Differences between revisions 18 and 19
Revision 18 as of 2015-01-03 19:13:53
Size: 20024
Editor: ?DocOcassi
Comment:
Revision 19 as of 2015-01-03 20:02:40
Size: 20900
Editor: ?DocOcassi
Comment:
Deletions are marked like this. Additions are marked like this.
Line 99: Line 99:
|| '''Name''' || '''Info''' || '''Description''' || '''Implements''' ||
|| OTR || https://otr.cypherpunks.ca || Private communications over instant messaging || 13, 12, 15, 10 ||
|| [[DebianPkg:irssi-plugin-otr|irssi-plugin-otr]] || || || ||
|| [[DebianPkg:pidgin-otr|pidgin-otr]] || || || ||
|| [[DebianPkg:jitsi|jitsi]] || https://jitsi.org || Encrypted VoIP/Video with OTR plugin || ||
|| '''Name''' || '''Info''' || '''Description''' || '''Implements''' ||
|| [[DebianPkg:libotr|libotr]] || https://otr.cypherpunks.ca || Private communications over instant messaging || 13, 12, 15, 10 ||
|| [[DebianPkg:irssi-plugin-otr|irssi-plugin-otr]] || http://irssi-otr.tuxfamily.org/ || OTR plugin for irssi || ||
|| [[DebianPkg:pidgin-otr|pidgin-otr]] || || OTR plugin for pidgin || ||
|| gaim-plugin-otr || || OTR plugin for gaim || ||
|| xchat-otr || http://irssi-otr.tuxfamily.org/ || OTR plugin for xchat || ||
|| [[DebianPkg:jitsi|jitsi]] || https://jitsi.org || Encrypted VoIP/Video with OTR plugin || ||
Line 108: Line 110:
|| '''Name''' || '''Info''' || '''Description''' || '''Implements''' ||
|| [[DebianPkg:mixmaster|mixmaster]]           || https://sourceforge.net/projects/mixmaster         || Anonymous Remailer || 11, 13 ||
|| Mixminion || https://mixminion.net       || Anonymous Remailer (Abandoned? Alpha) || 11, 13 ||
|| Freenet || https://freenetproject.org        || Decentralised node driven encrypted network || 8, 11, 13 ||
|| [[DebianPkg:gnunet|gnunet]]  || https://gnunet.org    || Encrypted peer to peer Network || 11, 8 ||
|| I2P || https://geti2p.net   || Anonymous network layer || 11, 13 ||
|| Namecoin || http://namecoin.info      || Anonymous registry || ||
|| [[DebianPkg:coreutils|shred]]   || || Secure file deletion || 5 ||
|| [[DebianPkg:tinc|tinc]] || http://www.tinc-vpn.org      || encrypted peer to peer network || 11 ||
|| zyre || https://github.com    || Proximity based Peer to peer framework || ||
|| Retroshare || https://retroshare.sourceforge.net             || friend to friend secure decentralised net || ||
|| Briar || https://briarproject.org    || Proximity based encrypted peer to peer network || ||
|| Pond || https://pond.imperialviolet.org          || Forward secure async messaging (Experimental) || ||
|| cjdns || http://cjdns.info || Encrypted IPv6 with PPK for address allocation || ||
|| [[DebianPkg:mumble|mumble]]      || http://mumble.info    || Encrypted VoIP || ||
|| CCNx || https://www.ccnx.org     || Content Secured network with name addressing || ||
|| [[DebianPkg:tahoe-lafs|tahoe-lafs]]        || https://www.tahoe-lafs.org       || Decentralized cloud storage system || ||
|| Blackadder || https://www.fp7-pursuit.eu/PursuitWeb/?page_id=338 || information centric networking || ||
|| T
ribler             || https://www.tribler.org/ || Peer to peer file sharing || ||
|| Psyced || http://www.
psyced.org/      || Encrypted distributed chat and messaging system || ||
|| Bittorrent || https://www.bittorrent.org/       || Peer to peer file sharing || ||
|| tox || https://tox.im/ || Distributed Encrypted VoIP/video Messaging || ||
|| [[DebianPkg:linphone|linphone]]     || https://linphone.org   || Distributed Encrypted VoIP/video Messaging || ||
|| [[DebianPkg:openvpn|openvpn]]      || https://openvpn.net     || Encrypted network tunnelling VPN || ||
|| [[DebianPkg:xul-ext-https-everywhere|xul-ext-https-everywhere]]    || https://www.eff.org/https-everywhere                 || Force https usage in mozilla browser          || ||
|| [[DebianPkg:xul-ext-noscript|xul-ext-noscript]] ||              https://noscript.net/ || Block javascript in mozilla browser || ||
|| [[DebianPkg:mat|mat]] || https://mat.boum.org      || Metadata Anonymization tool || ||
|| [[DebianPkg:corkscrew|corkscrew]]        || http://www.agroman.net/corkscrew/                           || tunnel TCP connections through HTTP proxies                     || ||
|| [[DebianPkg:iodine|iodine]] || http://code.kryo.se/iodine/             || tool for tunneling IPv4 data through a DNS server                      || ||
|| [[DebianPkg:macchanger|macchanger]]          || || manipulate the MAC address of network interfaces     || ||
|| [[DebianPkg:cryptsetup|cryptsetup]]          || https://code.google.com/p/cryptsetup/                              || disk encryption support || ||
|| [[DebianPkg:ooniprobe|ooniprobe]]         || https://ooni.torproject.org/      || Internet censorship measurement tool || ||
|| [[DebianPkg:assword|assword]]     || || Secure password management and retrieval || ||
|| [[DebianPkg:haveged|haveged]]      || http://www.issihosts.com/haveged/                                  || Linux entropy source using the HAVEGE algorithm                               || ||
|| [[DebianPkg:keepassx|keepassx]]        || http://www.keepassx.org/                     || Password safe || ||
|| [[DebianPkg:msva-perl|msva-perl]]         || || Cryptographic identity validation agent (Perl implementation)                                  || ||
