News

NGI0 grant for Software Heritage 2020/03/26

Hackers donate 90% of profit to charity 2019/06/13

NGI Zero awarded two EC research and innovation actions 2018/12/01

EC publishes study on Next Generation Internet 2025 2018/10/05

  Help grow the future. Donate

NGI Zero PET

NLnet has an open call as well as thematic funds. This page contains an overview of the projects that fall within the topic NGI Zero PET. If you cannot find the project you are looking for, please check the alphabetic index.

Logo NLnet: abstract logo of four people seen from above Logo NGI Zero: letterlogo shaped like a tag

Applications are still open, you can apply today.

A proof of concept of identity-based encryption

The project aims to extend the existing attribute-based identity platform IRMA with easy-to-use encryption. The kind of encryption is called Identity-Based. Its main advantage is that key management is simple, so that encryption becomes easy to use, via a plugin to an email client (only Thunderbird in this proof of concept project). The plugin computes the public key of the recipient of a message, from some uniquely identifying attribute of the recipient (typically an email address, but phone number, or citizen registration number could work as well). The receiver of the message will have to prove, via IRMA, possession of the uniquely identifying attribute to some Trusted Third Party (TTP), which will then provide the corresponding private key. Within this project a working set-up will be built. Turning it into a widely usable product will require more work, in follow-up projects.

>> Read more about A proof of concept of identity-based encryption

Accessible security

The "Accessible security" project's initiative was sparked by the need for usable security made available to the average citizen. Several projects are contributing a part of this bigger puzzle: QubesOS, coreboot, Heads, me_cleaner, Whonix and others. Yet the average person does not have the sophistication to integrate these software projects. With some effort we can add some missing parts, help the effected projects usability, and facilitate access to cutting-edge developments, currently only usable by developers and more sophisticated users. Bringing these projects together will reduce the amount of expertise and effort required to benefit from these projects.

>> Read more about Accessible security

Adopt improvements in Email Encryption in KMail

The goal of this project is to make it more simple for inexperienced users to just use encrypted mails, at the click of a button. Autocrypt is a new method for email encryption, that needs nearly no user interaction. It performs the needed key exchange transparently in the background, and does key management automatically. Encrypted Headers is a protocol to send mail headers in the encrypted mail part. Traditional encryption methods leaked meta-data, which could be used for mass surveillance purposes. The result will be part of the KDEPIM codebase, so you don't have to install anything else than KMail to use these improvements.

>> Read more about Adopt improvements in Email Encryption in KMail

ARPA2 LDAP Middleware

Some protocols are far better known than others. Everyone will recognise the HTTP protocol we use to transfer web pages. LDAP is not as well known, but it is also a key technology we use on a daily basis - in fact it shapes how most organisations are organised online. LDAP is a proven technology but can be cumbersome to work with, and as a result it has seen little innovation in recent years.

This project develops a number of innovatie middleware components from the ARPA2 project. This includes a privacy enhancing middleware for LDAP (LEAF), which allows to do attribute filtering and selectively transforming of LDAP; SteamWorks, which allows for responsive large scale configuration and trust delegation; and Lillydap, a library that can be used to easily add LDAP to any application. The project also delivers on (broad)er deployability of these building blocks, by providing tools for distropackaging the innovative solutions produced by the project.

>> Read more about ARPA2 LDAP Middleware

ARPA2 resource ACL and HTTP SASL modules for NGINX

In most of our daily interactions with a remote server we depend on the application running on the server to properly authenticate the user within the browser session, and to manage who can do what. However, if we want to enforce stronger guarantees with regards to restricted resources and tasks, our options are much more limited. This project from the ARPA2 community wants to move the state of the art in access control forward by combining the extensible SASL standard with a well-defined generic ACL mechanism that also allows for pseudonimity. The project will produce a self-contained library and two modules for a popular web server (NGINX) that use the new library. With the NGINX HTTP SASL module a user-agent can authenticate to the web server using any SASL mechanism the server supports. With the NGINX ARPA2 ACL module the web server can determine whether an authenticated user has authorization for the request that he/she sent. I.e. a user makes the request: "DELETE /messages/10" and the server can then decide based on the authenticated user, the action and resource whether this is allowed or not.

