Send in your ideas. Deadline February 1, 2025

Privacy and security

Projects to understand, safeguard and/or improve privacy and security in communication.

This page contains a concise overview of projects funded by NLnet foundation that belong to Privacy and security (see the thematic index). There is more information available on each of the projects listed on this page - all you need to do is click on the title or the link at the bottom of the section on each project to read more. If a description on this page is a bit technical and terse, don't despair — the dedicated page will have a more user-friendly description that should be intelligible for 'normal' people as well. If you cannot find a specific project you are looking for, please check the alphabetic index or just search for it (or search for a specific keyword).

ELF Linking — Analytic tools for UNIX' Executable and Linkable Format

The Executable and Linkable Format is a common standard file format for executable files, object code, shared libraries, and core dumps. Understanding dynamic links is important but hard without the proper tools. This is a problem, because the actual details can have significant technical and legal implications.

>> Read more about ELF Linking

PSYC2 — Next iteration of the Protocol for SYnchronous Conferencing

Protocol for SYnchronous Conferencing is an efficient text-based protocol for delivery of data to a flexible amount of recipients or people, by unicast or multicast. PSYC2 represents a next iteration of the PSYC framework in conjunction with SecuShare, another NLnet supported project that aims to build a novel social messaging system as part of the GNUnet peer-to-peer system.

>> Read more about PSYC2

Anomos — a pseudonymous, encrypted multi-peer-to-peer file distribution protocol

Anomos introduces a layer of security and anonymity currently absent in peer to peer file sharing protocols. Through the study of cryptography and anonymous networks such as TOR, a system is being designed which allows any individual to safely distribute files to a large audience without fear of legal or social repercussions. This technology is an important part of modern free society, and a tool which may be used around the world to bring about positive social change. With Anomos, one can distribute the file anonymously to thousands of people at once. Because Anomos is based on BitTorrent, each download makes the network faster, more robust, and harder to eliminate.

This technology can benefit thousands of people all around the world, to those who live in religiously oppressive places, those to whom the mere accusation of apostasy or sexual deviance could be life threatening; to mash-up artists concerned about copyright infringement, or anyone fearful that their actions on the Internet may lead to unjust punishment. First and foremost, Anomos has been designed as a tool for free speech.

>> Read more about Anomos

Deep Firmware — Active discovery of known and unknown security vulnerabilities in firmware

Understanding firmware is very difficult without the proper tools. The project builds an advanced prototype for scanning of security aspects of firmware based on the open source Binary Analysis Tool.

>> Read more about Deep Firmware

DIFR-TSPM — a demonstrator of a different way to inform consumers about the RFID tags

Increasingly, products for sale in shops are being tagged by RFID tags. These tags contain a unique product or item number, which can be read out wirelessly over a short distance by an RFID reader. Their function in shops and supermarkets is similar to the ubiquitous paper barcode, except that RFID tags can also be read out if the tag is not in plain sight of the reader. This means these tags can also be read out surreptitiously when walking around the store, or afterwards when the items are in your shopping bag and you are walking on the street. This also holds true for payment cards and travel passes (e.g. the OV chipcard in the Netherlands) that people carry with them. This has raised concerns about the impact for RFID technology on the privacy in our society.

The goal of the project is to develop a demonstrator of a different way to inform consumers about the RFID tags on the items they buy or the tags that surround them in their environment. Main idea is to use a mobile phone to display information about RFID tags in the vicinity.

In particular, the setup of the demonstrator will operate as follows. A consumer sets his privacy preferences in a profile stored on his mobile phone. If he holds the phone close to a product in a shop containing an RFID tag, the phone will read the tag number from the tag. It will then query (over the Internet, either through GPRS, UMTS or WiFi) the backoffice to retrieve the privacy policy corresponding to the tag number. Then it will match the tag policy with the consumer policy, and present the result of the match to the consumer on the display of the mobile phone in an intuitive and appealing manner.

This demonstrator will be used to show how such a concept:

  • empowers users in deciding for themselves how their privacy is affected and how to respond to that information, and
  • allows producers to efficiently communicate their privacy policy to consumers.

>> Read more about DIFR-TSPM

DNSSEC-mail — DNSSEC for OpenDKIM and OpenDMARC

Until recent developments of domain name authentication, Internet mail has not had access to scalable mechanisms for validating an identity associated with a message. Any identifier could be used fraudulently.

The Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) are relatively new technologies that create a foundational change by validating domain identifiers. However they are only the first step. DMARC takes additional steps in allowing domain owners to publish statements about their email use of their identifiers and DMARC facilitates much easier operational reporting from mail recipients to domain owners.

Thus this project will improve use of DNSSEC in the email security space. Two major upcoming applications will drive this:

  1. DMARC which relies on the DNS for advertising policy information.
  2. Domain-based reputation system that relies on DKIM, which in turn relies on secure DNS use to advertise keys and polices.

OpenDKIM includes DNSSEC support via libunbound of NLnet Labs.

>> Read more about DNSSEC-mail

e-Passports — use of (hardware) electronic passports for user authentication over internet

Over the past two years, electronic passports (e-passports) have been introduced in most countries of the world. An e-passport embeds a chip with card holder details. While there are concerns about the privacy consequences of the introduction, caused by the contactless nature of communication and the sensitive nature of contained biometric data, these also presents a unique opportunity: it provides every citizen of the world with a strong authentication token within a global Public Key Infrastructure (PKI).

