Differences between revisions 3 and 4
Revision 3 as of 2015-01-01 22:45:32
Size: 17451
Editor: ?DocOcassi
Comment:
Revision 4 as of 2015-01-01 22:47:02
Size: 17447
Editor: ?DocOcassi
Comment:
Deletions are marked like this. Additions are marked like this.
Line 51: Line 51:
Tools available brief description and control measures implemented. Further investigation is required to be sure of these claims. There are also grades of protection provided by packages, which isn't investigated here, but an implementation of some kind of grading may be useful but also difficult. Tools available brief description and control measures implemented. Further investigation is required to be sure of these claims. There are also grades of protection provided by packages, which isn't investigated here, An implementation of some kind of grading may be useful but also difficult.

Metapackage Planning

Hazards and Control Measures

A ""hazard"" is a general group of threats based on the motivation/objective behind the threat.

Hazard

Description

Tool Failure

Your computer hardware/software being exploited

Tool Theft

Your computer being stolen

Theft

Theft of value

Surveillance

Spying

Infiltration

infiltration into the actual system/protocol

Manipulation

Manipulation of Objective

Censorship

Blocking of content travelling through the internet

Categories of information that a Hazard could compromise:

Information Type

Description

Personal

Personal information about family, generally used for Identity theft or blackmail

Behavioural

Used for Selling marketing and Spying

Financial

Used to denote things with monetary value

Ideological

Used to identify political affiliation

Operational

used to identify actions and resist pressure

Private

information of a sensitive nature

Based on the Hazard and the Information threatened, define countermeasures to use to mitigate risk.

#

Control Measure

Description

1

OS Choice

A Secure OS with minimal active exploits

2

Firewall

Protect yourself by blocking direct attacks

3

Anti-virus/Malware

Ensure you have Updated and active virus/malware protection, this may be provided by the OS

4

Computer Use Training / User Competanccy

When using a computer to acieve tasks safely.

5

Cache Purging

Ensure any processed information is not left where it can be recovered

6

Password Safe

If you have access passwords/keys, ensure they are stored in a safe location

7

Disk Encryption

Protect your sensitive information from being recovered from silenced disks

8

Transport Encryption

Encrypt data during transit, must be to an acceptable standard

9

Out of Band Authentication

Authentication where a shared secret had been securely passed and verified

10

Authenticated Encryption

Encryption that has been secured by an Authenticated secret

11

Transport Anonymity

A transport to prevent identification of actors communication

12

Perfect Forward Secrecy.

Encryption which ,even if intercepted, cannot be decrypted with any key

13

Anonymity

Communication cannot be identified or authenticated.

14

Platform Selection

Choice of platform/network to use based on protection given (https://tosdr.org)

15

Authentication

Authentication (less strong then OOB?)

16

System Use Training

A Specific system needs to give special usage information to the user

17

Communication Obfuscation

Allowing communication to concealed

Tasks

Tools available brief description and control measures implemented. Further investigation is required to be sure of these claims. There are also grades of protection provided by packages, which isn't investigated here, An implementation of some kind of grading may be useful but also difficult.

Authenticated Communication (GnuPG)

GNU Privacy Guard (GnuPG or GPG) is a GPL Licensed alternative to the PGP suite of cryptographic software. GnuPG is compliant with RFC 4880, which is the current IETF standards track specification of OpenPGP. Current versions of PGP (and Veridis' Filecrypt) are interoperable with GnuPG and other OpenPGP-compliant systems.

GnuPG can be used for encrypting and verifying the integrity of files and emails. There is no central authority for determining the authenticity of keys instead using a "web of trust".

Name

info

Description

Implements

gnupg

https://gnupg.org

Public-Private Key Cryptography

15, 10

gnupg2

https://gnupg.org

Public-Private Key Cryptography

15, 10

monkeysign

https://web.monkeysphere.info

Extending OpenPGP Web of trust

monkeysphere

https://web.monkeysphere.info

Extending OpenPGP Web of trust

gnupg-agent

Persistance of GPG instance

kleopatra

parcimonie

privacy-friendly helper to refresh GnuPG keys

13

pinentry

seahorse

Cryptographic key management

signing-party

pass

Store you passwords with gpg (command line)

Anonymous Comminication (Tor)

Tor (previously an acronym for The Onion Router) is free software for enabling online anonymity and resisting censorship. It is designed to make it possible for users to surf the Internet anonymously, so their activities and location cannot be discovered by government agencies, corporations, or anyone else.