>> Read more about ARPA2 resource ACL and HTTP SASL modules for NGINX

Autocrypt for Thunderbird

Autocrypt is a specification that provides guidance for e-mail clients on how to achieve a seamless user experience. It does so by transparently exchanging keys, almost entirely automating public key management. This reduces the UI to "single click for encryption". The project will create an extension for the Thunderbird e-mail client that brings this experience to its users. The goal is to provide a new extension with a streamlined user experience that requires as little user interaction as possible, without "poweruser" features and performing practical user testing to identify open pain points. The extension will be based on OpenPGP.js, since this can be packaged directly. This will simplify installation and maintenance a great deal.

>> Read more about Autocrypt for Thunderbird

Balthazar

Project's ambition is to design and deliver an innovative and technically advanced open hardware (RISC-V/ISA) based, European made, inexpensive, FOSS laptop as a personal computing device, containing on board all desirable (FOSS compliant) hardware and software features and functionalities needed to prevent any 3rd party intrusion into the system. It adds physical safety features currently not available in the market such as hot-swappable CPU, hardwired switches for e.g. camera and audio devices, and a quickly removable encrypted hard drive and peripherals. A goal of Balthazar is to enable and educate end users to be private, safe and careful with their own data, and that of others. Another goal is to make computing more sustainable and reach eco-friendly footprint, by empowering users to take up their 'right to repair', through a modular laptop that allows components to be easily exchanged and upgraded - up to the CPU itself. The goal is to lead by example and gently lead other hardware manufacturers to become fully open and transparent. And create an educational platform, as well as an advanced computing device where its users (including those with low income ) to feel secure, safe and comfortable using it. For the children of all ages.

>> Read more about Balthazar

betrusted

Betrusted aims to be a secure communications device that is suitable for everyday use by non-technical users of diverse backgrounds. We believe users shouldn’t have to be experts in supply chain or cryptography to gain access to our ultimate goal: privacy and security one can count on. Today’s “private key only” secure enclave chips are vulnerable to I/O manipulation. This means there is no essential correlation between what a user is told, and what is actually going on. Betrusted will build a full technology stack, including silicon, device, OS, and UX that is open for inspection and verification. Betrusted is a simple, secure, and strong device that aims to advance Internet freedom.

>> Read more about betrusted

Betrusted OS

Betrusted OS will underpin the Betrusted ecosystem, and will enable secure process isolation. It will be written a safe systems language - namely Rust - to ensure various components are free from common programming pitfalls and undefined behavior. Unlike modern operating systems that trade security for speed, the Betrusted OS will prioritize security and isolation over performance. For example, it will be a microkernel that utilizes message passing and services rather than a monolithic kernel with modules. Unlike other deeply-embedded operating systems, it will require an MMU, and support multiple threads per process. This will let us add features such as service integrity and signature verification at an application level.

>> Read more about Betrusted OS

Betrusted software

The Betrusted software project utilizes the strongly typed Rust programming language to build the first applications and libraries for the open hardware Betrusted.io project. Betrusted is pioneering a new class of open hardware communications device, with a grant by NGI Zero. The project will set up a virtual environment for betrusted (e.g. QEMU / RISC-V) in order to develop and test software as close to target as possible and unlock community collaboration and contributions. The second main task in the project is to write a Matrix protocol command line client in order to analyze the memory characteristics in the highly constrained betrusted environment. The additional time is to be allocated to development support for the Bestrusted OS, develop glue layers and verify necessary interfaces for applications, provide unit/integration tests and develop (test) applications for it.

>> Read more about Betrusted software

Bitmask

Bitmask is a Desktop and Android client designed to achieve a zero-configuration end-user experience for setting up a VPN that connects to a given set of providers - those that follow the LEAP platform specification. To do so, clients rely on providers exposing configuration files on well-known urls, according to their particular setup regarding the available VPN gateways and transports. This project aims at adding low-end routers a new extra platform that users can choose when installing BitmaskVPN. Running VPN software in a commonly available router, with hardware-based user interfaces, will greatly extend the target audience for Bitmask. To achieve this goal, a porting of the BitmaskVPN client will be done in nim, a statically typed language that generates small native and dependency-free executables, allowing the setup of the VPN with the switch of a hardware button. Finally, the resulting port will be packaged for OpenWRT, and build scripts will be made available for providers to offer to their users a ready-to-use flashing image for a selection of routers.

