17451
Comment:
|
17447
|
Deletions are marked like this. | Additions are marked like this. |
Line 51: | Line 51: |
Tools available brief description and control measures implemented. Further investigation is required to be sure of these claims. There are also grades of protection provided by packages, which isn't investigated here, but an implementation of some kind of grading may be useful but also difficult. | Tools available brief description and control measures implemented. Further investigation is required to be sure of these claims. There are also grades of protection provided by packages, which isn't investigated here, An implementation of some kind of grading may be useful but also difficult. |
Metapackage Planning
Hazards and Control Measures
A ""hazard"" is a general group of threats based on the motivation/objective behind the threat.
Hazard |
Description |
Tool Failure |
Your computer hardware/software being exploited |
Tool Theft |
Your computer being stolen |
Theft |
Theft of value |
Surveillance |
Spying |
Infiltration |
infiltration into the actual system/protocol |
Manipulation |
Manipulation of Objective |
Censorship |
Blocking of content travelling through the internet |
Categories of information that a Hazard could compromise:
Information Type |
Description |
Personal |
Personal information about family, generally used for Identity theft or blackmail |
Behavioural |
Used for Selling marketing and Spying |
Financial |
Used to denote things with monetary value |
Ideological |
Used to identify political affiliation |
Operational |
used to identify actions and resist pressure |
Private |
information of a sensitive nature |
Based on the Hazard and the Information threatened, define countermeasures to use to mitigate risk.
# |
Control Measure |
Description |
1 |
OS Choice |
A Secure OS with minimal active exploits |
2 |
Firewall |
Protect yourself by blocking direct attacks |
3 |
Anti-virus/Malware |
Ensure you have Updated and active virus/malware protection, this may be provided by the OS |
4 |
Computer Use Training / User Competanccy |
When using a computer to acieve tasks safely. |
5 |
Cache Purging |
Ensure any processed information is not left where it can be recovered |
6 |
Password Safe |
If you have access passwords/keys, ensure they are stored in a safe location |
7 |
Disk Encryption |
Protect your sensitive information from being recovered from silenced disks |
8 |
Transport Encryption |
Encrypt data during transit, must be to an acceptable standard |
9 |
Out of Band Authentication |
Authentication where a shared secret had been securely passed and verified |
10 |
Authenticated Encryption |
Encryption that has been secured by an Authenticated secret |
11 |
Transport Anonymity |
A transport to prevent identification of actors communication |
12 |
Perfect Forward Secrecy. |
Encryption which ,even if intercepted, cannot be decrypted with any key |
13 |
Anonymity |
Communication cannot be identified or authenticated. |
14 |
Platform Selection |
Choice of platform/network to use based on protection given (https://tosdr.org) |
15 |
Authentication |
Authentication (less strong then OOB?) |
16 |
System Use Training |
A Specific system needs to give special usage information to the user |
17 |
Communication Obfuscation |
Allowing communication to concealed |
Tasks
Tools available brief description and control measures implemented. Further investigation is required to be sure of these claims. There are also grades of protection provided by packages, which isn't investigated here, An implementation of some kind of grading may be useful but also difficult.
Authenticated Communication (GnuPG)
GNU Privacy Guard (GnuPG or GPG) is a GPL Licensed alternative to the PGP suite of cryptographic software. GnuPG is compliant with RFC 4880, which is the current IETF standards track specification of OpenPGP. Current versions of PGP (and Veridis' Filecrypt) are interoperable with GnuPG and other OpenPGP-compliant systems.
GnuPG can be used for encrypting and verifying the integrity of files and emails. There is no central authority for determining the authenticity of keys instead using a "web of trust".
Name |
info |
Description |
Implements |
Public-Private Key Cryptography |
15, 10 |
||
Public-Private Key Cryptography |
15, 10 |
||
Extending OpenPGP Web of trust |
|
||
Extending OpenPGP Web of trust |
|
||
|
Persistance of GPG instance |
|
|
|
|
|
|
|
privacy-friendly helper to refresh GnuPG keys |
13 |
|
|
|
|
|
|
Cryptographic key management |
|
|
|
|
|
|
|
Store you passwords with gpg (command line) |
|
Anonymous Comminication (Tor)
Tor (previously an acronym for The Onion Router) is free software for enabling online anonymity and resisting censorship. It is designed to make it possible for users to surf the Internet anonymously, so their activities and location cannot be discovered by government agencies, corporations, or anyone else.
