\documentclass[12pt]{beamer} %%%% % Nuit du Hack - 2016/07/02 % CC-BY-SA jvoisin & Fr33tux % https://creativecommons.org/licenses/by/4.0/ % % Template "Metropolis" from https://github.com/matze/mtheme % Sources for the Tails logo and screenshots are from https://tails.boum.org %%%% \usepackage[normalem]{ulem} \usepackage{graphicx} \newcommand{\heart}{\ensuremath\heartsuit} \usetheme{metropolis} \title{Tails: Security, Maintainability and Usability} \subtitle{Pick three!} \author{Julien Voisin \and Jérôme Boursier} \institute{Nuit du Hack} \begin{document} \maketitle \section{Who are we ?} \begin{frame}[fragile]{\insertsection} \hfill \begin{columns} \begin{column}{.4\textwidth} \begin{block}{Julien Voisin} \begin{itemize} \item Radare2 \item NBS-System \item dustri.org \end{itemize} \end{block} \end{column} \begin{column}{.4\textwidth} \begin{block}{Jérôme Boursier} \begin{itemize} \item AdwCleaner \item Student \item fr33tux.org \end{itemize} \end{block} \end{column} \end{columns} \hfill \pause \begin{center} \includegraphics[width=.5\textwidth]{pix/no-logo.png} \end{center} \end{frame} \section{Tails - The Amnesic Incognito Live System} \begin{frame}[fragile]{\insertsection} \begin{block}{What is Tails?} \begin{quote} Tails, born in 2009, is a live operating system, aiming at preserving your privacy and anonymity. \end{quote} \pause \begin{itemize} \item All connections to the Internet are forced to go through the \alert{Tor network}; \item It \alert{leaves no trace} on the computer you are using unless you ask it explicitly; \item It provides \alert{cryptographic tools} to encrypt your files, emails and IM. \item Secure and usable by default \end{itemize} \end{block} \end{frame} \begin{frame}[fragile]{\insertsection} \begin{block}{According to the NSA\only<3>{\footnote{Thanks to a \emph{famous} Tails user for providing these documents.}}} \begin{quote} (S//REL) Tails: Complete Bootable OS on CD for anonymity - includes Tor \newline (S//REL) Adds Severe CNE\only<1>{\footnote{Computer Network Exploitation} misery to equation} \end{quote} \pause \begin{quote} These variables define terms and websites relating to the TAILs (The Amnesic Incognito Live System) software program, a comsec mechanism advocated by extremists on extremist forums. \end{quote} \end{block} \end{frame} \begin{frame}[fragile]{\insertsection} \begin{block}{The life of Tails} \begin{itemize} \item A major/minor release \alert{every six weeks}\footnote{Synchronized with Firefox/TBB} \item \alert{2800 commits} by 15+ people in the last 6 months \item The \emph{core Tails Developers} are anonymous, mysterious and friendly. \item More than 17,000 boots per day! \end{itemize} \end{block} \end{frame} \begin{frame}[fragile]{\insertsection} \includegraphics[width=\textwidth]{pix/tails-logo.pdf} \begin{center} \small (Yes, the logo is a smiling USB-key) \end{center} \end{frame} \section{Maintainability\newline Usability\newline Security} \begin{frame}[fragile]{Maintainability - Usability - Security} \only<1>{ \begin{block}{Maintainability} \begin{quote} Do you remember \emph{Haven, Anonym.OS, ParanoidLinux, onionOS, Phantomix, Liberté Linux, Mempo, ..., ?} \end{quote} \end{block} } \only<2>{ \begin{block}{Usability} \begin{quote} If people can not use your software, they'll use something \sout{shitty} else. \end{quote} \end{block} } \only<3>{ \begin{block}{Security} \begin{quote} \begin{itemize} \item Collective matters, especially for anonymity: if you don't blend in the crowd, you're a \alert{target}.\newline \item Your \emph{qubes-gentoo-hardened-1337} won't do much if your email recipient gets pwned.