Deadmann is a newly proposed anonymous network protocol which is comprised of multiple dead man’s switches that can share data even when a user across the network becomes incapacitated. Previously proposed models of dead man’s switches failed at achieving the following:
- Preserve users’ anonymity
- Enable users to efficiently manage their own data
- Encrypt users’ data in a manner that can only be decrypted by them
- Interact efficiently with other dead man’s switches across the network
Previous dead man’s switches models were either individualized solutions or based on third party services or centralized servers. The newly proposed Deadmann preserves the anonymity of users via the Tor network and security is furthered even more via data encryption at rest and in transit. Deadmann offers standardized means for anonymously creating a dead man’s switch and enabling it to anonymously interact with other dead man’s switches across the network.
What is a dead man’s switch?
Users across a network usually need to share information with other users, even in case of incapacitation. A dead man’s switch represents a form of a switch that gets activated when the user becomes inactive, so whenever he/she becomes incapacitated, the dead man’s switch gets activated to share his/her information with others.
What is Deadmann?
Deadmann is the name used to refer to a newly proposed network that is comprised of multiple dead man’s switches that utilizes the Tor network to mask the geo-locations of users, as well as dead man’s switches. A user can create his/her own dead man’s switch and use it to communicate with other dead man’s switches across the network. Whenever a dead man’s switch gets activated, it will share information owned by the user, with other dead man’s switches.
A Deadmann node is a server hosted on the Tor network that communicates with other Deadman nodes. Each Deadmann node represents a Tor hidden service, while the Deadmann ID represents Tor’s hidden service URL (a base32 encrypted string that is located before the .onion) of the Deadmann node.
The web interface which is used for initiating, halting, and updating a Deadmann node is known as a Control Hub. Each and every Control Hub is represented by a Tor hidden service that can be accessed via means of the Tor browser. Only the user should know a Control Hub’s Tor hidden service address.
Deadmann’s Design Goals:
The Deadmann protocol relies on the threat model and was designed to achieve the following goals:
- Insurance of data delivery:
Delivery of information to its intended receivers should be guaranteed even if the sender becomes inactive for a long period of time, for example, in case of incapacitation or death.
Users should have the ability to host a Deadmann node anonymously via the Tor network.
The decentralized infrastructure of the protocol prevents the occurrence of any single points of failure and offers users better control while managing their data. This can be accomplished via turning all Deadman nodes into Tor hidden services.
- Remote management:
Users can manage their Deadmann nodes in a secure and anonymous manner remotely.
All traffic and data across the network have to be encrypted to offer users high levels of security.
- Plausible deniability:
Protection of identification information in case of take down of the server, by e.g. a malicious user, hosting the Deadmann node.
Deadmann’s Design Model:
As illustrated in the below figure, Alice, Bob and Carol communicate with their Control Hub using the Tor network via means of the Tor browser, in order to be able to efficiently manage their Deadmann nodes, which can communicate with each other across the Tor network in order to obtain the status of other Deadmann nodes. Users, like Dave, may also be able to obtain Deadmann nodes’ statuses over the Tor browser.
When Deadmann is started, a new instance of the Tor browser is initiated and an HTTP server is implemented for the Control Hub. After the Control Hub is successfully accessed, the user can enter his/her authentication code, if one exists. In case an authentication code is not present, the user will have to create a new one, which will be used to encrypt, then decrypt Deadmann files, which are files that include the info needed to administrate a Deadmann node.