Breaking PRISM and friends

m morlockelloi at yahoo.com
Sun Aug 4 01:57:54 PDT 2013 

How is this conceptually different from a 2-node Tor network, where each 
ISP operates one node of the pair linking to every other ISP (so there 
are I^2 pairs)? Additional benefit of using Tor would be mixing and 
making traffic analysis harder. Threat modelling could draw on the 
existing research on Tor vulnerabilities.

Also, an ISP could easily, today, run single-node Tor network to obscure 
end point locations.

The problem does not seem technical at all. The problem is that ISPs 
have physical addresses. What you need is a floating ISP ... go 
anywhere, travel light, get in, get out, wherever there's trouble, a man 
alone.



On 8/3/13 19:57 , Nick Thomas wrote:
> Hi all,
>
> Only a decade or two late to the party... anyway, in the past few days
> since the PRISM / XKeyscore / etc leaks came to my attention, I've been
> considering schemes that breaks the kind of passive, drag-net collection
> of communications data from listening points on submarine cables and the
> like. I think I've found one, so I thought I'd share.
>
> Code is in very, very early stages at the moment;
> https://github.com/lupine/hide-eid has half of a first pass, and a bit
> of documentation on why it might work. I'm hoping to have it in a state
> where you could run a pair of VPN providers servicing a few customers
> each within a few days. As-is, scalability is suspect, though.
>
> The short how-it-works is that it stops the IP header (which typically
> reveals who is talking to whom, even if the IP payload is encrypted)
> from being  personally-identifying information. I! f your access ISP
> runs it, and your hosting ISP runs it too, you benefit from an anonymity
> set equal to all the source's customers. As long as there's no sniffing
> going on in the first and last mile, anyway.
>
> Combined with IPsec on those miles, or a vetted path if it's short
> enough, you can reduce the amount of cable that personally-identifying
> IP headers are sniffable on, from a few thousand miles, to perhaps a
> couple of feet - on which you can focus CCTV, if you're *really*
> paranoid; or even nothing at all, if you have the same box terminating
> the IPsec tunnel and the hide-eid wrapper/unwrapper.
>
> The theoretical background is from the location/identity separation
> protocol stuff. Intermediaries don't actually need to know which person
> (well, EID) the packet is from, or for; they just need to know where to
> send it (which RLOC) so that a person can pick it up. This scheme is
> basically that, imagined as a least-effort over! lay on the existing IP
> network. And it doesn't break as many protocols as cgNAT, since source
> and destination both know the EID of destination and source.
>
> Feedback of any sort is extremely welcome. Particular areas of concern
> are scaling it (especially given how the crypto works), how the crypto
> works and if there's a more sensible way (key exchange with M:N
> different ISPs to take advantage of symmetric ciphers is worrisome), and
> whether there's a better way to get L/ISP with hidden EIDs deployed to a
> subset of the internet  than a hack of this magnitude. I'm still fairly
> skeptical that it can make a noticeable difference, but it seems
> promising enough for me to keep it up in the short term, at least.
>
> If it ends up being useless, there's still tor. There's always tor.
>
> /Nick

More information about the cypherpunks mailing list