Real Life
Real life can sometimes be a lame place. The spawn points are lousy, you can't hex edit reality to give you infinite grenades, and you can't use regex to find and replace things. However, the real world does have at least one security advantage in the communications arena.
If I would like to have a secret conversation with someone in real life, I can do so with little difficulty. For a private digital conversation to have the same essential features of a real-world private conversation, we must have Confidentiality, Authenticity, Perfect Forward Secrecy, and Deniability. I will explain why these are essential features of a digital private conversation and how Off-The-Record(OTR) fulfills them.
Confidentiality (Privacy)
If you want to have a private conversation with someone in the real world you can set up a conversation in a dark ally, or at the shipping docks, or at a motel. There are no loading docks in the digital world. If we want to have a private conversation on the internet, we need a secure protocol instead of a secure location.
Some technologies have opted to use PGP for these communications. PGP does indeed provide confidentiality, but fails to provide some of the other features needed to emulate a real-world conversation. OTR uses an AES stream cipher for encryption.(http://en.wikipedia.org/wiki/Stream_cipher)
Authenticity (Proof of authorship)
If you are talking to someone at the shipping docks, you can hear their voice, see their face, and watch their manerisms. You know they are who they say they are. In a digital world, you do not have any of these resources to determine the identity of the individual you are talking to.
OTR uses a diffie-hellman key exchange with Message Authentication Codes to authenticate your conversation and ensure that you are communicating with who you think you are communicating with.(See Note 1 at end of post) With PGP you have a digital signature that you can sign messages with. This way the recipient always knows that the message is authentic. Just like in real life right? Wrong!
Deniability
In real life I am free to deny that a private conversation ever took place. The only witnesses to the conversation were the other party and myself. PGP ensures that your signature will ALWAYS prove that you are the author of a message. This means that 3rd parties (Governments, Judges, Employers) also know that the message is from you. Because of the technologies that OTR employees for key agreement, you are ensured of the identity of the individual that you are communicating with, and they of your identity. However, because of these technologies you and the other party will be unable to prove the authorship of any of your conversations. Even if your private key is compromised.
Perfect Forward Secrecy
Here is a scary thought for those of you using PGP for these communications. If you "Alice" have a conversation with "Bob", the security of your conversation is dependant on how well Bob decides to keep his private key private. You are trusting some guy named Bob to ensure the privacy of your conversation?! You don't even know what Bob's last name is! How can you trust him?! The problem is that PGP private keys and signatures are long living. OTR uses short lived keys in combination with the technologies mentioned previously to ensure that if, somehow, any conversation were to become compromised or decoded, no other conversations could be decoded. This includes any conversations that were captured previously or any that will be captured here after.
This is only a brief overview of the OTR encryption model. To read an overview of all the features of this beautiful model you must read the whitepaper from the authors.(www.cypherpunks.ca/otr/otr-wpes.pdf)
If you want to use this wonderful OTR technology yourself, you can use libotr. This library has been provided by the designers of the OTR model themselves. It is already implemented in the pidgin-otr plugin available for pidgin, or built in to the adium IM client for Mac. Also, you can use OTR on your Android phones with Whisper Systems.
Note 1: The Diffie-Hellman key agreement protocol is vulnerable to Man-In-The-Middle attacks without some form of authentication. This form of authentication is by manually verifying the fingerprint of whoever you are communicating with. Remember this before you just click "verify" on someone's fingerprint next time! This is an essential step in remaining secure. If you fail in this step, you are choosing to undo the entire elegant and beautiful system designed to keep you secure.
No comments:
Post a Comment