Index of resources

Technologies used by the Cryptohippie Anonymous VPN

Cryptohippie uses a wide array of technologies, methods and organizational procedures to deliver enterprise class communication security services and products. To enable our customers to make good decisions concerning procurement and use of our services we present those technologies on this page.

Encryption algorithms

  1. Client-to-Network:

    Connections between clients and our network come in several versions. These are: OpenVPN, IPSec and MixPPP.

    OpenVPN: This is the default method for software-only contracts. The encryption algorithms and protocols are based on SSL3/TLS1. We use a combination of DH2048 for key agreement, RSA2048 for authentication, AES256-CTR and AES256-CBC for line encryption and SHA1/SHA256 for authentication and integrity protection.

    IPSec: This is the default method for our enterprise services. The encryption algorithms and protocols are based on SSL3/TLS1 and the IPSec standard(s). For line encryption we use AES256-CTR. SHA1, SHA256 and SHA512 are available for authentication and integrity protection. Key agreement is done over TLS1 using RSA2048 for authentication, AES192-CBC for line encryption and SHA1/SHA256 for authentication and integrity protection. We do not use IKEv1 or IKEv2 to establish SAs or SPDs but CGNKEv1-EXT to establish SA,SPD and TUNSpec agreements.

    MixPPP: This method is optional for enterprise services. The encryption algorithms used are: DH1024 for key agreement, RSA2048 for authentication, AES192-CBC/AES256-CBC for line encryption and SHA1/SHA256 for authentication and integrity protection.

  2. Inter-Network/Cascades:

    Connections within our networks are protected node-to-node by IPSec. All MixPPP connections are also transported over the node-to-node IPSec tunnels.

    IPSec: We use the mediated key exchange to set keys on the nodes. The mediated key exchange protocol we use is based on DH2048 and the TLSv1 "TLS_DHE_RSA_WITH_AES_256_CBC_SHA" cyphersuite. RSA and DH key lengths are 2048 bit. For the node-to-node tunnels we use AES256-CTR for encryption and SHA512 for integrity protection.

    MixPPP: DH1024 is used for key agreement, RSA2048 for authentication, AES192-CBC/AES256-CBC for line encryption and SHA1/SHA256 for authentication as well as integrity protection.

  3. Closed-Group Networks:

    Connections between nodes of a Closed-Group Network employ IPSec with AES256-CTR/AES256-CBC for line encryption and SHA1/SHA256 for integrity protection and authentication. Key agreement is using CGNKEv1 to establish SA,SPD and TUNSpec agreements. CGNKEv1 cryptography is based on TLS1 with RSA2048 for authentication, AES192-CBC for line encryption and SHA1/SHA256 for authentication and integrity protection. CGN-Directory services use SHA256 for challenges and AES256-CBC for content encryption.

Due to the various options available please contact your assigned consultant for configuration advice.

Tunnel/Transport protocols

  1. OpenVPN:

    OpenVPN uses its own protocol, we use OpenVPN v2 in IPv4-Tunnel mode with replay protection enabled.

  2. IPSec:

    We use GRE protected by IPSec in transport mode with replay protection enabled. IPSec may furthermore be encapsulated in UDP or TCP for Client-Network connections.

  3. MixPPP:

    MixPPP used standard PPP with CHAP authentication and compression, but without encryption (that is done by the lower layer protocol).

Due to the various options available please contact your assigned consultant for configuration advice.

Anonymization methods

  1. Mixing:

    Mixing is available for all access methods and is employed both on the Entry-Termination cascades as well as inter-cascade connections. We use adaptive mix pools with a size of 100-200000 packets depending on network use (the more data is exchanged the bigger the pools are). Delays due to mixing are kept between 10ms minimum and 1000ms maximum.

  2. Crowding:

    We use a load based mechanism to direct an optimal number of client connections to a cascade and thus focusing clients on as few cascades as possible to increase crowding factors. The minimum number of client connections to one cascade is 120 connections for entry nodes, 30 connections for termination nodes. There are no additional methods employed for exit node crowding optimization.

