What's the safest way to transmit a message to another client through a server hidden from high level malicious users?

Question

Suppose you're constantly being menaced by high profile hackers and agencies that try to intercept messages sent between you and a friend.

The question is: what's the safest way to send messages to him without any malicious user or agency being able to either:

1. Intercept and decrypt yours or your friend's messages.
2. Interrupt your communication by means of MiTM or DDoS. Do cloud servers hosted in different parts of the world help offloading DDoS traffic and making it difficult to shut down the servers? What about multiple proxies without any sensible info forwarded in the headers, so that your internet provider doesn't know about the server you're contacting in case someone manages to seize internet browsing logs?
3. Any other attack such as replay attack, Meet-in-the-Middle-Attack and so on that in a nutshell would finally derive message content or lead to impersonation.

Also suppose you're a student and can't afford a powerful laptop to crunch big numbers, so a cryptographically slow algorithm is to exclude to begin with.

This is the situation we're in:

                              C                     B
                       ----------------     ------------------
         A             |              |     |                |
      -------          |    Server    |'''''|     Friend     |
      | You |''''''''''|              |     |                | 
      -------          ----------------     ------------------
                 |                              |
               |                D                 |
             ---------------------------------------
             |                                     |
             |                                     |
             |      Malicious user or agency       |
             |                                     |
             |                                     |
             ---------------------------------------

A should be able to send anything to B through C without D being able to interact.

Is exchanging the key through RSA and using it as encryption/decryption with say AES128 enough? What about using both RSA and PGP so that after you decrypt with the RSA key you have to decrypt with PGP too? Or is that superfluous?

I've thought about a sort of MAC-then-encrypt-and-encrypt-again schema: AES128(Message + RSA pub key) + (PGP pub key + nonce) <-> server <-> ((AES128(Message + RSA pub key) + (PGP pub key + nonce)) - nonce) == PGP priv key == RSA priv key | stop

Let's throw a diagram in there once again to understand it better:

Sender

             -------------     ---------------    
             |           |     |             |
             |  Message  |--+--| RSA pub key |
             |           |     |             |
             -------------     ---------------           
                      \          /    
                       \        /
                        \   D  /
                         \    /
                          \  /
                           \/
                      -------------     -----------------     -----------
                      |           |     |               |     |         |
                      |  AES128   |--+--|  PGP pub key  |--+--|  Nonce  |
                      |           |     |               |     |         |
                      -------------     -----------------     -----------

Receiver

                                                                 \    /
                      -------------     -----------------     ----\--/---
                      |           |     |               |     |    \/   |
                      |  AES128   |--+--|  PGP pub key  |--+--|  No/\ce |
                      |           |     |               |     |   /  \  |
                      -------------     -----------------     ---/----\--
                           /       \                /           /      \
                          /         \              +                    
                         /           \            /             
  ---------------     -----------     +   -----------------            
  |             |     |         |      \  |               |
  |  RSA pubkey |--+--| Message |       \ |  PGP priv key | <----- Symmetric
  |             |     |         |        \|               |
  ---------------     -----------         -----------------   
          \
           +
            \
         ----------------
         |              |
         | RSA priv key | <---- Asymmetric. Only the receiver knows this key.
         |              |
         ----------------
                    \
                     \
                 -------------
                 |           |
                 |  Message  |
                 |           |
                 -------------

Coupling this with (Perfect)Forward secrecy would make it even more secure?

The outcome should be one and only one: unbreakability or very-slow breakability (that would take hundred years even for a supercomputer) by the malicious user.

If possible add facts, references, specific expertise or anything else that doesn't make your answer opinion based.

Answer 1

Do you really believe that you could detect if your computer was manipulated in a way that one could sniff the plain data directly at the computer or that the encryption software was changed in a way to make sniffing easier? Do you really believe that your father could do this too? If you downloaded the encryption software: how do you know it does what it claims and only that? If you wrote the encryption software yourself: did you really fully understand all algorithms involved and did you made sure that your implementation is not only correct but uses a proper and secure RNG etc, does not leak information in timing attacks etc? Cryptography itself is already hard but it only solves a part of the problem, not the whole problem. Don't forget https://xkcd.com/538/.

Answer 2

Your first problem will be determining what the NSA is capable of. For instance, does your laptop have a keylogger installed? Is the BIOS compromised? Is the hard disk's firmware compromised?

Also, since you want to use an intermediary server, you would have to somehow know that the operator of that server is not being blackmailed with a National Security Letter or similar, or you'd have to find a mechanism that protects you in the face of an untrusted intermediary.

With all of these situations, it would be game over.