|| [[DebianPkg:nautilus-wipe|nautilus-wipe]]       || http://wipetools.tuxfamily.org/nautilus-wipe.html        || Secure deletion extension for Nautilus                               || ||
|| [[DebianPkg:pwgen|pwgen]] ||           http://pwgen.sourceforge.net/ || generate secure passwords || ||
|| [[DebianPkg:secure-delete|secure-delete]]       || || tools to wipe files, free disk space, swap and memory                           || ||
|| '''Name'''                               || '''Info''' || '''Description'''                              || '''Implements''' ||
|| [[DebianPkg:mixmaster|mixmaster]] || https://sourceforge.net/projects/mixmaster || Anonymous Remailer             || 11, 13 ||
|| Mixminion                                  || https://mixminion.net || Anonymous Remailer (Abandoned? Alpha)     || 11, 13 ||
|| Freenet                                    || https://freenetproject.org || Decentralised node driven encrypted network          || 8, 11, 13 ||
|| [[DebianPkg:gnunet|gnunet]] || https://gnunet.org || Encrypted peer to peer Network                   || 11, 8 ||
|| I2P                                       || https://geti2p.net || Anonymous network layer                     || 11, 13 ||
|| Namecoin                                 || http://namecoin.info || Anonymous registry                         || ||
|| [[DebianPkg:coreutils|shred]] || || Secure file deletion                            || 5 ||
|| [[DebianPkg:tinc|tinc]]         || http://www.tinc-vpn.org || encrypted peer to peer network                  || 11 ||
|| zyre                                      || https://github.com || Proximity based Peer to peer framework            || ||
|| Retroshare                                 || https://retroshare.sourceforge.net || friend to friend secure decentralised net                || ||
|| Briar                                      || https://briarproject.org || Proximity based encrypted peer to peer network       || ||
|| Blackadder || https://www.fp7-pursuit.eu/PursuitWeb/?page_id=338 || information centric networking || ||
|| Pond
|| https://pond.imperialviolet.org || Forward secure async messaging (Experimental)      || ||
|| cjdns                                     || http://cjdns.info  || Encrypted IPv6 with PPK for address allocation           || ||
|| [[DebianPkg:mumble|mumble]] || http://mumble.info || Encrypted VoIP                            || ||
|| CCNx                                    || https://www.ccnx.org || Content Secured network with name addressing     || ||
|| [[DebianPkg:tahoe-lafs|tahoe-lafs]] || https://www.tahoe-lafs.org || Decentralized cloud storage system              || ||
|| Tribler || https://www.tribler.org/ || Peer to peer file sharing || ||
|| Psyced || http
://www.psyced.org/ || Encrypted distributed chat and messaging system     || ||
|| Bittorrent                                   || https://www.bittorrent.org/ || Peer to peer file sharing                         || ||
|| tox                                      || https://tox.im/   || Distributed Encrypted VoIP/video Messaging          || ||
|| [[DebianPkg:linphone|linphone]] || https://linphone.org || Distributed Encrypted VoIP/video Messaging          || ||
|| [[DebianPkg:openvpn|openvpn]] || https://openvpn.net || Encrypted network tunnelling VPN                 || ||
|| [[DebianPkg:xul-ext-https-everywhere|xul-ext-https-everywhere]] || https://www.eff.org/https-everywhere || Force https usage in mozilla browser || ||
|| [[DebianPkg:xul-ext-noscript|xul-ext-noscript]] || https://noscript.net || Block javascript in mozilla browser                   || ||
|| [[DebianPkg:mat|mat]]      || https://mat.boum.org || Metadata Anonymization tool                  || ||
|| [[DebianPkg:corkscrew|corkscrew]] || http://www.agroman.net/corkscrew/ || Tunnel TCP connections through HTTP proxies || ||
|| [[DebianPkg:iodine|iodine]]    || http://code.kryo.se/iodine/ || Tool for tunneling IPv4 data through a DNS server || ||
|| [[DebianPkg:macchanger|macchanger]] || || Manipulate the MAC address of network interfaces || ||
|| [[DebianPkg:cryptsetup|cryptsetup]] || https://code.google.com/p/cryptsetup/ || Disk encryption support                || ||
|| [[DebianPkg:ooniprobe|ooniprobe]] || https://ooni.torproject.org/ || Internet censorship measurement tool             || ||
|| [[DebianPkg:assword|assword]] || || Secure password management and retrieval       || ||
|| [[DebianPkg:haveged|haveged]] || http://www.issihosts.com/haveged/ || Linux entropy source using the HAVEGE algorithm || ||
|| [[DebianPkg:keepassx|keepassx]] || http://www.keepassx.org/ || Password safe                             || ||
|| [[DebianPkg:msva-perl|msva-perl]] || || Cryptographic identity validation agent (Perl implementation) || ||
|| [[DebianPkg:nautilus-wipe|nautilus-wipe]] || http://wipetools.tuxfamily.org/nautilus-wipe.html || Secure deletion extension for Nautilus || ||
|| [[DebianPkg:pwgen|pwgen]] || http://pwgen.sourceforge.net/    || generate secure passwords                     || ||
|| [[DebianPkg:secure-delete|secure-delete]] || || tools to wipe files, free disk space, swap and memory || ||