>> Read more about Bitmask

Briar

Briar is a secure messaging app designed for activists, journalists and civil society groups. Instead of using a central server, encrypted messages are synchronized directly between the users' devices, protecting users and their relationships from surveillance. This project will enable users of Briar to delete their private messages. Giving users control of what information their devices retain will allow them to practice defence in depth, managing their exposure if their devices are lost or compromised.

>> Read more about Briar

Build Transparency (Trustix)

When we install a program, we usually trust downloaded software binaries. But how do we know that we aren't installing something malicious?

Typically, we have confidence in those binaries because we get them from a trusted provider. But if the provider itself is compromised, the binaries can be anything. This makes individual providers a single point of failure in a software supply chain. Trustix is a tool that compares build outputs across a group of providers - it decentralized trust. Multiple providers independently build the software, each in their own isolated environment, and then can vouch for the content of binaries that are the outcome of reproducible builds - while non-reproducible builds can be automatically detected. This is the first step towards an entirely decentralized software supply chain that can securely distribute software without any central corruptible entity.

>> Read more about Build Transparency (Trustix)

Chips4Makers ASICs

Current scaling of micro-electronics is focused on improving power, performance and cost per device but with an exponentially increasing start-up cost related to the increased process complexity. For the design of custom chips currently expensive proprietary electronic design automation (EDA) tools need to be used and hefty license fees are due for blocks implementing specific functions like the CPU, USB etc. All this together makes custom chip development only accessible for high-volume production and proprietary designs. In this project a development version of the libre licensed Libre-RISC-V system-on-a-chip will be manufactured in a 0.18um process combined with development on the open source tools and open source chip building blocks to make this possible. Development on the free and open source tools will be focused on making them compatible with the selected process and the building block development will be focused on the so-called standard cell library, the IO library and the SRAM compiler. This project fits in the longer term goal of the Chips4Makers project to make low-volume custom chip production possible using mature process technologies and free and open source tool chains and building blocks. Purpose is to get innovation using custom chips within reach of small start-ups, makers and even hobbyists.

>> Read more about Chips4Makers ASICs

Conversations

Conversations is an Android client for the federated, provider independent network of instant messaging servers that use the Extensible messaging and Presence Protocol (XMPP). It aims to provide a feature set and a user experience that is on par with other well known messaging services. While Conversations is capable of sending end-to-end encrypted text messages, images, short videos and voice messages it currently lacks the ability to make voice and video calls. This project is about adding A/V call capabilities to Conversations in a manner that is compatible to other XMPP clients. To achieve compatibility Conversations will implement the Jingle protocol extensions including XEP 0353 (Jingle Message Initiation) for a smooth user experience across multiple devices.

>> Read more about Conversations

CryptPad

Cryptpad is a secure and encrypted open source collaboration platform. The CryptPad teams project will fund the development of a number of group-focused features to Cryptpad. We'll improve our current implementation of encrypted shared folders to display the permissions possessed by team members for different documents. The capacity to remove a member from a group is difficult in an encrypted system, as the knowledge of encryption keys cannot be taken away once given. We'll implement key-rotation protocols, and develop encrypted mailboxes to facilitate the delivery of new keys to authorized members. The same mailbox system will enable the development of notifications, allowing users to request additional permissions for documents, to invite new members to a group or session, or to inform friends that a document has been updated. Teams organize in many ways, and with the technical components available we'll focus on interfaces which support different modes of coordination, whether the team is hierarchical or self-organizing. Overall, we hope to make it so that the most intuitive way to collaborate is also the most secure.

>> Read more about CryptPad

CryptPad for communities

CryptPad is a secure and encrypted open-source collaboration platform, that allows people to work together online on documents, spreadsheets and other types of documents. The amazing thing is that while the participants can work with these web applications as they would with any normal tool, the server has no way of telling what it is they are working on. Everything is encrypted on the device of the user, before it is sent to the server. The "CryptPad for communities" project will improve the experience of users adopting the platform for community management tasks. We'll spend time solving the issues most commonly reported by our users as obstacles to their broader adoption of the platform as an alternative to proprietary services. Document review is as important to many as collaborative editing, so we'll implement comment workflows that integrate our recently introduced social features into our text editors. Our Kanban and spreadsheet apps will both receive some crucial updates to better facilitate project management tasks without compromising on privacy. We'll develop extra access control features based on users' public keys for documents that require stricter protection than is currently offered. Those hosting their own CryptPad instance will benefit from new functionality for their admin panel as well as detailed documentation to make server management more accessible. Finally, we'll implement extra controls permitting admins to limit access to their instance by requiring invites for registration. Altogether we hope these tools will allow communities more determination when it comes to their data, their processes, and their ability to work together productively.