Secondly, if you are reasonably sure that the hardware is not compromised, here is what I'd look into:

• Get a new USB stick from a mass-market retail store (not by mail order), and pay cash for it.
• Download Tails.
• Disconnect from the Internet.
• Install Tails onto the USB stick.
• Remove the hard disk (that would protect you against bad HD firmware, although not against a bad BIOS in your computer itself).

Of course your father would have to take the same precautions.

Next, define what you want to hide:

• Do you want to hide the content of your message?
• Do you want to hide the recipient of your message?
• Do you want to hide the fact that you communicated at all?

If you merely want to conceal the content of your message, PGP is it. The subject line and the recipient will be in plain text, though. From your question, that is it.

If you want to conceal the recipient of your message, you could use SSH to log into a (known not compromised) third-party computer and leave a message there as a text file. Your father would also use SSH to the same computer to retrieve the message.

If you want to conceal the fact of communication at all, you will need to connect through the TOR network.

The final question is what algorithm to use for encryption. First of all, don't use SHA256. It's not an encryption algorithm at all, but rather a hashing algorithm. If you used it, you'd be amazed how quickly you could transfer even gigabyte-sized files in seconds even over a dial-up line. And you'd be amazed about why your father couldn't retrieve the file you sent. SHA256 generates basically a checksum of a few dozen bytes, and leaves he original message intact.

Your idea of a separate key-exchange with public key encryption, followed by a data transfer phase with symmetric encryption, is very good for direct communication.

For the cipher selection, I'd look to what TLS 1.2 offers. RSA for the public key is good. AES128 for the symmetric encryption is also a good choice.

Of course, since you are using an intermediate (your server C), you will be constrained by whatever that server offers.

Answer 3

One Time Use Pad

Any use of mathematics beyond one time use pads is an oppertunity for the "NSA" to break your algorithm. The instant you use a named algorithm, you must accept the possibility that NSA has broken that particular algorithm. Lacking any information regarding what algorithms they have broken, the only "NSA-proof" algorithm is the one time use pad.

And you better trust your random number generators and your key exchange! (Edit: and by that I mean real Random Number Generators. None of those sissy pseudorandom number generators that run on those new fangled "computer" things!)

Answer 4

Get on an airplane and go visit your father. Once you're in a location where it is just the two of you, whisper your secrets into your father's ear. If you insist on the "through a server" part, then write your message on a piece of paper, put it in the server's case, and then have daddy Edwin pull it right back out.

Neither you nor I know what the NSA is capable of. They may compromise not only your software downloads, but everybody's. They may have hardware bugs in your motherboard BIOS, keyboard, router, hard drive, and cell phone. They may have exploits for the items that they have not bugged. They may have cameras, microphones, and other detectors in your house, in your car, and on your person (smart phone).

Oh, and they have near-unlimited budget and access to your past records. They have psychologists and behavioural scientists to profile you. They have influence over mass media and entertainment which influences public opinion and values.

The only winning move is not to play.

Answer 5

Let me put it this way. Your real problems are physical access and the US Mail. In this hypothetical situation, the NSA is monitoring you. While this can be avoided by sufficient use of cryptography to the extent where this is ineffective, you would have to first, communicate with one-time pad encryption or a key for most solutions. There is nothing stopping the NSA from just searching your mail. They could intercept a router and install a wiretap, or install software on a laptop you get. The best way to make the NSA ignore you is by being so boring that there is no point in looking at you. In 2038, the NSA will in likelihood have enough compute power to crack anything most of us are using today. Use, say, 4096-bit RSA for the keys and 256-Bit Serpent to encrypt them, if any algorithm has a statistical attack devised by the NSA against it it will be AES. Secondly, be boring. Ex. Message, key encrypted by RSA 4096-Bit, three-layer 256-bit Serpent (preventing man-in-the-middle attack) Encrypt "Hi, Dad. I've got a new girlfriend. Auntie Ruth just divorced Uncle Jake, and Granny Snowden is doing better with her chemo. I hope you can come back to the US soon, my GF wants to meet you. -(Hypothetical son of Edward Snowden) Travels through unsecured core servers Picked up by NSA Received by Edward Snowden The NSA will, after decrypting months of messages like that, and using vast amounts of computer power, in all likelihood just ignore you and do something else.

Never underestimate the power of psychology in security. The NSA only will bother at looking at things that seem suspicious.

Answer 6

A lot of answers but none very feasible for your average joe, a.k.a Snowden Jr. This answer is written from a present-day scenario. A lot of things can happen or change in a few years, so contemplating on a situation more than 2 decades later is not very worthwhile especially with regard to Information Technology.