Metapackage Planning

Hazards and Control Measures

A hazard is a general group of threats based on the motivation/objective behind the threat.

Hazard

Description

System Failure

Your computer hardware/software being exploited

System Theft

Your computer being stolen

Theft

Theft of value

Surveillance

Spying

Infiltration

infiltration into the actual system/protocol

Manipulation

Manipulation of the Users Objective

Censorship

Blocking of content travelling through the internet

Categories of information that a Hazard could compromise:

Information Type

Description

Personal

Personal information about family, generally used for Identity theft or blackmail

Behavioural

Used for Selling marketing and Spying

Financial

Used to denote things with monetary value

Ideological

Used to identify political affiliation

Operational

used to identify actions and resist pressure

Private

information of a sensitive nature

Based on the Hazard and the Information threatened, define countermeasures to use to mitigate risk. Of course, because we are dealing with active threats, the tools with these properties will fluctuate between being relatively secure or knowingly exploited.

#

Control Measure

Description

1

OS Choice

A Secure OS with minimal active exploits

2

Firewall

Protect yourself by blocking direct attacks

3

Anti-virus/Malware

Ensure you have Updated and active virus/malware protection, this may be provided by the OS

4

Computer Use Training / User Competency

When using a computer/specific software to achieve tasks safely.

5

Cache Purging

Ensure any processed information is not left where it can be recovered

6

Password Safe

If you have access passwords/keys, ensure they are stored in a safe location

7

Disk Encryption

Protect your sensitive information from being recovered from silenced disks

8

Transport Encryption

Encrypt data during transit, must be to an acceptable standard

9

Out of Band Authentication

Authentication where a shared secret had been securely passed and verified

10

Authenticated Encryption

Encryption that has been secured by an Authenticated secret

11

Transport Anonymity

A transport to prevent identification of actors communication

12

Perfect Forward Secrecy.

