateway No uncertainty about end-to-end security in voip media path No audio to centrally decrypt PSTN gateway path may be secure but destination is not but clear boundaries between secure & insecure domains No audio to centrally decrypt, no media interconnect Secure with direct media path & zrtp Secure with direct media path & zrtp http://www.gnutelephony.org/data/harvard2010.odp
  • 15.     GNU Telephony NAT and Media Proxy #14 Remote Local SIP Witch Nat port fwd 5060 For SIP, rewrite fw rules for rtp media Ext 10 Local Network Behind NAT Remote Network Behind NAT Public Internet Remote SIP Witch Nat port fwd 5060 for SIP, rewrite fw rules for rtp media Rewrite of firewall rules to packet forward rtp media on the fly Integrated rewrite of SIP SDP based on public appearing addresses Clients have no need for NAT support; all done in one place in sipwitch! Low cpu overhead, minimal latency, and stateful; server dies but calls remain alive! http://www.gnutelephony.org/data/harvard2010.odp
  • 16.     GNU Telephony Traditional Roles #15 SIP Telephone Switch: * call forward and multi-nodal * multi-party ring & registration * multi-node and routing * class of service/profiles * reduced traffic on trusted nets * feature code dialing (todo) * hunting & acd (todo) * speed dialing (todo) SIP Embedded Gateway: * map subscriber to multi-party * arm, mips port proven * compilable for embedded * rtp media proxy * very low overhead * xmlrpc remote management Internet Hosted Service: * media peering possible * virtualizes well * can run as user w/o root Secure Call Domain adjunct: * cross-register with IP-PBX * fwd insecure to IP-PBX * clean domain division http://www.gnutelephony.org/data/harvard2010.odp
  • 17.     GNU Telephony SIP Witch on the Desktop #16 Use existing SIP softphone clients Use your system Login account as a SIP login Single sign-on for multiple remote accounts Single place to implement NAT correctly! Automatic self configuration! Simplified service provider provisioning Creative routing and redirection; a “Gstreamer” for VoIP! http://www.gnutelephony.org/data/harvard2010.odp
  • 18.     GNU Telephony Domain Calling #17 Ext 210 Local SIP Phone SIPWitch + RTP proxy User Agent Someone@somewhere Peer Service Providers me@mydomain Peer User Agent Ubuntu 10.04 GNU/Linux Fedora F13 GNU/Linux http://www.gnutelephony.org/data/harvard2010.odp
  • 19.     GNU Telephony The VoIP Desktop #18 Ext 200 Paired desktop sip phone Ofono/GW Devices (modem, cell) GNU SIP Witch NAT Media Proxy Automatic routing DBUS Messaging VoIP Indicator DBUS Applet OSD Notify events User Agent: Empathy SIP Comm. Twinkle etc Private Switch Service Providers Peer to Peer SIP Media Or Device http://www.gnutelephony.org/data/harvard2010.odp
  • 20.     GNU Telephony How you can help #19 How you can help Create domain calling networks bottom-up Test and use various deployment models Report bugs to sipwitch-devel@gnu.org Document using different GNU/Linux distros Help us document basic sipwitch use cases Test SIP clients and devices Contribute code to the community Communicate freely using free software http://www.gnutelephony.org/data/harvard2010.odp
  • 21.     GNU Telephony Contacting #20 GNU Telephony http://www.gnutelephony.org mailto:dyfet@gnutelephony.org mailto:sipwitch-devel@gnu.org Free World Dialup: 688841 sip:dyfet@sip.gnutelephony.org irc:#bayonne irc.freenode.net jabber:gnudyfet@gmail.com http://www.gnutelephony.org/data/harvard2010.odp
  • 22.     GNU Telephony Freedom to communicate #21 HAPPY Hacking http://www.gnutelephony.org/data/harvard2010.odp