Developed by Lavabit, #DIME is an open source secure end-to-end communications platform for asynchronous messaging across the Internet. #DIME follows in the footsteps of innovative email protocols, but takes advantage of the lessons learned during the 20-year history of PGP based encrypted communication. DIME is the technological evolution over current standards, OpenPGP and S/MIME, which are both difficult to deploy and only narrowly adopted. Recent revelations regarding surveillance have pushed OpenPGP and S/MIME to the forefront, but these standards simply can’t address the current privacy crisis because they don’t provide automatic encryption or protect metadata. By encrypting all facets of an email transmission (body, metadata and transport layer), DIME guarantees the security of users and the least amount of information leakage possible. A security first design, #DIME solves problems that plague legacy standards and combines the best of current technologies into a complete system that gives users the greatest protection possible without sacrificing functionality.
To accommodate the radically different user needs, DIME operates in 3 account modes: Trustful, Cautious & Paranoid. Each mode represents a unique point in the security-functionality spectrum and determines how accounts operate. The difference between each mode is based on where message encryption (or decryption) occurs and where the user’s private key is stored.
Mode Functionality Trustful The server handles all privacy issues requiring users to “trust” the server. Accounts operating in Trustful mode send messages using the Simple Mail Transfer Protocol (SMTP) and receive messages using the Post Office Protocol (POP) or the Internet Mail Access Protocol (IMAP). Webmail systems handling server-side encryption functions operate in Trustful mode. Cautious The server is only used to store and synchronize encrypted data, including encrypted copies of a user’s private keys and encrypted copies of messages. Cautious mode provides a comparable user experience to email today, while minimizing the trust placed in the server. Paranoid The server will never have access to a user’s private keys (encrypted or decrypted). Paranoid mode minimizes the amount of trust a user is required to place in their server, at the expense of functionality. Paranoid mode does not support webmail access or allows users access their account from multiple devices without an external method for synchronizing their key ring.
Trustful Mode: How is it secure?
For users who want a more secure email environment, but require the ability to use existing email software, we created Trustful mode. As the name suggests, Trustful mode requires users to “trust” the server to manage encryption. This mode ensures an ease of use, as users do not need to worry about technical requirements, or incompatibility with existing email clients. We envision Trustful mode as the mode of choice for businesses, which have regulatory requirements, data retention practices, and unique needs like escrow keys.
In Trustful mode, your key is within our server’s memory only while you are logged into the server. The server performs the encryption on your behalf, and as such, you must trust that the server will not be rewritten in such a way that it captures your password, or peeks at your messages during processing. This magic black box mode is no different from many other encryption systems, which perform encryption automatically. The only difference is where the encryption takes place. The key question is whether you are comfortable trusting the implementation to function securely. If you feel that trusting our servers to perform the encryption is unacceptable, we offer other modes of operation, Cautious or Paranoid.
Cautious Mode: How is it secure?
Cautious mode is the first level of true end-to-end encryption, your key, used for encryption is only in plaintext within the memory of your device, be it phone, laptop, desktop, etc. The key is encrypted in your device and is transmitted encrypted to our servers. Here it is secure, we cannot encrypt it, and only store it encrypted in a space designated for your user account.
If you have your account on one phone and decide to also install the client software onto your laptop, you log into the system and can request your encrypted key from the server. Then on your laptop, using your passphrase, you can unlock the key and import it into the client software on your laptop. Only on the devices you control does your key exist in a format that it can be “seen”. We anticipate most users will use Cautious mode as it ensures you don’t have to trust your provider while ensuring your privacy is always under your control. Some users who believe they have a higher threat level and don’t want a key to exist anywhere in any format except on devices where they maintain ABSOLUTE technical control may prefer Paranoid mode.
Paranoid Mode: How is it secure?
Paranoid mode is our most advanced and ultimate security mode. In Paranoid mode, your key never transmits anywhere; You maintain ABSOLUTE control. It is up to the user to move their key to any new device. If you create the original key within client software and wish to also use it on your phone, you must devise a secure method to move your key. This will allow you to export it to a file securely and encrypted. You can use a data cable or your own trusted digital method to copy the key to your new device. You can use a device to communicate for a period and then destroy the key or device, without a copy of the key stored. This renders all communication that that the key opened inaccessible from that point on. Paranoid mode is ultra-secure, however, requires technical proficiency in user key management.
SSL is a security reality. SSL ensures privacy for the communication between clients/customers and servers/providers in online banking, shopping, and logins across the internet. It is secure only if the key is kept secure. With #DIME, #OnionBIT now has (3) new operational modes to secure all customers: Cautious, Trustful and Paranoid. For the Cautious and Paranoid modes, all communication is encrypted on the user’s device making TLS less relevant. Even with end-to-end encryption, TLS ensures a client is connected to the provider’s server and provides perfect forward security for network traffic. In Trustful mode, we have moved from the SSL key typically stored on the server to a secure hardware device. The former is an extremely common setting for many SSL enabled sites throughout the internet. We have installed FIPS 140-2 hardware security modules which allows us to use a TLS key without having to access it directly. Any attempt to extract the key will trigger a tamper circuit causing the key to self-destruct. The only account capable of extracting the key is the HSM supervisor. To prevent this we set the passphrase blindly thus locking us out. We suggest anyone not comfortable with trusting the provider to utilize the Cautious or Paranoid modes.
Want to go Dark? Get Involved.
To learn more about #DIME & Magma we invite you to join the OnionBIT Forum & Blog ( https://onionbit.com/forum/ & https://onionbit.com/blog/ ) where you can find the latest code & specifications, provide feedback, and contribute to the development effort.
DIME: https://onionbit.com/dark-internet-mail-environment-march-2015.pdf DMAP: https://tools.ietf.org/id/draft-melnikov-dmap-00.txt STACIE: https://tools.ietf.org/id/draft-ladar-stacie-00.txt MAGMA: https://github.com/lavabit/magma LIBDIME: https://github.com/lavabit/libdime