Breaking PRISM and friends

Nick Thomas nick@lupine.me.uk
Sat Aug 3 19:57:29 PDT 2013 

Hi all,

Only a decade or two late to the party... anyway, in the past few days 
since the PRISM / XKeyscore / etc leaks came to my attention, I've been 
considering schemes that breaks the kind of passive, drag-net 
collection of communications data from listening points on submarine 
cables and the like. I think I've found one, so I thought I'd share.

Code is in very, very early stages at the moment; 
https://github.com/lupine/hide-eid has half of a first pass, and a bit 
of documentation on why it might work. I'm hoping to have it in a state 
where you could run a pair of VPN providers servicing a few customers 
each within a few days. As-is, scalability is suspect, though.

The short how-it-works is that it stops the IP header (which typically 
reveals who is talking to whom, even if the IP payload is encrypted) 
from being  personally-identifying information. If your access ISP 
runs it, and your hosting ISP runs it too, you benefit from an 
anonymity set equal to all the source's customers. As long as there's 
no sniffing going on in the first and last mile, anyway.

Combined with IPsec on those miles, or a vetted path if it's short 
enough, you can reduce the amount of cable that personally-identifying 
IP headers are sniffable on, from a few thousand miles, to perhaps a 
couple of feet - on which you can focus CCTV, if you're *really* 
paranoid; or even nothing at all, if you have the same box terminating 
the IPsec tunnel and the hide-eid wrapper/unwrapper. 

The theoretical background is from the location/identity separation 
protocol stuff. Intermediaries don't actually need to know which person 
(well, EID) the packet is from, or for; they just need to know where to 
send it (which RLOC) so that a person can pick it up. This scheme is 
basically that, imagined as a least-effort overlay on the existing IP 
network. And it doesn't break as many protocols as cgNAT, since source 
and destination both know the EID of destination and source.

Feedback of any sort is extremely welcome. Particular areas of concern 
are scaling it (especially given how the crypto works), how the crypto 
works and if there's a more sensible way (key exchange with M:N 
different ISPs to take advantage of symmetric ciphers is worrisome), 
and whether there's a better way to get L/ISP with hidden EIDs deployed 
to a subset of the internet  than a hack of this magnitude. I'm still 
fairly skeptical that it can make a noticeable difference, but it seems 
promising enough for me to keep it up in the short term, at least.

If it ends up being useless, there's still tor. There's always tor.

/Nick
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cpunks.org/pipermail/cypherpunks/attachments/20130804/ef4bc6a3/attachment.html>

More information about the cypherpunks mailing list