Secure communication
Encyclopedia
When two entities are communicating and do not want a third party to listen in, they need to communicate in a way not susceptible to eavesdropping or interception. This is known as communicating in a secure manner or secure communication. Secure communication includes means by which people can share information with varying degrees of certainty that third parties cannot intercept what was said. Other than spoken face-to-face communication with no possible eavesdropper, it is probably safe to say that no communication is guaranteed secure in this sense, although practical limits such as legislation, resources, technical issues (interception and encryption), and the sheer volume of communication are limiting factors to surveillance.
With many communications taking place over long distance and mediated by technology, and increasing awareness of the importance of interception issues, technology and its compromise are at the heart of this debate. For this reason, this article focusses on communications mediated or intercepted by technology.
Also see Trusted Computing
, an approach under present development that achieves security in general at the potential cost of compelling obligatory trust in corporate and government bodies.
demonstrated a radio controlled boat in Madison Square Garden
that allowed secure communication between transmitter and receiver.
One of the most famous systems of secure communication was the Green Hornet
. During WWII, Winston Churchill
had to discuss vital matters with Franklin D. Roosevelt
. At first, the calls were made using a voice scrambler as this was thought to be secure. When this was found to be untrue the engineers started work on a whole new system, the Green Hornet or SIGSALY. Anyone listening in would just hear white noise
but the conversation was clear to the parties. As secrecy was paramount, the location of the Green Hornet was only known by the people who built it and Winston Churchill, and if anyone did see him entering the room it was kept in, all they would see was the Prime Minister entering a closet labeled 'Broom Cupboard.' It is said that because the Green Hornet works by a one-time pad
it cannot be beaten, even today.
Each of the three is important, and depending on the circumstances any of these may be critical. For example, if a communication is not readily identifiable, then it is unlikely to attract attention for identification of parties, and the mere fact a communication has taken place (regardless of content) is often enough by itself to establish an evidential link in legal prosecutions. It is also important with computers, to be sure where the security is applied, and what is covered.
s, keylogger
s and other spyware
.
These types of activity are usually addressed with everyday mainstream security methods, such as antivirus software, firewalls
, programs that identify or neutralize adware
and spyware
, and web filtering programs such as Proxomitron
and Privoxy
which check all web pages being read and identify and remove common nuisances contained. As a rule they fall under computer security
rather than secure communications.
is where data is rendered hard to read by an unauthorised party. Since encryption can be made extremely hard to break, many communication methods either use deliberately weaker encryption than possible, or have backdoors inserted to permit rapid decryption. In some cases government authorities have required backdoors be installed in secret. Many methods of encryption are also subject to "man in the middle" attack whereby a third party who can 'see' the establishment of the secure communication is made privy to the encryption method, this would apply for example to interception of computer use at an ISP. Provided it is correctly programmed, sufficiently powerful, and the keys not intercepted, encryption would usually be considered secure. The article on key size
examines the key requirements for certain degrees of encryption security.
The encryption can be implemented in a way to require the use of encryption, i.e. if encrypted communication is impossible then no traffic is sent, or opportunistically. Opportunistic encryption
is a lower security method to generally increase the percentage of generic traffic which is encrypted. This is analogous to beginning every conversation with "Do you speak Navajo
?" If the response is affirmative, then the conversation proceeds in Navajo, otherwise it uses the common language of the two speakers. This method does not generally provide authentication
or anonymity
but it does protect the content of the conversation from eavesdropping
.
("hidden writing") is the means by which data can be hidden within other more innocuous data. Thus a watermark proving ownership embedded in the data of a picture, in such a way it is hard to find or remove unless you know how to find it. or, for communication, the hiding of important data (such as a telephone number) in apparently innocuous data (an MP3 music file). An advantage of steganography is plausible deniability
, that is, unless one can prove the data is there (which is usually not easy), it is deniable that the file contains any. (Main article: Steganography
)
, Tor
, I2P
, Mixminion
, various anonymous P2P
networks, and others.
and Echelon
which can monitor communications over entire networks, and the fact that the far end may be monitored as before. Examples include payphone
s, Internet cafe
, etc.
, backdoors, or even in extreme cases by monitoring the tiny electrical signals given off by keyboard or monitors to reconstruct what is typed or seen (TEMPEST
, which is quite complex).
beam off a window of the room where a conversation is held, and detecting and decoding the vibrations in the glass caused by the sound waves.
and now using built in GPS features for newer models.
Some cellphones (Apple's iPhone
, Google
's Android) track and store users' position information, so that movements for months or years can be determined by examining the phone.
