[liberationtech] [SPAM:#] Spicer: Appless Security

Tue Feb 28 07:07:22 PST 2017

According to sources, there was recently a meeting held in a government I
won't name at which the press secretary demanded all his staffers put their
cell phones on the table so they could be examined to see if they had any
apps loaded that might be used to leak. Needless to say, news of the
meeting leaked almost immediately.

Since I do cryptography, I am of course interested in meeting the needs of
whistleblowers working for dictatorial authoritarian governments that have
scant concern for rule of law.

At present I am working on a scheme called the Mathematical Mesh which is
designed to make cryptography easier to use. This requires an app but for
configuration of the device, not for cryptography per-se. The aim is to get
this embedded by platform providers.

http://prismproof.org/

When I talk about this problem there is always someone who immediately
says, 'well that is good but we absolutely must have a unicorn for it to be
worth having'. By which they mean absolutely perfect endpoint security. No,
its a stupid requirement to put on a communications protocol because it
isn't a communications issue, it is purely orthogonal. So putting aside
demands for the impossible, what can we do to support the whistleblowing
minions of Kim Jon Un, Putin, Erdogan, Trump, Mugabwe, etc. ?

Inspired by the coloured boxes of the phone phreaks:

Red Crypto: Communication application provides transport layer security but
not end to end security, is vulnerable to server compromise. (e.g. TLS)

Blue Crypto: Communication application provides end to end security but
does not protect against traffic analysis (e.g. OpenPGP, S/MIME)

Magenta Crypto: Communication application providing Red + Blue features.

Black Crypto: Communication capability provides Magenta crypto but does not
require application loaded on end point device

Gold Crypto: As for Black but runs in secure partition on trustworthy
hardware.

Unicorn Crypto: As for gold but guarantees hardware is not compromised in
fashion that end user can verify without any third party attestation
whatsoever.

Is Black crypto possible? I think so. We need to extend the javascript APIs
a bit though and use capabilities like the ones I am developing for the
Mesh.

The way I would do it is the user creates a Personal Mesh Profile and
connects their devices to it. This should not be in any way unusual in
itself, its just the way to configure devices to share passwords, etc.

Each device that is connected to a Mesh profile has a device key (a set
actually).

Let us imagine that we have a Javascript mechanism that allows a JavaScript
application to access a device key if and only if they are signed by a
signing key that is authorized for this purpose in the user's personal
profile.

That would appear to be sufficient to meet the 'appless security
requirement' and it is very close to what we have already in next gen
javascript.

What the sketch does not do is to provide complete deniability as Mallet
can look at the personal profile and see that it grants access. But that is
a detail that can be cleared up with some smart crypto.

The name Spicer seemed like a good one for the app if it is written.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20170228/c3b11cf0/attachment.html>