>> Read more about CryptPad for communities

CryptPad: Project Dialogue

Cryptpad is a real-time collaboration environment that encrypts everything clientside. The project will incorporate structured group interaction other than collaborative editing (e.g. gathering input through forms, polls) is a useful addition to this. This will replacing the current basic implementation of polls (like Doodle), and introduce surveys (like Google Forms). Authors will have exclusive control over the content and format of the polls and surveys, such as which questions are asked and the acceptable format of their answers. They'll also have control over the cryptographic keys which decrypt the submitted results, granting authors control over publishing. In addition, the project will develop an extension of its current notifications system to allow instance administrators to publish translatable messages visible to all their users. We'll use this broadcast system to distribute language-specific surveys and recruit willing users into a series of usability studies which will guide a second round of development for these applications.

>> Read more about CryptPad: Project Dialogue

Dat Private Network

The dat private network is a self-hosted server that is easy to deploy on cloud or home infrastructure. Key features include a web-based control panel for administration by non-developers, as well as on-disk encryption. These no-knowledge storage services will ensure backup and high availability of distributed datasets, while also providing trust that unauthorized third-parties won’t have access to content.

By creating a turnkey backup solution, we’ll be able to address two of our users’ most pressing questions about dat: who serves my data when I’m offline, and how do I archive and secure important files? The idea for this module came from the community, and reflects a dire need in the storage space -- no-knowledge backup and sync across devices. A properly-designed backup service will provide solutions to both of these questions, and will do so in a privacy-preserving way.

This deliverable will put resources into bringing this work to a production-ready state, primarily through development towards updates that make use of the latest performance and security updates from the dat ecosystem, such as NOISE support. We plan to maintain the socio-technical infrastructure through an open working group that creates updates for the network as it matures.

>> Read more about Dat Private Network

DCnets

The aim of the proposed project is to design and implement an open source library that implements the so-called Dining Cryptographer's network or DCnet (first proposed by David Chaum in 1998). Existing implementations suffer from poor efficiency (e.g. high computation and/or communication cost) or limited security (e.g. when a malicious participant can disrupt the communication). The project will produce cryptographic primitives and protocols that help to bring untraceable communication (e.g. untraceable instant messaging, file transfer, IP telephony) closer to practice. We will implement the most recent advances in cryptographic research (e.g. zero-knowledge proofs) and engineering (e.g. highly optimized arithmetic on elliptic curves and finite fields) into account to maximize both security and efficiency.

>> Read more about DCnets

dhcpcanon

When your computer enters a new network as a guest, it will need to receive information to be able to send and receive packets. The internet standard responsible for this is called Dynamic Host Configuration Protocol (DHCP). Traditional DHCP and DHCPv6 can potentially leak information which can be abused to uniquely identify a certain device - and thus track a user. dhcpcanon is a DHCP client implementation that implements the technical standard RFC7844, DHCP Anonymity Profiles. The new standard provides guidelines for minimizing information disclosure via DHCP. This project will produce DHCP clients implementing the Anonymity Profiles for restricted devices as microcontrollers and easy integration with network management tools.

>> Read more about dhcpcanon

Distributed Private Trust

The project "Distributed Private Trust" wants to develop a prototype for a trust and reputation system that does not rely on a centralized trusted party and provides users with more privacy than current systems. It uses secure multi-party computation to calculate aggregate ratings without having to reveal individual users ratings to any other party. The project also applies techniques from mechanism design to make the system robust to malicious behaviour of participants, for example by diminishing incentives to submit dishonest ratings.