Anomymous proxies are another common type of protection, which allow one to access the net via a third party (often in a different country) and make tracing difficult. Note that there is seldom any guarantee that the plaintext
is not tappable, nor that the proxy does not keep its own records of users or entire dialogs. As a result anonymous proxies are a generally useful tool but may not be as secure as other systems whose security can be better assured. Their most common use is to prevent a record of the originating IP
, or address, being left on the target site's own records. Typical anonymous proxies are found at both regular websites such as Anonymizer.com and spynot.com, and on proxy sites which maintain up to date lists of large numbers of temporary proxies in operation.
A recent development on this theme arises when wireless Internet connections ("Wi-Fi
") are left in their unsecured state. The effect of this is that any person in range of the base unit can piggyback
the connection - that is, use it without the owner being aware. Since many connections are left open in this manner, situations where piggybacking might arise (willful or unaware) have successfully led to a defense in some cases, since it makes it difficult to prove the owner of the connection was the downloader, or had knowledge of the use to which unknown others might be putting their connection. An example of this was the Tammie Marson case, where neighbours and anyone else might have been the culprit in the sharing of copyright files. Conversely, in other cases, people deliberately seek out businesses and households with unsecured connections, for illicit and anonymous Internet usage, or simply to obtain free bandwidth
.
With many communications taking place over long distance and mediated by technology, and increasing awareness of the importance of interception issues, technology and its compromise are at the heart of this debate. For this reason, this article focusses on communications mediated or intercepted by technology.
Also see Trusted Computing
Trusted Computing
Trusted Computing is a technology developed and promoted by the Trusted Computing Group. The term is taken from the field of trusted systems and has a specialized meaning. With Trusted Computing, the computer will consistently behave in expected ways, and those behaviors will be enforced by...
, an approach under present development that achieves security in general at the potential cost of compelling obligatory trust in corporate and government bodies.
History
In 1898, Nikola TeslaNikola Tesla
Nikola Tesla was a Serbian-American inventor, mechanical engineer, and electrical engineer...
demonstrated a radio controlled boat in Madison Square Garden
Madison Square Garden
Madison Square Garden, often abbreviated as MSG and known colloquially as The Garden, is a multi-purpose indoor arena in the New York City borough of Manhattan and located at 8th Avenue, between 31st and 33rd Streets, situated on top of Pennsylvania Station.Opened on February 11, 1968, it is the...
that allowed secure communication between transmitter and receiver.
One of the most famous systems of secure communication was the Green Hornet
SIGSALY
In cryptography, SIGSALY was a secure speech system used in World War II for the highest-level Allied communications....
. During WWII, Winston Churchill
Winston Churchill
Sir Winston Leonard Spencer-Churchill, was a predominantly Conservative British politician and statesman known for his leadership of the United Kingdom during the Second World War. He is widely regarded as one of the greatest wartime leaders of the century and served as Prime Minister twice...
had to discuss vital matters with Franklin D. Roosevelt
Franklin D. Roosevelt
Franklin Delano Roosevelt , also known by his initials, FDR, was the 32nd President of the United States and a central figure in world events during the mid-20th century, leading the United States during a time of worldwide economic crisis and world war...
. At first, the calls were made using a voice scrambler as this was thought to be secure. When this was found to be untrue the engineers started work on a whole new system, the Green Hornet or SIGSALY. Anyone listening in would just hear white noise
White noise
White noise is a random signal with a flat power spectral density. In other words, the signal contains equal power within a fixed bandwidth at any center frequency...
but the conversation was clear to the parties. As secrecy was paramount, the location of the Green Hornet was only known by the people who built it and Winston Churchill, and if anyone did see him entering the room it was kept in, all they would see was the Prime Minister entering a closet labeled 'Broom Cupboard.' It is said that because the Green Hornet works by a one-time pad
One-time pad
In cryptography, the one-time pad is a type of encryption, which has been proven to be impossible to crack if used correctly. Each bit or character from the plaintext is encrypted by a modular addition with a bit or character from a secret random key of the same length as the plaintext, resulting...
it cannot be beaten, even today.
Types of security
Security can be broadly categorised under the following headings, with examples:- Hiding the content or nature of a communication
- CodeCodeA code is a rule for converting a piece of information into another form or representation , not necessarily of the same type....