  3. Splitting:

    Cascade splitting is available only for IPSec based connection methods with Enterprise contracts. It allows the CryptoRouter to distributed connections over two or more cascades. Cascade selection is available per protocol, port and destination address as well as by source type.

  4. Lag obfuscation:

    To increase efforts for third party lag and timing analysis IPSec based connections with Enterprise contracts have access to adaptive Client-Cascade artificial network delays. Delay duration is calculated by constantly measuring the lag and normalizing it over all clients connected to the cascade. Minimum and maximum delays are configured per client and can be between 0ms and 800ms. We both support igress and egress delays for both the client and the cascade entry.

  5. Padding:
    1. IPSec:

      Our IPSec based access methods use fractional padding normalizing packet lengths to modulus 256 bytes.

    2. MixPPP:

      MixPPP pads all packets to 950 bytes per packet.

  6. Dummy traffic:

    Dummy traffic methods are only available to IPSec connection methods with Enterprise contracts. We support both random and adaptive dummy traffic generation both for Client-Cascade and Cascade-Client connections. For Inter-Cascade traffic a random dummy traffic generation is used. Dummy traffic timing precision is between 50ms and 500ms. All dummy traffic is Client-Termination only. Client-Entry and Client-Exit dummy traffic is not supported.

  7. Compression:

    Client-Cascade and Termination-Exit connections use adaptive compression to both optimize throughput as well as increasing the effort for traffic based stream fingerprinting methods.

  8. Multiplexing:

    All access methods and all traffic within our network use single connections, no matter how many connections are tunneled over them. This increases the effort for connection timing correlation methods.

  9. Integrity protection:

    All access methods and all traffic within our network uses integrity protection as well as access policies so that watermarked traffic will be discarded as soon as possible.

Due to the various options available please contact your assigned consultant for configuration advice.

Anti-correlation methods for IP addresses

  1. IPPool:

    All connections to a cascade are assigned with a new IP from LILO-based IPPool. IPSec based connections with Enterprise contracts can change IP assignment during session.

  2. Non-unique IP addresses:

    Entry-Termination connections do not use unique IPs but all IPs are shared between all cascades making after-the-fact analysis harder.

  3. Per connection assignment:

    Public IP addresses are assigned based on decaying table lookups keyed with source and destination address. Furthermore IP address pools for public addresses are optimized by load so that at least 10% of the port range is used by outgoing connections.

  4. Late assignment:

    Public IP addresses are assigned on the exit nodes only and independent from internally assigned IP addresses.

  5. Jurisdiction aware routing:

    Exit node selection takes the jurisdiction of the connection destination into account making sure that connections do not exit the Cryptohippie network through an exit node in the same jurisdiction.

Due to the various options available please contact your assigned consultant for configuration advice.

Separation of concerns

  1. Multi-Hop connections:

    All Client-Internet connections travel at least two hops. Entry and Termination Nodes are not operated by the same legal entities and usually not located in the same jurisdiction. Entry nodes only know the original IP address of the connection but do not have access to the contents or the destination information of the connection. When jurisdiction aware routing is applied the Termination Nodes do not know the newly assigned public IP address.

  2. Offshore authentication:

    To authenticate and authorize connections to our network we use a token based authentication method. Tokens are issued by a party not operating any other parts of the network and do not bear any information directly linkable to the client identity. Each session uses a new set of tokens so that the network cannot correlate sessions. Authentication happens exclusively at the Termination Nodes so that no information about the original source address is known. Authenticators are operated in countries (both technically and legally) that do not host cascade nodes. Multiple mutually independent authenticators are used, each operated by a different legal entity.

  3. Traceback protection:

    Entry Nodes employ traceback protection methods to prevent termination nodes to measure the distance and/or path to a client. We use packet sanitation, TTL fixing and egress delays for traceback protection.