\newline \end{itemize} \end{quote} \end{block} } \end{frame} \section{Maintainability} \begin{frame}[fragile]{\insertsection} \begin{itemize} \item The people behind Tails are a small team \item With a lot of things to get done\footnotemark. \item So, contributors are welcome, and contributions appreciated. \end{itemize} \pause \begin{center} \begin{quote} The \alert{less} we do, the \alert{better} we live \end{quote} \end{center} \footnotetext[1]{1338 open issues in the bugtracker} \end{frame} \begin{frame}[fragile]{Relationship with upstream} \begin{block}{Social work} \begin{itemize} \item Talk to (the right) people \item Find skilled people \item Keep people interested \end{itemize} \end{block} \pause \begin{block}{Technical work} \begin{itemize} \item Backports, because Tails is based on Debian stable \item Upstream \alert{as much as possible} \item Apparmor, libvirt, Debian, Puppet, Mumble, Tor, Thunderbird, Firefox,\dots \end{itemize} \end{block} \end{frame} \begin{frame}[fragile]{Unit test suite} \begin{block}{Testing a liveCD is \alert{hard}} \begin{itemize} \item Cucumber for Behaviour Driven Development \item Sikuli for UI testing \item KVM for (nested) virtualisation \item Jenkins for running the test suite on \alert{every} git push \item Blackbox testing by emulating a \alert{real user}\footnote{this is why it takes 3 hours to run.} \item People for manual tests \end{itemize} \end{block} \end{frame} \begin{frame}[fragile]{Puppet everywhere} \begin{block}{Infrastructure as code} \begin{itemize} \item No privileges nor internet connection needed to contribute \item Easy maintainability, (re)deployment and convergence. \item Sharing and borrowing puppet manifests \end{itemize} \end{block} \end{frame} \begin{frame}[fragile]{Open development} \begin{block}{Publish everything} \begin{itemize} \item Open Bugtracker \item Monthly public meetings on XMPP \item Public development channel on XMPP too \item Public Git repositories \end{itemize} \end{block} \end{frame} \section{Usability} \begin{frame}[fragile]{Translations} \begin{itemize} \item Tails is based on Debian, so as translated as Debian is. \item The website/documentation is available\footnote{thanks to POEdit} in \end{itemize} \begin{columns} \begin{column}{.3\textwidth} \begin{itemize} \item English \item French \item Farsi \end{itemize} \end{column} \begin{column}{.3\textwidth} \begin{itemize} \item Italian \item Portuguese \end{itemize} \end{column} \end{columns} \end{frame} \begin{frame}[fragile]{Installer} \begin{itemize} \item Installing an USB key isn't straightforward \item Especially on Windows \item Especially when you need fancy encrypted partitions \end{itemize} \pause \begin{center} Hence the magical installer! \end{center} \end{frame} \begin{frame}[fragile]{Installer (magical)} \begin{center} \includegraphics[width=.75\textwidth]{pix/installer.png} \end{center} \end{frame} \begin{frame}[fragile]{Incremental upgrades (IUK)} \begin{itemize}[<+->] \item Tails is \emph{huge} (1Gib) \item Not everyone has fiber-powered internet \item Hence incremental upgrades! \item Based on: \begin{itemize} \item TUF - The Upgrade Framework \item Thandy: Automatic updates for Tor bundles \end{itemize} \item Interesting threat model and challenges \end{itemize} \end{frame} \begin{frame}[fragile]{Cryptography is hard} \begin{itemize} \item Looking at people trying to explain \emph{how to GPG} is \alert{fun}. \item This is why we have the \emph{OpenGPG applet} \item Automatic verification of IUK \item OTR by default in \emph{Pidgin} \end{itemize} \end{frame} \begin{frame}[fragile]{UX testing} \begin{itemize} \item Give objectives to users, and watch them fail \item Identify blocking points \item Designing good UX is \emph{awfully hard} \end{itemize} \end{frame} \begin{frame}[fragile]{Documentation} \begin{itemize} \item Document \alert{everything}, and make this mandatory \item For users, and contributors \end{itemize} \end{frame} \begin{frame}[fragile]{Accessibility} \begin{itemize} \item Follow GNOME's \emph{User Interface Guidelines for Supporting Accessibility} \item Use GNOME :P \item Drivers for accessibility devices \item Do one thing, and do it right \item