>> Read more about Distributed Private Trust

DNSSEC Key Signing Suite

DNSSEC provides trust in the DNS by guaranteeing the authenticity and integrity of DNS responses. As DNS is of fundamental importance to most Internet communication, this is a vital function that needs safeguarding. Beyond providing trust in the DNS, DNSSEC is a key enabler for other technologies that improve the security, privacy and trust of Internet users. In the DNSSEC Key Signing Suite project we build a set of tools, scripts and guidelines (a playbook) to facilitate simple key signing with a standardised ceremony that has automated checks and audits where possible. The impact of this will be twofold. First, it leads to reliable, predictable and verifiable key ceremonies, which improves the trust in DNSSEC. Second, it will significantly ease the burden of operation, bringing the use of a validated and trustworthy signing procedure within reach for many more DNSSEC operators than today (e.g. smaller or less profitable top-level domain operators).

>> Read more about DNSSEC Key Signing Suite

EGIL SCIM client

Managing student information in an effective, secure and GDPR compliant way is crucial for the digitalized school. EGIL is an open source client that facilitates the exchange of student information to external providers of study material or administrative services in a standardized way. It supports attributes based on SCIM (RFC 7642-7644) and extensions, it provides an interface to common directory services and supports federated solutions between a large number of school principals and service providers. This project will improve EGIL’s federative capabilities, submit an Internet-Draft on the subject federated accounts provisioning, as well as providing a proof of concept for using SCIM as the standard for exchange of student information. This will eliminate the problems caused by using several different exchange protocols and formats between school principals and service providers.

>> Read more about EGIL SCIM client

EteSync - iOS application

EteSync is an open source, end-to-end encrypted, and privacy respecting sync solution for contacts, calendars and tasks with more data types planned for the future. It's currently supported on Android, the desktop (using a DAV adapter layer) where it seamlessly integrates with existing apps, and on the web for easy access from everywhere.

Many people are well aware of the importance of end-to-end encryption. This is evident by the increasing popularity of end-to-end encrypted messaging applications. However, in today's cloud-based world, there is much more (as important!) information that is just left exposed and unencrypted, without people even realising. Calendar events, tasks, personal notes and location data ("find my phone") are a few such examples. This is why the overarching goal of EteSync is to enable users to end-to-end encrypt all of their data.

The purpose of this project is to create an EteSync iOS client which will seamlessly integrate with rest of the system and let the many currently uncatered for iOS users securely sync their data.

>> Read more about EteSync - iOS application

EteSync - protocol and encryption scheme enhancements

EteSync is an open-source, end-to-end encrypted, and privacy respecting sync solution for your contacts, calendars and tasks, with more types planned. Many people are well aware of the importance of end-to-end encryption. This is evident by the increasing popularity of end-to-end encrypted messaging applications. However, in today's cloud-based world, there is much more (as important!) information that is just left exposed and unencrypted, without people even realising. Calendar events, tasks, personal notes and location data ("find my phone") are a few such examples. This is why the overarching goal of EteSync is to enable users to end-to-end encrypt all of their data. Etesync applications are available for many different platforms already, also on mobile. Meanwhile it is clear that there are a number of improvements that could be made to the EteSync protocol itself. This project addresses a number of issues to better support EteSync's current and long-term requirements, and at the same time brings these to the different supported Etesync applications.

>> Read more about EteSync - protocol and encryption scheme enhancements

Finish porting Replicant to a newer Android version

Replicant is the only fully free operating system for smartphones and tablets. All the other operating systems for smartphones and tablets use nonfree software to make some of the hardware components work (cellular network modem, GPS, graphics, etc). Replicant avoids that, either by writing free software replacement, by tweaking the system not to depend on it, or, as the last resort by not supporting the hardware component that depends on it. However it is based on Android 6, which is not supported anymore, thus it has way too many security issues to fix, so keeping using this version is not sustainable. This project consists in finishing to port Replicant to Android 9, which now has standardised an interface for the code that makes the hardware components work. Once done, it will also make the free software replacement automatically work on future Android versions.

>> Read more about Finish porting Replicant to a newer Android version

Fix the Pitch Black Attack in Freenet friend-to-friend routing

Freenet is a peer-to-peer platform with academic roots, offering censorship-resistant publication and privacy by design. It uses a decentralized distributed data store to store and forward information of its users, and is one of the oldest privacy related infrastructures - having been in continuous development for two decades, and predating the alpha version of TOR with several years. This project solves a published theoretical denial-of-service attack on the friend-to-friend structure of its routing, which has been a looming threat since it was discovered a number of years ago.

