Tor relay & Tor hidden service hardware picks, December 2015

This is the first publication of what I hope to be a regular exploration of dedicated, low-cost Tor relay and Tor hidden service devices. Your feedback will help me make these publications better, so please send me a note to: christopher at yawnbox dot com.

Objective

Help people identify well researched hardware ideal for Tor applications including relays or hidden services.

Top picks for December 2015

Low pick ($0 – $99)

Microsoft Store for $99: InFocus Kangaroo

The InFocus Kangaroo is highest performing $0 – $99 device that I’ve been able to find. For comparison, the Raspberry Pi 2 Model B has a clock rate of just 900 MHz. For $35, that’s pretty good. But it’s not just $35 because you would also have to buy a power adapter, case, and storage (USB, Micro SD, etc). The Kangaroo has a clock rate of 2.24 GHz and will surely out perform a Raspberry Pi, and if you live in the USA, you can physically buy one at a Microsoft Store. A reviewer on NewEgg claimed that they had no problem installing Ubuntu 15.10 onto the Kangaroo and that the networking devices worked without issue. The Kangaroo is Wifi only, but supports 802.11 a/b/g/n/ac (Ubuntu Server has no problem leveraging Wifi).

Low alternative

Starting at $35: Raspberry Pi 2 Model B
[WARNING: Raspberry Pi is generating weak SSH keys]

Mid pick ($100 – $199)

Newegg.com for $149: Gigabyte GB-BXA8-5557

This is an AMD A8 2.1GHz but 3.1GHz in “turbo” mode. Three reviewers on NewEgg claimed that they had no problem installing Ubuntu 15.10 onto the GB-BXA8-5557 and that it runs very well. Ubuntu Server would run even better. This is the GB-BXA8-5557 product page.

Mid alternative

Microsoft Store starting at $169: Acer Aspire One Cloudbook 11

This option is a good one because everything is included: SSD, RAM, power adapter, keyboard, and monitor. The downside is there is no 1GbE port, but at least it supports 802.11 AC with a wireless chipset that is supported by Tails Linux and Ubuntu 15.10 Server. I recently reviewed this laptop exclusively looking at hidden services support. This Aspire laptop uses an Intel Celeron clocked at 2.16 GHz (yes, with AES-NI).

High pick ($200 – $299)

Newegg.com for $294: Intel NUC NUC5i5RYK

The high pick focuses on one thing: the newest architecture CPU with the highest clock rate that is not split with hyper-threading (like an Intel i7). Intel i5’s commonly outperform all AMD desktop processors in single-threaded applications.

Methodology

There are three foundations for picking Tor application hardware:

1. Tor’s strength as a privacy application comes directly from its global diversity. It is most important to realize that the top picks be based on low-cost and highly-available solutions, not overall performance.

2. Even with careful Tor protocol development, the security and health of the Tor network depends, in part, on the practices of Tor relay operators. In turn, the safety of Tor users depends on volunteer operators choosing well reasoned solutions. One easy way to mitigate specific attacks against Tor relays or Tor hidden services is to compartmentalize Tor-based services by using dedicated hardware.

3. As a sub-rule of both #1 and #2, no one company, either device or processor manufacturer, can be selected for all three Tor application hardware picks for any given month. Intel clearly dominates the low-cost AES acceleration, and for obvious reasons the Tor network cannot just use Intel processors.

That said, the performance-to-cost ratio of Tor application hardware is likely the reason why you are reading this. Foundation #1 helps define the three categories of picks:

1. Low Picks will be $0 – $99
2. Mid Picks will be $100 – $199
3. High Picks will be $200 – $299

If you have more money to put into dedicated Tor application hardware, that is amazing, and reading this publication might still help you.

Hardware crypto processing

It is important to consider AES accelerated processors because Tor is single-threaded and uses a 128-bit AES stream cipher.

Intel® AES-NI

The AES-NI extensions offer full hardware support for data encryption and decryption using the Advanced Encryption Standard, defined by FIPS Publication number 197. Four of the instructions support AES Encryption and Decryption while the other two support AES key expansion.

The AES-NI extensions have the flexibility to support key lengths of 128, 192, and 256 by processing the data block in 10, 12, and 14 rounds of cryptographic transformations. Since they are hardware-based, they also offer a significant increase in performance compared to the current software implementations.

Since March 2013, Intel has documented that software products that support AES-NI include OpenSSL 1.0.1 and Ubuntu 11.10.

Tom’s Hardware reviewed Intel’s AES-NI performance in 2010:

What is AES anyway?

CPU-based AES instructions start to make real sense, regardless of possible performance benefits. From a security standpoint, the processor may handle AES instructions in an encapsulated manner. This would alleviate the need for lookup tables that might provide data for side-channel cache-based attacks.

Other AES resources

You can read a highly-technical paper about Intel’s AES acceleration technology titled, “Intel’s New AES Instructions for Enhanced Performance and Security” (PDF).

Intel published a whitepaper in May 2010 titled, Intel Advanced Encryption Standard (AES) New Instructions Set.

Wikipedia has a technical-focused article covering the AES instruction set.

TorServers.net details how to verify Intel AES-NI is available in the Linux CLI.

