Dark Mail

DEF CON 22

Presented by: Ladar Levison, Stephen Watt
Date: Friday August 08, 2014
Time: 17:00 - 17:50
Location: Track 1

Data privacy and anonymity have long been cornerstone interests of the computer security world, but not particularly important to the general public. News events in the past year have seen the political climate shift radically, and now data privacy has become big business with secure mail solutions being the focal point of this new found attention.

Dark Mail is not the only solution in the secure mail space, but just as Lavabit’s preoccupation with privacy and user autonomy was a rarity when it started over a decade ago, it hopes once again to push mail security forward into a new frontier. It is Dark Mail's objective to achieve the highest degree of security possible - with the introduction of an interoperable mail protocol as an open standard. To that end, we are publishing documents describing the protocol, along with a reference implementations of the client and server under a free software license.

What most of the secure email systems in the privacy race have prioritized in tandem are ease of use for the masses, and cryptographically secure encryption of message contents between a sender and recipient. Additionally, they tend to place trust for private key management and encryption in the hands of the end user, and not the mail server.

While this would certainly be an improvement over traditional SMTP, it leaves much to be desired. Where do other solutions fall short? Metadata. Dark Mail is designed to minimize the leakage of metadata so that ancillary information like subject lines, recipients, and attachments doesn’t fall into the hands of curious third parties. That means all information about the mail and its contents are completely opaque to everybody but the parties communicating - including the servers handling the messages in transit. Accomplishing these goals wasn’t possible using existing standards, which is why we created a security enhanced flavor of SMTP for mail delivery dubbed DMTP.

What separates dmail from competing secure mail designs is the level of security it affords the user while retaining its simplicity of use. We have automated the key management functions, so complex cryptography operations are handled without user interaction. Of equal importance is the need for an implementation that is open to peer review, security audits, and cryptanalysis. Unlike many commercial solutions, dmail isn’t tethered to a single centralized provider; instead it offers the ability for anybody to host secure mail services. Like today, users will be able to access their mail from anywhere, using a web client with client-side encryption, or a traditional client application on their mobile or desktop device for an even greater degree of security. An open standard will guarantee that users have the freedom to adopt any dmail-compatible client or server implementation of their choosing.

Most attendees of this presentation will be familiar with the curious story of Lavabit's demise. While Lavabit's hosted mail service refused to surrender unfettered access to its users' secrets, this course of action may not be the obvious choice for network administrators placed in similar situations. Most digital surveillance efforts require the service provider to be complicit with the wiretapping requests of law enforcement. Dmail aims to protect messages from surveillance and tampering - whether it be subversive or coerced - by placing that capability beyond the reach of service providers. With dmail the keys belong to the user, and the message decryption occurs on the user’s device. Even so, users can choose how much to trust a service provider - with standardized modes that reside at different points along the security vs usability spectrum.

After running through an overview of the Dark Internet Mail Environment, this talk will delve into the details, showcasing the new protocols: DMTP and DMAP. Then highlight the schemes used by these protocols to provide automagical encryption and illustrate the mechanisms which have been developed to protect against advanced threats. To close the talk, we will provide a public demonstration of the reference implementation – showing the Volcano client and Magma server in action.

Ladar Levison

Ladar Levison is the Founder of Lavabit, LLC. Founded in 2004 (and originally named Nerdshack), Lavabit served as a place for free private and secure email accounts. By August of 2013, Lavabit had grown to over 410,000 users, with more than 10,000 paid subscribers. Levison created Lavabit because he believes that privacy is a fundamental, necessary right for a functioning, fair and free democracy. On August 8, 2013, he made the bold decision to shut down his business after ?refusing to become complicit in crimes against the American people.? Presently, Levison is serving as the project manager and lead architect for the Dark Mail Initiative, while continuing to vigorously advocate for the privacy and free speech rights of all Americans.

Stephen Watt

Stephen Watt is the lead developer of Dark Mail's reference implementation. With a recent past as interesting as (albeit a bit more checkered than) Levison's, Watt faced an unusual, landmark 2008 federal indictment in the TJ Maxx intrusion. For merely writing the software used in the breach, Watt was given a 2 year federal prison sentence and ordered to pay $171.5 million in restitution. Because he refused to cooperate at all with the federal investigation into himself and his friends, he emerged from prison with his pride in tact. Since his 2011 release Watt has spoken at several security conferences about his extraordinary legal experience. By joining the Dark Mail initiative, he hopes to continue a lifelong pattern of developing massively disruptive software with complete indifference to getting rich from it.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats