So, I’m going to first assume that you could get through/wrap your head around Dr. Oliver’s post. If you’d prefer me to just translate it for you, here you go. This is the engineering side of the analysis I started in The SDK: The Privacy Edition 2015.03.09 yesterday. I started out combining this with the translation, but the post was just getting too long. It took me awhile to get my head wrapped around the article, and I had to take Logic Design in college. So it’s not like I was starting with a blank slate.
So, to begin with, in case you didn’t check out yesterday’s The SDK:
(fun fact) The “web” and the “Internet” are actually two separate things.
And my father gave a great analogy for this: Think of a book. The Internet is the paper, the glue, and then ink; all necessary for creating the book. But the “web” is the content (the actual words on the page) inside of the book.
Understanding the difference between the Internet and the Web is critical, because when we start to consider all of the issues facing security online, one quickly recognizes that:
The privacy engineers have worked their butts off over the years to make opening the book as hard as possible. Everyone cares a lot about making opening the book as hard as possible. But no one has focused on writing the book in Pig Latin. PGP (Pretty Good Privacy) took a stab, but the issue with PGP is that it’s too hard for the average user to implement, so no one really uses it.
PGP got this right, we just need an easier way to implement it. Here’s how PGP (a version of Ghost Protocols) works:
Ghost networks (which use Ghost Protocols) can get obscenely complex, going down multiple levels – and if you’re using it to protect your Gmail traffic, you need a Spa Day, because you are likely way paranoid.
But on an ABC simple-level basis, think about it this way: think of buying electronics that come in those plastic containers that freaking won’t open. The ones that require not just scissors, but, like, a chain saw to get the DVD out. Then wraps it in duct-tape. Then puts it in a box filled with Styrofoam. Now more duct-tape. Person A really wants to send their message and have no one see what’s inside. In a Ghost Network, Person A writes their message, the Ghost Network puts the message inside the container I just described, and passes it onto Person B.
Person B knows how to get in the package to see what Person A put in it. In reality, it’s a “key” to unlock very high level, almost impossible to break encryption. In practice, just think of it as a magic spell. No one else knows the spell because they didn’t go to Hogwarts. But Person B did, so they get to see Person A’s message.
As far as anyone knowing whether Person A and Person B are talking, Ghost Networks can function in two ways:
1) “I can see that you’re talking, but not what you’re saying”
Theoretically (and we’re talking very theoretically), if the Ghost Network was programmed to be idle until a message went through, and only you sent a message at that moment, then the Ghost Network would know that you were sending the message (“talking”).
AND (more likely):
2) “Because there are so many people that are talking right now, I can’t see that you’re talking and I still don’t know what you’re saying”.
The better and better programmers who write the Code for the Ghost Protocols will basically turn your message into Pi gLat in. They start sending your message in pieces, which will vary in length, making it harder and harder for anyone even trying to figure out what you’re saying, and then they run the “pieces” (“packets” is network-speak) through multiple Ghost Networks. Try reading my messages now!
Again, if you’re doing this to talk to your BFF Jane, take a Spa Day.
Ultimately, Ghost Networking is still not a widely implemented notion, because of the whole “key”/magic spell issue. It’s too much work for the average user. But it is a way to seriously protect your messages.
But it’s the average user who causes trouble. You can have the equivalent of an arsenal of nuclear-level-weapons locking the user’s account, and the user account could still be compromised. Why, you ask? As I was taught along the way in school, most computer issues are “Level 8” issues (implying that the user caused the error, not the networking system). As applied in this scenario, all it takes is a keylogger making its way onto the user’s system. Or, even simpler, the user shares his/her password just once. In light of this serious Level 8 flaw:
Until we tell the privacy engineers that they need to focus on writing the book in Pig Latin, the second that user credentials are compromised (Target, Anthem, iCloud ß all cases where user passwords were hacked using key loggers), and anyone can open the book, all of your PII is exposed, and… well… you’re toast.
So how do we fix this? How do we keep the top-secret-treasures of the Universe which is protected by the nuclear arsenal from being compromised merely by punching a hole through the cardboard wall next to the nuclear arsenol?
Figure out a way that end users just don’t even have to deal with the magic spell. Preferably that they can’t know the magic spell. As long as there is a cardboard wall (as long as you have users at all responsible for authentication), you’re toast. Of course, now I sound like a have zero thesis since I have no solution to the problem. But remember, for now my goal was to give someone who has never heard of a Ghost Network a clue that Casper wasn’t involved.