Intel processors with AES support

6th Gen i3 (Q4’15 – Q3’15)

Intel® Core™ i3-6100E (3M Cache, 2.70 GHz)
Intel® Core™ i3-6102E (3M Cache, 1.90 GHz)
Intel® Core™ i3-6100TE (4M Cache, 2.70 GHz)
Intel® Core™ i3-6100U (3M Cache, 2.30 GHz)
Intel® Core™ i3-6100H (3M Cache, 2.70 GHz)
Intel® Core™ i3-6167U (3M Cache, 2.70 GHz)
Intel® Core™ i3-6300 (4M Cache, 3.80 GHz)
Intel® Core™ i3-6300T (4M Cache, 3.30 GHz)
Intel® Core™ i3-6320 (4M Cache, 3.90 GHz
Intel® Core™ i3-6100 (3M Cache, 3.70 GHz)
Intel® Core™ i3-6100T (3M Cache, 3.20 GHz)

5th Gen i3 (Q1’15)

Intel® Core™ i3-5020U (3M Cache, 2.20 GHz)
Intel® Core™ i3-5015U (3M Cache, 2.10 GHz)
Intel® Core™ i3-5157U (3M Cache, 2.50 GHz)
Intel® Core™ i3-5010U (3M Cache, 2.10 GHz)
Intel® Core™ i3-5005U (3M Cache, 2.00 GHz)

4th Gen i3 (Q1’15-Q3’13)

Intel® Core™ i3-4370T (4M Cache, 3.30 GHz)
Intel® Core™ i3-4170T (3M Cache, 3.20 GHz)
Intel® Core™ i3-4170 (3M Cache, 3.70 GHz)
Intel® Core™ i3-4360T (4M Cache, 3.20 GHz)
Intel® Core™ i3-4370 (4M Cache, 3.80 GHz)
Intel® Core™ i3-4160T (3M Cache, 3.10 GHz)
Intel® Core™ i3-4160 (3M Cache, 3.60 GHz)
Intel® Core™ i3-4340TE (4M Cache, 2.60 GHz)
Intel® Core™ i3-4350 (4M Cache, 3.60 GHz)
Intel® Core™ i3-4350T (4M Cache, 3.10 GHz)
Intel® Core™ i3-4360 (4M Cache, 3.70 GHz)
Intel® Core™ i3-4150T (3M Cache, 3.00 GHz)
Intel® Core™ i3-4150 (3M Cache, 3.50 GHz)
Intel® Core™ i3-4110E (3M Cache, 2.60 GHz)
Intel® Core™ i3-4110M (3M Cache, 2.60 GHz)
Intel® Core™ i3-4112E (3M Cache, 1.80 GHz)
Intel® Core™ i3-4120U (3M Cache, 2.00 GHz)
Intel® Core™ i3-4025U (3M Cache, 1.90 GHz)
Intel® Core™ i3-4030U (3M Cache, 1.90 GHz)
Intel® Core™ i3-4030Y (3M Cache, 1.60 GHz)
Intel® Core™ i3-4330 (4M Cache, 3.50 GHz)
Intel® Core™ i3-4330T (4M Cache, 3.00 GHz)
Intel® Core™ i3-4340 (4M Cache, 3.60 GHz)
Intel® Core™ i3-4100M (3M Cache, 2.50 GHz)
Intel® Core™ i3-4130T (3M Cache, 2.90 GHz)
Intel® Core™ i3-4130 (3M Cache, 3.40 GHz)
Intel® Core™ i3-4005U (3M Cache, 1.70 GHz)
Intel® Core™ i3-4012Y (3M Cache, 1.50 GHz)
Intel® Core™ i3-4020Y (3M Cache, 1.50 GHz)
Intel® Core™ i3-4100U (3M Cache, 1.80 GHz)
Intel® Core™ i3-4158U (3M Cache, 2.00 GHz)
Intel® Core™ i3-4010U (3M Cache, 1.70 GHz)
Intel® Core™ i3-4010Y (3M Cache, 1.30 GHz)

Pentium (Q4’15 – Q2’12)

Intel® Pentium® D1507 (3M Cache, 1.20 GHz)
Intel® Pentium® D1508 (3M Cache, 2.20 GHz)
Intel® Pentium® D1509 (3M Cache, 1.50 GHz)
Intel® Pentium® D1517 (6M Cache, 1.60 GHz)
Intel® Pentium® 4405U (2M Cache, 2.10 GHz)
Intel® Pentium® 4405Y (2M Cache, 1.50 GHz)
Intel® Pentium® G4400T (3M Cache, 2.90 GHz)
Intel® Pentium® G4400TE (3M Cache, 2.40 GHz)
Intel® Pentium® G4400 (3M Cache, 3.30 GHz)
Intel® Pentium® G4500 (3M Cache, 3.50 GHz)
Intel® Pentium® G4500T (3M Cache, 3.00 GHz)
Intel® Pentium® G4520 (3M Cache, 3.60 GHz)
Intel® Pentium® N3700 (2M Cache, up to 2.40 GHz)
Intel® Pentium® 1405 v2 (6M Cache, 1.40 GHz)
Intel® Pentium® 3561Y (2M Cache, 1.20 GHz)
Intel® Pentium® 3560Y (2M Cache, 1.20 GHz)
Intel® Pentium® B915C (3M Cache, 1.50 GHz)
Intel® Pentium® 1405 (5M Cache, 1.2 GHz)