The technical standards which describe how to verify the authenticity of electronic passports are open and publicly available from the International Civil Aviation Organization (ICAO). Although likely not intended as such by ICAO, e-passports are ideal for authenticating users of Web services. The current proposal intends to build such an Identity 2.0 solution with open source software.

We propose to create a trustworthy identity solution that allows a user to use their e-passport for authentication at regular websites or webservices (e.g. for e-government like services). Such a solution may contain a browser plug-in that integrates the software developed in JMRTD with an open source identity selector (perhaps compatible with InfoCard).

Additionally, the solution may require the establishment of a central server that acts as an identity provider (perhaps compatible with OpenID). A question that will need to be answered is to what degree end-users and service providers need to trust our identity provider (in case of end-users: trust with respect to dealing with privacy sensitive data).

>> Read more about e-Passports

FileSender — FileSender is a secure and private way to share large files with anyone.

FileSender is a self-hosted service that allows you to share very large files with anyone.

>> Read more about FileSender

FTEproxy — FTE enables developers to build systems resistant to surveillance and censorship.

fteproxy provides transport-layer protection to resist keyword filtering, censorship and discriminatory routing policies. Its job is to relay datastreams, such as web browsing traffic, by encoding streams as messages that match a user-specified regular expression.

>> Read more about FTEproxy

Global Directories — Distributed contact information discovery mechanism

A global directory is a way of retrieving contact information from others, using standard technology, so you can employ automatic tools that download and update contact information without manual intervention - or without any third parties snooping into your private or business social environment. Moreover, you can use the same technology to share any relevant information (such as keys for protection of your email) to anyone.

>> Read more about Global Directories

GNUnet — implementation and evaluation of an improved routing algorithm for GNUnet

GNUnet is GNU's framework for secure peer-to-peer networking. The framework is designed to support a range of applications. The primary application at this point is anonymous and censorship-resistant file-sharing.

The main thrust of the proposed research is the design, implementation, deployment and evaluation of a secure, fully decentralized P2P routing protocol. Centralization increases operational costs, creating prominent targets for attacks and single points of failure as well as raising privacy concerns. The resulting network must be open, allowing new peers to join at any time. Adversaries are assumed to participate in the network, and the protocols must gracefully degrade in the presence of adversaries. Graceful degradation means that adversaries may only reduce the efficiency of network operations, and that this reduction in eciency should be at most proportional to the resources available to the adversary.

Our quest for practical protocols also implies that the design must handle real-world constraints. In particular, we want to handle connectivity issues that arise on the Internet (for example, due to firewalls). We use the term restricted-route networks to describe networks with restrictions limiting direct communications between participants. The proposed protocol also addresses the possibility of peers leaving the overlay network abruptly, joining and leaving the network frequently, and the fact that the amount of resources available to peers can differ by a few orders of magnitude.

Our goal is to come up with adaptive protocols which adjust resource allocation based on automatically obtained network performance metrics that characterize the behavior of faulty or malicious nodes. Specifically, if an alternative path without faulty nodes exists, it must be possible for the routing algorithm to eventually discover it. The routing protocol must also be able to address disproportional consumption of resources. In particular, an adversary should not be able to issue a request that consumes more than a small constant factor of resources above the amount consumed by the normal operation of benign nodes. As a result, the proposed new protocol is able to prevent peers from launching asymmetric attacks, which leverage weaknesses in the system and magnify the damage caused.

NLnet's contribution is used to pay a graduate student's salary for a full year (the university will waive tuition) to work on the implementation and evaluation of an improved routing algorithm for GNUnet. The routing algorithm will be implemented as a GNUnet service which means that many (existing and future) applications using the GNUnet framework will be able to take advantage of it. The specific proposed work is about a new routing algorithm that will support scalable and secure routing in a restricted-route topology.

>> Read more about GNUnet

GoogleSharing — GoogleSharing anonymizing proxy

GoogleSharing is a special kind of anonymizing proxy service, designed for a very specific threat. It ultimately aims to provide a level of anonymity that will prevent google from tracking your searches, movements, and what websites you visit. GoogleSharing is not a full proxy service designed to anonymize all your traffic, but rather something designed exclusively for your communication with Google. The system is totally transparent, with no special "alternative" websites to visit. Your normal work flow should be exactly the same.

GoogleSharing is different from general anonymizing proxies:

  1. Most will mask your IP address, but not the identifying information in your HTTP headers. Google will still know who you are based on your Cookies, User Agent, etc.
  2. If the proxy does attempt to anonymize HTTP headers, they will do it by completely stripping cookies from your request. Google does not like this, and will tag you as a SPAM bot (how convient for them to do), which will force you to type in a CAPTCHA every time you issue a Google search, and will prevent you from issuing Maps requests at all.
  3. These types of proxies can be slow. It's not necessary to proxy all of your internet traffic if you're just trying to protect yourself from Google. Since GoogleSharing only proxies Google traffic, our bandwidth needs are much lower and thus our performance is much greater.

GoogleSharing is different from Google replacements:

  1. GoogleSharing does not require that users change their workflow by visiting different websites.
  2. GoogleSharing supports all Google services which don't require a login, so it does more than just anonymize search. As Google continues to expand its grasp of the internet, GoogleSharing will automatically expand with it, automatically anonymizing whatever new services emerge in a fully transparent way.
  3. GoogleSharing has the potential to be fully distributed. As we make the move towards distributing requests across multiple configured servers, this is a definite step in the direction of P2P.

