Understanding Adversary Resistant Networking

Encouraging best practices in the VPN industry via independent, community-certified verification of clean installers and clean basic service operations. Let's reward the good, and make the bad a little bit less tempting 〰 github repo#cleanVPN
Posts: 8
Joined: Mon Jan 21, 2013 2:11 pm

Understanding Adversary Resistant Networking

Post by killswitch » Sun Jul 26, 2015 3:05 pm

There are a variety of bad things that can happen when an adversary can connect a public IP address to your online activities. This can range from the bratty kid next door pranking you, to the MPAA suing you for downloading a movie, to intelligence agency or law enforcement attention. There are a number of ways to conceal your movements, but no one of them is 100% bullet proof, so knowing their strengths and weaknesses will help you select the right one for any given problem.

The Onion Router, commonly referred to as Tor, was designed by the U.S. Naval Research Laboratory, and made public in 2004. When used on a workstation, Tor starts a service that makes encrypted links to entry relays, it provides one or more local SOCKS5 proxies for your applications, and traffic is sent to exit relays, which provide access to the clearnet.

The Onion Router also offers hidden services, a special domain ending in .onion, which is only visible to those using the Tor network. A notable example of this is http://silkroad6ownowfk.onion, one of the addresses associated with the Silk Road 2.0 dark net market.

Since Tor only offers a SOCKS5 proxy, it only supports TCP connections. This means web browsing and chat sessions will work, but it can't do audio streaming or VoIP calls, as those depend on UDP connections. When you are accessing web sites and you absolutely can't afford to leave a trail, this is the one to use.

The Invisible Internet Project, known as I2P, is similar in spirit to Tor. It establishes encrypted connections to other I2P nodes and it offers local ports which permit access to I2P hidden services, which are called 'eepsites'. The names are free form just like clearnet domains, but they end with '.i2p' as their top level domain.

There are exits to the clearnet on I2P, but most are not meant for widespread anonymous access, they tend to be pet projects or services for small numbers of people who know each other. Interest in I2P has grown in parallel with all of the negative attention Tor has been receiving. There is now a C++ version of the software, which is suitable for use on headless servers, and there has been at least one darknet market effort made using I2P. This system is not quite ready for prime time, but it's evolving rapidly, and you should be aware that it exists.

The other anonymizing network is Cryptostorm, which uses OpenVPN to provide its service, but it should not be mistaken for just another VPN. Their is a hierarchy of capabilities among OpenVPN service providers, and their offering is unique.

There are a number of VPN providers that offer paid service and perhaps a free low speed service, but they require that you install their software. These binary blobs contain adware, keyloggers, and complete rootkits. If you are considering a VPN provider, make sure they offer a text config file you can use with OpenVPN. Treat any that do not offer this as untrustworthy.

There are some providers that offer both a free low speed service and connecting with OpenVPN. PrivateTunnel does this as a loss leader to get people to subscribe. VPNBook provides unlimited access at high speed, but there has to be some underlying revenue method they do not disclose, perhaps something like inline serving of their ads instead of the ads of the sites you are visiting. The RiseUp collective has offered OpenVPN access in the past as part of their member services and is currently experimenting with LEAP and Bitmask. These all offer varying degrees of IP address concealment, but they require some expertise to ensure they do what you need.

Cryptostorm offers two advantages over these other VPN providers.

The first is that access is obtained by getting a digital token and then hashing it. Reversing the hash is computationally impossible, so no one can backtrack to your purchase by observing your VPN traffic. Even if someone could do that, tokens are sold via Bitpay or by resellers, and Cryptostorm doesn't know the details of those transactions. Other providers swear they don't log, then require you to have a username and a password. Cryptostorm is functionally incapable of logging, because they never collect enough information from subscribers to do that.

The second advantage is that Cryptostorm is not just a VPN, the service also includes some 'baked in' protection against common attack vectors. When the webrtc/STUN IP address leak was made public Cryptostorm implemented a fix within thirty six hours and it's now a permanent part of the service. Certificate Revocation Lists are almost never used for their intended purpose, but there are several types of malware that depend on the fact that browsers do no checking on CRLs they receive. Cryptostorm started dropping all CRLs a few months ago and nobody has missed them.

Cryptostorm is a good solution for those who want to circumvent country based filtering for streaming services like Netflix, it is dramatically faster for torrent file sharing, and it is often accepted by sites that have banned anonymous use via the Tor network.

There are reasons to combine these two approaches. If you're running Whonix or even TAILS in a VM, having Cryptostorm for your host OS ensures that if you hit some sort of exploit that can de-anonymize Tor clients, all your opponent will get is a Cryptostorm IP. On the other hand, Tor exits are often banned due to abuse, and Cryptostorm will accept inbound TCP connections, which can be used to circumvent those bans.

Thanks to an earlier leak, the world has long known of the type of deep packet inspection Blue Coat provides to repressive regimes. Thanks to the recent Hacking Team leak we know a bit more about Corruptor-Injection Networks, which use subterfuge such as type 302 redirects to insert their exploits into whatever legitimate browsing you were doing.

Just as standalone general purpose operating systems are no longer safe, the same holds true for the networks you use. Layered defenses are the way of the future, both for your computer's operating system and the means by which you communicate with the rest of the world.