Celeron (Q1’15 – Q2’12)

Intel® Celeron® N3000 (2M Cache, up to 2.08 GHz)
Intel® Celeron® N3050 (2M Cache, up to 2.16 GHz)
Intel® Celeron® N3150 (2M Cache, up to 2.08 GHz)
Intel® Celeron® 725C (1.5M Cache, 1.30 GHz)

Atom (Q4’14 – Q4’13)

Intel® Atom™ E3805 (1M Cache, 1.33 GHz)
Intel® Atom™ E3815 (512K Cache, 1.46 GHz)
Intel® Atom™ E3825 (1M Cache, 1.33 GHz)
Intel® Atom™ E3826 (1M Cache, 1.46 GHz)
Intel® Atom™ E3827 (1M Cache, 1.75 GHz)
Intel® Atom™ E3845 (2M Cache, 1.91 GHz)

Atom for Smartphone and Tablet (Q3’15-Q3’13)

Intel® Atom™ Z3590 (2M Cache, up to 2.50 GHz)
Intel® Atom™ x7-Z8700 (2M Cache, up to 2.40 GHz)
Intel® Atom™ x5-Z8500 (2M Cache, up to 2.24 GHz)
Intel® Atom™ x5-Z8300 (2M Cache, up to 1.84 GHz)
Intel® Atom™ Z3570 (2M Cache, up to 2.00 GHz)
Intel® Atom™ Z3530 (2M Cache, up to 1.33 GHz)
Intel® Atom™ Z3785 (2M Cache, up to 2.41 GHz)
Intel® Atom™ Z3580 (2M Cache, up to 2.33 GHz)
Intel® Atom™ Z3560 (2M Cache, up to 1.83 GHz)
Intel® Atom™ Z3480 (1M Cache, up to 2.13 GHz)
Intel® Atom™ Z3460 (1M Cache, up to 1.60 GHz)
Intel® Atom™ Z3795 (2M Cache, up to 2.39 GHz)
Intel® Atom™ Z3775D (2M Cache, up to 2.41 GHz)
Intel® Atom™ Z3775 (2M Cache, up to 2.39 GHz)
Intel® Atom™ Z3745D (2M Cache, up to 1.83 GHz)
Intel® Atom™ Z3745 (2M Cache, up to 1.86 GHz)
Intel® Atom™ Z3770D (2M Cache, up to 2.41 GHz)
Intel® Atom™ Z3770 (2M Cache, up to 2.39 GHz)
Intel® Atom™ Z3740D (2M Cache, up to 1.83 GHz)
Intel® Atom™ Z3740 (2M Cache, up to 1.86 GHz)

Atom for Server (Q3’13-Q3’13)

Intel® Atom™ C2750 (4M Cache, 2.40 GHz)	
Intel® Atom™ C2730 (4M Cache, 1.70 GHz)	
Intel® Atom™ C2550 (2M Cache, 2.40 GHz)
Intel® Atom™ C2530 (2M Cache, 1.70 GHz)
Intel® Atom™ C2350 (1M Cache, 1.70 GHz)

Core M (Q3’15-Q3’14)

Intel® Core™ m3-6Y30 (4M Cache, up to 2.20 GHz)
Intel® Core™ m5-6Y54 (4M Cache, up to 2.70 GHz)
Intel® Core™ m5-6Y57 (4M Cache, up to 2.80 GHz)
Intel® Core™ m7-6Y75 (4M Cache, up to 3.10 GHz)
Intel® Core™ M-5Y71 (4M Cache, up to 2.90 GHz)
Intel® Core™ M-5Y51 (4M Cache, up to 2.60 GHz)
Intel® Core™ M-5Y31 (4M Cache, up to 2.40 GHz)
Intel® Core™ M-5Y10c (4M Cache, up to 2.00 GHz)
Intel® Core™ M-5Y10 (4M Cache, up to 2.00 GHz)
Intel® Core™ M-5Y70 (4M Cache, up to 2.60 GHz)
Intel® Core™ M-5Y10a (4M Cache, up to 2.00 GHz)

AMD processors with AES support

You might have luck finding AES support for a specific processor using Notebookcheck.net.

If you are new to AMD, this simple comparison to Intel may help guide you (from AMD Commercial Client Quick Reference Guide (PDF)).

amd_s

Hardening Mail-In-A-Box transport security

After installing a trusted certificate, I performed the following to tighten up my mail server’s transport security. I still need to activate DNSSEC. I am also trying to figure out how to require mandatory TLS encryption.

Checkout my ssl-tools.net/mailservers test.

Test using checktls.com to verify the first cipher suite is being used (ECDHE-RSA-AES256-GCM-SHA384).

Post configuration

A message to Gmail: TLS1_2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256/256.

