2. About the Speaker
• 正在水深火熱中的碩二學生
• 熱愛Python及Open Source
• Involved open source projects:
o Gummi LaTeX Editor
o cppman
o PyTox
o ProjectTox-Core
o Toxic
o jToxcore
o …
• More info: http://azhuang.me
3. Outline
• What is Tox?
• Functionality
• Architecture and Design
• Pitfalls and Solutions
• In Progress Features
• Client and Bindings
• Live Demo
6. What is anyway?
• FOSS messaging network, supports A/V (GPLv3)
• Decentralized architecture
7. What is anyway?
• FOSS messaging network, supports A/V (GPLv3)
• Decentralized architecture
• End-to-end encryption
8. What is anyway?
• FOSS messaging network, supports A/V (GPLv3)
• Decentralized architecture
• End-to-end encryption
• Configuration free (does not require registration)
9. What is anyway?
• FOSS messaging network, supports A/V (GPLv3)
• Decentralized architecture
• End-to-end encryption
• Configuration free (does not require registration)
• Secure and easy to use
10. What is anyway?
• FOSS messaging network, supports A/V (GPLv3)
• Decentralized architecture
• End-to-end encryption
• Configuration free (does not require registration)
• Secure and easy to use
• A Skype replacement
23. Why are we doing this?
• We want a free(as in Freedom) and secure
alternative for , since it is “Microsofted”....
24. Why are we doing this?
• We want a free(as in Freedom) and secure
alternative for , since it is “Microsofted”....
• "We don't want to be the next secure chatting
program, we want to be the next secure chatting
program that people actually use." - Someone on
IRC
25. Why are we doing this?
• We want a free(as in Freedom) and secure
alternative for , since it is “Microsofted”....
• "We don't want to be the next secure chatting
program, we want to be the next secure chatting
program that people actually use." - Someone on
IRC
• Current secure chat programs aren't easy to use,
at least not for our parents and grandparents
normal people
27. Who started this?
• irungentoo
o Real identity is a mystery :P
o Most of the code is implemented by him
28. Who started this?
• irungentoo
o Real identity is a mystery :P
o Most of the code is implemented by him
• Project started up Jun 23, 2013
29. Who started this?
• irungentoo
o Real identity is a mystery :P
o Most of the code is implemented by him
• Project started up Jun 23, 2013
• There are currently about 10 active tox.im
developers, including me.
32. Architecture and Design
• Separated core and client, Tox is a library.
• Current implemented features in core:
33. Architecture and Design
• Separated core and client, Tox is a library.
• Current implemented features in core:
o Text messages
• Read receipt
• Typing status
34. Architecture and Design
• Separated core and client, Tox is a library.
• Current implemented features in core:
o Text messages
• Read receipt
• Typing status
o File transfer (way faster than Skype)
35. Architecture and Design
• Separated core and client, Tox is a library.
• Current implemented features in core:
o Text messages
• Read receipt
• Typing status
o File transfer (way faster than Skype)
o Group chat (IRC-like, currently invitation only)
36. Architecture and Design
• Separated core and client, Tox is a library.
• Current implemented features in core:
o Text messages
• Read receipt
• Typing status
o File transfer (way faster than Skype)
o Group chat (IRC-like, currently invitation only)
o Audio / Video call support
• Currently only 1-to-1 call supported
• 1-to-many and many-to-many support on the way!
37. Architecture and Design
• Separated core and client, Tox is a library.
• Current implemented features in core:
o Text messages
• Read receipt
• Typing status
o File transfer (way faster than Skype)
o Group chat (IRC-like, currently invitation only)
o Audio / Video call support
• Currently only 1-to-1 call supported
• 1-to-many and many-to-many support on the way!
o All communication between clients are encrypted.