>> Read more about GoogleSharing

GSM-Sec — GSM Security Project, debugging GSM transactions

The popular GSM cell phone standard uses outdated security and provides much less protection than its increasing use in security applications suggests. This project aims to correct the disconnection between technical facts and security perception by creating a GSM tool that allows users to record and analyze GSM data.

This project complements several other current open research projects into GSM technology. These projects --including OpenBTS, OpenBSC, and OsmoconBB-- create open re-implementations of network equipment and hand sets to make the technology more accessible and open. It builds on these insights and shows the security limits of the technology. The feedback loop, however, goes both ways: the record and decode tool, for example, will allow the OpenBTS base station to operate on multiple frequencies thereby supporting more concurrent phone calls. The target audiences of the tools are security and radio researchers.

By Security Research Labs.

>> Read more about GSM-Sec

HTTPS-Obs — HTTPS Observatory

The project collects an Internet-wide dataset of all publicly visible TLS CA certificates in order to

  1. search for CA-certified Man In The Middle (MITM) attacks against HTTPS privacy and
  2. measure the extent to which browsers really need to trust 60-200 CAs completely.

Extended datasets measuring from multiple source networks (via Tor) and using SNI will also be collected.

In collaboration with volunteers from security consulting firm iSEC Partners, EFF intends to write a program that accesses every Web server on the public IPv4 Internet running HTTPS on port 443. We will create a complete dataset of the certificates each server offers to visitors. Then we will analyze the data, comparing:

  • Who is the Certificate Authority?
  • For which domains is the certificate valid?
  • Where is the machine issuing the certificate located?
  • Who operates that network

With these data it will be possible to answer the following questions:

  • How many CA services are used by publicly accessible sites? Which ones are rarely used?
  • Can one find evidence of specific MITM attacks in the form of publicly visible attack servers (that victims in the wild would have been redirected to via DNS or other mechanisms) or in the form of network-layer attacks detected against our own survey machines? Concrete evidence would be useful for motivating browser developers to adopt more secure trust models.
  • How many domains intentionally use more than one apparently legitimate, apparently valid certificate at the same time? (This impacts on the design of enhancements to the TLS trust model)
  • How many sites in the wild show different valid certificates to users who come from different parts of the Internet?
  • How many CAs are used primarily or exclusively in particular countries or DNS domains?

By Electronic Frontier Foundation

.

>> Read more about HTTPS-Obs

Jitsi-FMJ — Replacing JMF with FMJ

Jitsi became a focus project of NLnet as it offers free, open and secure alternative for Skype and similar communication tools. Today it offers chat, Audio/Video calls with SIP and XMPP, and Jitsi is the only tool which does it in a secure way (using ZRTP), on all three major operating systems.

At the heart of Jitsi's media service lies the Java Media Framework (JMF) of SUN, which was not released under a FLOSS license. Free Media for Java (FMJ) which was founded by Ken Larson is meant to be a free and open alternative of JMF.

The goal of this subproject is to continue the work on the FMJ project and take it to a stage where it can be used within Jitsi as a viable alternative of JMF. This would hugely benefit the community:

  • It will essentially provide Java developers with an active, free media library.
  • More importantly however, it will be an essential step toward porting Jitsi to other environments such as Android or porting it as a web application.

>> Read more about Jitsi-FMJ

Ksplice — update the Linux kernel without rebooting

Ksplice is a new technology for protecting the security and reliability of machines on the network. Currently, all computer systems need to be rebooted regularly to apply OS updates, in order to be secure against potential attacks over the network. Ksplice makes it possible for system administrators and end-users to perform OS updates effortlessly, without a reboot. This project will make an open source Linux distribution be the first operating system in the world that does not require regular reboots for security updates.

This technology also has the potential to significantly hinder network attackers by reducing the window of vulnerability during which computer systems are running software with known problems.

Thus, Ksplice solves the underlying weakness in the system so that no malicious activity, no matter how it has been disguised, will be able to achieve its objective of compromising the system.

>> Read more about Ksplice

Ksplice2 — Ksplice for mainline Linux and Fedora

With previous support from NLnet, Ksplice has made the free software Linux distribution Ubuntu be the first operating system in the world that does not require regular reboots for security updates. Ksplice Ltd has started providing rebootless OS updates to more than 10,000 users of Ubuntu -a significant step, but larger-scale deployment is needed in order for the technology to become truly mainstream.

The goals of this project are:

  1. to freely provide rebootless OS updates to 100,000+ users running the major community Linux distributions, and
  2. to get the Ksplice kernel software merged into the mainstream Linux kernel.

The NLnet support is used for the development required to get Ksplice tool merged into the mainstream Linux kernel and the development work on the Uptrack application required to freely bring rebootless updates to Fedora, the second most popular desktop Linux distribution behind Ubuntu. These initiatives are critical to the path of taking this open innovation to mainstream adoption. Specifically, getting Ksplice merged into the mainstream Linux kernel is the best way to ensure that Ksplice has the full support of the diverse Linux kernel community. This support will improve Ksplice’s technical quality and encourage more people to trust and use Ksplice.

