Establishing a truly secure connection with the server.
After several days of research I end up with the following solution. Please let me know, if it is really secure or I missed something.
Establishing secure connection with XMPP server:
Network connection can be only established with one specific XMPP server, hardcoded in the app. Connection can only be established, if server SSL certificate is valid. SSL pinning is used in order to prevent MITM attacks in case root CA are compromised. No plain connections to XMPP server, only SSL/TLS.
OTR Encryption:
Any conversation should be forced with OTR encryption (http://www.cypherpunks.ca/otr/) version 3. Authenticated Key Exchange is required in every conversation. OTR v.3 is using SIGMA encryption protocol, which gives 100% protection agains MITM attack. Right?
TOR network usage:
Even if both OTR and SSL are hacked, client is always connecting to the server over TOR network to mask its original IP address.
Would you add anything else to make this configuration rock solid secure?
1 comment
[ 3.0 ms ] story [ 4.3 ms ] threadIf I can compromise the XMPP server (you've said nothing about securing it) and get the private key, I can MitM. What if I seize the physical server (has happened)? Or I get my hands on an administrator in a jurisdiction where I get to spend some quality time asking questions (has happened).
If I can get code in the XMPP server that leaks info or fundamentally weakens security, game over. If you decide to write your server clean room and screw up security like everyone who as ever tried to do this has before, game over.
If I can control enough Tor exit nodes (which has been proven to be possible), I can do traffic analysis and potentially collect enough cyphertext to learn interesting things. You can be found.
I don't know that anyone has done an serious cryptanalysis of OTR since 2006. I don't think anyone knows if it's fundamentally secure. In particular, if you worry about AES or SHA-1, you shouldn't sleep tight.
An you haven't mentioned key-length restrictions, and don't get me started on the lack of key revocation.
And even if you can't compromise me, if you can compromise a single participant (via technical measures, social engineering or bad actor infiltration (ohes noes...NSA plant)) of the IRC channel, everyone is compromised.
Other than that, seems like you've given it a lot of thought.