A message from Gmail: TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)

Postfix config

sudo vim /etc/postfix/main.cf

Add:

tls_ssl_options = NO_COMPRESSION

smtp_tls_protocols = TLSv1.2

smtpd_tls_protocols = TLSv1.2

smtp_tls_mandatory_protocols = TLSv1.2

smtpd_tls_mandatory_protocols = TLSv1.2

smtpd_tls_ask_ccert = yes

smtpd_tls_ccert_verifydepth = 2

smtp_tls_mandatory_ciphers = high

smtpd_tls_mandatory_ciphers = high

tls_high_cipherlist = ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:kEDH+AESGCM:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA

smtpd_tls_eecdh_grade = ultra

tls_eecdh_strong_curve = prime256v1

tls_eecdh_ultra_curve = secp384r1

tls_random_source = dev:/dev/urandom

tls_preempt_cipherlist = yes

smtp_tls_ciphers = high

Change:

smtpd_tls_ciphers = high

smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDB3-SHA, KRB5-DES, CBC3-SHA

Then:

sudo vim /etc/postfix/master.cf

Add:

-o smtpd_enforce_tls=yes

Change:

-o smtpd_tls_mandatory_protocols = TLSv1.2

-o smtpd_tls_wrappermode = yes

Note: Activating “smtpd_tls_wrappermode” allows a remote client to connect with explicit SSL/TLS over port 587 instead of STARTTLS, which is ideal.

Dovecot config

sudo vim /etc/dovecot/conf.d/10-ssl.conf

Add:

ssl_dh_parameters_length = 2048

Change:

ssl_protocols = TLSv1.2

ssl_cipher_list = ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:kEDH+AESGCM:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA

ssl_prefer_server_ciphers = yes

Restart services

sudo service dovecot restart

sudo service postfix restart

Lead by example

Saddening advice from the Postfix TLS Readme:

Despite the potential for eliminating “man-in-the-middle” and other attacks, mandatory certificate trust chain and subject name verification is not viable as a default Internet mail delivery policy. Most MX hosts do not support TLS at all, and a significant portion of TLS enabled MTAs use self-signed certificates, or certificates that are signed by a private Certification Authority. On a machine that delivers mail to the Internet, you should not configure mandatory server certificate verification as a default policy.

References

weakdh.org

sparkslinux.wordpress.com

How to: Use Ricochet for Windows

This guide outlines how to use Ricochet on Microsoft Windows. I hope that it becomes part of the Electronic Frontier Foundation’s Surveillance Self Defense. Having recently updated the EFF’s guide for Tor Browser, I adapted our previous work for this guide.


Software versions tested in this guide:

  • Windows 7 SP1
  • Firefox 42.0
  • Ricochet 1.1.1

Level: Beginner – Intermediate
Time required: 5 – 10 minutes


What is Ricochet?

Ricochet is a different approach to instant messaging that doesn’t trust anyone in protecting your privacy.

Ricochet is a free software, multi-platform, end-to-end encrypted instant messenger. It is a decentralized IM tool, meaning there is no registration and no server to connect to and share metadata with.


Getting Ricochet

Open a browser like Mozilla Firefox, Google Chrome, Microsoft Internet Explorer, or Microsoft Edge and go to:

https://ricochet.im/

If you are using a search engine to look for Ricochet, make sure that the URL is correct.

Do not use any other source, and if you are prompted to accept alternative HTTPS (SSL/TLS) security certificates, do not proceed.

Click the large Windows download button.

01

Some browsers will ask you to confirm whether you want to download this file. Internet Explorer 11 shows a bar at the bottom of the browser window. For any browser, it is best to save the file first before proceeding.

This example shows Ricochet version 1.1.1 which is the current version at the time of writing this guide. There may be a more recent version of Ricochet available for download by the time you read this, so please download and use the current version available at Ricochet.im.

Click the Save button.

02

Installing Ricochet

In Firefox, you can click the download button (the down arrow in the upper-right comer) to view your download. Click Ricochet-1.1.1.exe

03

After opening the Ricochet installer, a window will open with a warning about the origin of the software. You should always take these warnings seriously. Unfortunately, the developers of Ricochet have not had their installer signed by Microsoft (Unknown Publisher). This makes it very important that you download Ricochet from Ricochet.im over a secure connection. Since you know what you want, and you know where to get the software, and the download was from Ricochet’s HTTPS site, go ahead and click Run.

04

A Welcome to the Ricochet Setup Wizard window will open verifying you wish to continue. Click Next.

05

There are two options when installing Ricochet in Windows:

  1. Install (Recommended) will install Ricochet like a normal application and is the most convenient for regular use.
  2. Extract (Portable) making it easy for you to install Ricochet onto a USB drive or into a folder that gets regular backups. This may be important to you since Ricochet has no account registration–if you want to keep a long-term identity and your Ricochet contacts, you will need to keep your Ricochet folder backed up.

For the purposes of this guide, keep Install (Recommended) selected and click Next.

06

You will find a new window that will tell you where the Ricochet will be installed. Click Install.

07

Ricochet is very small, so installation should be quick. The installation process is complete when you see the Completing the Ricochet Setup Wizard window. If you click the Finish button, Ricochet will start immediately and Ricochet shortcuts will be added to the Start Menu.

