---------- Forwarded message ---------- From: Bill Cox <waywardgeek@gmail.com> Date: Sun, Jan 10, 2016 at 9:38 AM Subject: [Cryptography] A possible alternative to TOR and PrivaTegrity without backdoors To: "cryptography@metzdowd.com" <cryptography@metzdowd.com> This is an old idea, but perhaps now there might be more reason to consider it. I currently call this idea Alias. Here's my dumb data-dump on it. Thoughts? Alias is a concept for a TOR-like Internet protocol supporting free speech and user privacy, but without encouraging the worst evil behaviors. Exit Nodes are replaced with Public Gateways, which sponsor users. The definition of evil behavior is defined by the Public Gateways and operators of routing nodes. Users would be encouraged to use good behavior, as their public alias would develop a reputation over time. Anonymity would be protected, but a user's Public Gateway and any routing node could refuse to route data for aliases with poor reputations. TOR was created with a lofty goal: to support free speech. Unfortunately, TOR has drawn attention from governments and law enforcement, as it could be used to protect some of the worst activities, such as contract killing, and the slave trade. TOR Exit Node operators generally follow a strict policy of never looking at traffic, because simply observing this traffic would require Exit Node operators in most countries to regularly contact law enforcement to report crimes. PrivaTegrity is an alternative protocol to TOR, which aims to find a balance between protecting free speech and protecting the world from the worst behavior. Unfortunately, the PrivaTegrity inserts encryption backdoors. Alias Design: This is very much a dumb idea in the half-baked stage. Feedback and ideas are welcome. Alias would be a fork of TOR, and route Internet traffic from a user's machine through a couple of Routing Nodes, to a Public Gateway, which replaces the Exit Node. The Public Gateway would have an account for the user, under a pseudonym used on Alias network by the user, called his alias. The Public Gateway should keep an email contact address for the user, similar to regular accounts on various web sites. In Alias, user aliases would have trackable reputations, and the reputations of user aliases would be combined into a reputation for a Public Gateway. At a minimum, incident reports would be used to compute user reputations. Exactly how this works is TBD, but the goal is to cause gateways with very poor reputations to be effectively blacklisted by routing nodes, and for users with poor reputations to be dropped by reputable gateways. Users could move their alias from one gateway to another when needed, but they could not erase what their previous gateway knows about there identity. The Gateway would not know a user's location, and in many cases will know nothing other than the user's reputation and email address. When requested by a government authority, at a minimum, a gateway can drop support for a user alias, causing that alias to try to find a new gateway that will agree to sponsor it. Participants who act as routing nodes in Alias would be able to select what sort of reputations they require from aliases and Gateways to allow traffic to be routed through them to those gateways. They could, for example, choose to not route data for any gateway with a high reputation for routing to pornography sites. I compare the TOR, PrivaTegrity, and Alias concepts in several "threat cases" below: Threat Case: Governments Overreact to Terrorism In this case, we assume all the governments involved have decided to share all user network traffic in a mass surveillance program. The user Alice has something to say, such as wanting to tell the world that the mass surveillance program exists. TOR: Alice succeeds in using TOR to log into various blogging sites and publishes her knowledge about the surveillance program. Unfortunately, TOR provides limited defense against the Men in Black (MiB), and Alice may be arrested. The MiB is assumed to compromise TOR in various ways, such as operating many Exit Nodes and monitoring meta-data such as packet timing and size between nodes. PrivaTegrity: With the assumption that all governments involved are colluding, Alice is revealed directly, without having to subvert the protocol. Alias: Alice needs a Public Gateway to sponsor her. She can choose a gateway with a reputation of sponsoring free speech, such various newspapers, in a country that is not participating in the mass surveillance program. When Alice posts what she knows to various blogs, the Public Gateway (newspaper in this case) will be the the one defending her anonymity. In any case, even if the newspaper is forced to reveal what they know about Alice, they never knew her location. Conclusion: Alias seems to provide better protection of free speech in this case. Threat Case: A Single Government Blackmails the Rest Suppose one of the governments involved decides to use it’s influence in the protocol to blackmail one or more of the other governments involved into agreeing to some political agenda. TOR: If the government were the USA, it might have unique powers to track users through the TOR network. If true, the USA could refuse to reveal a French suspected terrorist unless the French government share mass surveillance data collected on it’s citizens. Is this sort of thinking too paranoid? PrivaTegrity: With nine separate governments who must collude to expose a user, it is possible for any one of the nine to blackmail the rest. For example, if tracking down a particular user is of critical importance to one government, another could demand certain trade policies be agreed to before allowing that user to be revealed. Alias: A country containing the Public Gateway sponsoring a user might make political demands from another country before agreeing to force the Public Gateway to reveal a user’s email address. However, this coercion is weaker than weaker than the TOR case because there is no country with majority control, and weaker than the PrivaTegrity case because a government can coerce cooperation only from Public Gateways in its country. Conclusion: While none are immune to this threat, Alias seems to perform better in this case. Threat Case: Hackers Compromise the Network In this case, a group of hackers wants to reveal the identity of a particular user. TOR: There is little chance that the attacker can hack all the nodes from the user to the Exit Node, and since the Exit Node has no information about the user, there seems to be little chance that the hacker can reveal the user’s identity, short of bugs in the protocol. PrivaTegrity: While hackers might hack one or more of the nine governments, it would be a considerable task for the hacker to hack them all. However, it is possible, and this is a weakness vs TOR. Alias: The hacker need only hack the user’s chosen Public Gateway, which is a considerably simpler task than with PrivaTegrity. Conclusion: Hackability of Public Gateways is a significant weakness for Alias compared to the other two. Threat Case: Evil Users Secretly Collude In this case, suppose there is strong evidence that several evil users wants to collude to do something terrible, and they want to communicate anonymously. For example, they could be running a contract-killing business or enslaving people and selling them on the Dark Web. TOR: Unfortunately, evil behaviors have been enabled in some cases over TOR. PrivaTegrity: The users involved in such evil activities can have their communication secretly wiretapped. This is a strong capability for law enforcement in this case. Alias: Assuming reputable Public Gateways are used, most of the users’ emails would be revealed to law enforcement. This is weaker than a wiretap. Conclusion: In the case of severe evil, PrivaTegrity performs the best, Alias next best, and TOR the worst. Threat Case: Somewhat Evil Users Secretly Collude What is evil vs good is highly subjective, and getting people to agree can be difficult. In this case, the users are engaged in what most reasonable people consider evil. For example, consider illegal trade in ivory, which could lead to the extinction of wild elephants. TOR: Users trading in ivory likely would benefit from using TOR. PrivaTegrity: Having to get cooperation from nine governments may be too painful when tracking down a single ivory trader, and the ivory trader likely could use PrivaTegrity to their advantage. If, on the other hand, the nine governments put in place a rapid rubber-stamp process to enable going after small-time criminals, then this capability can be highly abused. Alias: Ivory traders would avoid using Alias through reputable Public Gateways, since their identities could easily be revealed¸ and the sites the traders visit to buy/sell ivory would not likely be very reputable, lowering their alias' reputation. Conclusion: Alias seems to perform better at determine somewhat evil behaviors. Bill _______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography