Dcomms.org

Dcomms.org - blog

Blog

I am Aleshin Sergei Vladimirovich, software developer and entrepreneur. You can contact me via LinkedIn.

Subscribe
Email:



2019-08-23
I am working on a big diagram of the DRP protocol. Main parts of the protocol is implemented: registration requester side and responder side. I am following "test-driven-development" strategy, and today will run first real DRP registration procedure within "CryptographyTest" project.

2019-08-19
General overview of the system with Yurii

2019-08-01
Recorded one more discussion with team: AES initial vector, need of signatures in REGISTER packets

2019-07-30
Recorded one more discussion with team:

2019-07-22
The DRP protocol is mostly defined. I recorded one of discussions with team:

The messenger will be used by people who first meet in person, exchange public keys (to avoid MITM attack) and contact each other later via the network.

2019-07-07
After having a discussion with team and some market research, I decided to concentrate on "Distributed Routing Protocol", to create a messenger with full privacy protection. No surveillance. Main competitors are: matrix.org (vector.im), bitmessage, tox messenger, status.im. The market looks like growing and in trend. I work on a protocol whitepaper now, discuss potential attacks and solutions with (hired) cryptographer and IT security engineer, all from Russia. I find it is not easy to create a P2P network which is stable against DoS attacks, but.. we have come up to some solutions. Here is a brief summary. In my opinion the best thing to invest right now - security audits.

2019-06-28
Recently I finished implementation of "anti-DDoS / proof of work" subsystem in my "Centralized Communications Protocol". And started to implement subsystem "Shared Key Derivation". I talked to some freelancer Ilya about the design, and got few valuable ideas on how to make the CCP more secure. I will continue hiring freelancers for security audit, it is very important to get unbiased look of the CCP at this development stage.
So I started to think about shared key derivation, using ephemeral (temporary) private keys, Elliptic Curve Cryptography Diffie-Hellman (ECCDH) key exchange procedure. I downloaded Visual Studio 2019 Community preview 6 to compile new code under .NET standard 2.1 in order to use Microsoft's implementation of ECCDH. And.. performance is awful: 1.3K operations per second. SHA256 procedure is implemented well by Microsoft, I have 400K operations per second on a single CPU core. I'd like to design a server capable to handle about 1M client-server handshakes per second on an average server, and I have to use a faster implementation of ECCDH.

2019-06-18
Today I was thinking about "surveillance" feature in my future messenger. It conflicts with requirement that it is "open", in this exact way: 2019-06-19 UPDATE: I think I found a way to make everyone happy: the messenger will work in two modes (over 2 protocols): both decentralized (with no surveillance) and centralized (with surveillance, controlled by governments). So corporations will use "decentralized" mode, having the communications really secure within organization, for business purposes. At the same time regular people will use messenger in "centralized" mode, controlled by governments, with surveillance, legal protection and control. And there will be "gateways" between the "messenger networks", it is similar to the way how PSTN works now.

2019-06-13
I have mostly finished design prototype for a secure protocol between client and server. I think it will be called "Centralized Communication Protocol". It will run over UDP for the first time. This protocol is a competitor to SIP, HTTP, HTTPS, TLS, SSH. How do I make it better? Also, I also got an idea of using users who use my future messenger for bitcoin mining, as proof of work. But I don't think that I will do it, because that will (probably) load user's device too much. But.. who knows.. anyway, I need to get some money from the open source messenger.

2019-06-05
Published initial design of the secure messenger

2019-05
Today I got 6 spam calls to my mobile phone. These were SPAM calls from call centers. This number increases, and I have turned on anti-spam filter to silently ignore all caller ID's that are not in my contact list.
Businesses are trying to penetrate my attention, and telcos allow them to do it. The telemarketing brings chaos into communications.
Same thing with emails, about 6 spam emails per day. Will these numbers increase? Why not? And who will build a new communication system that will automatically block spam?

2019-04 The world is complex, and the complexity is infinite:

the picture of Madelbrot fractal is taken from sciencedemos.org.uk

There are too many types of attacks on the protocols, and this list shows only top of iceberg: I am developing the new protocol(s) now, trying to make the messaging really secure. 2019-03 I research current situation of telecommunication industry. Instead or merely copying currently developed protocols, I am going to research the protocols, technologies and products to build my own understanding: 2019-02 I got an idea of creating a secure messenger. The messages will be routed via a mesh network - decentralized and redundant routing, without servers

Contacts: Aleshin Sergei Vladimirovich | Technical blog | Source code