Bringing Ksplice beyond Ubuntu is necessary since so many Linux users use distributions other than Ubuntu. One of Linux’s strengths is the variety of choices that it provides, so it makes sense to provide Ksplice for many community Linux distributions rather than just one community Linux distribution. Fedora is the next step in this direction.

>> Read more about Ksplice2

Lantern — DNSSEC in Lantern

The goal of Lantern - a censorship circumvention and monitoring-prevention tool - is to build an easy-to-use, secure, and indestructible tool to keep the internet open and unfettered for anyone in the world.

Lantern uses a P2P infrastructure, particularly the LittleShoot P2P stack, along with the LittleProxy HTTP proxy and the Smack XMPP client library. All of these utilize DNS in a number of areas. In environments where e.g. the government has access and control over all network traffic in and out of the country authenticity of DNS records is of paramount importance.

This project aims integrating of DNSSEC into every DNS lookup in Lantern, including all DNS lookups in the LittleProxy, Smack, and LittleShoot sub-modules.

>> Read more about Lantern

LEAP/Torbirdy — LEAP integration into Torbirdy

Due to its age and design flaws securing email is notoriously hard. Without an easy-to-use e-mail client most users will not be able to adequately protect themselves. LEAP allows easy set-up of secure e-mail providers, but currently LEAP integration into e.g. the popular Thunderbird email client requires manual configuration and does not provide anonymity of the connection from the client to the server via Tor. What if users could profit from automatically encrypting email and retain their privacy?

>> Read more about LEAP/Torbirdy

Mailman-SSLS — openPGP and S/MIME support in mailman

Currently, there is no re-encrypting mailing list manager with support for both PGP and S/MIME. Mailman is the most popular Open Source mailing list manager. The Secure List Server project "mailman-pgp-smime" aims to include OpenPGP and S/MIME support in Mailman, the GNU Mailing List Manager.

Adding re-encryption will enable groups of people to cooperate and communicate securely via email: mail can get distributed encrypted to a group of people, while the burden of managing individual keys is dealt with by the list software, not the sender. Furthermore, authentication is possible: the list server software takes care of checking this. This way, strong security for groups of people gets available for a wide audience.

Technical specification

This project will publish a patch for the official Mailman distribution. This patch handles both RFC 2633 (S/MIME) and RFC 2440 (OpenPGP) email messages.

A post will be distributed only if the PGP (or S/MIME) signature on the post is from one of the list members. For sending encrypted email, a list member encrypts with the public key of the list. The mailing list server will decrypted the posting and re-encrypted it with the public keys of all list members.

In order to achieve this, each list has a public and private key. (The private keys optionally protected by passphrases) Furthermore, new list settings are defined:

  • gpg_postings_allowed: is it allowed to send to this list postings which are encrypted with the GPG list key?
  • gpg_msg_distribution: are subscribers allowed (or even forced) to upload their GPG public key in order to receive all messages encrypted?
  • gpg_post_sign: should posts be GPG signed with an acknowledged subscriber key before being distributed?
  • gpg_msg_sign: should the server sign encrypted messages?

Similar settings are defined for S/MIME. Finally, each subscriber can upload her PGP and S/MIME public key using the Mailman webinterface.

>> Read more about Mailman-SSLS

NetAidKit — The NetAidKit is a pocket size, USB powered router for safer mobile networking.

The NetAidKit is a pocket size, USB powered router that connects everything to everything, designed specifically for non-technical users. The easy to use web interface will allow you to connect the NetAidKit to a wireless or wired network and share that connection with your other devices, such as a phone, laptop or tablet.

>> Read more about NetAidKit

Faster and configurable datapath/Linux xfrm — Rewriting nftables to optimise for xfrm

The project entails rewriting nftables (which is a subsystem of the Linux kernel responsible for packet filtering and classification) to make it easier to combine with xfrm (which is the common framework to work with IPSec in Linux). IPsec was originally developed in conjunction with IPv6 but is just as often used with IPv4 as well. IPSEC encrypts traffic, providing key features absent in the regular IP layer - like data integrity, data origin authentication and confidentiality. The project is expected to make an important contribution to improving the IPSEC capabilities, usability, speed and robustness in many systems.

>> Read more about Faster and configurable datapath/Linux xfrm

NoScriptABE — improve the ABE (Application Boundaries Enforcer) for NoScript

NoScript is a popular (over two millions active users) add-on extending the Firefox open source web browser and other products based on the Mozilla Gecko engine. NoScript increases web client security by applying a Default Deny policy to JavaScript, Java, Flash, and other active content. It provides users with an one-click interface to easily whitelist sites they trust for active content execution.

The Application Boundaries Enforcer (ABE) module will attempt to harden the web application oriented protections already provided by NoScript with a firewall-like component running inside the browser.

This project is specifically focused on developing a new web browser component called ABE, aimed to mitigate or defeat Cross Site Request Forgery (CSRF) attacks against sensitive web applications. This component will be built on the existing request interception, tracing and blocking framework of NoScript, and it will be integrated in NoScript's broader web security infrastructure, together with whitelist-based scripting, active content execution policies, anti-XSS filters, ClearClick anti-ClickJacking protection and HTTPS/Secure Cookies enhancements. After a working ABE implementation as a NoScript component gets completed, a refactoring and repackaging activity to deploy it as a separate “ABE Firefox Add-On” will be done.