– a rule to convert a piece of information (for example, a letter, word, phrase, or gesture) into another form or representation (one sign into another sign), not necessarily of the same type. In communications and information processing, encoding is the process by which information from a source is converted into symbols to be communicated. Decoding is the reverse process, converting these code symbols back into information understandable by a receiver. One reason for coding is to enable communication in places where ordinary spoken or written language is difficult or impossible. For example, semaphore, where the configuration of flags held by a signaler or the arms of a semaphore tower encodes parts of the message, typically individual letters and numbers. Another person standing a great distance away can interpret the flags and reproduce the words sent. - EncryptionEncryptionIn cryptography, encryption is the process of transforming information using an algorithm to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. The result of the process is encrypted information...
- SteganographySteganographySteganography is the art and science of writing hidden messages in such a way that no one, apart from the sender and intended recipient, suspects the existence of the message, a form of security through obscurity...
- Identity Based
- Code
- Hiding the parties to a communication – preventing identification, promoting anonymityAnonymityAnonymity is derived from the Greek word ἀνωνυμία, anonymia, meaning "without a name" or "namelessness". In colloquial use, anonymity typically refers to the state of an individual's personal identity, or personally identifiable information, being publicly unknown.There are many reasons why a...
- "CrowdsCrowdsCrowds is a proposed anonymity network that gives probable innocence in the face of a large number of attackers. Crowds was designed by Michael K. Reiter and Aviel D. Rubin and defends against internal attackers and a corrupt receiver, but provides no anonymity against a global attacker or a local...
" and similar anonymous group structures – it is difficult to identify who said what when it comes from a "crowd" - Anonymous communication devices – unregistered cellphones, Internet cafeInternet cafeAn Internet café or cybercafé is a place which provides internet access to the public, usually for a fee. These businesses usually provide snacks and drinks, hence the café in the name...
s - Anonymous proxies
- Hard to trace routingRoutingRouting is the process of selecting paths in a network along which to send network traffic. Routing is performed for many kinds of networks, including the telephone network , electronic data networks , and transportation networks...
methods – through unauthorized 3rd party systems, or relays
- "Crowds
- Hiding the fact that a communication takes place
- "Security by obscurity" – similar to needle in a haystackNeedle in a haystackA Needle in a haystack is a figure of speech used to refer to something that is difficult to locate in a much larger space.Needle in a haystack may also refer to:*Needle in a Haystack , an episode of the TV series House...
- Random traffic – creating random data flow to make the presence of genuine communication harder to detect and traffic analysisTraffic analysisTraffic analysis is the process of intercepting and examining messages in order to deduce information from patterns in communication. It can be performed even when the messages are encrypted and cannot be decrypted. In general, the greater the number of messages observed, or even intercepted and...
less reliable
- "Security by obscurity" – similar to needle in a haystack
Each of the three is important, and depending on the circumstances any of these may be critical. For example, if a communication is not readily identifiable, then it is unlikely to attract attention for identification of parties, and the mere fact a communication has taken place (regardless of content) is often enough by itself to establish an evidential link in legal prosecutions. It is also important with computers, to be sure where the security is applied, and what is covered.
Borderline cases
A further category, which touches upon secure communication, is software intended to take advantage of security openings at the end-points. This software category includes trojan horseTrojan Horse
The Trojan Horse is a tale from the Trojan War about the stratagem that allowed the Greeks finally to enter the city of Troy and end the conflict. In the canonical version, after a fruitless 10-year siege, the Greeks constructed a huge wooden horse, and hid a select force of men inside...
s, keylogger
Keystroke logging
Keystroke logging is the action of tracking the keys struck on a keyboard, typically in a covert manner so that the person using the keyboard is unaware that their actions are being monitored...
s and other spyware
Spyware
Spyware is a type of malware that can be installed on computers, and which collects small pieces of information about users without their knowledge. The presence of spyware is typically hidden from the user, and can be difficult to detect. Typically, spyware is secretly installed on the user's...
.
These types of activity are usually addressed with everyday mainstream security methods, such as antivirus software, firewalls
Firewall (computing)
A firewall is a device or set of devices designed to permit or deny network transmissions based upon a set of rules and is frequently used to protect networks from unauthorized access while permitting legitimate communications to pass....
, programs that identify or neutralize adware
Adware
Adware, or advertising-supported software, is any software package which automatically plays, displays, or downloads advertisements to a computer. These advertisements can be in the form of a pop-up. They may also be in the user interface of the software or on a screen presented to the user during...
and spyware
Spyware
Spyware is a type of malware that can be installed on computers, and which collects small pieces of information about users without their knowledge. The presence of spyware is typically hidden from the user, and can be difficult to detect. Typically, spyware is secretly installed on the user's...
