DARPA should ask DISA (±x)
Enter more text here
I read an article today about the Defense Advanced Research Projects Agency (DARPA) wanting “a public wall anyone can monitor or post messages on, but only correct people can decrypt“.
First and foremost who determines who the ‘correct people’ are? Does the United States still think it owns the Internet?
Secondly at USD 150,000 for the ‘keys to the kingdom’, who is going to accept a paltry sum for something worth hundreds of millions of dollars, or even more in pounds thanks to Brexit?
We are told “The advantages of this decentralized structure is that it would be more resilient, and there would be no centralized server where a spy or hacker could gather metadata, according to Frederic Jacobs, an independent security researcher who in the past worked as a developer for the encryption messaging app Signal.”
I used to use Signal when I was a child, and I brushed my teeth with it every morning before ‘creeping like a snail unwillingly to school’! We are then further informed: “The problem with that, he told me, is that such a structure would have higher latency and it’s harder to deploy at scale.”
Not necessarily – harder to deploy by script kiddies, probably. It goes on to say “’When a lot of people start using the service, it might become challenging to find messages that are addressed to you, without revealing to other people who have the data what exactly you are looking for,’ Jacobs said in an online chat.“
Well apart from the encrypted English, it sounds like the ‘metadata’ described in the first paragraph would be harder to obtain by the absence of a ‘centralized server’. I used to know people at the National Security Agency (NSA) and they could easily vacuum up enough data from Utah to have a fool-proof method of detection going forward.
In any event why go looking for metadata when you can simply query the Google Play Store and see who downloaded it, and to which account/device? The journalist and/or source exhibit the Igon Value Problem and this article is just laughable.
I do however, believe in non-repudiation for reasons obvious enough although DARPA wants repudiation and plausible deniability. That sounds like a honeypot and one of the special projects that I have worked on enticed people to use a website as a forum to subsequently entrap them 🙂
By way of information, in 2012 my colleagues and I had a working prototype of a cryptographic platform that could be computationally infeasible to decrypt, using (i) current computing power (parts of it have been subjected to brute force attacks via Cray XC30s) and (ii) at the current level of mathematics.
The website at http://www.Kryptodyne.com is not ready yet (my marketing skills are not that great) but “Kryptodyne is the Ultra-Secure Communications and Data Storage Technology which is a key component of Rhodium’s Advanced Real-Time Encrypted Management Information System (“ARTEMIS”) operating at a level far exceeding the requirements for CTSA. Sensitive Compartmented Information is protected during transit and whilst at rest using cryptographically secure (computationally infeasible) nodes/networks. Confidential data resides invisibly within diverse secure wide area networks without risk of interception, modification and repudiation.”
I thought it would be the type of text that appeals to the Sheeple whom I have to say are increasing in numbers these days; however, such text does nothing for the technology so I might remove it. In fact our technology is far more fancy than the website graphics and has cost us around USD 40 million of private funding including virtually all my income plus blood, sweat and tears.
We will try and finish it in 2017 once the current Military Intelligence / Law Enforcement peeps get off my case – this video might help them in determining how good I am and whose side I am on 🙂
Joseph S R de Saram CISSP FBCS MIEEE MIScT MINCOSE MACS Snr CP