08

Using Ricochet

The first time Ricochet starts, you will get a window that allows you to modify some settings if necessary. You might have to come back and change some configuration settings, but go ahead and try to connect to the Tor network by clicking Connect.

09

A new window will open with a green bar that illustrates Ricochet connecting to the Tor network.

10

The Ricochet client will open immediately after it has connected to the Tor network. Ricochet will show that you are online but you will not have any contacts to chat with.

This guide presumes that you have another contact waiting to be added. Click the + (plus sign) to add your Ricochet contact.

11

A new window will appear with your Ricochet ID at the top (example: ricochet:4dyjsjub6m7ai7y5).

12

In the ID field, enter your contact’s Ricochet ID (example: ricochet:d7gbj53jaipm5itv) and a name (example: Portable User) for your contact. It is optional to send a message with your contact request invite. If you know the person whom you will be securely messaging, perhaps give your name so that they know who is messaging them. Click Add.

13

If and when your contact (example: Portable User) comes online, they will see a new window with your Ricochet ID and your message, if you chose to give one. They will not know who you are unless you have told them using a different medium.

14

Your contact (example: Portable User) will have the option of giving you a name (example: Installed User) for their contact list. If they reject the message, you will not be able to see that they are online, and you will not be able to communicate with them using Ricochet.

15

Once your contact accepts your message, and if they are online, you will be able see them as online, and you will be able to start a new conversation with them.

16

Your contact will also be able to see when you are online.

17

Double-click on your contact (example: Portable User) to begin a secure conversation.

18

19

If your contact is online, they will get a new window with your message.

20

21

22

Once you close your IM window, the conversation history will be gone, too.

If and when your contact closes Ricochet, your client will show them as offline.

23


Privacy benefits

  • Ricochet users are not personally identifiable.
  • Ricochet does not reveal user IP addresses or physical locations because of Tor
  • Message content is cryptographically authenticated and private.
  • There is no need to register anywhere in order to use Ricochet, particularly with a fixed server.
  • Contact list information is stored locally, and it would be very difficult for passive surveillance techniques to determine whom you’re chatting with.
  • Ricochet does not save chat history. When you close a conversation, the chat log is not recoverable.
  • The use of Tor hidden services prevents network traffic from ever leaving the Tor network, thereby preserving anonymity and complicating passive network surveillance.
  • Ricochet is a portable application, users do not need to install any software to use Ricochet. Ricochet connects to the Tor network automatically.

Security warnings

  • Ricochet has not been subjected to an independent security audit.
  • An already-compromised computer system will typically defeat the privacy protections that Ricochet offers, such as a keystroke logging malware.
  • Even though Ricochet uses Tor, other applications will not be using Tor unless you’ve independently set up additional Tor services on your computer.
  • Active and passive surveillance techniques can still tell if you’re using the Internet, and when, but not necessarily what you’re doing on the Internet.
  • Since a Ricochet user does not register or log in anywhere to use Ricochet, not even with a password, it is important to implement layered physical security, including disk encryption, to protect Ricochet.
  • Tails Linux users, and other live operating systems users, can optionally backup Ricochet to zero-knowledge cloud services such as SpiderOak, or on a personally owned USB drive (ideally encrypted).

YubiKey 4 and Ubuntu 15.10

yubi4

sudo apt-add-repository ppa:yubico/stable

sudo apt-get update

from: https://github.com/Yubico/yubioath-desktop

sudo apt-get install python-setuptools python-crypto python-pyscard python-pyside pyside-tools libykpers-1-1 pcscd -y

sudo apt-get install yubioath-desktop yubikey-personalization yubikey-personalization-gui -y

Insert YubiKey 4 (the ‘Y’ flashes green every ~4 seconds).

yubikey4start

yubikey4main

Now you’re set! https://www.yubico.com/support/documentation/

For easy Google 2FA (Thanks Yael): https://support.google.com/accounts/answer/6103534?hl=en

Custom stamp for my Signal fingerprint

I ordered a self-inking, custom, wood “1.25 x 2 Rubber Stamp” from rubberstamps.net. I ordered it on a Monday and got it the following Thursday.

Text Line 1: +1.XXX.XXX.XXXX
Text Line 2: 05 b8 6d 44 95 5c 5b 6b f5
Text Line 3: 61 09 22 33 05 b2 c4 c5 db
Text Line 4: f3 85 4a 4b a1 e8 aa 12 36
Text Line 5: 70 20 19 00 0e 4c .. .. ..

Font: Courier New (for all lines)
Justification: L (for all lines)
Style: Bold (for the first line only)

Ink: (added separately) Versafine, crimson red

I added the “.. .. ..” at the end because the preview seemed like it was going to auto adjust toward the center a little bit. I did this to be safe, but it might not be needed.

With 3-5 business days shipping, the total was $29.12.

Top
IMG_20151119_175903

Bottom
IMG_20151119_175911

Card (before)
IMG_20151119_180048

Card (after)
IMG_20151119_180147

Highly recommended!

