EDN

Aus C3D2
Version vom 2. März 2016, 10:32 Uhr von Demos (Diskussion | Beiträge) (→‎Testing: deleted and moved content to new site Testing)
Zur Navigation springen Zur Suche springen

Deutsch

We EVALUATE existing approaches and BUILD BRIDGES towards a more secure and privacy preserving Internet protocol stack.

Welcome

This is the official wiki of the research and software project EDN (Echt Dezentrales Netz - real decentralized network). We are stakeholders of GNU consensus.

We cherish privacy as an important aspect of a liberal society. Our vision is to create a space to unfold and guard basic civil rights such as informational self determination, ​​freedom of assembly, ​secrecy of correspondence and free speech. Our final goal is a new wifi mesh-networking capable internet protocol stack that includes a set of services.

News

We aim to transfer our previous collected information (1, 2) of projects to the LibrePlanet semantic wiki. So when the stone is set for the semantic wiki, help is welcome to do so.

Here is our project diary.


Note
.onion addresses can be accessed via Tor Browser Bundle

Background Short

Today's communication infrastructure is predominantly centralized.

However, this makes surveillance and manipulation of arbitrary digital communications easier.

These means can be abused - and were abused - not only by dictatorships but also by democratic countries and international companies.

There are indeed solutions like Tor or PGP which can partially patch the shortcomings of the infrastructure, but each user has to take care of that for herself. Anonymization and encryption are not in the standard configuration.

A penal action against these secret processes is nearly impossible, starting with the problem that they are not even detected by the affected parties. This status quo endangers our democracy. However, it can be countered in different ways. The following is a technical approach:

To re-purpose and to extend existing digital communications infrastructure to make surveillance more cumbersome, especially through decentralization.

Background Long

When it comes to the topic of mass spying and "cyber" attacks, most of us will readily agree, that it's performed on large scale by an ecosystem of well equipped adversaries (Snowden revelations, Botnets). Furthermore that this is a threat to a list of basic civil rights which back up our democracies. Where this agreement usually ends, however is the question of how to deal with it adequately.

Many people assume that the wild installation of a bunch of single purpose privacy tools is sufficient to protect their privacy and that cryptoparties teaching the usage of GPG, Tor or decentralized Social Networking is the solution for our problem. By focusing on single purpose solutions and the resulting need for cryptoparties, people overlook a significant number of disadvantages: First, their users are unaware of the varying privacy assertions made by these solutions. Second, these tools compete for computing and channel resources. Third, teaching users the various individual tools is very ineffective and inconvenient. This in turn, average users stick to more insecure but familiar and prevalent solutions although they know about its impact on their privacy. Fourth, the long list of existing privacy projects compete for contributors, funding and users while implementing redundant, sometimes mediocre solutions. Finally, even the current internet stack most projects utilize is known to be vulnerable to a list of attacks based on the stacks dependence on central authorities. This is true for BGP routing, DNS, and all client-server applications. Consequently, the internet stack can be seen as an accumulation of many single points of failures (SPOF) facilitating censorship, passive spying, and active intrusion on a global scale.

Yet a sober analysis of the matter reveals that the old internet stack and wild installations are a bad basis for privacy efforts. Hence, we believe that a complete new internet stack providing high confidentiality, integrity of communication and censorship-resistance natively is indispensable. In particular, we envision the new stack to be free software, decentralized, distributed, end-to-end encrypted, meta-data protected, easy to use, efficient, lightweight mesh-networking capable and well-documented. Accordingly, our goal is to evaluate the privacy and security qualities of 72 projects -- including privacy aware internet stacks and find out whether and how we could combine the resources and implementations of the best projects to achieve what none of them could do alone: A new privacy aware internet stack as a powerful means to back up civil rights to billions of people, which is

  • privacy tuned for and delivered with several services
  • convenient and attractive to use
  • able to run on local individual infrastructure

Threat model

We presume a global active attacker that does automated intrusion such as traffic shaping. We draw the line before targeted operations.

Goal

The communication potential in densely inhabited regions can be guessed watching these pictures:

Our goal is to use the existing resources to form a difficult-to-monitor cellphone/router/computer network by building bridges between proven projects. There are plenty of software solutions with the goal of protecting the privacy of its users. Preexisting structures are to be evaluated and combined into such a network. The communication should run, first and foremost, on top of a combination of WiFi, copper and fibre optics, but we also consider Bluetooth, Ultra Wideband (UWB), red light, ukw and satellite uplinks - shortly all allowed frequencies and ways.

The following criteria should be met:


I. Privacy and Security Criteria

Data security is at the core of our technical approach. It is not sufficient to only secure the contents of communications. We also want to prevent the systematic collection of communication profiles (metadata), as the analysis of the social graph of a population poses a particular threat to democracy.