44. Friend Requests
• Friend requests are routed between clients
• Client list or a list of clients whose ID are
mathematically (XOR) closest to us
45. Friend Requests
• Friend requests are routed between clients
• Client list or a list of clients whose ID are
mathematically (XOR) closest to us
Alice
Jack
Lucy
Bob
Request
Request
Got Alice’s IP_Port
46. Using the UDP Protocal
• Using UDP, easier for hole punching
47. Using the UDP Protocal
• Using UDP, easier for hole punching
• A Lossless UDP protocol on top of UDP
48. Using the UDP Protocal
• Using UDP, easier for hole punching
• A Lossless UDP protocol on top of UDP
• Allow packet drop for A/V data packet
49. Using the UDP Protocal
• Using UDP, easier for hole punching
• A Lossless UDP protocol on top of UDP
• Allow packet drop for A/V data packet
• NAT Traversal: Most NAT works, but symmetric
NAT are problematic for now
51. Encryption
• Using Elliptic Curve Cryptography
o Short key length, but still secure
• Using NaCl (Networking and Cryptography library)
52. Encryption
• Using Elliptic Curve Cryptography
o Short key length, but still secure
• Using NaCl (Networking and Cryptography library)
o libsodium is prefered
53. Encryption
• Using Elliptic Curve Cryptography
o Short key length, but still secure
• Using NaCl (Networking and Cryptography library)
o libsodium is prefered
o crypto_box: curve25519xsalsa20poly1305
• curve25519 for Key exchange
• xsalsa20 for encryption
• poly1305 for message authentication
54. Encryption
• Using Elliptic Curve Cryptography
o Short key length, but still secure
• Using NaCl (Networking and Cryptography library)
o libsodium is prefered
o crypto_box: curve25519xsalsa20poly1305
• curve25519 for Key exchange
• xsalsa20 for encryption
• poly1305 for message authentication
• ID == Public Key
o Example ID:
4E9D1B82DEE3BD3D4DDA62190873EA40737251A4
3445E4D517E66230BC4507233533EDD01F24
56. Pitfalls and Solutions
• Attack against DHT
o Sybil attacks: attacker with large resource (e.g.
governments) can create a large number of pseudo
nodes that does nothing or disrupt network.
57. Pitfalls and Solutions
• Attack against DHT
o Sybil attacks: attacker with large resource (e.g.
governments) can create a large number of pseudo
nodes that does nothing or disrupt network.
• Metadata Leaking
o When routing friend requests, nodes leaks information
about the request’s ID and IP mapping.
o Possible to identify a users’s real identity with IP
58. Pitfalls and Solutions
• Attack against DHT
o Sybil attacks: attacker with large resource (e.g.
governments) can create a large number of pseudo
nodes that does nothing or disrupt network.
• Metadata Leaking
o When routing friend requests, nodes leaks information
about the request’s ID and IP mapping.
o Possible to identify a users’s real identity with IP
• How do we safely exchange ID (Public Key)
o Key being swap by a MITM?
59. Solutions
• Attack against DHT
o Periodically check all client’s behavior to see if it’s a
bad node.
o The criteria of a good node is strict.
60. Solutions
• Attack against DHT
o Periodically check all client’s behavior to see if it’s a
bad node.
o The criteria of a good node is strict.
• Metadata Leaking
o Don’t use their long term keypair in DHT, generate a
temporary one when sending friend requests.
o Onion routing for friend requests
61. Solutions
• Attack against DHT
o Periodically check all client’s behavior to see if it’s a
bad node.
o The criteria of a good node is strict.
• Metadata Leaking
o Don’t use their long term keypair in DHT, generate a
temporary one when sending friend requests.
o Onion routing for friend requests
• How do we safely exchange ID (Public Key)
o DNS lookup!