Encryption which ,even if intercepted, cannot be decrypted with any key

13

Anonymity

Communication cannot be identified or authenticated.

14

Platform Selection

Choice of platform/network to use based on protection given (https://tosdr.org)

15

Authentication

Authentication (less strong then OOB?)

16

System Use Training

A Specific system needs to give special usage information to the user

17

Communication Obfuscation

Allowing communication to concealed

18

System Updating

Provide the ability to maintain the software against the active threats.

Tasks

Tools available brief description and control measures implemented. Further investigation is required to be sure of these claims. There are also grades of protection provided by packages, which isn't investigated here, An implementation of some kind of grading may be useful but also difficult.

Authenticated Communication (GnuPG)

GNU Privacy Guard (GnuPG or GPG) is a GPL Licensed alternative to the PGP suite of cryptographic software. GnuPG is compliant with RFC 4880, which is the current IETF standards track specification of OpenPGP. Current versions of PGP (and Veridis' Filecrypt) are interoperable with GnuPG and other OpenPGP-compliant systems.

GnuPG can be used for encrypting and verifying the integrity of files and emails. There is no central authority for determining the authenticity of keys instead using a "web of trust".

Name

Info

Description

Implements

gnupg

https://gnupg.org

Public-Private Key Cryptography

15, 10

gnupg2

https://gnupg.org

Public-Private Key Cryptography

15, 10

monkeysign

https://web.monkeysphere.info

Extending OpenPGP Web of trust

9

monkeysphere

https://web.monkeysphere.info

Extending OpenPGP Web of trust

9

gnupg-agent

Persistance of GPG instance

15

kleopatra

https://www.kde.org/applications/utilities/kleopatra/

Certificate Manager and Unified Crypto GUI

9

parcimonie

privacy-friendly helper to refresh GnuPG keys

13, 9

pinentry

https://www.gnupg.org/related_software/pinentry/index.en.html

Secure GUI for pass/pin entry

6

seahorse

https://wiki.gnome.org/Apps/Seahorse

Cryptographic key management

6

signing-party

http://pgp-tools.alioth.debian.org/

PGP/GnuPG related things; signing, ring analysis, and party preparation.

9, 15

pass

Store you passwords with gpg (command line)

6

Anonymous Communication (Tor)

Tor (previously an acronym for The Onion Router) is free software for enabling online anonymity and resisting censorship. It is designed to make it possible for users to surf the Internet anonymously, so their activities and location cannot be discovered by government agencies, corporations, or anyone else.

Tor directs Internet traffic through a free, worldwide, volunteer network consisting of more than five thousand relays to conceal a user's location and usage from anyone conducting network surveillance or traffic analysis. Using Tor makes it more difficult for Internet activity to be traced back to the user: this includes "visits to Web sites, online posts, instant messages, and other communication forms". Tor's use is intended to protect the personal privacy of users, as well as their freedom and ability to conduct confidential communication by keeping their Internet activities from being monitored. An extract of a Top Secret appraisal by the National Security Agency (NSA) characterized Tor as "the King of high-secure, low-latency Internet anonymity" with "no contenders for the throne in waiting".

Name

Info

Description

Implements

tor

https://torproject.org

Decentralised Node driven Encrypted Network

13, 11, 17

torsocks

https://gitweb.torproject.org/torsocks.git/

A wrapper to safely torify any application

11

obfsproxy

https://www.torproject.org/projects/obfsproxy.html.en

Pluggable transport proxy for Tor

17

obfs4proxy

https://www.torproject.org/projects/obfsproxy.html.en

Pluggable transport proxy for Tor

17

torbrowser-launcher

https://micahflee.com/torbrowser-launcher/

Download, update, & run the Tor Browser Bundle.

