Readit News logoReadit News
MagicalTux commented on A privacy VPN you can verify   vp.net/l/en-US/blog/Don%2... · Posted by u/MagicalTux
Retr0id · 9 days ago
Taking a look at their code I see a rather concerning comment:

    func (om *ObfuscationManager) ProcessOutgoingPacket(
    ...
    // TODO where is the obfuscation here?
https://github.com/vpdotnet/vpnetd-sgx/blob/bc63e3b8efe41120...

While I do see the impl of the 10ms flush interval, I don't see any randomisation within batches. So iiuc, packets are still flushed in their original order.

MagicalTux · 9 days ago
The comment was added before the implementation of the IPC buffer & shuffling and was left there, sorry about that.

In an older version packets were sent back in sequence to their original connection to the host, as it was faster.

We since then implemented a system where nproc (16+) buffers receiving packets running at differed intervals, meaning that while packets are processed "in order" the fact this runs in multiple threads, reading packets even from the same client will cause these to be put in queues that will be flushed at different timings.

We have performed many tests and implementing a more straightforward randomized queue (by allocating memory, handling array of pointers of buffers, shuffling these, and sending these shuffled) did not make much of a difference in terms of randomization but resulted a huge loss in performance due to the limitations of the SGX environment.

As we implement other trusted environments (TEE) we will be implementing other strategies and obfuscation methods.

MagicalTux commented on A privacy VPN you can verify   vp.net/l/en-US/blog/Don%2... · Posted by u/MagicalTux
stavros · 9 days ago
How does this attestation work? How can I be sure that this isn't just returning the fingerprint I expect without actually running in an enclave at all? Does Intel sign those messages?
MagicalTux · 9 days ago
Similar to TLS, the attestation includes a signature and a x509 certificate with a chain of trust to Intel's CA. The whole attestation is certified by Intel to be valid and details such as the enclave fingerprint (MRENCLAVE) are generated by the CPU to be part of the attestation.

This whole process is already widely used in financial and automotive sectors to ensure servers are indeed running what they claim to be running, and well documented.

MagicalTux commented on A privacy VPN you can verify   vp.net/l/en-US/blog/Don%2... · Posted by u/MagicalTux
do_not_redeem · 9 days ago
> Build the code we published, get the fingerprint it produces, ask a VP.NET server for the fingerprint it reports, and compare the two. If they match, the server is running the exact code you inspected. No trust required.

Okay, maybe I'm being thick, but... when I get a response from your server, how do I know it's actually running inside the enclave, and not an ordinary process sending a hardcoded expected fingerprint?

MagicalTux · 9 days ago
Intel SGX comes with an attestation process aiming at exactly that. The attestation contains a number of details, such as the hardware configuration (cpu microcode version, BIOS, etc) and the hash of the enclave code. At system startup the CPU gets a certificate from Intel confirming the configuration is known safe, which is used by the CPU to in turn certify the enclave is indeed running code with a given fingerprint.

When the connection is established we verify the whole certificate chain up to Intel, and we verify the TLS connection itself is part of the attestation (public key is attested).

MagicalTux commented on A privacy VPN you can verify   vp.net/l/en-US/blog/Don%2... · Posted by u/MagicalTux
remram · 9 days ago
What does the verifiable program do though? With a VPN, what I'm concerned about is my traffic not being sniffed and analyzed. This code seem to have something to do with keys but it's not clear how that helps...?
MagicalTux · 9 days ago
This is the server-side part of things. It receives encrypted traffic from your (and other customers) device, and routes it to the Internet.

This guarantees that your traffic isn't being linked to you, and is mixed up with others in a way that makes it difficult for someone to attribute it to you, as long as you also protect yourself on the application side (clear cookies, no tracking browser extension, etc)

MagicalTux commented on A privacy VPN you can verify   vp.net/l/en-US/blog/Don%2... · Posted by u/MagicalTux
jchw · 9 days ago
I really am interested in how this works. How can the client software verify that the SGX attestation actually is from the same machine as the VPN connection? I guess there's probably an answer here, but I don't know enough about SGX.
MagicalTux · 9 days ago
The way this works is by generating a private key inside the enclave and having the CPU attest its public key.