>> Read more about NoScriptABE

NoScript-Andr — Android Native NoScript

NoScript is a popular GPL add-on for Firefox and other Mozilla Gecko-based browsers which increases the web client security in several innovative and ground-breaking ways.

NoScript was extensively supported by NLnet and active users are currently almost 3 millions, and it has pretty much no competitors. That's because it goes very far beyond simple script blocking, having established itself as the "ultimate" security enhancement for the web browser, even though it's available on Mozilla Gecko-based browsers only.

Unfortunately, no NoScript equivalent is available on mobile platforms yet. This is intended to be the unique final result of this project.

>> Read more about NoScript-Andr

NoScript-Mob — NoScript Mobile

NoScript is a popular GPL add-on for Firefox and other Mozilla Gecko-based browsers, which considerably increases the web client security in several innovative and ground-breaking ways. Numerous useful features make NoScript the most advanced browser security tool, used and respected by most web security experts and serving as an example and an inspiration for safety enhancements which are slowly finding their way in mainstream web browser technologies.

The way people use the web is steadily moving towards mobility: we've got smart phones rivaling in power and usability with desktop PCs, and open source mobile OSes, like the Debian-derivative Maemo by Nokia or, even more prominently, Google's Android, which open exciting scenarios but also pose significant challenges.

The challenge NoScript wants to accept and win is bringing the safest web browsing experience on the mobile platforms. In order to achieve this, NoScript will be re-designed and re-implemented to be compatible with the latest Firefox Mobile versions, which run both on Android and Maemo devices, trying to retain as much as possible of its core components and functionality.

>> Read more about NoScript-Mob

NoScript-Mob2 — NoScript Mobile part 2

NoScript is a popular GPL add-on for Firefox and other Mozilla Gecko-based browsers which considerably increases the web client security in several innovative and ground-breaking ways. Numerous useful features make NoScript the most advanced browser security tool, used and respected by most web security experts and serving as an example and an inspiration for safety enhancements which are slowly finding their way in mainstream web browser technologies.

This project is the follow up of the first NoScript Mobile project, and will implement specific components: XSS Filter, ClearClick, Mobile-friendly Setup Interface, Remote Synchronization, ABE component (Application Boundaries Enforcer).

The way people use the web is steadily moving towards mobility: we've got smart phones rivaling in power and usability with desktop PCs, and open source mobile OSes, like the Debian-derivative Maemo by Nokia or, even more prominently, Google's Android, which open exciting scenarios but also pose significant challenges. The challenge NoScript wants to accept and win is bringing the safest web browsing experience on the mobile platforms. In order to achieve this, NoScript will be re-designed and re-implemented to be compatible with the latest Firefox Mobile versions, which run both on Android and Maemo devices, trying to retain as much as possible of its core components and functionality.

>> Read more about NoScript-Mob2

Cryptech.is — An open source open hardware security module to protect communications

Cryptech.is is a project that want to design an open-source hardware cryptographic engine that can be built by anyone from public hardware specifications and open-source firmware. Anyone can then operate it without fees of any kind.

>> Read more about Cryptech.is

OSN-PPCP — Privacy-Preserving Communication Protocol for OSNs

Today online social networks (OSNs) have become an indispensable platform for internet users to find friendship and share information. However, users are pretty much electronically naked in any OSN: (1) User’s data is in clear to the OSN service provider, and can be accessed by many other parties without any consent; (2) User’s activities are under surveillance by the OSN service provider.

Numerous privacy breaches have been reported, often with disastrous consequences to the user concerned, such as getting fired by the employer, getting rejected from a job application, even leading to suicide. To mitigate the problem, most OSN service providers provide some privacy controls to users to protect their information. However, this is not the antidote and will never be, because the aforementioned problems (1) and (2) still remain.

This project will design and implement a privacy-preserving communication protocol to mitigate the problems (1) and (2). In more detail, it will achieve the following features:

  1. A user always keeps his private data in encrypted form.
  2. Two users can match each other based on their respective private data sets, without revealing anything.
  3. Two friends who share some common private date, communicate in private. The communication will remain private against the OSN service provider and other users.

The implementation will be based on the OpenSocial API, and programmed in javascript. The final form of the implementation will be a browser plug-in, for example for Firefox.

>> Read more about OSN-PPCP

OV-Chipkaart — privacy friendly chip card for public transport

This project is about the OV-chipkaart, a single national chipcard for all public transport in the Netherlands, which is similar to London's Oyster card or Hong Kong's Octopus card. It is a propriatory solution being introduced by Trans Link Systems (TLS), a consortium of public transport companies. Currently the OV-chipkaart is being tested in practice in and around Rotterdam and Amsterdam. National introduction has been postponed a couple of times, but is now foreseen in 2009.

Early 2008 the OV-chipkaart has come under heavy attack because of both security and privacy concerns:

  • Individual travel movements are collected centrally and will be used for direct marketing purposes. The Dutch Data Protection Authority (College Bescherming Persoonsgegevens, CBP) has therefore described the approach as: not in accordance with the law (CBP report).
  • The cryptographic protection in the Mifare Classic chipcard, used in the personalised cards is broken.
  • The throw-away cards have been cloned, enabling free travel.
  • Very little is known about how the system actually works, and about how (private) data are protected.

