My presentation on communication privacy and how we are creating wiretap immune peer-to-peer communication services for direct public use in GNU Telephony. This was presented at Harvard University as part of LibrePlanet2010
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Communication Privacy for Free Societies at Harvard
1.
GNU Telephony
Telephony for a free world
Communication Privacy
For Free Societies
David Sugar
#0
“Privacy is ultimately about liberty
Surveillance is always about control”
http://www.gnutelephony.org/data/harvard2010.odp
2.
GNU Telephony
Mission Statement
#1
SECURE CALLING PROJECT GOALS:
To empower people, individually and collectively, to
communicate and collaborate privately and securely in real-
time worldwide
To establish secure communications as the default
communication infrastructure
To enable secure anonymous communication worldwide and
protect users who exercise their basic human freedom of
privacy
To provide secure communication services universally on all
computing platforms
http://www.gnutelephony.org/data/harvard2010.odp
3.
GNU Telephony
Why free software
#2
Anyone can review what they receive; no hidden backdoors
Anyone can modify the software for their specific needs or
for specific platforms
Anyone can redistribute the software and help make it
widely available
Everyone has universal and unrestricted access to the
software worldwide
Everyone can participate on an equal basis in it's
development
No-one can remove the software from availability once
distributed
http://www.gnutelephony.org/data/harvard2010.odp
4.
GNU Telephony
Challenges we face
#3
Software Patents and Intellectual Monopolies
Anti-privacy laws effecting communication services
Service Blocking and Net Neutrality
Private commercial data mining
The need for Zero-Knowledge Systems to protect users,
zero forward knowledge to protect past conversations, etc
Peer review-able code and verifiable algorithms
Verifiable end-user client software
Trustworthy hardware and client operating systems
http://www.gnutelephony.org/data/harvard2010.odp
5.
GNU Telephony
Why privacy matters
#4
Everyone has secrets
Some want to know your secrets to do you harm
Freedom is responsibility, and when others become responsible
for your privacy, you loose both
The dilemma of false positives
Securing your borders
Casper is not the friendly ghost
Universal encryption is asymmetric warfare against mass
surveillance
What protects freedom of speech in the Internet age is the
munitions of encryption, as the first amendment merges with the
2nd
http://www.gnutelephony.org/data/harvard2010.odp
6.
GNU Telephony
How we started
#5
1949 George Orwell publishes “1984”
1994 Calea Act introduced into law with promise never to be
used for mass domestic surveillance
2001 (spring) Mass domestic communication intercept begins
using Calea mandated backdoors
2004 CALEA proposed for VoIP, Internet Common Congress Held
2006 GNU ZRTP stack Introduced
2007 GNU Secure Calling Project started
2008 GNU SIP Witch Introduced as secure phone switch
2010 Secure Calling in Ubuntu 10.04 and Fedora F13 GNU/Linux
http://www.gnutelephony.org/data/harvard2010.odp
7.
GNU Telephony
Classic Media Insecurity
#6
User 1 User 2
Operator has
knowledge of
keys
Netherlands United States
“Secure” Audio Path
Symmetric Encryption
Realtime mitm uses
intercepted keys,
undetectable
http://www.gnutelephony.org/data/harvard2010.odp
8.
GNU Telephony
SDES Media Insecurity
#7
User 1 User 2
TCP Snooping
SIP Exchange of
Private Keys
Netherlands United States
UDP Realtime Audio
Per Session Symetric Encryption
Realtime mitm uses
intercepted keys,
undetectable
http://www.gnutelephony.org/data/harvard2010.odp
9.
GNU Telephony
S-RTP & PKI Media Insecurity
#8
User 1 User 2
Certificate Stolen
or “RIPA” all Past
& Present
calls compromised
United Kingdom Netherlands
UDP Realtime Audio
PKI Encryption Static Certificates
Certificate
Authority
Poisoned/Weak Certificates or
copied to third party outright. All
Past & Present calls compromised
Realtime mitm
False identity or decrypting
compromised certs
http://www.gnutelephony.org/data/harvard2010.odp
10.
GNU Telephony
ZRTP and SAS
#9
“XX”
Sends Local Public Key XX
Has Local Private Key for XX
Gets Remote Public Key YY
SAS Generated Hash XXYY
SAS Matches, confirmed over voice
“YY”
Sends Local Public Key YY
Has Local Private Key for YY
Gets Remote Public Key XX
SAS Generated Hash XXYY
SAS Matches on voice
Sending Public Key XX
SendingPublicKeyYY
“XX”
Sends Local Public Key XX
Has Local Private Key for XX
Gets Remote Public Key ZZ
SAS Generated Hash XXZZ
SAS does not match when checked over voice!
“YY”
Sends Local Public Key YY
Has Local Private Key for YY
Gets Remote Public Key ZZ
SAS Generated Hash ZZYY
SAS does not match!
MITM does not
have private
keys for XX
or YY, so must
create a new
fake key ZZ
Sending
Key XX Sends Key ZZ
SendKeyYYSendKeyZZ
http://www.gnutelephony.org/data/harvard2010.odp
11.
GNU Telephony
ZRTP Media Security
#10
User 1 User 2
Per session keys
not static, no user
keys for RIPA
United Kingdom United States
UDP Realtime Audio
PKI Encryption & Key Exchange
Certificate
Authority Locally generated keys
no authority to compromise
Realtime mitm for key exchange
vs SAS validation
Locally user generated keys
Keys generated per session
User has zero knowledge of keys
Users can validate each others keys
Peer reviewable and verifiable
http://www.gnutelephony.org/data/harvard2010.odp
12.