Tor directs Internet traffic through a free, worldwide, volunteer network consisting of more than five thousand relays to conceal a user's location and usage from anyone conducting network surveillance or traffic analysis. Using Tor makes it more difficult for Internet activity to be traced back to the user: this includes "visits to Web sites, online posts, instant messages, and other communication forms". Tor's use is intended to protect the personal privacy of users, as well as their freedom and ability to conduct confidential communication by keeping their Internet activities from being monitored. An extract of a Top Secret appraisal by the National Security Agency (NSA) characterized Tor as "the King of high-secure, low-latency Internet anonymity" with "no contenders for the throne in waiting".

Name

info

Description

Implements

tor

https://torproject.org

Decentralised Node driven Encrypted Network

torsocks

A SOCKS proxy for tor

obfsproxy

obfs4proxy

torbrowser-launcher

onionshare

flashproxy

vidalia

https://www.torproject.org/projects/vidalia.html

GUI Controller for tor software

onioncat

https://www.onioncat.org

An anonymous VPN adapter

privoxy

Deniable Communication (OTR)

Off-the-Record Messaging (OTR) is a cryptographic protocol that provides encryption for instant messaging conversations. OTR uses a combination of AES symmetric-key algorithm with 128 bits key length, the Diffie–Hellman key exchange with 1536 bits group size, and the SHA-1 hash function. In addition to authentication and encryption, OTR provides forward secrecy and malleable encryption.

The primary motivation behind the protocol was providing deniable authentication for the conversation participants while keeping conversations confidential, like a private conversation in real life, or off the record in journalism sourcing. This is in contrast with other cryptography tools that produce output which can be later used as a verifiable record of the communication event and the identities of the participants.

Name

info

Description

Implements

OTR

https://otr.cypherpunks.ca

Private communications over instant messaging

13, 12, 15, 10

irssi-plugin-otr

pidgin-otr

jitsi

https://jitsi.org

Encrypted VoIP/Video with OTR plugin

Not Sorted

Name

info

Description

Implements

?MixMaster

https://sourceforge.net/projects/mixmaster

Anonymous Remailer

11, 13

Mixminion

https://mixminion.net

Anonymous Remailer

11, 13

Freenet

https://freenetproject.org

Decentralised node driven encrypted network

8, 11, 13

Gnunet

https://gnunet.org

Encrypted peer to peer Network

11, 8

I2P

https://geti2p.net

Anonymous network layer

11, 13

Namecoin

http://namecoin.info

Anonymous registry

shred

see apt

Secure file deletion

5

tinc

http://www.tinc-vpn.org

encrypted peer to peer network

11

zyre

https://github.com

Proximity based Peer to peer framework

Retroshare

https://retroshare.sourceforge.net

friend to friend secure decentralised net

Briar

https://briarproject.org

Proximity based encrypted peer to peer network

Pond

https://pond.imperialviolet.org

Forward secure async messaging (Experimental)

cjdns

http://cjdns.info

Encrypted IPv6 with PPK for address allocation

Mumble

http://mumble.info

Encrypted VoIP

CCNx

https://www.ccnx.org

Content Secured network with name addressing

Tahoe-LAFS

https://www.tahoe-lafs.org

Decentralized cloud storage system

Blackadder

https://www.fp7-pursuit.eu/PursuitWeb/?page_id=338

information centric networking

Tribler

https://www.tribler.org/

Peer to peer file sharing

Psyced

http://www.psyced.org/

Encrypted distributed chat and messaging system

Bittorrent

https://www.bittorrent.org/

Peer to peer file sharing

tox

https://tox.im/

Distributed Encrypted VoIP/video Messaging

linphone

https://linphone.org

Distributed Encrypted VoIP/video Messaging

OpenVPN

https://openvpn.net

Encrypted network tunnelling VPN

https-everywhere

Force https usage in mozilla browser

mozilla-noscript

Block javascript in mozilla browser

mat

https://mat.boum.org

Metadata Anonymization tool

corkscrew

iodine

macchanger

cryptsetup

ooniprobe

https://ooni.torproject.org/

Internet censorship measurement tool

assword

see apt

Secure password management and retrieval

haveged

keepassx

Password safe

msva-perl

nautilus-wipe

pwgen

generate secure passwords

secure-delete

secure data deletion