, and web filtering programs such as Proxomitron
Proxomitron
Proxomitron, the Universal Web Filter, is a filtering web proxy written by Scott R. Lemmon. This program was originally designed to run under Windows 95....
and Privoxy
Privoxy
Privoxy is a non-caching web proxy with filtering capabilities for enhancing privacy, modifying web page data and HTTP headers before the page is rendered by the browser. Privoxy is a "privacy enhancing proxy", filtering Web pages and removing advertisements...
which check all web pages being read and identify and remove common nuisances contained. As a rule they fall under computer security
Computer security
Computer security is a branch of computer technology known as information security as applied to computers and networks. The objective of computer security includes protection of information and property from theft, corruption, or natural disaster, while allowing the information and property to...
rather than secure communications.
Encryption
EncryptionEncryption
In cryptography, encryption is the process of transforming information using an algorithm to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. The result of the process is encrypted information...
is where data is rendered hard to read by an unauthorised party. Since encryption can be made extremely hard to break, many communication methods either use deliberately weaker encryption than possible, or have backdoors inserted to permit rapid decryption. In some cases government authorities have required backdoors be installed in secret. Many methods of encryption are also subject to "man in the middle" attack whereby a third party who can 'see' the establishment of the secure communication is made privy to the encryption method, this would apply for example to interception of computer use at an ISP. Provided it is correctly programmed, sufficiently powerful, and the keys not intercepted, encryption would usually be considered secure. The article on key size
Key size
In cryptography, key size or key length is the size measured in bits of the key used in a cryptographic algorithm . An algorithm's key length is distinct from its cryptographic security, which is a logarithmic measure of the fastest known computational attack on the algorithm, also measured in bits...
examines the key requirements for certain degrees of encryption security.
The encryption can be implemented in a way to require the use of encryption, i.e. if encrypted communication is impossible then no traffic is sent, or opportunistically. Opportunistic encryption
Opportunistic encryption
Opportunistic Encryption refers to any system that, when connecting to another system, attempts to encrypt the communications channel otherwise falling back to unencrypted communications. This method requires no pre-arrangement between the two systems.Opportunistic encryption can be used to...
is a lower security method to generally increase the percentage of generic traffic which is encrypted. This is analogous to beginning every conversation with "Do you speak Navajo
Code talker
Code talkers was a term used to describe people who talk using a coded language. It is frequently used to describe 400 Native American Marines who served in the United States Marine Corps whose primary job was the transmission of secret tactical messages...
?" If the response is affirmative, then the conversation proceeds in Navajo, otherwise it uses the common language of the two speakers. This method does not generally provide authentication
Authentication
Authentication is the act of confirming the truth of an attribute of a datum or entity...
or anonymity
Anonymity
Anonymity is derived from the Greek word ἀνωνυμία, anonymia, meaning "without a name" or "namelessness". In colloquial use, anonymity typically refers to the state of an individual's personal identity, or personally identifiable information, being publicly unknown.There are many reasons why a...
but it does protect the content of the conversation from eavesdropping
Eavesdropping
Eavesdropping is the act of secretly listening to the private conversation of others without their consent, as defined by Black's Law Dictionary...
.
Steganography
SteganographySteganography
Steganography is the art and science of writing hidden messages in such a way that no one, apart from the sender and intended recipient, suspects the existence of the message, a form of security through obscurity...
("hidden writing") is the means by which data can be hidden within other more innocuous data. Thus a watermark proving ownership embedded in the data of a picture, in such a way it is hard to find or remove unless you know how to find it. or, for communication, the hiding of important data (such as a telephone number) in apparently innocuous data (an MP3 music file). An advantage of steganography is plausible deniability
Plausible deniability
Plausible deniability is, at root, credible ability to deny a fact or allegation, or to deny previous knowledge of a fact. The term most often refers to the denial of blame in chains of command, where upper rungs quarantine the blame to the lower rungs, and the lower rungs are often inaccessible,...
, that is, unless one can prove the data is there (which is usually not easy), it is deniable that the file contains any. (Main article: Steganography
Steganography
Steganography is the art and science of writing hidden messages in such a way that no one, apart from the sender and intended recipient, suspects the existence of the message, a form of security through obscurity...