GNU Telephony
ZRTP & PBX enrollment
#11
Ext 11 Remote
United Kingdom United States
Local IP-PBX
uses pre-connect
Remote IP-PBX
uses pre-connect
Ext 10
?“Appears
secure”
Audio path decrypted
in server
Destination insecure!
But also no SAS to confirm
SAS relay valid
if switch trusted
Interconnect maybe insecure.
SAS cannot relay cross-node
?
Destination insecure!
But no SAS to confirm
Cannot call securely between nodes
IP-PBX Server must be “trusted”
http://www.gnutelephony.org/data/harvard2010.odp
13.
GNU Telephony
ZRTP & PBX Passthrough
#12
Ext 11 Remote
United Kingdom United States
Local IP-PBX
uses pre-connect
Remote IP-PBX
uses pre-connect
Ext 10
?“Appears
secure”
Audio path should remain
encrypted in server, but
what if config is falsified?
Destination insecure!
But also no SAS to confirm
SAS relay valid
if switch trusted
Interconnect maybe insecure.
SAS cannot relay cross-node
?
Destination insecure!
But no SAS to confirm
?
Cannot call securely between nodes
Enrollment is used, IP-PBX holds keys,
can falsify encrypted path in switch
http://www.gnutelephony.org/data/harvard2010.odp
14.
GNU Telephony
SIP Witch & Media Security
#13
Ext 11
Remote
Local SIP Witch Remote SIP Witch
Ext 10
PSTN Gateway
No uncertainty about end-to-end
security in voip media path
No audio to
centrally decrypt
PSTN gateway path may be
secure but destination is not
but clear boundaries between
secure & insecure domains
No audio to
centrally decrypt, no
media interconnect
Secure with direct
media path & zrtp
Secure with direct
media path & zrtp
http://www.gnutelephony.org/data/harvard2010.odp
15.
GNU Telephony
NAT and Media Proxy
#14
Remote
Local SIP Witch
Nat port fwd 5060
For SIP, rewrite fw
rules for rtp media
Ext 10
Local Network
Behind NAT
Remote Network
Behind NAT
Public
Internet
Remote SIP Witch
Nat port fwd 5060
for SIP, rewrite fw
rules for rtp media
Rewrite of firewall rules to packet forward rtp media on the fly
Integrated rewrite of SIP SDP based on public appearing addresses
Clients have no need for NAT support; all done in one place in sipwitch!
Low cpu overhead, minimal latency, and stateful; server dies but calls remain alive!
http://www.gnutelephony.org/data/harvard2010.odp
16.
GNU Telephony
Traditional Roles
#15
SIP Telephone Switch:
* call forward and multi-nodal
* multi-party ring & registration
* multi-node and routing
* class of service/profiles
* reduced traffic on trusted nets
* feature code dialing (todo)
* hunting & acd (todo)
* speed dialing (todo)
SIP Embedded Gateway:
* map subscriber to multi-party
* arm, mips port proven
* compilable for embedded
* rtp media proxy
* very low overhead
* xmlrpc remote management
Internet Hosted Service:
* media peering possible
* virtualizes well
* can run as user w/o root
Secure Call Domain adjunct:
* cross-register with IP-PBX
* fwd insecure to IP-PBX
* clean domain division
http://www.gnutelephony.org/data/harvard2010.odp
17.
GNU Telephony
SIP Witch on the Desktop
#16
Use existing SIP softphone clients
Use your system Login account as a SIP login
Single sign-on for multiple remote accounts
Single place to implement NAT correctly!
Automatic self configuration!
Simplified service provider provisioning
Creative routing and redirection; a “Gstreamer” for VoIP!
http://www.gnutelephony.org/data/harvard2010.odp
18.
GNU Telephony
Domain Calling
#17
Ext 210
Local SIP Phone
SIPWitch +
RTP proxy
User
Agent
Someone@somewhere
Peer
Service
Providers
me@mydomain
Peer
User
Agent
Ubuntu 10.04 GNU/Linux
Fedora F13 GNU/Linux
http://www.gnutelephony.org/data/harvard2010.odp
19.
GNU Telephony
The VoIP Desktop
#18
Ext 200
Paired desktop
sip phone
Ofono/GW
Devices
(modem, cell)
GNU SIP Witch
NAT Media Proxy
Automatic routing
DBUS Messaging
VoIP Indicator
DBUS Applet
OSD Notify
events
User Agent:
Empathy
SIP Comm.
Twinkle
etc
Private
Switch
Service
Providers
Peer to
Peer
SIP Media
Or Device
http://www.gnutelephony.org/data/harvard2010.odp
20.
GNU Telephony
How you can help
#19
How you can help
Create domain calling networks bottom-up
Test and use various deployment models
Report bugs to sipwitch-devel@gnu.org
Document using different GNU/Linux distros
Help us document basic sipwitch use cases
Test SIP clients and devices
Contribute code to the community
Communicate freely using free software
http://www.gnutelephony.org/data/harvard2010.odp
21.
GNU Telephony
Contacting
#20
GNU Telephony
http://www.gnutelephony.org
mailto:dyfet@gnutelephony.org
mailto:sipwitch-devel@gnu.org
Free World Dialup: 688841
sip:dyfet@sip.gnutelephony.org
irc:#bayonne irc.freenode.net
jabber:gnudyfet@gmail.com
http://www.gnutelephony.org/data/harvard2010.odp
22.
GNU Telephony
Freedom to communicate
#21
HAPPY
Hacking
http://www.gnutelephony.org/data/harvard2010.odp