4. Liberté Linux
• Hardened, Gentoo-based, LiveUSB/CD, Linux
distro
• Fully(ish) anonymized
• Similar in goal to TAILS
• Designed for Anon specifically
• Run by Maxim Kammerer (he is Crazy)
• Uses Tor AND I2P
5.
6.
7.
8. Features that make it different than TAILS
• Anti-forensic memory erase on boot media
extraction
– Aimed to cold boot attacks
• OTFE container using LUKS
• Collect clock setting via Tor consensus
– Makes sure that clock settings are not in the clear
– He’s very proud of this
• I2p communication over Tor so that it can
traverse firewalls better
9. Features that make it different than TAILS
• Mac address randomization
• Custom consistent HTTP headers
– Defends against browser fingerprinting
• Harsher iptables rules
• Grsecurity for inter-process security
10. The Big Features
• The first Linux distro that uses UEFI
– Secure boot
– Hardware based verification of the operating system
– If something new is on the system (malware) it won’t boot
• Does not allow you to install ANY software
• Forces a specific resolution
• Cables Communication
– Custom written P2P message exchange
12. TAILS Linux
• Debian based, LiveUSB/CD, Linux distro
• Fully(ish) anonymized
• Similar in goal to Liberte
• Designed for the everyman
• Run by Baum with the support of the Tor
Project
• Uses just Tor for anonymity (but has i2p
installed)
13.
14. Features that Make It Different Than Liberte
• Regular updates
– New versions are put out due to security issues or active
development at least once a month
– You can apt-get upgrade whenever you want
• Uses standard LUKS for persistence and
supports TrueCrypt
• Contains a meta-data stripping tool – MAT
• Uses Iceweasel (eventually TorBrowser)
instead of janky Epiphany
15. The Big Features
• Documentation and Support
– Unlike liberte that hasn’t been updated since 2012
– New releases every month
– Monetarily supported by Tor Project
– Has a roadmap!
– Has complete, up to date documentation, in many languages
• Can temporarily install any software
– Or manually build from source and install your own software
16. Tails “Quirks”
• No lock screen, no screen saver
– Even if you install a screensaver, there are other tty terminals
that let you just log in
• Persistent Media is only USB
– That means virtualization products won’t be able to make a
consistent partion
17. Cables: TL;DR
• A secure, peer-to-peer based message
exchange
• Aims to be a decentralized eMail replacement
• Not really good as instant messaging (See
bitmessage)
19. Generate a 8192 bit x.509 key
Generate a SHA1 hash of that key
This is your cables username
gb24hw2hpihnj2eftkuz42fvp3l3nsoc
Create a Tor hidden service
5rfvhdhbw7z4dcw6.onion
This is your domain name
@
20. Transport Mechanism
• This is P2P so how does it exchange
messages?
• Via HTTP requests
• The .onion service hosts a web interface
• http://localhost:9080/{userid}
21. Crypto Bits
• X.509 8192 bit certificate (ca.cer)
• Signing key generated from ca.cer
• Diffie-Hellman session key exchange for
transport security
• Cryptographic Message Syntax (CMS) for the
format of message
• Custom wrapper that lets you use Claws-Mail
24. Wait
• Diffie-Helman is a secure temporal key
exchange
• Used in this case to provide transport security
• It provides a key exchange ON TOP of the
hidden service transport mechanism
26. BUT WHY??
• Why is Maxim adding a transport security
mechanism on top of Tor?
• Answer: Because he didn’t think Tor hidden
services had enough crypto
– SHA1 – deprecated
– AES128 – deprecated
– RSA-1024 – deprecated
• Tor’s hidden services are not secure enough
27. Review
• RSA 8192 x509 based secure message
exchange
• Uses HTTP requests over onion services to
connect
• Security on top of your security
• Janky web service
28. Popularity
• No one uses this
• I think one of the reasons is the awkwardness
of the name “Cables”
• Although it’s inherently more anonymous than
BitMessage, who cares because no one uses it
30. Bitmessage
• Secure, P2P based messaging
• Similar to mixmaster style anonymity
model(plausible deniability)
• If bitcoin had a baby with email it would be
Bitmessage
• You can only decrypt messages sent to your
public key
31.
32.
33.
34. Message Encryption
• Elliptic Curve Integrated Encryption Scheme
• Elliptic Curve Diffie Hellman (ECDH) to
generate a shared secret
• AES256-CBC (PKCS#7)
• Key-derivation-function using SHA512
• HMACSHA256
35. “Proof Of Work”
• POW
• In order to send a
message, you have to
compute something
• Supposed to help mitigate
spam because each
message requires
37. Verification
• The client receives the message and verifies that
it has done enough work to send it to you
• The goal is that for each person you send to, you
have to send a POW
• When you send to 100 people, it may take 3
hours
• You can adjust the required POW to send to you
38. Protocol Encryption
• It’s like some crazy bitcoin
P2P network
• Seems really complicated
• I just don’t fucking know
• https://bitmessage.org/wiki/
Protocol_specification
39. Bit Message Popularity
• BitMessage is the most popular messaging
exchange by far
• Deepweb users like this as their favorite
• Remember they are all using the same exact
client and software and network to do this
exchange
• www.reddit.com/r/bitmessage
40. Summary
• Liberte: Cutting edge but full of the jank
• TAILS: Annoying but the best
• Cables: Why are we even talking about it?
• BitMessage: The most popular one, so it
doesn’t matter how secure it is