US Wants Its Own Secure and Self-Destructing Messaging App -- And It's Willing to Pay (bloomberg.com) 83
Long time reader schwit1 writes: The Defense Advanced Research Projects Agency (DARPA), an agency within the Department of Defense historically known for creating the Internet itself, has published a call for companies to submit proposals to build a robust messaging platform that the military could use for secure communication of everything from intelligence to procurement contracts. "Troops on the ground in denied communications environments would have a way to securely communicate back to HQ and DoD back office executives could rest assured that their logistics system is efficient, timely and safe from hackers," according to the DARPA proposal. The request for proposals, reported earlier by the UK's Telegraph outlet, also says that the messaging platform should incorporate a customized
blockchain, the distributed ledger technology that underpins the digital currency bitcoin, for recording messages and contract information. The proposal says such a distributed ledger would allow the military to conduct its business in a more efficient and secure fashion.Motherboard's Lorenzo Franceschi-Bicchierai reports that DARPA is willing to pay people to make this app. "This project falls under the rules of the Small Business Technology Transfer (STTR) program. During the first phase, according to the program's rules, successful applicants might be awarded no more than $150,000 for one year. The companies and researchers who are part of phase one can then be eligible for a phase two award of up to $1 million for two years. Lastly, during phase three, the company or companies can pursue commercialization, and receive no funds from the federal government."
Startup? (Score:2)
So basically a government Kickstarter?
Re: (Score:2)
They want one that they know has not already been cracked opened and p@wned by China and Russia.
Re: (Score:3)
More precisely, they want one where only they can retain and decrypt the self destructing messages.
Re: Startup? (Score:3, Insightful)
As with all competions; we'll sit here with our five dollars whilst you expend twenty dollars of effort each. We'll take all the good ideas for ourselves and gift the winning team (mysteriously led by my wife's cousin) the five dollars.
Re: (Score:2)
Apps?
Re: (Score:2)
He'd chuck as much apps as an appchucker could if an appchucker could chuck apps.
D'uh! Everyone knows that.
But... (Score:2)
Bug how will the NSA be able to monitor all the potential terrorists (= civilians)?
Re: (Score:2)
Re: (Score:3)
"The advantages of this decentralized structure is that it would be more resilient, and there would be no centralized server where a spy or hacker could gather metadata, according to Frederic Jacobs, an independent security researcher who has worked as a developer for the encryption messaging app Signal."
Reading further:
"The third and last will “focus on commercialization and full-scale implementation,” so DARPA wants this to be out in the open, for everyone to use, eventually."
Re: (Score:2)
From that article, I can easily surmise the probable application of the patent. Underwater Fiber Taps. Once you have the general scope of the application, the specifics are completely unneeded. The Government doesn't want people to know, what everyone already suspects (and is vaguely confirmed) that they are tapping underwater Fiber to spy on people.
Just my opinion.
Re: (Score:2)
The article spells it out but that doesn't mean that's what it is about. It also sounds fishy: why would they tell the inventor that his device passed the testing and would be used and then say "we will not pay"? It doesn't make any sense, licensing the invention would keep the use a secret.
Re: (Score:2)
It sounds fishy! I see what you did there.
Re: (Score:2)
It wouldn't be as subtle as the tap used in Operation Ivy Bells and the like: https://en.wikipedia.org/wiki/... [wikipedia.org]
Re: (Score:2)
I'd say Signal is almost perfect for this task. Some other items that would be useful:
1: Forward secrecy implemented in a fairly easy to use package.
2: To handle self-destructing items, have a private key that needs to be gone by a certain time encrypted by a second key. Have this second key split amongst x out of y nodes, via Shamir's Secret Sharing algorithm. Each node, once the expiration date passes, destroys the second key, so even if there are some nodes that are hacked to retain it, unless the s
Re: (Score:2)
Depends on the attacks. Done right, with forward secrecy [1], the best an attacker could do is block communication. If an attacker gains control of an endpoint, it becomes much harder to ensure integrity.
However, protecting endpoints is a solved problem... Apple TV, and present gen consoles show that one can make a device extremely secure. Endpoint-wise, the application could be placed in the secure "world" of an ARM CPU with its keys, perhaps run on the equivalent of a "secure desktop" where no applicati
Re: (Score:2)
Yeah, there's the potential (assuming it's a juicy enough target) to intercept when output hits the screen. Controlling the hardware would seem a must and controlling the OS that it runs on would be important. I'm thinking ground-up build for this to be as good as they're hoping. I'm honestly not sure there's enough in the budget for that.
in 5...4...3... (Score:2)
FBI Wants p0wn Secure and Self-Destructing Messaging App -- And It's Willing to Pay
Talk about the left hand trying to chop off the right hand.
Snapchat (Score:2)
n/t
"secure fashion" (Score:1)
Translation: free of public oversight and the threat of whistle blowers exposing corruption [reuters.com]
Blockchain = LMAO (Score:1)
Sure, let's create a messaging protocol that burns electricity like nobody's business and creates a gigantic file that needs downloading before anything works. Great job, kids!