A hardened Tor hidden service for less than $200

About this article

You will not understand this article if you do not have an understanding and appreciation for Tor hidden services. If you don’t even have an appreciation for Tor, you might like my article Comparing HTTP, HTTPS, VPN, and Tor with “snail mail” metaphors that looks at basic Tor operations.

Following my blog post A guide for journalists that need to defend their work from governments, I purchased a new, inexpensive Acer laptop and have reviewed it by configuring and hardening it to be a secure Tor hidden service with the intent of thwarting well-funded adversaries that may search for and discover its physical location. But first and foremost, journalists and other human rights defenders need safe spaces for their information and data, especially when moving around and crossing borders.

If I were a journalist and needed to defend my work from a wide range of threats, I would deploy several of these laptops in various geographical locations and configure them to automatically sync with to each other. People need to be able to document wrongdoing and safely transport their work to private systems; quite plainly, it is often not safe for people to carry valuable information with them due to government and corporate abuses.

Please note that I am not a subject matter expert at any of the systems that I discuss in this guide. There is always someone else that knows more than I do on specific topics, but I do my best to bring together many different knowledge areas to create a holistic, usable solution. What is “best” or “more secure” is relative to so many things. If you do not understand why you do or do not perform any of these actions, you should consider not doing any of them until you do. Operational security is hard and easy to mess up, so you need to be able to think carefully, independently, and rethink about your problems, often, as circumstances change.

Brief SecureDrop vs GlobaLeaks vs plain hidden service discussion

I believe that news and law professionals have an ethical obligation to implement SecureDrop when interfacing with the public. That being said, this guide absolutely must not be intended to support the public. This guide is exclusively for news media professionals, human rights investigators, or documentary film makers that need private storage accessible over the net.

SecureDrop has outstanding security features but it is a complex system that requires several physically-disparate systems to work together. SecureDrop doesn’t scale well due to time (education, installation, maintenance) and financial (hardware) costs. SecureDrop is not an option for the problem that this guide aims to help solve.

GlobaLeaks, on the other hand, is so easy to install it puts WordPress to shame. As long as you are comfortable with the Linux command line (yeah, I know), all you do is download the script, make the script executable, and then run the script. The GlobaLeaks script takes care of installation and prudent configuration. This guide, however, is more complex simply because hardware and software systems are not designed to withstand well-funded adversaries.

GlobaLeaks, once it’s installed, is completely configurable through a web interface. This guide will not look at GlobaLeaks configuration, you will need to research that separately. I will say that GlobaLeaks is a hardened web interface that makes it easy to upload whole files, including automatically encrypting any file uploaded to your GlobaLeaks server with a PGP public key of your choosing. It is at this point that we need to explore using a regular Tor hidden service.

A Tor hidden service, simply configured in the torrc file, is easily the most secure option if you only operating via the command line (ssh, scp, rsync, etc). If an adversary (accidental or purposeful) were to discover your private onion address(es), a CLI-only server has a lot less attack surface. But it also requires that you expose openssh and its dependencies. Probabilistically, an adversary discovering your Onion site(s) without first finding them physically is not likely. In my opinion it is more important at this stage of defense-in-depth thinking that you choose a solution that makes your job easier. This guide is written to support GlobaLeaks with an added hidden service for CLI operations.

Rsync’ing is probably really ideal given the use of Tor hidden services. Large file transfers may be problematic if your Tor circuits aren’t stable. Incremental backups are really great, even more so because you can perform an incremental backup on an entire encrypted volume and you don’t have to transfer the entire volume.

If you are a journalist or human rights defender and need a technical resource, I make myself available using the contact methods listed on my blog.

The new Acer Aspire One Cloudbook

The Acer Aspire One Cloudbook, also reviewed on Mashable, is a budget laptop that is, in my opinion, a good option for a Tor relay or Tor hidden service computer. The Acer with 32GB of disk storage was $189 (retail) at my local Microsoft Store. After asking about, smiling, and receiving a 10% student discount, the total was $186.43 after tax. There are also 16GB and 64GB models of this laptop.

Tested

Acer AO1-131-C1G9
Mfg date: 2015/07/30
Series: AO1-131
Model: N15V1

Important hardware specifications and security thoughts

The Intel Celeron N3050 is one of two reasons why this laptop is so valuable. This Celeron has the AES-NI instruction set, which means Tor’s encryption processing overhead is greatly reduced. AES-NI is traditionally used to speed up Tor relays, but it has the same effect on Tor hidden services if there are large file transfers taking place.

Low-hanging fruit problem number one: RAM. The second reason why this Acer is so great for Tor hidden services specifically is because the DDR3L SDRAM is integrated into the system board. This means, if an adversary were to discover the physical location of your hidden service, the RAM cannot be removed which mitigates all cold boot attacks. Combined with LUKS disk encryption, this Acer would have strong defenses against physical attack.

A nice perk is that this Acer has a TPM chip. Sadly, the laptop (either the eMMC drive or BIOS) does not support full disk encryption.

Last but not least, laptops, by design, have two great things going for them: internal batteries to withstand brief power loss, and power adapters that have built in surge protection. It is also quite slim, is passively cooled (it makes no noise), so is very discrete. You can throw this in a friend’s closet (because of its wireless connection) and would be easily forgotten. Keep in mind that if and when these systems (with BIOS and partition encryption passwords) power down, they cannot be started back up until you are physically present to enter in the passwords. Fortunately, I have personally seen Linux server systems have uptime of 600+ days. Tor will accommodate poor connections common with residential Internet.

