I don’t know where this can get a good security and technical review, so I’d accept suggestions.

Secure Communications

This is a draft design for secure email and voice communications. It uses public key encryption and a service like Tor for anonymity.

It’s objective is to protect the communications system for traffic analysis, sender receiver pairs, IP source analysis, and build a network of communication partners.

Here’s the rough design for email:

  1. All messages including origin address is encoded with public key encryption. Possibly using Perfect Forward Secrecy to protect against traffic analysis code leaking.
  2. To prevent traffic analysis of public keys, all public keys from all users are contained in the sending app.
  3. All messages are encrypted on the sending client, including the origination address. The transport network only uses the destination address for routing & delivery.
  4. All mailboxes (destinations) contain only encrypted messages.
  5. All messages are viewed with a client application. The client app retrieves a message from the mail server and decodes the message on the receiving device.
  6. The ONLY safe receiving device boots from read-only memory and is completely controlled by its owner. This EXCLUDES all cell phones, which must be regarded as compromised because they are under the control of large corporation, which cannot be trusted.
  7. The owner of the receiving device enters multiple pass phrases, their private key into the receiving app to decode messages.
  8. Tor is used as the transport network to protect from IP address traffic analysis by intermediaries.
  9. The mail system neither knows nor records any IP addresses, or origin addresses. It could record TOR IP addresses but these are meaningless for surveillance.

Rough Design for Voice:

  1. All messages including origin address is encoded with public key encryption. Possibly using Perfect Forward Secrecy to protect against traffic analysis code breaking.
  2. To prevent traffic analysis of public keys, all public keys from all users are contained in the sending app.
  3. All calls are encrypted on the sending client including the Calling Party Number. The transport network only uses the destination number for routing & delivery.
  4. The system only routes on destination number. All calling numbers are encrypted and not visible to anyone but the called party.
  5. All calls are processed with a client application. The client app retrieves a call and decodes the message on the receiving device, including calling number.
  6. The ONLY safe receiving device boots from read-only memory and is completely controlled by its owner. This EXCLUDES all cell phones, which must be regarded as compromised because they are under the control of large corporations, who cannot be trusted.
  7. The owner of the receiving device enters multiple pass phrases, their private key into the receiving app to decode calls.
  8. Tor is used as the transport network to protect from IP address traffic analysis by carries, and their “customers”.
  9. On receiving a call, the called app opens an encrypted simplex connection to the calling app.
  10. Tor is used as the transport network to protect from IP address traffic analysis by intermediaries.
  11. All calls are two simplex connections, independent of each other, with one party’s number encrypted in the stream, extracted from the traffic by the receiving party.