Re: (Score:3)
The entire concept is nonsensical. It's a fairly fundamental truth that information cannot be destroyed. Self-destructing messages are basically the same problem as DRM; you have the data, you have a key, you're allowed to use the data to unlock the key, but only under somebody else's terms. If you trust the endpoint to be absolutely secure against tampering, the problem is trivial, but you don't need anything more than a simple "ask the server whether the data should be wiped before showing it" mechani
Re: (Score:1)
Agreed it sounds trivial. That's why they are only spending up to a million for it. This is a little project and yes, I believe that they can secure their access terminals. They just need the program made to do it all.
Re: (Score:2)
How do you suggest one should go about to burn electricity? Electric charges doesn't readily oxidize...
Re: (Score:1)
Buzzword bingo (Score:2)
So they want a messaging system and it must use a blockchain and it must allow messages to be deleted?
They're going to have a hard time.
Re: (Score:2)
Pretty much. "Self-destructing" and "blockchain" don't go together.
Re: (Score:2)
As in "Self-destructing" and "blockchain" are complete opposites.
Fixed it so that when the people at DARPA read your comment, they really understand their idiocy.
Re: (Score:1)
Thanks, my cognitive dissonance was getting in the way when I first read the article. If they are asking for mutually exclusive components are they really asking for anything? Or, is this a fishing trip to see if they can get a new perspective on something?
Re: (Score:2)
Re: (Score:2)
Destroy the one-time-pad, destroy the message.
Re: (Score:2)
How are you generating, distributing, and storing the one-time pads?
If you're doing it inside the blockchain, then lol.
If you're doing it outside the blockchain, then the blockchain piece of the project is pointless, as all security has to cover the generation, distribution, and storage of the one-time pads.
Re: (Score:2)
You're probably not the best person to ask but I'll try it. Is it possible for the blockchain to be stored in a central repository where it's then trimmed and only certain devices get access to certain segments, in real time?
That would do nothing for the analog hole or interception, some of those can be reduced in risk levels.
Re: (Score:2)
It's a DARPA project. It should be really, really hard.
Re: (Score:2)
better idea (Score:1)
the US could stop invading countries! (it's also much cheaper!)
Re: (Score:3)
But it could work for within the US borders as well. All levels of government could benefit from a messaging system that was secure against against snooping investigations and other government oversight, but also to securely be deleted should those investigations progress and journalists or the public in general.
Re: (Score:2)
The US occupies Gitmo because both countries signed a lease agreement in 1903 which is still legal and in effect today. Thus the US base is there because of an agreement with the host country. And the US lease agreement took Cuba to the cleaners because they only pay $4,085 a year. Maybe Cuba has been unable to scrape up enough money to payoff the lease?
Re: better idea (Score:1)
That would be a tacit admission that Michael Moore was right. No government would allow such a conclusion, not whilst there are still countries operating free of US meddling.
No, but yes. (Score:4, Insightful)
Re: (Score:1)
Well, to be fair, those aren't mutually exclusive positions.
Law enforcement has a need to find out what people said and to whom as part of determining who the guilty part is in a criminal investigation, and the military has a need to communicate without the enemy hearing it as part of conducting combat operations.
Re: (Score:1)
Good! I can live in that world. A second amendment challenge would be easier to win than a first amendment or fourth amendment challenge on the matter.
Re: (Score:2)
You're phrasing it wrong...
The government needs to find out what the people are doing to identify those individuals who are violating societal rules.
The people need to find out what the government is doing to identify those individuals in government who are violating their positions.
It's exactly the same thing, the only difference is who are the watchers and who are the watched.
Re: (Score:1)
This is exactly what I don't understand....
Just earlier today, there was a discussion about how the NSA was complaining about Snowden's actions are speeding up the adaption of encryption. https://yro.slashdot.org/story... [slashdot.org]
The NSA would seemingly rather have weak encryption to catch violent terrorists while simultaneously making it easier for financial terrorists to thrive with weak encryption protections.
Now we've got the DARPA branch of the DoD basically taking Swowden's stance by encouraging private indu
this message will self destruct in 5 seconds (Score:2)
this message will self destruct in 5 seconds
I want a pony (Score:1)
A solid diamond pony and I'm going to sit here with my five dollars until someone makes me one.
Re: (Score:2)
Christ on a crutch, just use iPhones (Score:2)
Just use iPhones and other iToys. Im' sure bought in bulk they can get 'em for 50Â per unit.
They're so well encrypted the government is on a whaaaambulance about it, no?
Well, fucking put your money where your noise-hole is, and use that very same uncrackable* technology the turrrirrrists are using! **
* /. readers know there's no such thing as uncrackable
**./ readers know so far nothing super cray-cray incriminating has been found on that San Berdnadino phone. I'm sure it was helpful for parallel cons
Price too low to care (Score:1)