>> Read more about Fix the Pitch Black Attack in Freenet friend-to-friend routing

GNU Mes

GNU Mes was created to address the security concerns that arise from bootstrapping an operating system using large, unauditable binary blobs, which is common practice for all software distributions. Mes is a Scheme interpreter written in a simple subset of C and a C compiler written in Scheme and comes with a small, bootstrappable C library. The Mes bootstrap has halved the size of opaque binaries that were needed to bootstrap GNU Guix, a functional GNU/Linux distribution that focusses on user freedom, reproducibility and security. That reduction was achieved by replacing GNU Binutils, GNU GCC and the GNU C Library with Mes. The final goal is to help create a full source bootstrap for any interested UNIX-like operating system. After three years of volunteer work this funding will enable us to take another big step forward and reach an important new milestone in creating more auditable secure software distributions.

>> Read more about GNU Mes

GNU Mes

GNU Mes was created to address the security concerns that arise from bootstrapping an operating system using large, unauditable binary blobs, which is common practice for all software distributions. Mes is a Scheme interpreter written in a simple subset of C and a C compiler written in Scheme that comes with a small, bootstrappable C library. The final goal is to help create a full source bootstrap for any interested UNIX-like operating system. This funding will enable GNU Mes to work on the ARM platform.

>> Read more about GNU Mes

GNU Taler

GNU Taler is an advanced electronic payment system for privacy-preserving payments, also in traditional ("fiat") currencies like the Euro and the dollar. Unusually, the entire Taler system is free/libre software. Unique to the GNU Taler system is that it provides anonymity for customers, while delivering various anti-fraud measures. Payments can in principle be made in any existing currency, or a bank can be launched to support new currencies. Taler does fall under the usual regulations for electronic money issuers. One of the regulatory requirements that needs to be satisfied before payment providers can switch to this new system is that the payment service operator (the exchange) will need to be subjected to an independent auditor (which naturally would be paid for the service). In this project, a third party security audit of the GNU Taler codebase will be performed, creating a technology commons for fintech.

>> Read more about GNU Taler

GoatCounter

GoatCounter aims to provide meaningful privacy-friendly analytics for businesspurposes, while still staying usable for non-technical users to use onpersonal websites. The choices that currently exist are between hosted online services that have serious privacy issues, running your own complex software, or extremely simplistic "vanity statistics". GoatCounter attempts to strike a good balance between various interests. Major features include an easy to run self-hosted option, an intuitive user interface that is also accessible to website maintainers with accessibility needs, and meaningful statistics that go beyond "vanity stats" but still respect user privacy.

>> Read more about GoatCounter

Graphics acceleration on Replicant

The project aims to create a free software graphics stack for Replicant 9 that is compatible with OpenGL ES (GLES) 2.0 and can do software rendering with a decent performance, or GPU rendering if a free software driver is available. Replicant is a fully free software Android distribution that puts emphasis on freedom, privacy and security. It is based on LineageOS and replaces or avoids every proprietary component of the system. Replicant is so far the only distribution for smartphones that is endorsed by the Free Software Foundation as meeting the Free System Distribution Guidelines. Due to its strict commitment to software freedom, Replicant does not use the proprietary GPU drivers that shipped within other Android distributions. The project aims to put together a new graphics stack for the upcoming Replicant 9 that is GLES 2.0 capable. The project will then focus on improving the performance by fine tuning its OpenGL operations and leveraging hardware features. At last, focus will swift into the integration of the Lima driver, a free software driver for ARM Mali-4xx GPUs, which will allow to offload some GLES operations to the GPU. This will greatly increase graphics performance and thus usability.

>> Read more about Graphics acceleration on Replicant

Implement sound support in the Hurd

The GNU Hurd is a light weight kernel (the central part of an operating system) on top of the Mach microkernel, with full POSIX compatibility. The mission of the Hurd project is: to create a general-purpose kernel suitable for the GNU operating system, which is viable for everyday use, and gives users and programs as much control over their computing environment as possible. Hurd provides security capabilities like adding access to services for programs at runtime when and only while they need it, and to enable easy low-level development - like replacing a file system during runtime and real-time kernel debugging as if it were a normal program. This project adds an important feature to GNU Hurd: an audio-system with fine-grained access management to physical hardware.