)
Identity based networks
Unwanted or malicious behavior is possible on the web since it is inherently anonymous. True identity based networks replace the ability to remain anonymous and are inherently more trustworthy since the identity of the sender and recipient are known. (The telephone system is an example of an identity based network.)Anonymized networks
Recently, anonymous networking has been used to secure communications. In principle, a large number of users running the same system, can have communications routed between them in such a way that it is very hard to detect what any complete message is, which user sent it, and where it is ultimately going from or to. Examples are CrowdsCrowds
Crowds is a proposed anonymity network that gives probable innocence in the face of a large number of attackers. Crowds was designed by Michael K. Reiter and Aviel D. Rubin and defends against internal attackers and a corrupt receiver, but provides no anonymity against a global attacker or a local...
, Tor
Tor (anonymity network)
Tor is a system intended to enable online anonymity. Tor client software routes Internet traffic through a worldwide volunteer network of servers in order to conceal a user's location or usage from someone conducting network surveillance or traffic analysis...
, I2P
I2P
I2P is a mixed-license, free and open source project building an anonymous network .The network is a simple layer that applications can use to anonymously and securely send...
, Mixminion
Mixminion
Mixminion is the standard implementation of the Type III anonymous remailer protocol. Mixminion can send and receive anonymous e-mail.Mixminion uses a mix network architecture to provide strong anonymity, and prevent eavesdroppers and other attackers from linking senders and recipients...
, various anonymous P2P
Anonymous P2P
An anonymous P2P communication system is a peer-to-peer distributed application in which the nodes or participants are anonymous or pseudonymous...
networks, and others.
Anonymous communication devices
In theory, an unknown device would not be noticed, since so many other devices are in use. This is not altogether the case in reality, due to the presence of systems such as CarnivoreCarnivore (FBI)
Carnivore was a system implemented by the Federal Bureau of Investigation that was designed to monitor email and electronic communications. It used a customizable packet sniffer that can monitor all of a target user's Internet traffic...
and Echelon
ECHELON
ECHELON is a name used in global media and in popular culture to describe a signals intelligence collection and analysis network operated on behalf of the five signatory states to the UK–USA Security Agreement...
which can monitor communications over entire networks, and the fact that the far end may be monitored as before. Examples include payphone
Payphone
A payphone or pay phone is a public telephone, often located in a phone booth or a privacy hood, with pre-payment by inserting money , a credit or debit card, or a telephone card....
s, Internet cafe
Internet cafe
An Internet café or cybercafé is a place which provides internet access to the public, usually for a fee. These businesses usually provide snacks and drinks, hence the café in the name...
, etc.
Bugging
The placing covertly of monitoring and/or transmission devices either within the communication device, or in the premises concerned.Computers (general)
Any security obtained from a computer is limited by the many ways it can be compromised - by hacking, keystroke loggingKeystroke logging
Keystroke logging is the action of tracking the keys struck on a keyboard, typically in a covert manner so that the person using the keyboard is unaware that their actions are being monitored...
, backdoors, or even in extreme cases by monitoring the tiny electrical signals given off by keyboard or monitors to reconstruct what is typed or seen (TEMPEST
TEMPEST
TEMPEST is a codename referring to investigations and studies of compromising emission . Compromising emanations are defined as unintentional intelligence-bearing signals which, if intercepted and analyzed, may disclose the information transmitted, received, handled, or otherwise processed by any...
, which is quite complex).
Laser audio surveillance
Sounds, including speech, inside rooms can be sensed by bouncing a laserLaser
A laser is a device that emits light through a process of optical amplification based on the stimulated emission of photons. The term "laser" originated as an acronym for Light Amplification by Stimulated Emission of Radiation...
beam off a window of the room where a conversation is held, and detecting and decoding the vibrations in the glass caused by the sound waves.
Anonymous cellphones
Cellphones can easily be obtained, but are also easily traced and "tapped". There is no (or only limited) encryption, the phones are traceable - often even when switched off - since the phone and SIM card broadcast their International Mobile Subscriber Identity (IMSI). It is possible for a cellphone company to turn on some cellphones when the user is unaware and use the microphone to listen in on you, and according to James Atkinson, a counter-surveillance specialist cited in the same source, "Security-conscious corporate executives routinely remove the batteries from their cell phones" since many phones' software can be used "as-is", or modified, to enable transmission without user awareness http://news.com.com/FBI+taps+cell+phone+mic+as+eavesdropping+tool/2100-1029_3-6140191.html and the user can be located within a small distance using signal triangulationTriangulation
In trigonometry and geometry, triangulation is the process of determining the location of a point by measuring angles to it from known points at either end of a fixed baseline, rather than measuring distances to the point directly...
and now using built in GPS features for newer models.
Some cellphones (Apple's iPhone
IPhone
The iPhone is a line of Internet and multimedia-enabled smartphones marketed by Apple Inc. The first iPhone was unveiled by Steve Jobs, then CEO of Apple, on January 9, 2007, and released on June 29, 2007...