The aims for this project are twofold:

  • On the one hand, to concentrate documenting of the current OV-chipkaart system, make a public repository of knowledge. Factual information about the design, strengths and weaknesses of the current system; an explanation of all the things that were in the news since roughly January 2008.
  • On the other hand, experiment with the card in order to transparently develop a new system from scratch in which RFID technology is used for ticketing in public transport. Using an open design process, the design criteria and the quality of the solutions can be evaluated by a broad audience, including scientists, hackers, but of course also stakeholders such as transport companies. This process may eventually result in an open standard.

>> Read more about OV-Chipkaart

Pitchfork — Open hardware for compartmentalizing key material and cryptographic operations

The PITCHFORK is a free/libre hardware device for compartmentalizing key material and cryptographic operations in a small and durable USB device. It uses a minimalist Cortex-M3 processor and stores all keys in the CPU flash memory. The PITCHFORK has an embedded radio interface over which it can do secure key exchanges with other devices, including "post-quantum" cryptography. Over USB it can send and receive messages using various modern low-level crypto protocols, providing different aspects of overall security.

>> Read more about Pitchfork

Qubes — A reasonably secure operating system

Qubes OS is a security-oriented operating system (OS). Qubes is free and open-source software (FOSS). This means that everyone is free to use, copy, and change the software in any way. It also means that the source code is openly available so others can contribute to and audit it.

>> Read more about Qubes

RFID Guardian — hardware prototyping of a mobile device for personal RFID security and privacy management.

This Project intends to accelerate hardware prototyping of the RFID Guardian Project. All people getting in touch with the RFID technology, i.e. buyers and users of virtually any goods sold, shall have means to manage the information which is sampled and uncontrollably transmitted by the RFID chips.

The RFID Guardian is a battery-powered device that represents the first-ever unied platform for RFID security and privacy administration. The RFID Guardian acts as an "RFID Firewall", enabling individuals to monitor and control access to their RFID tags by combining a standard-issue RFID reader with unique RFID tag emulation capabilities. Additionally, the RFID Guardian is useful as an RFID security diagnostic and auditing tool.

This "RFID Guardian Quick Start Action" project is intended to bootstrap the larger RFID Guardian project. It is also intended to place the Quick Start Action in a larger context, and in this helping to transform the concept of the RFID Guardian into a commercial open-source hardware product.

>> Read more about RFID Guardian

RFID Guardian(2) — unified platform for RFID security and privacy administration

The RFID Guardian is a battery-powered device that represents the first-ever unified platform for RFID security and privacy administration. The RFID Guardian acts as an 'RFID Firewall', enabling individuals to monitor and control access to their RFID tags by combining a standard-issue RFID reader with unique RFID tag emulation capabilities. Additionally, the RFID Guardian is useful as an RFID security diagnostic and auditing tool.

The RFID Guardian Project is focused upon providing security and privacy in Radio Frequency Identification (RFID) systems. The goals of the project are to:

  • Investigate the security and privacy threats faced by RFID systems
  • Design and implement real solutions against these threats
  • Investigate the associated technological and legal issues

>> Read more about RFID Guardian(2)

Samizdat — Samizdat makes public key cryptography accessible

Samizdat is intended, in part, as a tool for activists -- or, generally, for anyone who desires secure communication with others who lack the computer literacy (or merely patience) to configure public key cryptography or VPNs. Samizdat would also be useful to give an outsider access to a network without being easily detected; for example, it could facilitate document leaking.

Samizdat is a LiveCD intended primarily to make public key cryptography accessible: to distribute public keys securely, and to pre-configure various applications of cryptography, especially VPN-based applications.

Samizdat LiveCDs are self-replicating, with the replicated system not being identical, instead having one other's public keys and various other information. The replicated systems automatically become nodes on a VPN. The LiveCD serves as a secure boot medium for a fully-functional, fully-encrypted persistent system.

This project integrates many existing projects: Tor, Onioncat, GPG, LUKS, Git and others.

>> Read more about Samizdat

Seahorse SmartCard — Seahorse Smart Card Support

Smart Cards provide solid, tamper-proof security. When used with modern web authentication technology, they can be used to provide a protection against phishing and can also be used to solve other problems facing one's identity on the web today. But, desktops ignore their existence.

In order to get things rolling with better smart card support on the Desktop, users and developers need simple access to smart card technology. Seahorse is a key manager that's used on the GNOME Desktop. Currently it can manage stored passwords, PGP, and SSH keys. This project will add smart card support to the Seahorse key manager.

This project will implement basic management of certificates and keys stored on smart cards in the Seahorse key manager. Users will be able to examine and use their smart card with the same management operations as available to certificates and keys stored in software key tokens.

>> Read more about Seahorse SmartCard

Searsia — Searsia is a protocol and implementation for large scale federated web search.

Searsia provides the means to create a personal, private, and configurable search engine, that combines search results freely from a very large number of sources. Searsia enables existing sources to cooperate such that they together provide a search service that resembles today’s large search engines. In addition to using external services at will, you can also use it to integrate whatever private information from within your organisation - so your users or community can use a single search engine to serve their needs.

>> Read more about Searsia

Searx — Searx is an internet metasearch engine that can be easily self-hosted by anyone.