  4. Traffic logging:

    Termination nodes generate per-session usage statistics that are sent to the authenticators after connection shutdown to enable billing. During sessions no traffic information is sent or associated with a session.

  5. Connection logging:

    Depending on Termination and Exit Node selection as well as protocol (only for outgoing SMTP) we may create logfiles containing internal source and external destination addresses. Clients can select cascades without any logging (except for SMTP).

    SMTP: In case of SMTP connection logging data is stored for 48 hours and automatically erased and overwritten afterwards. This is done to be able to keep abuse of our networks for SPAM as low as possible.

    Exit traffic: Depending on the jurisdiction of Termination and/or Exit node, logging is legally required. In these cases we log: Internal source address, external source address, external destination address, ports, protocol and time of connect and disconnect. The data is encrypted on the fly and stored in a translucent database. All lookups to the database require previous knowledge about the ports, protocols and times used as well as external source address and external destination address and must be authorized (cryptographically) by both the node operator and the network management center.
    Access to logged data requires court order to both the node operator and the network management center. The data revealed only covers a single outgoing connection and only points to the internal IP address, not to the client identity or entry node used.
    Entry nodes are not permitted to do any logging at all, and where Termination and Exit nodes are not legally forced to do logging no logging is permitted. Depending on jurisdiction the data is stored between 7 days and 6 months. Access keys to this data automatically expire, data is automatically erased and wiped after expiry.
    Clients are warned in case of their connections traveling through nodes that log connection data and can switch to cascades not forced to log.
    The default policy is to not create any (temporary or permanent) logs of any activity except traffic usage.

    No other logfiles are ever created. Closed-Group Network communication is never logged.

  6. Session logging:

    Depending on access method the authenticator gains knowledge about the times a session starts and ends. In case of token based authentication (default for all CryptoRouter products) this information is not made available to the authenticator. In this case the authenticator only receives a daily report on total traffic used by each token so that billing can take place.
    Where legally forced, Termination nodes temporarily store internal IP address and token of a session. This data is kept encrypted and can only be accessed with previous knowledge of the internal IP address and cryptographic authorization by both node operator and network management. The client is informed about the logging policy that applies to the cascade he is connected to and can change cascades accordingly.
    The default policy is to not create any (temporary or permanent) logs of any activity except traffic usage.
    Closed-Group Network communication is never logged.

  7. Client database:

    Client databases are only operated by authenticator operators and not by network operators. They are required by contract to be located outside of any jurisdiction involved in network operations and need to be stored on encrypted media.

  8. Jurisdictional leverage:

    Entities that could together correlate content and at least one direction of the context are not allowed to be located and/or operated from the same jurisdiction.
    All jurisdictions are selected based on the data secrecy and privacy laws applicable.
    Cascades are configured in a way that not enough data must be collected. This way we can both provide a privacy enhancing service and operate with minimal risks and costs.

  9. No cross-ownership:

    All legal entities involved in network operations, client relations or authenticator services are required to not be cross-owned. Only mutual service contracts between the entities exist. Critical positions in administration and management may not be shared by the same person.

  10. Anonymous audit:

    Critical operations that could affect the security or privacy of clients need cryptographic authorization by a randomly selected, anonymous auditor.

  11. Node security:

    All network nodes must use up-to-date software, storage and swap encryption, exploit protection systems and integrity verification methods. Furthermore they are required to only allow encrypted access, multi-level authentication, have no shared account passwords/key, use ephemeral keys to encrypt storage of key material and usage data and need to be dedicated for a single task only.

Not all technologies listed above are available to every account type or included in every product.

Crytpohippie Inc., USA involvement in the CHAVPN network

Cryptohippie Inc., USA only operates authenticator services and no network services. We are an authorized partner of the network management company for consulting, development and customer relationship. However, we do not have any involvement in operating any parts of the CHAVPN except the authenticator provided for our clients.

Peace of Mind - Second to Nothing
© 2008 Cryptohippie USA, Inc. VPN: Not Connected