Google
Google Inc. is an American multinational public corporation invested in Internet search, cloud computing, and advertising technologies. Google hosts and develops a number of Internet-based services and products, and generates profit primarily from advertising through its AdWords program...
's Android) track and store users' position information, so that movements for months or years can be determined by examining the phone.
Landlines
Analogue landlines are not encrypted, and it is very easy to tap them. Such tapping requires physical access to the line, easily obtained from a number of places, e.g. the phone location, distribution points, cabinets and the exchange itself. Tapping a landline in this way can enable an attacker to make calls which appear to originate from the tapped line.Anonymous Internet
Using a third party system of any kind (payphone, Internet cafe) is often quite secure, however if that system is used to access known locations (a known email account or 3rd party) then it may be tapped at the far end, or noted, and this will remove any security benefit obtained. Some countries also impose mandatory registration of Internet cafe users.Anomymous proxies are another common type of protection, which allow one to access the net via a third party (often in a different country) and make tracing difficult. Note that there is seldom any guarantee that the plaintext
Plaintext
In cryptography, plaintext is information a sender wishes to transmit to a receiver. Cleartext is often used as a synonym. Before the computer era, plaintext most commonly meant message text in the language of the communicating parties....
is not tappable, nor that the proxy does not keep its own records of users or entire dialogs. As a result anonymous proxies are a generally useful tool but may not be as secure as other systems whose security can be better assured. Their most common use is to prevent a record of the originating IP
IP address
An Internet Protocol address is a numerical label assigned to each device participating in a computer network that uses the Internet Protocol for communication. An IP address serves two principal functions: host or network interface identification and location addressing...
, or address, being left on the target site's own records. Typical anonymous proxies are found at both regular websites such as Anonymizer.com and spynot.com, and on proxy sites which maintain up to date lists of large numbers of temporary proxies in operation.
A recent development on this theme arises when wireless Internet connections ("Wi-Fi
Wi-Fi
Wi-Fi or Wifi, is a mechanism for wirelessly connecting electronic devices. A device enabled with Wi-Fi, such as a personal computer, video game console, smartphone, or digital audio player, can connect to the Internet via a wireless network access point. An access point has a range of about 20...
") are left in their unsecured state. The effect of this is that any person in range of the base unit can piggyback
Piggybacking (internet access)
Piggybacking on Internet access is the practice of establishing a wireless Internet connection by using another subscriber's wireless Internet access service without the subscriber's explicit permission or knowledge. It is a legally and ethically controversial practice, with laws that vary by...
the connection - that is, use it without the owner being aware. Since many connections are left open in this manner, situations where piggybacking might arise (willful or unaware) have successfully led to a defense in some cases, since it makes it difficult to prove the owner of the connection was the downloader, or had knowledge of the use to which unknown others might be putting their connection. An example of this was the Tammie Marson case, where neighbours and anyone else might have been the culprit in the sharing of copyright files. Conversely, in other cases, people deliberately seek out businesses and households with unsecured connections, for illicit and anonymous Internet usage, or simply to obtain free bandwidth
Bandwidth (computing)
In computer networking and computer science, bandwidth, network bandwidth, data bandwidth, or digital bandwidth is a measure of available or consumed data communication resources expressed in bits/second or multiples of it .Note that in textbooks on wireless communications, modem data transmission,...
.
Programs offering more security
- SkypeSkypeSkype is a software application that allows users to make voice and video calls and chat over the Internet. Calls to other users within the Skype service are free, while calls to both traditional landline telephones and mobile phones can be made for a fee using a debit-based user account system...
- secure voice over Internet, secure chat. Uses 128-bit AES (256-bit is the standard) and 1024-bit asymmetrical protocols to exchange initial keys (which is considered relatively weak by NIST). Proprietary. No information on backdoors. An article in 2004 suggested that Skype has relatively weak encryption, but more recent analyses, one by invitation and one by reverse engineeringReverse engineeringReverse engineering is the process of discovering the technological principles of a device, object, or system through analysis of its structure, function, and operation...
presented at DEF CONDEF CONDEF CON is one of the world's largest annual computer hacker conventions, held every year in Las Vegas, Nevada...