>> Read more about Implement sound support in the Hurd

Improve usability of Linux firewall userspace tools

Netfilter is the project offering the packet classification framework for GNU/Linux operating systems. Netfilter supports for stateless and stateful packet filtering, mangling, logging and NAT. Netfilter provides a rule-based language to define the filtering policy through a linear list, sets and maps. This language is domain specific and it provides a simplified programming language to express filtering policies.

Firewall operators are usually not programmers, although they are typically knowledgeable about shell scripting. Humans currently have few means to check for mistakes when elaborating filtering policies, which as a result can interact in unpredictable ways or cause performance issues - meaning one can never be sure how much they can be trusted to protect users.

Lack of correctness and inconsistencies emerge as the rule set increases in complexity. Introducing ways to assist the operator to spot these problems and to provide hints to express the filtering policies in a better way would help to improve this situation. Error reporting is another key aspect to assist humans in troubleshooting. This project aims to extend the existing tooling to introduce infrastructure to cover this aspects.

>> Read more about Improve usability of Linux firewall userspace tools

IMSI Pseudonymization

The IMSI Pseudonymization project will design a specification and provide a reference implementation of a mechanism to conceal the IMSI (international mobile subscriber identity) of a mobile subscriber on the radio interface. The IMSI is used to uniquely identify each subscriber in a (2G, 3G, 4G, 5G) cellular network. However, the privacy of users is not really well protected: current specification require to transfer the IMSI in plain-text at various times before an encrypted connection can be set up. The present project will specify, implement and evaluate a method by which the IMSI will be concealed on the air interface with no modifications to existing mobile phones or any network elements of the operator beyond the HLR/HSS (which implements the authentication on the network side). The project will further submit this proposal into the 3GPP standardization process and attempt to make it at least an optional extension that operators (even MVNOs) can deploy.

>> Read more about IMSI Pseudonymization

IRMA made easy

Authentication methods, like passwords, often involve a trade-off between usability and security. Secure passwords are a hassle to use, and easy-to-use passwords are often also easy to guess or to brute force. Clearly, there is a need for authentication methods that are both secure and user-friendly. The IRMA mobile app can fill this gap. It was originally developed with a strong focus on providing secure and privacy-friendly authentication. This project will focus on making IRMA easy to use for everyone. We will conduct a formal large-scale evaluation of IRMA that focuses on usability in general as well as on accessibility (i.e. for users with disabilities) in particular. By doing so, usability hindrances can be identified and improved, making IRMA user-friendly and accessible for users with the widest range of capabilities.

>> Read more about IRMA made easy

Katzenpost

Secure messaging is among the most fundamental privacy challenges of today. While there are meanwhile several widely used offerings that can encrypt instant messages you send to others, there are very few reliable options that are able to keep others from finding out who you were communicating with - and when. The most popular end-to-end messaging application do not adequately protect the identities of who-is-talking-to-who from the infrastructure operators. Katzenpost aims to offer a traffic analysis resistant messaging layer that allows all the participants in the network to have significantly more privacy than other mechanisms. It offers a decentralized mixnet architecture that works similarly to onion routing, where message routing information is encrypted, and differs in that each message is a fixed size, has random forwarding delays, and is accompanied by cover traffic messages to frustrate passive traffic analysis. The project aims to be a building block for other to build applications on, lowering the threshold for existing applications to benefit from increased privacy and confidentiality.

>> Read more about Katzenpost

KWin and Wayland input

When you run remote applications across the internet, you typically need a display server. Wayland is the future windowing system on Unix, a communication protocol that specifies the communication between a display server and its clients

One core goal in its design was to provide a safe and secure system protecting users data and privacy. The traditional windowing system X11 does not, which means that programmes can just spy on inputs and outputs of every other programme. Making a secure system that is still usable comes with challenges. When clients need to communicate, channels of communication must be carefully designed to provide it in a secure and reliable way. One of these channels is when one client provides a virtual keyboard or input methods support (for example for CJK languages) and another client consumes the input data. The project aims at implementing communication channels for that through Wayland protocol extensions in KWin and provide test clients as well as improving the used protocol extensions upstream.