This allows generating a self signed TLS certificate that includes the attestation (under OID 1.3.6.1.4.1.311.105.1) and a client connecting verifying the TLS certificate not via the standard chain of trust, but by reading the attestion, verifying the attestation itself is valid (properly signed, matching measured values, etc) and verifying the containing TLS certificate is indeed signed with the attested key.

Intel includes a number of details inside the attestation, the most important being intel's own signature of the attestation and chain of trust to their CA.

MagicalTux commented on A privacy VPN you can verify   vp.net/l/en-US/blog/Don%2... · Posted by u/MagicalTux
ranger_danger · 9 days ago
> the connection is guaranteed to be with a host running the software in question

a host... not necessarily the one actually serving your request at the moment, and doesn't prove that it's the only machine touching that data. And afaik this only proves the data in the enclave matches a key, and has nothing to do with "connections".

MagicalTux · 9 days ago
Let me clarify, it guarantees your connection is being served by the enclave itself. The TLS encryption keys are kept inside the enclave, so whatever data is exchanged with the host, it can only be read from within the secure encrypted enclave.
MagicalTux commented on A privacy VPN you can verify   vp.net/l/en-US/blog/Don%2... · Posted by u/MagicalTux
exfil · 9 days ago
These VPN's for privacy are so bad. You give your credit card (verified identity), default gateway and payload to foreign soil and feel safe. On top of that your packets clear text metadata verifies you with cryptographic accuracy.

In today's internet you just cannot have exit IP which is not tied either into your identity, payment information or physical location. And don't even mention TOR, pls.

MagicalTux · 9 days ago
You're welcome to use cryptocurrencies (we have a page for that), and our system only links your identity at connection time to ensure you have a valid subscription. Your traffic isn't tied to your identity, and you can look at the code to verify that.
MagicalTux commented on A privacy VPN you can verify   vp.net/l/en-US/blog/Don%2... · Posted by u/MagicalTux
junon · 9 days ago
> Can I know for sure that this isn't a compromised SGX configuration, since the system has been broken in the past?

As far as I'm aware, no. Any network protocol can be spoofed, with varying degrees of difficulty.

I would love to be wrong.

MagicalTux · 9 days ago
Intel audits configuration on system launch and verifies it runs something they know safe. That involves CPU, CPU microcode, BIOS version and a few other things (SGX may not work if you don't have the right RAM for example).

The final signature comes in the form of a x509 cerificate signed with ECDSA.

What's more important to me is that SGX still has a lot of security researchers attempting (and currently failing) to break it further.

MagicalTux commented on A privacy VPN you can verify   vp.net/l/en-US/blog/Don%2... · Posted by u/MagicalTux
john01dav · 9 days ago
One of the main use cases of a VPN is against governments, but a government making Intel compromise SGX is plausible given what we know from Snowden.
MagicalTux · 9 days ago
The US government might be able to pressure Intel into doing something with SGX, but there are way too many eyes on this for it to go unnoticed in my opinion, especially considering SGX has been around for so long and messed with by so many security researchers.

The US government also likely learned a lesson from early attempts at backdoors (RSA, etc) that this kind of things do not stay hidden and do not reflect well.

We've thought about this long and hard and planning to mitigate this as much as possible. Meanwhile we still offer something that is a huge step forward compared to what is standard in the industry.

MagicalTux commented on A privacy VPN you can verify   vp.net/l/en-US/blog/Don%2... · Posted by u/MagicalTux
mrtesthah · 9 days ago
No crypto payments or ability to mail cash?
MagicalTux · 9 days ago
Yes crypto payments, a bit difficult to find since you need to look at the bottom of the page however, but we have some plans to improve that in the coming days.

u/MagicalTux

KarmaCake day179March 25, 2020View Original