How Kullo uses OpenSSL

Although Kullo uses the crypto library Botan for all it’s encryption jobs it needs OpenSSL. That is because The Open Kullo Protocol is an HTTP-based API that enforces TLS. Since we don’t want to reinvent the wheel and implement HTTPs on our own, we use a library for that. On the desktop platforms that is Qt Network at the moment. An alternative would be cURL and I am sure there are others. These libraries have in common that they depend on OpenSSL to implement the TLS. If there’s an Botan TLS based HTTP(s)-library for C++ out there, I’d appreciate a hint in the comments.

So OpenSSL is mandatory. But where do we get it from and in which version? That question has to be answered differently for every operating system. Continue reading

End-to-end encryption by default

Universal encryption is difficult and expensive, but unfortunately necessary. – Nicholas Weaver, Wired

What sets Kullo apart from most other alternatives that offer ‘secure’ messaging? The end-to-end encryption.
But let us discuss what this means, and why it is important.

When transmitting data via the internet, there are several ways to do so:

  • unencrypted
  • partly encrypted
  • end-to-end encrypted

Unencrypted data transfer

How data is transmitted is defined in the message protocol. A protocol is much like a recipe, it defines the rules of the data exchange. Many widespread network protocols in use were not designed with encryption in mind, so unsurprisingly, a lot of data is still sent across the internet unencrypted. While browsing the website of the New York Times for instance, the data transmitted between you and their servers is not encrypted.

New York Times Screenshot

Transport encrypted transfer

Websites that handle sensitive data (usually websites where you have a user account) usually have some sort of encryption in place, a well-known protocol employed by most websites is SSL, which encrypts all traffic between the website (i.e. server) and the user. This the main difference in visiting http://www.mybank.com and https://www.mybank.com. Transport encryption means that the data is transferred in encrypted form only between certain nodes, and then being stored locally in unencrypted form.

Let’s focus on communication service providers: For a host of reasons, most communication protocols employ encryption only for subsections of the message route, decrypting and encrypting the messages along the way at certain nodes. Almost all ‘encrypted’ communication services use encryption on the way between the client and servers and vice versa. However, since the data is decrypted and encrypted at least once, these services do have access to the full contents of the messages on their servers.

A prime example of this would be online email providers like Google Mail. While an email is encrypted when you send it to the Gmail servers, it has to be decrypted somewhere on their servers. Google is in the advertising business, and Gmail is free because your emails are scanned automatically to create targeted advertising.

Furthermore, services like spam filtering, fast search (through indexing) and antivirus protection are only possible if the emails are accessible for the provider. This does not mean that Google Employees are reading your emails or would be able to on a whim. Yet, when using a service is only partly encrypted, the user always has to trust the company that provides the service (Google, Facebook, Whatsapp) which has its their reputation and with it its survival on the line. It does however mean that mean that in theory, the company is able to access and hand over your messages if, for instance, they get a request to do so from a government or law enforcement agency.

But next to the necessity of trusting the provider, any server that contains your data in unencrypted for also poses an additional security risk: In this article on Wired from which the quote at the top of this post originates, Nicholas Weaver explains why end-to-end encryption is not only necessary for privacy, but for security reasons.

If the NSA can hack Petrobras, the Russians can justify attacking Exxon/Mobil. If GCHQ can hack Belgacom to enable covert wiretaps, France can do the same to AT&T. If the Canadians target the Brazilian Ministry of Mines and Energy, the Chinese can target the U.S. Department of the Interior. We now live in a world where, if we are lucky, our attackers may be every country our traffic passes through except our own.

Which means the rest of us — and especially any company or individual whose operations are economically or politically significant — are now targets. All cleartext traffic is not just information being sent from sender to receiver, but is a possible attack vector.

The increased awareness for internet security has caused the Internet Engineering Task Force (IETF) to launch plans to encrypt all internet traffic eventually.

So what is the answer to this problem? End-to-end encryption.

End-to-end encrypted data transfer

Genuine end-to-end encryption is very rare. In effect, it means that there are only two places where your messages are available in unencryted form: your device and the device of the recipient. This has been implemented nicely in several instant messaging solutions that focus on synchronous communication, but few if any asynchronous messaging solutions offer it. Among tech aficionados, the email encryption methods PGP and S/MIME are quite popular, but they have to be set up by someone with some encryption knowledge.

We believe that this is the only way sensitive information should be transmitted, and therefore the Kullo protocol implements end-to-end encryption by default.

Linus Neumann: Thoughts on De-Mail

I’ve tried to choose a neutral title for this post, but I am afraid that the title of the talk Linus Neumann recently gave to the CCC gives everything away: Bullshit made in Germany (YT).

CCC-dog

In his wonderful talk, Neumann (of the popular podcast Logbuch:Netzpolitik) sharply criticises the principles De-mail is built upon and the government agencies and companies involved in the process. As the Deutsche Post is now contemplating to become a certified De-mail provider, it looks like the De-mail is gaining traction, if not among customers, at least among the German government and potential providers.

To find out why that is a bad thing, watch Neumann’s talk or read the brief summary below.