Accessibility is super-hard \end{itemize} \end{frame} \begin{frame}[fragile]{Persistence} \begin{itemize} \item LUKS, dm-crypt and ext4 \item UX and users are a living nightmare \item Profiles for important software/components \item Allow \sout{Tails dev} \emph{power-users} to persist whatever they want \end{itemize} \end{frame} \begin{frame}[fragile]{Greeter} \begin{center} \includegraphics[width=.7\textwidth]{pix/greeter.png} \end{center} \end{frame} \begin{frame}[fragile]{Support} \begin{block}{(Un)fortunately, Tails has users} \begin{itemize}[<+->] % https://tails.boum.org/support/index.en.html \item Whisperback to report bugs \item Frontdesk to answer emails \item Mailing lists \item IRC / XMPP \end{itemize} \end{block} \end{frame} \begin{frame}[fragile]{Support} \begin{center} \large Speaking of users\dots \end{center} \end{frame} \begin{frame}[fragile]{Support} \begin{block}{(Un)fortunately, Tails has users that play} \begin{quote} < lskitto> Just a suggestion but in the next update can you include Minecraft?\newline \end{quote} \end{block} \end{frame} \begin{frame}[fragile]{Support} \begin{block}{(Un)fortunately, Tails has users that know better (cont.)} \begin{quote} 22:41 eborberma> there may be fewer security issues if tails used more python software\newline 22:42 ghetto> or less java software\newline 22:43 eborberma> there is no java in tails \end{quote} \end{block} \end{frame} \begin{frame}[fragile]{Support} \begin{block}{(Un)fortunately, Tails has users that know better} \begin{quote} < Shikila> There are many papers, don't act so blind\newline < BitingBird> ...\newline < Shikila> If I actualy studied computers I myself would have proably wrote one \end{quote} \end{block} \end{frame} \begin{frame}[fragile]{Support} \begin{block}{(Un)fortunately, Tails has users that want flash} \begin{quote} < t4nk860> hello have a question\newline < t4nk860> how do i install flash player in tails \end{quote} \end{block} \end{frame} \begin{frame}[fragile]{Support} \begin{block}{(Un)fortunately, Tails has users that are looking for fancy things} \begin{quote} 02:28 xecuter > how i find the secret communications of us military forces in the deep web? \end{quote} \end{block} \end{frame} \begin{frame}[fragile]{Support} \begin{block}{(Un)fortunately, Tails has users that, err, well\dots} \begin{quote} 23:07 PETE255 > hi you assholes HOW THE FUCK DO YOU INSTALL AN UNOFFICIAL DEBIAN FUCKING PAGKAGE DICKHEADS\newline \end{quote} \end{block} \end{frame} \begin{frame}[fragile]{Support} \begin{block}{(Un)fortunately, Tails has users that are \emph{creative}} \begin{quote} < ghetx> can i use a \_ for password? \end{quote} \end{block} \end{frame} \begin{frame}[fragile]{Support} \begin{block}{(Un)fortunately, Tails has users that are candid} \begin{quote} < klapaucius> is there a good tor website for saving passwords? \end{quote} \end{block} \end{frame} \begin{frame}[fragile]{Support} \begin{center} \large Fortunately, we have \sout{popcorn} patience! \end{center} \end{frame} \begin{frame}[fragile]{Unsafe browser} \begin{itemize} \item Captive portals are annoying \item Use the unsafe browser to access them \item Use a \alert{scary red} theme for it \item But people will use it for anything else anyway. \end{itemize} \end{frame} \begin{frame}[fragile]{Scary unsafe browser} \includegraphics[width=\textwidth]{pix/unsafe.png} \end{frame} \begin{frame}[fragile]{Binary blobs} Binary blobs are a truly amazing trolling source!\newline \pause \vskip.5em But remember the previously mentioned mantra: \pause \begin{quote} If people can not use your software, they'll use something \sout{shitty} else. \end{quote} \end{frame} \section{Security} \begin{frame}[fragile]{Threat model} \begin{columns} \begin{column}{.3\textwidth} \begin{block}{Attackers are:} \begin{itemize} \item Global \item Powerful \item Smart \end{itemize} \end{block} \end{column} \pause \begin{column}{.3\textwidth} \begin{block}{Users are:} \begin{itemize} \item Global \item Powerless \item Well\dots \end{itemize} \end{block} \end{column} \end{columns} \end{frame} \begin{frame}[fragile]{Persistence (cont.)