New TOR/I2P like program. *THEORY*

[x942]

I have been working on a new (More secure) TOR like network. While still in its infancy I thought I would share our ideas so far:
Like TOR a user would connect and be bounced through 3 nodes. Their data is encrypted through the network and ultimately anonymous. To prevent some of TOR's down falls (rouge end nodes) and p2p data leaks we have made some changes:

1) End Nodes are vetted before being allowed on the network. This is down through a series of checks. While the main source is open the end nodes would be closed source and ONLY those version (which generate a unique ID/Key) can act as an end node.

2) End Nodes use a special version of the program that can generate those keys. The keys can NOT be generated by the normal version. This version is compiled for each end node and has a unique SHA512 hash for each node as well as a watermark. (this way if any leaks occur we know who did it). A kill-switch is placed in the end nodes as well to remove the keys if a rouge server pops up. (we can also revoke keys; banning them from the network forever). In the event of government intervention the operators of these nodes can also invoke a kill-switch.

3) middle-nodes can be operated by anyone on the network as there is no risk here (the data is encrypted until the end node).


Now the network also has the following features as well. These are end-to-end encrypted:
- IM: Secure IM client uses unique (randomly generated) public keys to encrypt chat traffic within the encrypted network. (two-layers basically). These keys change every time automatically and can be manually changed if needed. Users are given a unique ID upon first logon. Messages are also anonymous (bounced through the nodes).

- File Transfer: Files are encrypted sent through the network and received by the recipient.

- News/BBS: Anyone that needs to release information (akin to wikileaks) can do so here. All information is passed through the nodes like above and posted on secure, encrypted networks. This is downloaded via the software if enabled by the user. A wipe command is built in to wipe out data on the users computer with a DOD-3 pass wipe or higher. This can be set to wipe any number of files. The actual upload files are spread through out the network and nodes (in encrypted form) to keep them alive in the event the uploader or one or more servers are taken down. This allows news to be pulled via p2p if needed.

- Anonymous Email: Headers are anonymized and random email address is generated based on the users ID (can be changed at will). E-mail is encrypted and passed through the network to the recipient. IF recipient is using the service the email is encrypted with random keys for one-time use. if the recipient is using normal e-mail PGP/GPG can be used instead.

(one-time use means these keys are generated at start up/login. As soon as the computer or software is restarted new keys are generated replacing the old ones).

Any thing else I should include?

Any comments are welcome

[hugsy]

keep up the good work

[x942]

Quote:

Originally Posted by hugsy

keep up the good work

Thanks We are hoping to launch a public release within the year. I hope we help put a dent in censorship. I am hopping to include an encrypted VOIP system like RedPhone and maybe even integration with TC and/ or PGP for FDE.

[Cutting_Edgetech]

Is there a webpage that we can keep up with these events?

[x942]

Quote:

Originally Posted by Cutting_Edgetech

Is there a webpage that we can keep up with these events?

Yes and no. The website is www.zodity-design.ca but I haven't uploaded it yet so it is just a parked domain. I am finishing the website and than I will upload it. However I may change domains once we name the project. That domain was for my IOS apps, but I haven't released any yet I will throw up a blogspot page for now at www.projectuntraceable.blogger.com. Will update more there and post back here as well.

[TheMozart]

Sounds very unrealistic and fantasy and I doubt it can be done.

[cm1971]

Quote:

Originally Posted by TheMozart

Sounds very unrealistic and fantasy and I doubt it can be done.

Would you have said the same thing about TOR before it got off the ground? I say lets give him a chance first. You never know.

[J_L]

Rouge servers, are those people that serve you rouge make-up?

Seriously, your ideas are interesting and potentially useful. Like to see it in action though.

[x942]

Quote:

Originally Posted by TheMozart

Sounds very unrealistic and fantasy and I doubt it can be done.

I understand why you are skeptical. But this is very possible. As far as the network goes its TOR but with vetted end nodes for heightened security and stronger fingerprints (keys) so they can be revoked/killed if needed. The hard part is the rest of the features we are even using TOR's source as a base to develop on.

Quote:

Seriously, your ideas are interesting and potentially useful. Like to see it in action though.

I hope we can finish this before the year is over. Even if it is only alpha or a demo. I would like to at least show everyone what is possible.

[lotuseclat79]

Hi x942,

Why not donate/integrate your efforts with the Tor project? I'm fairly sure they would be very interested in hosting your effort.

-- Tom

[Konata Izumi]

Is this is going to be more slower than TOR?

[x942]

Quote:

Originally Posted by Konata Izumi

Is this is going to be more slower than TOR?

It will probably be about the same. The more people on the network the slower it will be. a good example is TOR vs IronKey's Secure Sessions (a private TOR network).

Quote:

Hi x942,

Why not donate/integrate your efforts with the Tor project? I'm fairly sure they would be very interested in hosting your effort.

That's a good idea. I will keep it in mind. I was also hoping to build a custom TAILS image with our software instead of TOR. But this is still a long way off we have just finished securing TOR with the end node modifications.

[lordraiden]

Here there is another alternative: http://advtor.sourceforge.net/
Maybe they can help you too.

[chelsea geek]

I hope you will make a live CD live Tails. Better yet, how about working with Tails on their next upgrade? tails.boum.org. Someone in the tails forum posted a link to this thread. That is how I discovered this thread.

Redphone was mentioned.above. Redphone encrypts calls on Android phones. I do not understand how Redphone could be used with TOR. It would be wonderful to include a VoIP which could call phones. I read Skype has a back door. Only live CD distros I found that have Skype preinstalled are PCLinuxOS, Extix and Mepis. However, these live distros do not have TOR preinstalled. I do not know how to download and install a program to a live CD. Puppy has links to Skype and TOR but they are not preinstalled.

Does anyone know of a live CD with preinstalled GNU Free Call? I recommend Tails to include GNU Free Call in their next upgrade. http://goolinux.com/server/gnu-free-...ternative-pc-w

[x942]

Quote:

Originally Posted by chelsea geek

I hope you will make a live CD live Tails. Better yet, how about working with Tails on their next upgrade? tails.boum.org. Someone in the tails forum posted a link to this thread. That is how I discovered this thread.

Redphone was mentioned.above. Redphone encrypts calls on Android phones. I do not understand how Redphone could be used with TOR. It would be wonderful to include a VoIP which could call phones. I read Skype has a back door. Only live CD distros I found that have Skype preinstalled are PCLinuxOS, Extix and Mepis. However, these live distros do not have TOR preinstalled. I do not know how to download and install a program to a live CD. Puppy has links to Skype and TOR but they are not preinstalled.

Does anyone know of a live CD with preinstalled GNU Free Call? I recommend Tails to include GNU Free Call in their next upgrade. http://goolinux.com/server/gnu-free-...ternative-pc-w

I Will definitely keep that in mind. I personally love TAILS and use it all the time when I need to surf anonymously . What I mean by RedPhone is a similar VOIP service. The service would something like: http://zfoneproject.com/getstarted.html

It encrypts the entire conversation using the OTR protocol and RFC 6189 -- ZRTP: Media Path Key Agreement for Unicast Secure RTP created by Phil Zimmerman. They also use a unique anti-MITM technique where users compare a challenge and response displayed on the screen.

I hopping to integrate something like this into the network. That way the calls would not just be encrypted but also completely anonymous and nearly impossible (if not impossible) to trace back to the source(s).