Most regrettably, this Acer does not have a 1 GbE port. Fortunately the Wifi card is quite good and is recognized by Tails 1.7. For Ubuntu 15.10 server, there is some minor configuration editing needed to get the Wifi to work, but nothing crazy like driver installation. If you will not or cannot accept relying on Tor hidden services using Wifi, do not use this laptop.

If you need more storage space you will need to find a different laptop simply because of the security implications. The security implications are simple — we need to shut down all USB access, which is discussed below. From a management point of view, it is easier to manage a Linux client if there is only one storage volume — the one the OS is installed on. Never treat a solution like this as any manner of backup or archive, only as a transitional solution that is part of a broader information assurance plan. There are “desktop replacement” laptops that can support 2+ drives, and in those configurations it is possible to leverage hardware or software RAID (like RAID-1, mirroring) for storage-at-rest redundancy. Desktop replacement laptops, however, have RAM that is easily removable, and the threat model will have to be re-assessed.

Open question: I do not believe this Acer can have its eMMC drive upgraded. As far as I can tell, it is also integrated into the system board.

Low-hanging fruit problem number two: USB. If an adversary were to find the physical server, said adversary might perform a USB attack to extract important information from the system to support additional attacks, or they might modify the system in a malicious way to gain entry. There are three things to be done to mitigate USB attacks:

1. Verify that the first boot device in BIOS is the internal drive, and verify there is a high-entropy BIOS administrator password and a high-entropy BIOS boot password.

2. Configure the Linux kernel not to support USB (detailed below).

3. Optionally, close the USB ports with heat-resistant epoxy resin, and make sure the epoxy has fully cured before turning the system back on. For obvious reasons, only perform this step after you have a stable system configuration and are comfortable with the fact that it will not be possible to install another OS.

BIOS configuration for bootable USB drives

Enter into BIOS by pressing the F2 key during boot.

Main > Touchpad > select: Basic
Main > Network Boot > select: Disabled
Main > F12 Boot Menu > select: Disabled
Main > Lid Open Resume > select: Disabled
Main > D2D Recovery > select: Disabled

Security > select: Set Supervisor Password (max is 12 characters)
Security > select: Set User Password (max is 12 characters)

Assure that you use high-entropy passwords. Sadly, 12 characters is not a lot. But we can use complex passwords, so be sure to document them on a separately encrypted device. After some testing, I was able to determine which alpha-numeric and special characters this BIOS will accept, so here is a Linux command to generate a good 12-character passwords (15 passwords will print, so you can easily choose two of them):

cat /dev/urandom | tr -dc 'a-zA-Z0-9-=[];,.' | fold -w 12 | head -n 15
Security > Password on Boot > select: Enabled

Boot > Boot Mode > UEFI > select: Legacy

Verify USB HDD is first when preparing to install the OS. After the OS is installed, make sure the “EMMC : HBG4e 32GB” boot device is first.

Exit > select: Exit Saving Changes

Tails 1.7 test (just for fun)

I made a Tails 1.7 USB-bootable drive from a Ubuntu 15.10 system:

dd if='tails-i386-1.7.iso' of=/dev/sdb bs=16M && sync

Tails booted without issue. The trackpad on the Acer does not work with Tails, but this does not affect a Server OS. I used a USB mouse to navigate. The Wifi works great and Tor connected with no problem.

Ubuntu Server 15.10 x64 w/ GlobaLeaks

GlobaLeaks advises using the LTS versions of Ubuntu (12.04, 14.04), but unfortunately, the eMMC SSD (storage) is not recognized by 14.04. Ubuntu 15.10 has no problem seeing using the eMMC SSD. With the 32GB SSD, after Ubuntu Server is installed, 24GB is usable. I started by making my USB-bootable drive from a Ubuntu 15.10 system:

Disks (utility) > (select USB drive) > menu > Format Disk > (defaults) Format > Format
dd if='ubuntu-15.10-server-amd64.iso' of=/dev/sdb bs=16M && sync

Ubuntu setup configuration

  • I acknowledged that there are no network interfaces.
  • I changed the hostname to “Windows”.
  • I set an unattributable user name and long (64+ characters), unique password.
  • I selected my time zone.
  • I did not encrypt the home directory.
  • I selected: Guided – use entire disk and set up encrypted LVM (with a long (64+ characters), unique password)
  • I confirmed no automatic updates.
  • I did not install any additional services.
  • I confirmed installation of GRUB.