2005, both conclude that Skype uses encryption effectively. Criticism focuses upon its proprietary "black box" design, its relatively short (1536 bit) keys, excessive bandwidth use of user supernodes, and excessive trust of other computers able to "speak Skype". (See Skype#Security) - ZfoneZfoneZfone is software for secure voice communication over the Internet , using the ZRTP protocol. It is created by Phil Zimmermann, the creator of the PGP encryption software. Zfone works on top of existing SIP- and RTP-programs, but should work with any SIP- and RTP-compliant VoIP-program.Zfone turns...
is an open sourceOpen sourceThe term open source describes practices in production and development that promote access to the end product's source materials. Some consider open source a philosophy, others consider it a pragmatic methodology...
secure voice over Internet program, by Phil ZimmermannPhil ZimmermannPhilip R. "Phil" Zimmermann Jr. is the creator of Pretty Good Privacy , the most widely used email encryption software in the world. He is also known for his work in VoIP encryption protocols, notably ZRTP and Zfone....
, the creator of PGPPretty Good PrivacyPretty Good Privacy is a data encryption and decryption computer program that provides cryptographic privacy and authentication for data communication. PGP is often used for signing, encrypting and decrypting texts, E-mails, files, directories and whole disk partitions to increase the security...
. - I2P-Messenger is a simple secure (end-to-end encrypted), anonymous, and serverless instant messenger with file transfer support.
- pbxnsipPbxnsipPbxnsip is a software implementation of a telephone private branch exchange produced by a company of the same name. Like any PBX, it allows attached telephones to make calls to one another, and to connect to other telephone services including the public switched telephone network and Voice over...
is a SIP-based PBX that uses TLS and SRTP to encrypt the voice traffic. In contrast to other proprietary protocols, the protocol is open so that devices from independent vendors can be used. The encryption includes the relay of instant messagingInstant messagingInstant Messaging is a form of real-time direct text-based chatting communication in push mode between two or more people using personal computers or other devices, along with shared clients. The user's text is conveyed over a network, such as the Internet...
, presence informationPresence informationIn computer and telecommunications networks, presence information is a status indicator that conveys ability and willingness of a potential communication partner—for example a user--to communicate...
, and the management interface. - Secure IRC and web chat - Some IRC clients and systems use security such as SSL. This is not standardised. Likewise some web chat clients such as Yahoo Messenger use secure communications on their web based program. Again the security of these is unverified, and it is likely the communication is not secured other than to and from the client.
- Trillian - offers secure IM facility, however appears to have weaknesses in key exchange which would enable a "man in the middle" attack with ease. Proprietary, no information on backdoors.
- Off-the-Record MessagingOff-the-record messagingOff-the-Record Messaging, commonly referred to as OTR, is a cryptographic protocol that provides strong encryption for instant messaging conversations. OTR uses a combination of the AES symmetric-key algorithm, the Diffie–Hellman key exchange, and the SHA-1 hash function...
(OTR) is a plugin which adds end-to-end encryption, authentication and perfect forward secrecyPerfect forward secrecyIn an authenticated key-agreement protocol that uses public key cryptography, perfect forward secrecy is the property that ensures that a session key derived from a set of long-term public and private keys will not be compromised if one of the private keys is compromised in the future.Forward...
(PFS) to instant messaging. It is not a separate protocol but runs under most every instant messagingInstant messagingInstant Messaging is a form of real-time direct text-based chatting communication in push mode between two or more people using personal computers or other devices, along with shared clients. The user's text is conveyed over a network, such as the Internet...
(IM) protocol. - WASTEWASTEWASTE is a peer-to-peer and friend-to-friend protocol and software application developed by Justin Frankel at Nullsoft in 2003 that features instant messaging, chat rooms and file browsing/sharing capabilities. The name WASTE is a reference to Thomas Pynchon's novel The Crying of Lot 49. In the...
- open source secure IM, high strength "end to end" encryption, within an anonymised network. - Secure email - some email networks such as "hushmailHushmailHushmail is a web-based email service offering PGP-encrypted e-mail, file storage, vanity domain service, and instant messaging . Hushmail uses OpenPGP standards and the source is available for download. Additional security features include hidden IP addresses in e-mail headers...