63. DNS User Discovery
• Use DNS TXT record to store the ID, for example:
o tox://tox1@azhuang.me will be mapped to at TXT record
‘tox1._tox.azhuang.me’
64. DNS User Discovery
• Use DNS TXT record to store the ID, for example:
o tox://tox1@azhuang.me will be mapped to at TXT record
‘tox1._tox.azhuang.me’
o ‘v=tox1;id=4E9D1B82DEE3BD3D4DDA62190873EA40
737251A43445E4D517E66230BC4507233533EDD01F2
4’
65. DNS User Discovery
• Use DNS TXT record to store the ID, for example:
o tox://tox1@azhuang.me will be mapped to at TXT record
‘tox1._tox.azhuang.me’
o ‘v=tox1;id=4E9D1B82DEE3BD3D4DDA62190873EA40
737251A43445E4D517E66230BC4507233533EDD01F2
4’
• To prevent DNS poisoning or MITM, use the
tox2 protocol (requires a extra pin):
o 'v=tox2;pub=4E9D1B82DEE3BD3D4DDA62190873EA407372
51A43445E4D517E66230BC450723;check=1F24‘
66. DNS User Discovery
• Use DNS TXT record to store the ID, for example:
o tox://tox1@azhuang.me will be mapped to at TXT record
‘tox1._tox.azhuang.me’
o ‘v=tox1;id=4E9D1B82DEE3BD3D4DDA62190873EA40
737251A43445E4D517E66230BC4507233533EDD01F2
4’
• To prevent DNS poisoning or MITM, use the
tox2 protocol (requires a extra pin):
o 'v=tox2;pub=4E9D1B82DEE3BD3D4DDA62190873EA407372
51A43445E4D517E66230BC450723;check=1F24‘
• tox.se will be available for the public
69. In Progress Features
• DHT Hardening
o Research for more attach patterns
• TCP Server
o Route traffic for clients behind symmetric NAT or
enterprise firewalls
o Act like a “Super node” in the Skype network
70. In Progress Features
• DHT Hardening
o Research for more attach patterns
• TCP Server
o Route traffic for clients behind symmetric NAT or
enterprise firewalls
o Act like a “Super node” in the Skype network
• A/V improvements
o Congestion control and variable bitrate support
o A/V synchronization
74. Clients and Bindings
• Support most platforms
o Windows, Linux, Mac
• Toxic (Ncurses CLI), has audio call support
• Venom (Vala with GTK+)
• Poison (MacOS only)
75. Clients and Bindings
• Support most platforms
o Windows, Linux, Mac
• Toxic (Ncurses CLI), has audio call support
• Venom (Vala with GTK+)
• Poison (MacOS only)
o Mobile
• AnTox (Android), supports QR code scanning
• Toxicity (iOS)
76. Clients and Bindings
• Support most platforms
o Windows, Linux, Mac
• Toxic (Ncurses CLI), has audio call support
• Venom (Vala with GTK+)
• Poison (MacOS only)
o Mobile
• AnTox (Android), supports QR code scanning
• Toxicity (iOS)
• Language bindings:
o Python: PyTox (full A/V support)
o jTorecore: used in Antox
77. How to use?
• Just launch any client, and it will generate a
public/private key pair for you
78. How to use?
• Just launch any client, and it will generate a
public/private key pair for you
• No login required
79. How to use?
• Just launch any client, and it will generate a
public/private key pair for you
• No login required
• Send your public key to you friends
80. How to use?
• Just launch any client, and it will generate a
public/private key pair for you
• No login required
• Send your public key to you friends
• Add you friends with their public key
81. How to use?
• Just launch any client, and it will generate a
public/private key pair for you
• No login required
• Send your public key to you friends
• Add you friends with their public key
• Start chatting!
84. PyTox
• CDD (Conference Driven Developemnt)
• No A/V support 2 days ago…
o The video implementation in core even has some critical
bugs
85. PyTox
• CDD (Conference Driven Developemnt)
• No A/V support 2 days ago…
o The video implementation in core even has some critical
bugs
• Full A/V support implemented before OSDC.tw!
86. PyTox
• CDD (Conference Driven Developemnt)
• No A/V support 2 days ago…
o The video implementation in core even has some critical
bugs
• Full A/V support implemented before OSDC.tw!
• Leverage the power of Python
o An EchoBot can be implement in less than 50 lines of
Python code
o SyncBot: a PoC of PyTox, syncing messages between
Tox groupchat and freenode #tox-ontopic