Tor directs Internet traffic through a free, worldwide, volunteer network consisting of more than five thousand relays to conceal a user's location and usage from anyone conducting network surveillance or traffic analysis. Using Tor makes it more difficult for Internet activity to be traced back to the user: this includes "visits to Web sites, online posts, instant messages, and other communication forms". Tor's use is intended to protect the personal privacy of users, as well as their freedom and ability to conduct confidential communication by keeping their Internet activities from being monitored. An extract of a Top Secret appraisal by the National Security Agency (NSA) characterized Tor as "the King of high-secure, low-latency Internet anonymity" with "no contenders for the throne in waiting".
Name |
info |
Description |
Implements |
Decentralised Node driven Encrypted Network |
|
||
|
A SOCKS proxy for tor |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
GUI Controller for tor software |
|
||
An anonymous VPN adapter |
|
||
|
|
|
Deniable Communication (OTR)
Off-the-Record Messaging (OTR) is a cryptographic protocol that provides encryption for instant messaging conversations. OTR uses a combination of AES symmetric-key algorithm with 128 bits key length, the Diffie–Hellman key exchange with 1536 bits group size, and the SHA-1 hash function. In addition to authentication and encryption, OTR provides forward secrecy and malleable encryption.
The primary motivation behind the protocol was providing deniable authentication for the conversation participants while keeping conversations confidential, like a private conversation in real life, or off the record in journalism sourcing. This is in contrast with other cryptography tools that produce output which can be later used as a verifiable record of the communication event and the identities of the participants.
Name |
info |
Description |
Implements |
OTR |
Private communications over instant messaging |
13, 12, 15, 10 |
|
|
|
|
|
|
|
|
|
Encrypted VoIP/Video with OTR plugin |
|
Not Sorted
Name |
info |
Description |
Implements |
?MixMaster |
Anonymous Remailer |
11, 13 |
|
Mixminion |
Anonymous Remailer |
11, 13 |
|
Freenet |
Decentralised node driven encrypted network |
8, 11, 13 |
|
Gnunet |
Encrypted peer to peer Network |
11, 8 |
|
I2P |
Anonymous network layer |
11, 13 |
|
Namecoin |
Anonymous registry |
|
|
shred |
see apt |
Secure file deletion |
5 |
tinc |
encrypted peer to peer network |
11 |
|
zyre |
Proximity based Peer to peer framework |
|
|
Retroshare |
friend to friend secure decentralised net |
|
|
Briar |
Proximity based encrypted peer to peer network |
|
|
Pond |
Forward secure async messaging (Experimental) |
|
|
cjdns |
Encrypted IPv6 with PPK for address allocation |
|
|
Mumble |
Encrypted VoIP |
|
|
CCNx |
Content Secured network with name addressing |
|
|
Tahoe-LAFS |
Decentralized cloud storage system |
|
|
Blackadder |
information centric networking |
|
|
Tribler |
Peer to peer file sharing |
|
|
Psyced |
Encrypted distributed chat and messaging system |
|
|
Bittorrent |
Peer to peer file sharing |
|
|
tox |
Distributed Encrypted VoIP/video Messaging |
|
|
linphone |
Distributed Encrypted VoIP/video Messaging |
|
|
OpenVPN |
Encrypted network tunnelling VPN |
|
|
https-everywhere |
|
Force https usage in mozilla browser |
|
mozilla-noscript |
|
Block javascript in mozilla browser |
|
mat |
Metadata Anonymization tool |
|
|
corkscrew |
|
|
|
iodine |
|
|
|
macchanger |
|
|
|
cryptsetup |
|
|
|
ooniprobe |
Internet censorship measurement tool |
|
|
assword |
see apt |
Secure password management and retrieval |
|
haveged |
|
|
|
keepassx |
|
Password safe |
|
msva-perl |
|
|
|
nautilus-wipe |
|
|
|
pwgen |
|
generate secure passwords |
|
secure-delete |
|
secure data deletion |
|