18

onionshare

https://onionshare.org

Anonymously share a files

13

flashproxy-proxy

Subvert IP blocking networks

17

vidalia

https://www.torproject.org/projects/vidalia.html

GUI Controller for tor software

18

onioncat

https://www.onioncat.org

An anonymous VPN adapter

11

privoxy

http://www.privoxy.org/

A non-caching web proxy with filtering

Deniable Communication (OTR)

Off-the-Record Messaging (OTR) is a cryptographic protocol that provides encryption for instant messaging conversations. OTR uses a combination of AES symmetric-key algorithm with 128 bits key length, the Diffie–Hellman key exchange with 1536 bits group size, and the SHA-1 hash function. In addition to authentication and encryption, OTR provides forward secrecy and malleable encryption.

The primary motivation behind the protocol was providing deniable authentication for the conversation participants while keeping conversations confidential, like a private conversation in real life, or off the record in journalism sourcing. This is in contrast with other cryptography tools that produce output which can be later used as a verifiable record of the communication event and the identities of the participants.

Name

Info

Description

Implements

libotr

https://otr.cypherpunks.ca

Private communications over instant messaging

13, 12, 15, 10

irssi-plugin-otr

http://irssi-otr.tuxfamily.org/

OTR plugin for irssi

pidgin-otr

OTR plugin for pidgin

gaim-plugin-otr

OTR plugin for gaim

xchat-otr

http://irssi-otr.tuxfamily.org/

OTR plugin for xchat

jitsi

https://jitsi.org

Encrypted VoIP/Video with OTR plugin

Not Sorted

Name

Info

Description

Implements

mixmaster

https://sourceforge.net/projects/mixmaster

Anonymous Remailer

11, 13

Mixminion

https://mixminion.net

Anonymous Remailer (Abandoned? Alpha)

11, 13

Freenet

https://freenetproject.org

Decentralised node driven encrypted network

8, 11, 13

gnunet

https://gnunet.org

Encrypted peer to peer Network

11, 8

I2P

https://geti2p.net

Anonymous network layer

11, 13

Namecoin

http://namecoin.info

Anonymous registry

shred

Secure file deletion

5

tinc

http://www.tinc-vpn.org

encrypted peer to peer network

11

zyre

https://github.com

Proximity based Peer to peer framework

Retroshare

https://retroshare.sourceforge.net

friend to friend secure decentralised net

Briar

https://briarproject.org

Proximity based encrypted peer to peer network

Blackadder

https://www.fp7-pursuit.eu/PursuitWeb/?page_id=338

information centric networking

Pond

https://pond.imperialviolet.org

Forward secure async messaging (Experimental)

cjdns

http://cjdns.info

Encrypted IPv6 with PPK for address allocation

mumble

http://mumble.info

Encrypted VoIP

CCNx

https://www.ccnx.org

Content Secured network with name addressing

tahoe-lafs

https://www.tahoe-lafs.org

Decentralized cloud storage system

Tribler

https://www.tribler.org/

Peer to peer file sharing

Psyced

http://www.psyced.org/

Encrypted distributed chat and messaging system

Bittorrent

https://www.bittorrent.org/

Peer to peer file sharing

tox

https://tox.im/

Distributed Encrypted VoIP/video Messaging

linphone

https://linphone.org

Distributed Encrypted VoIP/video Messaging

openvpn

https://openvpn.net

Encrypted network tunnelling VPN

xul-ext-https-everywhere

https://www.eff.org/https-everywhere

Force https usage in mozilla browser

xul-ext-noscript

https://noscript.net

Block javascript in mozilla browser

mat

https://mat.boum.org

Metadata Anonymization tool

corkscrew

http://www.agroman.net/corkscrew/

Tunnel TCP connections through HTTP proxies

iodine

http://code.kryo.se/iodine/

Tool for tunneling IPv4 data through a DNS server

macchanger

Manipulate the MAC address of network interfaces

cryptsetup

https://code.google.com/p/cryptsetup/

Disk encryption support

ooniprobe

https://ooni.torproject.org/

Internet censorship measurement tool

assword

Secure password management and retrieval

haveged

http://www.issihosts.com/haveged/

Linux entropy source using the HAVEGE algorithm

keepassx

http://www.keepassx.org/

Password safe

msva-perl

Cryptographic identity validation agent (Perl implementation)

nautilus-wipe

http://wipetools.tuxfamily.org/nautilus-wipe.html

Secure deletion extension for Nautilus

pwgen

http://pwgen.sourceforge.net/

generate secure passwords

secure-delete

tools to wipe files, free disk space, swap and memory