Now I sprinkle thee with crypto dust: Internet reengineering session

Presented at 31C3 (2014), Dec. 30, 2014, 4 p.m. (60 minutes)

When the Internet was designed, it was thought to be meadows full of daisies. As we now know, it's a dark place, where communication is monitored and subverted. This session presents both developments in known solutions, as well as novel suggestions, to liberally apply crypto to improve the foundations of Internet communications. <b>Trusting servers you can't touch</b> by Ryan Lackey: Servers for Internet applications are usually deployed at a distance from both the end users of the service and the administrators of the system, often controlled by third parties. Even when they're hardware vs. virtualized/cloud, it's rare for admins to have direct physical control of the servers. Yet, most applications require a high degree of trust in the integrity of servers. We describe a variety of technologies and solutions to this problem, and a framework to best protect your applications and your users. <b>dename: decentralized, secure, usable PKI</b> by Andreas Erbsen: A major challenge for private online communication is public key distribution. Trusted authorities have failed to be secure, and the web of trust has failed to build the network effect it gravely requires to be usable. This talk proposes a new PKI system built on a cryptographic consensus protocol. A set of directory servers updates and signs a mapping from public keys to names. Anyone can run their own server, strengthening the security guarantee for all clients that know it. We have an open-source implementation that can be easily integrated with systems that currently rely on manual key verification, including secure messaging, host authentication, and software distribution. <b>New development in OTR</b> by Jurre van Bergen Jurre van Bergen will speak about new developments in the world of `off-the-record` messaging. What is going on? Where are we going? In addition we will address frequently answered questions by developers and users. <b>Secure email communication - LEAP Encryption Access Project & Pixelated Your Right to</b> by Varac This presentation will introduce two new secure communication tools under development that help guarantee the right to digitally whisper – LEAP and Pixelated. <b>Dark Mail</b> by Ladar Levision Since Ladar Levison shuttered Lavabit during the summer of 2013, he has been working to solve the email privacy problems that made it technologically possible for an American court to demand unfettered access to the email messages for all of Lavabit’s worldwide customers. After a year of hard work, the Dark Internet Mail Environment (DIME) is a standards based, collaborative effort to create an elegant technical solution capable of protecting the privacy of everyone’s email. It is focused on making end-to-end email encryption automatic, while providing message confidentiality, author verification, and minimizing the leakage of metadata. DIME capable systems reduce the amount of trust users must place in their service provider. Automating the key exchange process while keeping the system resistant to manipulation by sophisticated threats is an ongoing challenge. This talk offers a compressed discussion of the DIME standards, highlighting key portions and will be followed by a project update, where we hope to showcase a DIME capable client and server implementation. <b>TLS ♥ DNS ♥ Tor</b> by equinox Replacing 100 CA hierarchies with the single DNS hierarchy, and how the bite reflex against the latter is coming at the cost of less secure identities.

Presenters:

• gedsic
• Daniel Ziegler
  Daniel Ziegler is an aspiring security hacker studying at MIT. His interests range from algorithms contests (he once won the Bundeswettbewerb Informatik -- the German national computer science computetion -- and then switched countries to represent the US at the International Olympiad Informatics) to secure cryptographic protocols. His biggest interest is how to make software less terrible. At the moment, he is exploring formal verification through proof assistants such as Coq.
• equinox
• Ladar Levison
  Ladar Levison is the Founder of Lavabit, LLC. Founded in 2004 (and originally named Nerdshack), Lavabit served as a place for free private and secure email accounts. By August of 2013, Lavabit had grown to over 410,000 users, with more than 10,000 paid subscribers. Levison created Lavabit because he believes that privacy is a fundamental, necessary right for a functioning, free and fair democratic society. On August 8, 2013, he made the bold decision to shut down his business after refusing to become "complicit in crimes against the American people." Presently, Levison is serving as the project manager and lead architect for the Dark Mail Initiative, while continuing to vigorously advocate for the privacy and free speech rights of all. Ladar Levison is the Founder of Lavabit, LLC. Founded in 2004 (and originally named Nerdshack), Lavabit served as a place for free private and secure email accounts. By August of 2013, Lavabit had grown to over 410,000 users, with more than 10,000 paid subscribers. Levison created Lavabit because he believes that privacy is a fundamental, necessary right for a functioning, free and fair democratic society. On August 8, 2013, he made the bold decision to shut down his business after refusing to become "complicit in crimes against the American people." Presently, Levison is serving as the project manager and lead architect for the Dark Mail Initiative, while continuing to vigorously advocate for the privacy and free speech rights of all.
• Jurre van Bergen
  Jurre van Bergen has a passion for anonymity, privacy and cryptography. He likes to tinker with radicalizing industries. He’s one of the co-founders Technologia Incognita a Amsterdam hackerspace and organizes various IT-security and info-activism events in the Netherlands and abroad. Most notable; https://noisysquare.com/ He develops new technology or teach activists/journalists digital security. Like for the `otr.im` project;.
• Andres Erbsen
  Programmer, free software and open source enthusiast, Computer Science and Electrical Engineering student at MIT. Interested in formal verification and usable high-assurance systems. "If it has not been called impossible, it is not worth doing".
• Ryan Lackey
  Cypherpunk. MIT dropout, then developed cryptographic software for anonymous electronic cash in the Caribbean to get around export controls (legally). Founded YC-funded trusted computing company in 2011, sold to CloudFlare, where he currently works. Co-founder of HavenCo on Sealand back in the late 1990s. Worked in Iraq/Afghanistan on satellite/wireless/cellular networking. Started a trusted computing company working on cryptographic software and hardware; set up and shut down a consumer VPN service due to NSA concerns, and sold the company to CloudFlare, the performance and security cloud edge company.
• Varac

Links:

• https://fahrplan.events.ccc.de/congress/2014/Fahrplan/events/6597.html

Similar Presentations:

• HOPE X (2014) / Your Right to Whisper: LEAP Encryption Access Project
• DEF CON 22 (2014) / Dark Mail
• HOPE X (2014) / Dark Mail