Find the on-board Wifi device name (the one after “lo”):

inconfig -a

Mine is called “wlp2s0”. Make sure your Wifi network uses standard DHCP with WPA2 security (like a normal home network should). Add all of this information to the interfaces configuration file:

sudo vim /etc/network/interfaces

Add these four lines:

auto wlp2s0
iface wlp2s0 inet dhcp
wpa-ssid 'SSID'
wpa-psk 'password'

Enable the iptables firewall with UFW, which, when enabled, blocks all incoming network traffic (that isn’t Tor).

sudo ufw enable

Start up the wireless interface and connect:

sudo ifup -a

Install GlobaLeaks

sudo apt-get update
sudo apt-get dist-upgrade -y
sudo shutdown -r now

sudo su
mkdir /etc/systemd/system/tor.service.d
vim /etc/systemd/system/tor.service.d/directory.conf

Add these two lines:

[Service]
ReadWriteDirectories=-/var/globaleaks/torhs/

Then:

wget https://deb.globaleaks.org/install-globaleaks.sh
chmod +x install-globaleaks.sh
./install-globaleaks.sh

Yes, accept that you are using an unsupported system.

Once GlobaLeaks is installed, it will have printed out the onion address for the GlobaLeaks site. Now you can go there to perform your desired configuration: https://github.com/globaleaks/GlobaLeaks/wiki/Configuration-guide

Another hidden service for command line interface access

sudo vim /etc/tor/torrc

Uncomment lines 74 and 76 to active them:

HiddenServiceDir /var/lib/tor/other_hidden_service/
HiddenServicePort 22 127.0.0.1:22

Install openssh-server:

sudo apt-get install openssh-server -y

Configure SSHd (at a minimum):

sudo vim /etc/ssh/sshd_config

Comment out these lines:

#HostKey /etc/ssh/ssh_host_dsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key

Edit these lines:

ServerKeyBits 4096
PermitRootLogin no

Uncomment and edit this line:

ListenAddress 127.0.0.1:22

Restart tor and ssh:

sudo service ssh restart
sudo service tor restart

View your new (second), command-line-interface only hidden service address:

sudo cat /var/lib/tor/other_hidden_service/hostname

Disable all USB

sudo vim /boot/grub/grub.cfg

There should be five different instances of the following line:

linux   /vmlinuz-'KERNEL' root=/dev/mapper/'NAME' ro

Each one of them needs to be modifed with “nousb” at the end, like the following:

linux   /vmlinuz-'KERNEL' root=/dev/mapper/'NAME' ro nousb

Here are the 5 line numbers that I found (in vim, typing “:” then the number, like “:143” then pressing enter to take you directly to that line):

143
161
178
196
213
sudo shutdown -r now

You can verify that USB devices are not initialized by your system by viewing the kernel log in real time and inserting USB devices (if no logs are created, then no new devices are being initialized):

sudo tail -f /var/log/kern.log

A guide for journalists that need to defend their work from governments

This is a brain dump guide that may be expanded depending on feedback. The goal is for a journalist to be able to keep all of their work “in the cloud” (on a personally controlled Tor hidden service) and not keep any sensitive data with them when they travel.

Most journalists are not able to commit to the requirements (high technical competency) of this guide. Dedicated journalists should consult with a technical expert that they trust.

Skeleton guide

1. Find some secure and stable places to host a few Tor hidden service web hosts. Choose different places that small actors (non-targeted malice, etc) and big actors (targeting by private companies, local law enforcement searches, intelligence agencies, etc) would have trouble finding. Inexpensive “netbooks” are great options because they are portable, inconspicuous, have built in batteries, surge protectors, and RAM that’s integrated into the system board (can’t be removed for evil maid attacks). Always presume adversaries will find them, so always use layered security.

1.1. The web hosts must at least be behind a basic firewall, even a residential Internet connection using NAT. The host itself must not have any externally-accessible ports, must employ LUKS disk encryption, and must be running the most current version of Tor. OwnCloud Community edition or WordPress are ideal platforms that allow remote uploading of files or note taking. Access to the web resource must be hardened and password protected in case a random adversary is able to uncover the hidden service address.

1.2. Physical access to the host, and remote access to the host, must require high-entropy passwords. You must remember them, or you must have a secure way of documenting and retrieving them like disposable SpiderOak accounts. Never carry passwords or your hidden service addresses with you. Two-factor authentication options cannot be used because you must presume said authentication devices will be taken from you.

1.3. Hosting multiple Tor hidden service web servers, for redundancy, can be configured to automatically sync with each other via Tor.

2. Carry the following:

2.1. An inexpensive laptop that has an unencrypted hard drive and operating system that has some “use” (don’t ever use it). Some passive-search actors will force you to turn on the device to demonstrate its legitimacy. Turning it on and opening apps keeps the friction low between you and your adversary. Always presume that adversaries will take it all from you. If any device is taken from you and removed from your sight, dispose of the device immediately.

2.2. Several USB drives with Tails Linux, and in different locations (on-person necklace, pockets, bags). If you’re able to maintain ownership of at least one, and you trust it was not tampered with, you won’t need to create a new one after passing through security check points.

2.2.1. Presume that the drives will be confiscated, so you must know how to recreate a Tails drive from any operating system. Don’t use pre-created drives if you think leaving them behind in “secure” places will help you. And don’t mail pre-created drives to yourself, they are trivially intercepted. Plan ahead to determine where you can create a new Tails drive, such as a retail electronics store or a local library. If you can’t assure that your Tails drive is clean, and your computer is free from any hardware or firmware compromise, do not access your Tor hidden service resources.