Opened 4 years ago

Closed 3 years ago

#17580 closed enhancement (user disappeared)

Add IPC for client so other programs can import/export messages

Reported by: maqp Owned by:
Priority: Medium Milestone:
Component: Archived/Tor Messenger Version:
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Hi!

I'm working on a project that provides end point security against bulk CNE / bulk equipment interference / automated hacking by limiting the window of exposure during which end point can be compromised.

Currently, a software exploit that finds it's way to computer of user at _any point_ after setup can compromise all future conversations. With TFC, if the system isn't compromised during the ~10 minute time frame of setup, it will remain secure against remote attacks, even if the malware would exploit zero days in software / OS. Only malware that exploits unintended covert channel in hardware is able to retrieve the information.


Abstract

Tinfoil Chat (TFC) is a high assurance encryption system that operates on top of messaging clients. Built on free and open source hardware and software the secure by design implementa tion protects not only data in transit against passive and active attacks, but also the end points against CNE practiced by organized crime and TLAs such as the NSA, GCHQ and BKA.

  1. Authenticated encryption uses either OTP and one-time MAC, or cascaded set of symmetric ciphers (Keccak-512-CTR, XSalsa20, Twofish-CTR and AES256-GCM) and set of authentication algorithms (GMAC, HMAC-SHA2-512 and SHA3-512 MAC).
  1. Keys are generated by mixing /dev/(u)random with vN whitened, SHA3-512 compressed entropy, sampled from an open circuit design HWRNG.
  1. Endpoints are secured by separating encryption and decryption on isolated TCB-devices, that interact with a networked computer through open circuit design data-diode enforced unidirectional gateways. Removal of bidirectional channels prevents exfiltration of keys and plaintexts even with exploits against zero-day vulnerabilities in software against OS of TCBs.
  1. Trickle connection hides metadata about when and how much communication is taking place by sending a constant stream of encrypted data to receiving TCB units.

Links

Whitepaper:
https://www.cs.helsinki.fi/u/oottela/tfc.pdf

User manual:
https://www.cs.helsinki.fi/u/oottela/tfc-manual.pdf

GitHub project:
https://github.com/maqp/tfc-cev

At the moment TFC works wonderfully with Pidgin, but I would assume Tor Messenger is going to replace it in Tails at some point, which would render TFC's Tails installation configuration useless.

So I'm asking you to include some sort of IPC that let's other programs read and write messages to Tor Messenger client.

I'm happy to answer any questions you might have regarding the project or the issue.

Child Tickets

Change History (3)

comment:1 Changed 4 years ago by arlolra

Can you point me to the API in Pidgin you use for IPC?

comment:2 Changed 3 years ago by arlolra

Keywords: end point security TFC CNE removed

comment:3 Changed 3 years ago by arlolra

Resolution: user disappeared
Status: newclosed
Note: See TracTickets for help on using tickets.