Propsed solution

Build/ Use a computer that has no wireless communication systems, meaning no H/W capable of transmitting or receiving data wirelessly. No Bluetooth, Wi-Fi or other wireless communication capability. Also disable any Ethernet or internet connection capability as well. Never connect this computer to the internet even while installing an OS. The newly installed OS should of course be Open Source and extensively tested just to be sure. Encrypt the entire hard drive using Open Source software like VeraCrypt utilizing Deniable Encryption. Inside your "hidden" OS partition, create your PGP keys. Encrypt the Private Key using AES-256 symmetric encryption standard. Use a randomly bought new flash drive and mount it onto a secondary device/PC similarly set up and securely erase, re-partition and format it. Always do this step before connecting it to our primary PC where we actually have our PGP keys.

Once we have typed and encrypted our message on the primary PC, connect the "freshly formatted" flash drive and copy our message onto it.

This encrypted message can now be sent via any secure PC(as secure as a normal, internet connected PC could be), connected to the internet using any secure mail service like ProtonMail.

Answer 7

As soon as I read the title I was thinking One Time Pad and I'm glad Cort Ammon Posted it :) However, it wasn't to my satisfaction and my post might be a bit long so I didn't want to add it in the comments for his in case it got buried.

I also saw that the relevant xkcd comic was posted too :) Randall Munroe sure got some great mileage out of that particular one :)

So what I have for you is a mufti-tiered approach based on the setup of the problem that you described.

I think your best bet for communication would be a moon bounce! Also known as an EME. Because the NSA could always unplug you from the internet.

http://en.wikipedia.org/wiki/Earth%E2%80%93Moon%E2%80%93Earth_communication

Now back to the One Time Pad. To make it clear the reason you want the OTP over another encryption algorithm is because the OTP is a symmetric type of encryption, where as standard ones used on the net today (RSA,PGP,etc...) are asymmetric, which means that at their core they utilize a type of math problem that is computational expensive to do in the backward direction and easy to do in the forward direction (obviously you set it up in your favor).

In my approach for this you said that it would hypothetically take place in the year 2038 and that you don't have very much money and are Edward Snowden's Son and you want to communicate with your pops. The problem with OTP as rightfully pointed out by cpast on Cort Ammons post is in the sending of the Pad because you end up having to use an asymmetric encryption to transfer your data making the OTP void (theoretically), but the twist I have is that both you and Edward Snowden already have the OTP!

The scheme is that you would have your DNA sequenced (should be cheaper by 2038) and about half of that should match Edward Snowden's DNA which he would also have to get sequenced. Now picking any random 2 humans you should see that 99.5% of their DNA is the same. So of that .5% difference you would only have half, so .25% from Edward Snowden and each human has approximately 3.3 billion base-pairs which means 8,250,000 base pairs worth of data that you can use for your One Time Pad.

The problem is that unless Edward Snowden also has access to your mom's DNA then the transmission will be very inefficient. Because you will have to keep sending the message redundantly eating up the 2^22 (4194304) to 2^23 (8388608) bits of data that you have. I don't really know the math on the probability of getting a message understood on the other side when only half of your OTP matches, but maybe you can ask that on the math side of the forum, my guess is that it should be enough to send a few messages and it could be increased if on Edward Snowden's side he was able to get some algorithms and heavy computers to sift through it to make a readable message.

You should note that sending the same message redundantly isn't a weakness that allows for decrypting the message, however repeated usage of the same OTP information for multiple messages is a weakness and will allow someone to decrypt your messages.

Now you might wonder how would Edward Snowden know to get his DNA sequenced and get a moon bounce setup and all the other stuff. There are two answers to this. Either you both are Superrational (check wikipedia for Superrationality) or Edward Snowden will be like most people with internet trying to figure out the solution to a problem and then Google to see if he can find a way to reach his kid in 2038 ultimately reading this post and realizing that he should do all that DNA and Radio stuff :)

Unfortunately for the both of you, that by posting this the NSA will also be aware and try and steal DNA samples from you to foil your plans at communication so you might have to wear a really funny suit and mask all the time to prevent leaving DNA anywhere.

Also of note is that Edward Snowden in the course of your communication won't be able to tell if you have been compromised by the NSA so you won't be able to send "mission critical" information only casual conversation.

The last way that this might be possible is with some type of yet to be invented completely wireless and more readily available Quantum Communication Scheme. You can read about the basics of a wired Quantum Communication Scheme here:

http://physicsworld.com/cws/article/news/2014/nov/13/secure-quantum-communications-go-the-distance

You could also become the President and then disband the NSA so you don't have to worry about being spied on, but then by that point the paparazzi and agents of foreign governments might be spying on you.

I hope this was helpful :)