} \begin{block}{Persistence can improve security} \begin{itemize} \item Persisting the \emph{PRNG} state \item Persisting Tor cache for a quicker startup \item Persisting bridges is on the todo-list, but it's non-trivial. \end{itemize} \end{block} \end{frame} \begin{frame}[fragile]{Emergency releases} \begin{block}{Because people like to drop public exploits\footnote{And not only shitty XSS.}.} \begin{itemize} \item Synchronisation with upstream \item Emergency releases are done in \alert{less than 24h}. \item Those aren't fun to do. \end{itemize} \end{block} \end{frame} \begin{frame}[fragile]{Signature verification} \begin{block}{Did anyone ever told you that gpg is \alert{hard}?} \begin{itemize} \item Releases are signed\footnote{Key management is fun!} \item But no one knows how to use \emph{gpg}. \item Browser addon to \alert{download} and \alert{verify}. \end{itemize} \end{block} \end{frame} \begin{frame}[fragile]{Reproducible builds} \begin{block}{We have trust issues.} \begin{itemize} \item Reproducible builds for software \alert{may} be non-trivial \item Reproducible builds for ISO \alert{are} non-trivial \item Also, sustainability: we don't have to trust the \emph{release manager}. \end{itemize} \end{block} \end{frame} \begin{frame}[fragile]{Apparmor} \begin{block}{Easy sandboxing as much as possible} \begin{itemize} \item No one knows how to write SELinux rules \item Is anyone using Tomoyo? \item Every internet-facing service has an Apparmor profile \item \emph{Interesting} binaries\footnote{Like the one parsing PDF.} too. \item Almost everything is pushed upstream \end{itemize} \end{block} \end{frame} \begin{frame}[fragile]{What about grsecurity ?} \begin{exampleblock}{} {\large ``Every time someone mentions \emph{grsecurity} and \emph{tails} in the same sentence, take a drink.''} \vskip5mm \hspace*\fill{\small--- An anonymous Tails contributor} \end{exampleblock} \end{frame} \begin{frame}[fragile]{What about grsecurity ?} \begin{block}{More seriously} \begin{itemize}[<+->] \item No grsecurity package in Debian. \item The Tails dev are not kernel developers. \item Corsac is now maintaining one. \item Tails uses aufs for persistence \item Grsecurity doesn't like aufs. \item Tails is moving to overlayfs anyway. \item AppArmor doesn't like overlayfs. \item Nor does tails-iuk, or live-boot. \item Improve grsecurity compatibility with aufs? \item ... \end{itemize} \end{block} \end{frame} \begin{frame}[fragile]{Camouflage!} \begin{block}{Everyone is using Windows, so...\footnote{Unfortunately, it's not available anymore :/}} \includegraphics[width=\textwidth]{pix/camouflage.png} \end{block} \end{frame} \begin{frame}[fragile]{Some fancy tools} \begin{block}{Some cool Tails-born goodies:} \begin{itemize}[<+->] \item Memory Erasure as an anti-forensic measure \item Shutdown on key removal \item Metadata Anonymisation Toolkit \item Mac spoofing \item Network disabling \item ... \end{itemize} \end{block} \end{frame} \section{Conclusion} \begin{frame}[fragile]{Conclusion} \begin{itemize}[<+->] \item Everyone can use Tails \item Seven years old, still alive! \item Anonymity and amnesia as security features \item \alert{Security} and \alert{Maintainability} and \alert{Usability} \end{itemize} \end{frame} \begin{frame}[fragile]{Thank you!} \includegraphics[width=\textwidth]{pix/tails-logo.pdf} \end{frame} \begin{frame}[fragile]{Questions?} \includegraphics[width=\textwidth]{pix/tails-logo.pdf} \begin{center} \footnotesize \alert{Protip 1}: If your question has more than \alert{3} parts, it's wrongly phrased. \footnotesize \alert{Protip 2}: If your sentence doesn't end with a \alert{?} it's not a question.\newline \end{center} \end{frame} \end{document}