Searx is a free software internet metasearch engine which aggregates results from a significant amount (currently more than 70) search services. A private (or preferably shared) instance of Searx allow you to escape from the so called 'search bubble' created by overzealous personalisation of your search results. It give you a more diverse (or at least alternatively biased) view on the world, by combining the results of a variety of sources without filtering based on your previous searches. Searx also helps to reduce the amount of tracking and passive observation search users are subject to, by offering a layer of proxying isolation.

>> Read more about Searx

SecuShare — A framework for sufficiently safe social interaction

The SecuShare project implements a social messaging service based on the GNUnet peer-to-peer framework offering scalability, extensibility, and end-to-end encrypted communication. The scalability property is achieved through multicast message delivery, while extensibility is made possible by using PSYC (Protocol for SYnchronous Communication), which provides an extensible RPC (Remote Procedure Call) syntax that can evolve over time without having to upgrade the software on all nodes in the network. Another key feature provided by the PSYC layer are stateful multicast channels, which are used to store e.g. user profiles. End-to-end encrypted communication is provided by the mesh service of GNUnet, upon which the multicast channels are built. Pseudonymous users and social places in the system have cryptographical identities &emdash; identified by their public key &emdash; these are mapped to human memorable names using GNS (GNU Name System), where each pseudonym has a zone pointing to its places.

>> Read more about SecuShare

Online Self-defence in Ten Minutes — Online Self-defense in 10 minutes

Bits of Freedom foundation develops an "Online Selfdefense in ten minutes" tool. Many people use the Internet carelessly and are not aware that such behavior entails risks for their privacy. And those who are familiar with this kind of risks often think that it is too difficult to undertake something to defend their privacy.

>> Read more about Online Self-defence in Ten Minutes

Shadow Internet — An alternative communication infrastructure working phone to phone.

Shadow Internet is an alternative communication infrastructure developed by researchers at Technical University Delft that enables people to distribute videos by copying them from phone to phone wirelessly. So even without an Internet connection you can share content. Specifically crafted to be resilient.

>> Read more about Shadow Internet

Magic Wormhole/SPAKE2 — Securely send files between two computers with minimum fuss

SPAKE2 is a modern academic password-authenticated key exchange mechanism, originally designed by two security researchers from Ecole Normale Superieure. It allows to set up an ad hoc encrypted channel between two users that share a combination of words in real-time. Magic Wormhole is an open source implementation of SPAKE2 (both client and server) by Brian Warner, one of the founders of the TAHOE-LAFS.

The server part of Magic Wormhole can creating a rendez-vous/relay, so it can be used in a LAN, behind firewalls, NATs, etc. There are many cases in which a person wants to quickly exchange a file in an untrustworthy environment (say a presentation deck) without running either the risk of an Evil Maid attack or uploading to a trusted server and then giving someone access to that. Most people do not even have such a trusted infrastructure, which forces them to trust their data to third parties. This solution allows for very user-friendly exchange of files with modern encryption, without the need for anything else. Secure exchange of files is a critical problem of all ages, this solution has potentially disruptive qualities.

This project will try to make SPAKE2 primitives available to mobile app developers and will support standardisation of SPAKE2 inside the IETF.

>> Read more about Magic Wormhole/SPAKE2

Stratosphere IPS — A behavioral-based free software Intrusion Prevention System.

The Stratosphere IPS is a free software Intrusion Prevention System that uses Machine Learning to detect and block known malicious behaviors in the network traffic. The behaviors are learnt from highly verified malware and normal traffic connections in our research laboratory. Its goal is to provide the community and especially vulnerable targets with low budgets such as NGO's and civil society groups with an advanced tool that can protect against targeted attacks.

>> Read more about Stratosphere IPS

Stubby — A local DNS Privacy stub resolver using DNS-over-TLS

Stubby is an open source project to develop a DNS stub resolver for use on client devices which will provide DNS Privacy for end users by implementing DNS-over-TLS (RFC 7858). This service will provide encrypted first-hop access to DNS services protecting users’ DNS queries from eavesdropping at any point along the path between their device and a privacy-enabling DNS server.

More information about DNS-over-TLS: https://tools.ietf.org /html/rfc7858

>> Read more about Stubby

Tor hidden services — Protect publisher and users of the services against identification

The Tor Anonymity System's key functionality `Hidden Services' allows users to set up anonymous information services (like websites) that can only be accessed through the Tor network and therefore are protected against identification of the host that runs the services.

Using these Hidden Services, critical political and human rights information can be published in a way that both the publisher and users of the service are protected from identification. The current version of Tor Hidden Services has a number of drawbacks that hamper the active use of this important feature. The most serious limitation is the performance: the time it takes until a Hidden Service gets registered in the network and the latency of contact establishment when being accessed by a user. Due to design issues in the original Tor protocol, the connection to a new Hidden Service can take several minutes, leading most users to give up before the connection has been established. Using the Tor Hidden Services for direct interactive user-to-user communication (like for instant messaging) is nearly impossible due to this high latency in the Hidden Service circuit setup.

An evolution of the Tor protocol is proposed to speed up the Tor Hidden Services. The improved protocol will change the way circuits are set up. The end goal is to have the protocol change production ready and propagated to the Tor users within nine months. The resulting software will be published under the GPL license, like the rest of the Tor code. All deliverables will be fully public.

