Sunday, June 21, 2015

Identity Validation Regardless of Message Source

There are cases when one needs to communicate securely with a specific person to ask for help or to share private information. In such cases, one's private account must never be used, and instead, a new anonymous ID must be created.

Scenario example: Person Alpha has published secure ways to be reached (PGP/GPG Public key to be used for emails, or a secure chat facility). You need to contact that person from an anonymous account.

Solution:

  1. Create an ID for the intent of sending ONE message only.
  2. This message must start or end with a hash.
  3. The hash is an output of a text that you have randomly selected (old news article, historical event, ...etc.) that is not included in the same email, but instead, included in the next email exchange.
  4. This way, the recipient is able to validate the sender's identity even if the sender used a different ID or email, simply by hashing the first/last paragraph to result in the same hash output of the previous email.

A source for the random text should not be anything that can be linked to you. Not your favorite song lyrics, name, birth date, ...etc. It must be RANDOM. A good example is an article, or a part of an article, from Wikipedia. Luckily, Wikipedia offers an option to get a random article: https://en.wikipedia.org/wiki/Special:Random
It's also a good idea to mix 2 sources of random text to avoid having an adversary pre-compute text (something someone with lots of compute power can easily do). Google's "I'm Feeling Lucky" button will take you to a random topic.

It is up to you to select the text, but make sure it's at least 1 paragraph, then use a STRONG 1-way hash function such as SHA512. Avoid weak functions such as CRC & MD5. It is also advisable to NOT use any online converters. Download a tool to do the hashing offline on your computer.

This method can also be used to publish posts on famous text dump sites, such as pastebin, without having to register an ID. People can verify that the next dump is legit by hashing the paragraph you define in your next post.

Example posts to pastebin verifying the authenticity of the poster:

Message 0:

======== begin SHA512 hash ========
07f0f838fe03b92682728e8b2164796ea53bfa8f9a11dd29f0057ab9ea8a222142819c3c9d40d170519977544d9b623d02099bdc0e25f1f6e739a34b065e2793
======== end SHA512 hash ========
I need help. I have secret docs that I need to publish and require you to do it on my behalf. I can't expose myself.

I'll send details from another account in a different email. Write "The weather is nice today" in your public Twitter account so that I know that you received this and agree.

The sender then sends another email from a different account (to avoid creating an association between sender & receiver).

Message 1:

======== begin SHA512 hash ========
dd5e53f533d6d740857249b215e0a49c61f221abc5c633d6cda141efad5a558426e9c943ef1015a2b468c6fc9289a302b6ef455459d19d6283a24612710894cc
======== end SHA512 hash ========

======== begin hash text ========
Vernon Reginald Pinkney (born May 27, 1955 in St. Louis, Missouri) is a former American football defensive back. He played five seasons in the National Football League, two with the Detroit Lions and three with the Baltimore Colts.[1] Pickney was drafted 166th overall in the 1977 NFL Draft after an All-Conference career at East Carolina University.

Under the rule of the House of Este, the city of Ferrara attracted great artists and scholars of the Italian Renaissance, and the city itself expanded according to Renaissance ideals of urban design.
======== end hash text ========

Here's the link to the Tor hidden service to download the documents: http://dx2oyt83zbdgc3uy.onion/.files/secrets.7z

When receiving and downloading the files successfully, put a hidden HTML tag in your blog/site that says 'I can has cheezburger'.

As you can see, the sender changes his email , and didn't have to provide a way to be contacted back. Some email services even allow you to set an expiration date on an email account & it gets auto deleted.

Additionally, the first block of hash text is for the NEXT email to be authenticated, if any. It's always a good idea to keep one in case you have to reach out to the person and to prevent any impersonation attempts.

Below the hash output is the text that should be hashed to get the hash output of the previous email (Message 0). This is how the receiver validates the sender's identity.

Recommendations:

  1. Only email the person if s/he has a public key published, otherwise if you email in plaintext, you risk the email being intercepted & modified, rendering all future exchanges to be altered by an adversary.
  2. If the person doesn't have a public key or an encrypted messaging option, ask them to do so using an anonymous account. Twitter, web-to-SMS, ...etc. Always use Tor to browse and create any anonymous/fake/temp account.
  3. It's good practice to add spelling mistakes and random characters to the random text you chose, to further reduce the chance of it being pre-computed.
  4. Use a new email/messaging account for each message you send. Many tools and adversaries online exist that can correlate between frequency of emails and possible people to monitor. By sending from multiple accounts, each one only once, you reduce the chance of being tracked or linked.


Be paranoid. Be safe.