Key problems with De-mail

No end-to-end encryption

The creation of De-mail was a unique chance to make a beautiful system with end-to-end encryption the default by giving every citizen a unique certificate. This would have effectively increased the share of communication that would have not been accessible by the government – which is why it wasn’t implemented. The responsible parties flaunt the implemented transport encryption as a great security advantage – but that should be standard for any communication channels.

Legal validity

To grant the De-mail the same legal validity as a signed letter, new laws were introduced. These both lower the privacy standard (as end-to-end encryption is not necessary anymore) and make each De-mail legally equivalent to signed documents.
The legal ramifications are troubling – after a one-time proof of identity all De-mails are electronically signed by the provider, and this signature is supposed to certify the origin.

Perfect for surveillance

Since De-mails are locally decrypted, ostensibly to scan them for viruses, they are a wet dream for the government agencies that might want to monitor communication: the De-mail system is limited to a few providers, is by definition (and by making it expensive) only used for sensitive communication, does not have any spam and gives the users the illusion of secrecy while being readily accessible for surveillance.

Dubious involved companies

As a contractor of several involved companies and the German government, Bearingpoint has been a part of development of the De-mail and the E-Postbrief. Coincidentally, it has also worked on the and TKÜ (=wiretapping) for the BKA.

CSC is known for being a contractor of the NSA, but has also been involved in the ePass (the electronic passport) system and the De-mail. What else have they done for the German government? The code review for the so-called Bundestrojaner, a spyware that has been used by the BKA.

Incompatible with the rest of the world

The De-mail system is intentionally limited to Germany. We agree with Neumann, that this is a severe limitation for any communication channel, and will cripple this system indefinitely.

Evident agenda

All of this lead to only one possible conclusion: De-mail was developed to boost the Germany economy and maintain a surveillance option. As Neumann succinctly states:

No government is stupid enough to provide their citizens with a bug-proof communication system.
A spread of the De-mail would pacify worried companies and individuals and give them the illusion of privacy.

Addendum: E-Mail made in Germany

This campaign pure marketing. The newly implemented transport encryption is decades old and used by most other email providers, and it is quite scandalous that it has not been the standard so far. In addition, the transport encryption is not implemented at all in some instances: in his talk Neumann shows that he can access his emails on Telekom and GMX servers without any encryption.

Deutsche Post contemplates using De-Mail

During the last months, Deutsche Post has been adamant on its position to ignore the De-Mail (implemented by 1&1, Telekom,
Mentana-Claimsoft) in favour of its own product called E-POSTBRIEF. This is about to change, according to a recent article by the FAZ.

The main reason for this was the proprietary identification method used by the Deutsche Post called PostIdent, which required a user to provide his ID card number and the issuing authority. If and how this method is about to change is currently unknown, but a PR representative of Deutsche Post hinted at fruitful negotiations regarding a De-Mail certification. This is quite significant for the German market in encrypted messaging, as it would boost the utility of De-Mail and make it the de-facto standard.

While interest levels among government agencies and big companies are on the rise, the reaction of private customers has been lacklustre: even with promotions and marketing 1&1 has only counted 170.000 private De-Mail accounts so far.

This is not due to lack of interest: we believe, that the De-Mail system is inherently flawed, with several critical drawbacks. A De-Mail does not offer end-to-end encryption, it is limited to to German users and each message is priced at 39 cents.

While we understand that providing secure messaging costs money that cannot be recouped via advertising, we do not believe that pay-per-message is a viable proposition in an era that is characterised by unlimited text packages, WhatsApp, and email.

We are furthermore highly concerned that this method has caused several debatable changes to the German privacy and data security laws: instead of creating an online equivalent to the ‘end-to-end’ security of a regular letter, the responsible parties have chosen to lower the legal standards and disregard end-to-end encryption as a crucial practice in the transmission of sensitive documents.

All links in German.

Good article on email encryption at golem.de (in German)

Some key points from the article:

  • The NSA scandal has sensitized a lot of people, but calling it an encryption boom would be exaggerating – encryption still is an annoying hassle for most and rarely ever used.
  • A key quote by Thomas Jarzombek (CDU): “Email encryption is like sex among teenagers: everyone’s thinking that everyone else is doing it, but few actually are. And those few that actually do it do it badly.
  • The amount OpenPGP keypairs generated daily has tripled to 1500.
  • OpenPGP solutions like Enigmail still has important disadvantages: uploading your key potentially exposes you to spam, and metadata and subject of your emails stay unencrypted.
  • Dorothee Bär (CSU): “The necessary effort for current email encryption is rather comparable to using a steering wheel lock and wheel lock every time I park my car – but I want to be able to protect my privacy in a simple, easy way.
  • 72% of German members of parliament never encrypt their emails, 39% are unwilling to do so in the future, only 13% want to start using encryption (sample size: 126)
  • The De-Mail, the preferred method, does not offer end-to-end-encryption and is, according to the article, comparable to using condoms with holes.
  • The German ministry of internal affairs does not yet use email encryption because of the ‘organizational challenges in terms of integration and public-key-infrastructure’

The full article comes highly recommended.

This articles highlights our main motivation for developing a solution that automatically handles all key management and distribution: even in times where the awareness is high, users do not want to spend effort on their encryption. Therefore, encrypted communication can only become a standard if no-hassle solutions with end-to-end encryption like Kullo are available.