>> Read more about Tor hidden services

Tor low-bandwidth — Tor for modem and mobile users

The Tor anonymity system is currently only usable by internet users with high-bandwidth connections. Upon start of a Tor client, a large file with all Tor server descriptions is being downloaded. This "Tor Directory" file enables the client to pick from the available mix-servers in the Tor network. This Directory file is too large for users on modem lines or on mobile data networks (like GPRS) as it gets downloaded each time a user logs in, taking 10 to 30 minutes over a slow connection. Therefore, Tor is not usable by modem and mobile users.

One of the major goals of the Tor project is to provide secure anonymous internet access to users in repressive states. These location often have very slow internet connections to the outside world. By enabling these users to use the Tor network, significant progress can be made towards free communication and free information in these countries.

An evolution of the Tor protocol is proposed to reduce the initial download size. The new Tor protocol version should change the way a client receives the information for its Tor circuit setup in such a way, that the initial download can be performed over a slow modem line in less then three minutes.

The work to be conducted under the proposal is split into two major deliverables, with the end goal of having the protocol change production ready and propagated to the Tor users within a timeframe of less then 8 months. The resulting software will be published under the GPL license, like the rest of the Tor code. All deliverables will be fully public.

>> Read more about Tor low-bandwidth

Tracking Exposed — Increase transparency behind personalization algorithms

Goal of the project is to increase transparency behind personalization algorithms, so that people can have more effective control of their online experiences and will have more awareness of the information to which they are and are not exposed.

>> Read more about Tracking Exposed

Trusted Boot Module — An open hardware trusted boot manager

This project is developing a system for booting trusted OS images on existing, ARM-based systems. It will consist of open hardware and software that allows users to start up Linux systems on off-the-shelf ARM development boards, where the system ensures that the system can be booted in a trusted state by booting only OS images trusted by the vendor and/or the user of the system. The hardware consists of cheap, off-the-shelf components that are simple to analyse and program, and which provide for an easily verifiable solution that does not depend on 'black box' components. This project aims to bring trusted boot to the market of commodity ARM-based servers, thus providing the community a security solution that allows for, for example, affordable distributed hosting and computing.

>> Read more about Trusted Boot Module

Turtle — P2P infrastructure for safe sharing of sensitive data

Turtle aims at the creation of a peer-to-peer (P2P) infrastructure for safe sharing of sensitive data. The truly revolutionary aspect of Turtle rests in its novel way of dealing with trust issues. Where other P2P architectures attempt to build trust relationships on top of a trust-agnostic P2P overlay, Turtle builds its overlay on top of pre-existent trust relationships among its users. This allows both data sender and receiver anonymity. At the same time, it protects each intermediate relay in the data query path against liability. Furthermore, its trust model should allow Turtle to withstand most of the denial of service attacks that plague other peer-to-peer data sharing networks.

>> Read more about Turtle

Unhosted — Unhosted, separating data servers from application servers

The web is not as open as it used to be: big monopoly platforms have formed new proprietary layers on top of it. This project breaks the "you get our app, we get your data" package deal. This by providing a cross-origin data storage protocol, thus separating data servers from application servers.

More and more applications are hosted online and force users to put their data onto servers where applications run. Apart from our data being locked inside a place we don't have control over, many websites sell the data to third parties. This is a huge emergency in terms of consumer rights. Unhosted improves the web infrastructure by separating web applications from your data:

  1. Your can store your data remotely anywhere, preferably encrypted;
  2. Unhosted apps, which are web applications, will run locally in your browser.

This also makes it easier for app developers, as they neither have to worry about hosting all the data and user accounts nor about server load - all the computing takes place in your own browser on your own machine. With the app being just JavaScript it becomes very easy to develop and deploy new apps which everyone can use.

The project will define a standard and submit it to W3C.

>> Read more about Unhosted

Unhosted — The Unhosted project enables separation of storage and applications

Unhosted is an approach to the "cloud" opposite to the current web2.0 trend: it separates the user data from the application, rather than putting user data "into" the application. This leads to much better privacy management.

End-users of "cloud" capable applications use Unhosted directly, they don't have to do anything special for that - just need to log in to remoteStorage enabled applications using their remoteStorage-enabled email address.

As example, all Dutch students and academic staff already have remoteStorage connected to their university email addresses. Now the target community is web developers. They need to enable their applications so that they accept login with remoteStorage.

Contrary to other projects (that usually create 1 product with 1 function, and offer that as a free software of which everyone can run their own server, like Diaspora, MediaGoblin, ownCloud, etc.), Unhosted aims for a generic storage server. Everyone just needs a bit of very simple and dumb cloud storage, with no application-specific features. Cloud storage becomes an interchangeable commodity, and the market of useful cloud applications becomes entirely separate from the market of reliable cloud storage.

>> Read more about Unhosted

XSSer — Cross Site Scripting testing

Currently, XSS attack is one of the most widespread vulnerabilities in Web applications. Incorrect filtering and the appearance of new increasingly sophisticated techniques make protection a complex and time-consuming task.

Cross Site "Scripter" aka XSSer, is an open source penetration testing tool that automates the process of detecting and exploiting XSS injections in different applications. It contains several options to bypass certain filters, and various special techniques of code injection. It makes possible to test an application on vulnerabilities to Cross Site Scripting (XSS) attacks.

The XSSer tool aims to automate these complex application security testing tasks.

Run by R.C. Merida (psy)

>> Read more about XSSer