Secure communication for users on plaintext IRC networks

About



Cloaknet works by placing itself between the IRC client and IRC server at a trustable point in the network.

[Private LAN]                            |        [Public Internet]
|
+--------------+ +--------------+ | +-------------------+ +--------------------+
| IRC Client | ----> | Cloaknet | ---|--> | Public Internet | ----> | IRC Server :6667 |
+--------------+ +--------------+ | +-------------------+ +--------------------+
|

Plaintext IRC messages passing between your IRC client and network are intercepted en-route by Cloaknet, which then handles message encryption and decryption.

Encryption between different parties communicating via IRC is provided by Cloaknet by way of a pre-shared secret or key (PSK) known to all parties. Users without Cloaknet and the correct decrypting PSK will simply see cypher text in place of the message. With the correct PSK, Cloaknet will decrypt the message before delivering it back to your IRC client.

The program can run as a daemon anywhere within your network, most likely on localhost but possibly on an internet gateway. The IRC client connects to your cloaknet instance which in turn is connected to your desired IRC server.


Operation (.NET):

The current version (.NET 20080229.0320) command structure is as follows:

cloaknet.exe [remotehost:port] [psk] [localhost:port] [initvector]

[remotehost:port] Required
[psk] Required
[localhost:port] Optional
[initvector] Optional

For Example:

C:\cloaknet.exe irc.quaknet.org:6667 preSharedKeyHere 192.168.1.1:1337 1234567890123456

or

C:\cloaknet.exe irc.freenet.org:6667 preSharedKeyHere localhost:1337 1234567890123456


Operation (Python):

The current version (Python 0.2) command structure is as follows:

python.exe irc-python.py

Configure the proxy.ini file as follows (on one line no more):
[server_name] [server_port] [proxy_port] [initial_value] [pass_key] [salt]
For Example:
b0rk.uk.quakenet.org 6667 9997 3u76@B24eFg5c1D9 key456 salt56789


Cryptography:

The currently used encryption algorithm is 256 bit Rijndael/AES.

Currently ‘++’ is prepended to all messages decrypted through cloaknet. This is to confirm the message needed to be decrypted and was not sent through an unencrypted channel. This string is never sent outside the network and is not considered a cloaknet identifier.

Known Bugs:

There is a condition, thought to possibly be related to DCC, which may cause the cloaknet client to crash. On restarting the client you may be informed that the client could not bind to whichever port you were previously trying. If this happens, ensure all instances (processes) of cloaknet have been killed or simply change port. Changing ports will not effect the operation of cloaknet in any way unless the client is running on a remote network host, in which case a port may need to be opened or forwarded.

To forceably kill the process from the command line type: taskkill /f /im cloaknet.exe

Additional points to note:

* Cloaknet is developed using .NET 2.0 and there is a Python version.
* Cloaknet is currently in a very early beta stage of development and contains many bugs.
* Feedback is welcomed and indeed encouraged.
* Cloaknet is designed to provide end-to-end encryption over an unsecured medium without modification to any existing tools or protocols, there are better solutions. Use them if you want to.