" or Opolis Secure Mail, are designed to provide encrypted and/or anonymous communication. They authenticate and encrypt on the users own computer, to prevent transmission of plain text, and mask the sender and recipient. MixminionMixminionMixminion is the standard implementation of the Type III anonymous remailer protocol. Mixminion can send and receive anonymous e-mail.Mixminion uses a mix network architecture to provide strong anonymity, and prevent eavesdroppers and other attackers from linking senders and recipients...
and I2P-Bote provide a higher level of anonymity by using a network of anonymizing intermediaries, (similar to how TorTor (anonymity network)Tor is a system intended to enable online anonymity. Tor client software routes Internet traffic through a worldwide volunteer network of servers in order to conceal a user's location or usage from someone conducting network surveillance or traffic analysis...
and crowdsCrowdsCrowds is a proposed anonymity network that gives probable innocence in the face of a large number of attackers. Crowds was designed by Michael K. Reiter and Aviel D. Rubin and defends against internal attackers and a corrupt receiver, but provides no anonymity against a global attacker or a local...
work above, but at a higher latency). - AESpad.com - open source online encrypted secure chat. Uses 256-bit AESAdvanced Encryption StandardAdvanced Encryption Standard is a specification for the encryption of electronic data. It has been adopted by the U.S. government and is now used worldwide. It supersedes DES...
symmetrical encryption. Relies on a pre-shared key between chat participants. - ChatCrypt.com - another online encrypted secure chat. It uses the 256-bit AESAdvanced Encryption StandardAdvanced Encryption Standard is a specification for the encryption of electronic data. It has been adopted by the U.S. government and is now used worldwide. It supersedes DES...
symmetrical encryption in CTRBlock cipher modes of operationIn cryptography, modes of operation is the procedure of enabling the repeated and secure use of a block cipher under a single key.A block cipher by itself allows encryption only of a single data block of the cipher's block length. When targeting a variable-length message, the data must first be...
mode.
General background
- Secure computingSecure ComputingSecure Computing Corporation, or SCC, was a public company that developed and sold computer security appliances and hosted services to protect users and data...
- Opportunistic encryptionOpportunistic encryptionOpportunistic Encryption refers to any system that, when connecting to another system, attempts to encrypt the communications channel otherwise falling back to unencrypted communications. This method requires no pre-arrangement between the two systems.Opportunistic encryption can be used to...
- Communications securityCommunications securityCommunications security is the discipline of preventing unauthorized interceptors from accessing telecommunications in an intelligible form, while still delivering content to the intended recipients. In the United States Department of Defense culture, it is often referred to by the abbreviation...
- Secure messagingSecure messagingSecure messaging is a server based approach to protect sensitive data when sent beyond the corporate borders and provides compliance with industry regulations such as HIPAA, GLBA and SOX...
Software selections and comparisons
- Comparison of VoIP softwareComparison of VoIP softwareVoIP software is used to conduct telephone-like voice conversations across Internet Protocol based networks. VoIP stands for "Voice over IP". For residential markets, VoIP phone service is often cheaper than traditional public switched telephone network service and can remove geographic...
- Comparison of instant messaging clientsComparison of instant messaging clientsThe following tables compare general and technical information for a number of instant messaging clients. Please see the individual products' articles for further information. This article is not all-inclusive or necessarily up-to-date...
- Anonymous P2PAnonymous P2PAn anonymous P2P communication system is a peer-to-peer distributed application in which the nodes or participants are anonymous or pseudonymous...
Other
- I2PI2PI2P is a mixed-license, free and open source project building an anonymous network .The network is a simple layer that applications can use to anonymously and securely send...
- FreenetFreenetFreenet is a decentralized, censorship-resistant distributed data store originally designed by Ian Clarke. According to Clarke, Freenet aims to provide freedom of speech through a peer-to-peer network with strong protection of anonymity; as part of supporting its users' freedom, Freenet is free and...
- Hepting vs. AT&T, a 2006 lawsuit in which the Electronic Frontier FoundationElectronic Frontier FoundationThe Electronic Frontier Foundation is an international non-profit digital rights advocacy and legal organization based in the United States...
alleges AT&TAT&TAT&T Inc. is an American multinational telecommunications corporation headquartered in Whitacre Tower, Dallas, Texas, United States. It is the largest provider of mobile telephony and fixed telephony in the United States, and is also a provider of broadband and subscription television services...
allowed the NSA to tap all of its clients' Internet and Voice over IPVoice over IPVoice over Internet Protocol is a family of technologies, methodologies, communication protocols, and transmission techniques for the delivery of voice communications and multimedia sessions over Internet Protocol networks, such as the Internet...
communications - NSA warrantless surveillance controversyNSA warrantless surveillance controversyThe NSA warrantless surveillance controversy concerns surveillance of persons within the United States during the collection of foreign intelligence by the U.S. National Security Agency as part of the war on terror...
- Kish cypherKish cypherThe Kish cypher is a technique purported to maintain secure communications utilizing classical statistical physics due to Laszlo B. Kish. The Kish cypher is a physical secure layer where the security is provided by the laws of physics and it should not be confused with a software-based approach...
- Secret cell phone