  1. Free Software: consistent use of free and open software, putting the system under permanent public scrutiny and giving users control over their computation;
  2. Encryption:
    1. End-to-end-encryption: ubiquitous end-to-end encryption, removing the necessity to trust any third parties that might access our data while it is being transmitted or stored. No intermediate actors gain access to the exchanged content.
    2. Perfect Forward Secrecy: encryption is regularly renewed in such a way that past communications cannot be retroactively be decrypted upon access to key material.
    3. Link Encryption
  3. Meta data protection: obfuscation of transmission patterns, preventing the analysis of social relations, behavior patterns and topical interests of the participants in a network;
  4. Authentication: by direct interaction or by common social contacts, no trust delegation to external third party authorities. When interacting among private persons, the counterpart is directly or socially authenticated by default. When interacting with businesses, customers choose whether to stay fully anonymous, to adopt a long-term pseudonymity (equivalent to accepting a web cookie) or to authenticate themselves as a physical person. An integrated payment system enables an economy where the customer can remain anonymous.
  5. Decentralization: Essential to removing single points of failures and highly concentrated data flow from the calculation. Without distribution it is not enough: Whenever there is a fixed server in charge of a certain person it will gain access to all of that person's metadata. Even worse if that server is operating in a Federation kind of style or the application assumes its server to be in any way a safe place to store private data;
  6. Distributed data flow and storage: making bulk collection of data economically unattractive. No traditional server nodes may gain access to either content or metadata of communications, therefore only a distributed system of agnostic relay nodes can provide scalability, intermediate storage and anonymity from third parties all at once;


II. Performance, Reliability and Usability criteria

Beyond the application of cutting-edge security standards, our concept emphasizes scalability and usability. We want to establish an attractive technological platform for applications that can be used by large user bases and businesses worldwide. Using a modular approach, we are integrating existing best practices and results from the scientific community to build a coherent system.

  1. Easy to install
  2. Usage: the user interface is intuitively usable;
  3. Accessibility: The interface(s) of the software are accessible (to people with impairments/disabilities);
  4. Functionality representation: the user interface represents in an easy way the functionality that is laying beneath;
  5. Efficient distribution: heterogeneous distribution trees, because we need to interconnect billions of users without resorting to cloud technology
  6. Security vs. Performance: The network shall be as performing as it can be, considering the grade of security for the specific services;
  7. Available public data: The infrastructure enables caching and intelligent distribution of public data, yet provides anonymous access to it (Examples known to fulfill this requirement: Maidsafe, Secushare, Freenet) -> Knowledge representation and file sharing in P2P networks;
  8. Resilience: The network has to be resilient: stable, adaptable, fault-tolerant (e.g. against jamming);
  9. Robust against fluctuating node participation;
  10. Real-time communication: The infrastructure supports also real-time communication;
  11. Partial resource sovereignty: The amount of bandwidth for private usage can be configured;
  12. Energy consumption restrictions: The nodes can be mobile, but technology in mobile devices must be aware of energy consumption restrictions;
  13. Sneakernet: Whenever necessary, data exchange may also happen by taking a storage device physically from one place to another (Briar, GNUnet transports etc.);
  14. Resource contribution incentives: The network provides incentives for peers to contribute more resources than they consume;

III. Software Criteria

  1. Free software with free as in liberty.
  2. Code Criteria, The code providing the GNU Internet protocol stack must be:
    1. logically verified,
    2. efficient,
    3. well documented,
    4. well tested,
  3. Secure Updating: It is possible to securely update system components;
  4. Reproducible Builds: Available as reproducible builds
  5. Holistic solution: which means it encompasses all layers of the OSI model and beyond, i.e. from the strongly delay and packet loss tolerant physical layer through an automatically configured, encrypted and anonymizing middle layer to services on the upper layer such as social networking, P2P transfer or generic data storage;

IV. Society and Legal Criteria

  1. Public support: ethically, politically and financially supported by public entities;
  2. Restrictions to proprietary applications: they may use the new Internet protocol stack under the conditions that:
    1. they run in a securely sand-boxed environment;
    2. they do not gain access to any data of constitutional relevance, in particular not the social graph which the user is not entitled to share with external third parties as other people are affected by such gesture;
  3. Participation: The network is open: that means everyone can easily participate (after installation of the protocol stack);

Services

public personal/private
Text Chat of local (neighboring) nodes To a single person: Chat, Email or SMS To multiple people: Chat or mailing list
Audio/Telephony/Video Call among locally restricted nodes normal call conference call
Other formats ? ? ?
  • crypto currency/ pay system
  • Searching in local and other reachable networks including the Internet
  • file-sharing
  • blogging
  • Private communication with embedded devices

Privacy Projects

This chapter has moved here.

How to reach our ambitious goal - Approach

We hope to unite the different forces and resources that aim for more privacy and security such as the older and upcoming software projects, scientists, activists and others to achieve what none of them could do alone: Provide a free confidential and integer communication means to a significant part of the world-population to backup civil rights and even functions on local individual infrastructure.
We start by doing a thorough documentation of 72 projects - a Software Documentation Marathon:


  1. Software Documentation Marathon (Evaluation)
  2. Project Integration and Testbed Testing (Evaluation)
  3. Integrating GUI


Software Documentation Marathon

Testing

Integrating GUI

Building bridges between proven code and an adequate Graphical User Interface (GUI)

Who benefits from the new internet stack that we envision?

Everyone!

In long term Everyone will benefit from the new internet stack. Since it is censorship resistant and provides confidentiality and integrity preserving services, it results in:

  • Average citizens regaining parts of their privacy, informational self determination, ​​freedom of assembly, ​secrecy of correspondence and free speech- basic civil rights that ensure and back up our democracies.
  • Safer government institutions and companies from espionage and "cyber" attacks.


Use cases are for example online banking, government communication with citizens including tax returns, diplomatic, military and business communication and journalism.

Contact

Write us in Bitmessage BM-NBqqoMzajZNXQru2Kz4JXqq6RbsEmeuL Datei:FirstContact.png

--Demos

Abgerufen von „https://wiki.c3d2.de/w/index.php?title=EDN&oldid=23173