Zero-Knowledge Systems` "Freedom" Presentation
Download
Report
Transcript Zero-Knowledge Systems` "Freedom" Presentation
Reinventing Digital Identity
• Design Goals
• Product Overview
• Technology & Cryptography Overview
• Question & Answer
Design Philosophy
• Authenticated, secure communications
are GOOD.
• Government & 3rd-party Certificate Authorities that
force ‘True Identity’ certificates are BAD.
• Pseudonymous certificates are GOOD.
Design Goals
• Persistent, cryptographically-assured pseudonyms.
• Full strength cryptography with no key escrow.
Nobody knows your true identity.
• Completely pseudonymous system architecture for
total privacy protection.
Design Problems
• Distributed anonymous system for technical security.
• Distributed anonymous system for protection against
legal/legislative attacks.
• Technical requirements for total anonymity requires
Anonymous IP protocol.
Introducing…
Freedom Server
• Freedom Servers are Anonymous Internet
Proxies
• The Freedom server network carries all
Anonymous IP traffic.
• Distributed without charge to Freedom
Network operators.
• Freedom network operators are part of a
revenue sharing program.
Freedom Server Features
• Support Internet
Freedom
• Protect users’ privacy
• Market your Internet
services as ‘Privacy
enhanced’
• Value-added for ISP
customers
• Reduce liability and
abuse handling
associated with users’
actions
• EARN REVENUE$ !
Freedom Server: Technical Details
• Freedom Server currently operates on Solaris 2.6 &
Linux 2.1
• Suggested bandwidth requirement:
256Kbps (~1/5 of a T1) minimum.
• Configurable bandwidth-shaping
manages the Freedom network’s bandwidth usage.
“Freedom” (the Client)
Freedom allows for completely anonymous:
•
•
•
•
•
•
E-mail (bi-directional pseudonymous e-mail is supported)
Usenet News (Pseudonymous news reading and posting)
Web browsing (Completely pseudonymous web browsing)
IRC (Anonymous IRC chat, DCC is not supported in this version)
Anonymous SSH Login
Anonymous Telnet & DNS
“Freedom” Client
(con’t)
• Client creates multiple pseudonyms in the form of
‘[email protected]’.
• Client allows users to associate any action with a
specific pseudonym.
– E-mail to ‘[email protected]’ is always sent as
‘[email protected]’
– When browsing ‘www.private.com’ use 4 hops and make my
pseudonym be located on Grand Caymans.
– When posting to ‘alt.china.dissident’ post as
‘[email protected]’.
“Freedom” Client
(con’t)
• Encryption and pseudonym handling is fully
transparent to Users.
• Client will initially be available for Windows & Linux in
Q1/99
• Macintosh client available Q2/99.
• Testing begins in December, if you register at the
website now!
Mail
Technology & Cryptography
Overview
• Review of Anonymous IP
• Review of Digital Identity
• Review of System Cryptography
The Anonymous Cloud
1. Client sets up anonymous
route and negotiates keys with
servers.
2. The first server removes one
layer of encryption.
3. The next server removes a
layer of encryption.
4. The final hop removes the
last layer of encryption and
forwards the traffic to the final
destination. Traffic returning
through the tunnel has data
encrypted in reverse with the
client removing all the layers
of encryption.
Anonymous IP
• Dynamic anonymous route creation through multiplyencrypted server hops.
• Route selection is fully configurable,
or selected automatically.
• All Anonymous IP servers have padded links to each
other with cover traffic to protect against traffic
analysis.
Pseudonymous Digital Identity
• Your Digital Identity is comprised of the following
elements:
–
–
–
–
Pseudonym (Name + PGP DSS sig.)
Public Key (PGP DH v5.5.5-compatible)
Multiple Reply Blocks
Vital Statistics
Review of System Cryptography
• Freedom Servers & Clients are exportable to all
countries in the world except the seven terrorist
nations named in the Wassenaar Arrangements.
• The system uses no key escrow or key recovery
techniques!
• Freedom is for Everyone, regardless of their
government (features backbone attack-resistance).
Review of System Cryptography
• Freedom uses the SSLeay cryptography libraries with
Blowfish for symmetric encryption and DSS/DH for
public key encryption.
• Freedom’s architecture & cryptography will be
independently audited by Counterpane Systems
(Bruce Schneier).
General Product Info
• Client software is available in two versions: “Light”
(free) & “Pro” (~$50-65, plus <$10 annual fee per
pseudonym).
• Light version includes E-mail, Usenet and low-priority
web browsing. Also includes one (1) numeric
pseudonym.
• Pro version adds IRC, Telnet, SSH and
five (5) user-defined pseudonyms.
For More Information, visit...
http://www.freedom.net