>> Read more about KWin and Wayland input

Langsec in Pectore

Design and build a Proof-of-Concept (PoC) cardiac pacemaker circuit with an analog/mixed-signal CMOS ASIC based on a description of the device functionality as formal grammar/automaton based on language security (langsec) design principles. Internet-of-things (IoT) devices are usually designed around a general purpose microcontroller with a much larger state space than needed for their purpose. Only after the initial design, interface capabilities of the IoT device are artificially restricted for privacy and security. An implanted pacemaker is a safety-critical IoT device that fits into a very small state space, as proven by early pacemaker designs that did not use high performance microcontrollers. Langsec methods use formal grammars to specify minimal interface parsers to reduce the attack surface, but not the attack volume behind the attack surface. As PoC, formal langsec methods are adapted to reduce the attack volume of a pacemaker: A domain-specific language (DSL) translates requirements of a cardiac pacemaker patient and an information security researcher (ideally one and the same person) into an implantable minimum state space analog/mixed signal pacemaker application specific integrated circuit (ASIC). Such a minimum automaton methodology can be transfered to less life-critical IoT devices. ASICs for minimum automaton IoT designs are a use case for completely free CMOS IC fabrication processes, e.g., LibreSilicon. Non-essential state space that isn't implemented can't be hacked.

>> Read more about Langsec in Pectore

Libre Silicon compiler

LibreSilicon Compiler (LSC) is a place + route suite for silicon. The main focus of this project is to produce legal and efficient silicon layouts from digital netlists (e. g. BLIF, EDIF). Traditionally the placement and routing problem are handled separately and in sequence and the final layout is given by the routing step. In this setup the routing step gains information from placement but not the other way around. LSC attempts to shift this paradigm to create a feedback loop between the two main problems to improve the solution. Furthermore we are incorporating formal methods to produce the compiler software and to verify resulting layouts. While the latter is standard practice, proving properties of the compiler software itself is only widespread in the domain of software compilers. This exercise will be favored by the use of the programming language Haskell and advanced theorem provers. Finally this software aims to profit from explicit module hierarchies given by the developers of digital logic in register-transfer level (e. g. Verilog, Chisel). Greedy solutions can be found for highly modularised chips: when logic is not inlined in the conventional software compiler sense, the size of problem instances is kept small. This also gives parallelism for free, as the dependency tree is resolved from the bottom up.

>> Read more about Libre Silicon compiler

Libre-RISCV SoC Design

It is 2019 and it is not possible to buy a mass-produced laptop, tablet or smartphone and replace all of its software (with software that a user can trust) without loss of functionality. Processor boot-loaders are DRM-locked; WIFI, 3D Graphics and Video Processors are proprietary, and Intel's processors contain problematic features and intransparent elements such as the "Management" Engine. The most logical way to restore and engender trust is to literally make a new processor - one that is developed transparently and may be independently audited to the bedrock. The project develops a low-power, mobile-class, 64-bit Quad-Core RISC-V SoC at a minimum 800mhz clock rate, suitable for tablet, netbook, and industrial embedded systems. Full source code files are available for the operating system and bootloader, and the actual processor, its peripherals and its 3D GPU and VPU. Details at http://libre-riscv.org/3d_gpu/

>> Read more about Libre-RISCV SoC Design

LibreSilicon

LibreSilicon aims to reduce the steep entry barriers to full custom application-specific integrated circuit (ASIC) design and help people to regain trust in their computing devices, right at the bedrock: When they are manufactured. LibreSilicon provides a standard for manufacturing semiconductors which allows platform independent process design kits (PDKs) and design rules that allow manufacturing the same chip layout in any factory that has calibrated their process according to the LibreSilicon specs with the PearlRiver test wafer. By introducing this process standard, full custom ASIC design should become available to private persons without corporate or academic access to IC foundries. After democratizing software development with tools like Arduino, and PCB design with tools like KiCAD, LibreSilicon will democratize ASIC design, and GDS2 intends to become the new Gerber file format for semiconductor manufacturing.

>> Read more about LibreSilicon

LumoSQL

The most widely-used database (SQLite) is not as reliable as it could be, and is missing essential features like encryption and safe usage in networked environments. Billions of people unknowingly depend on SQLite in their applications for critical tasks throughout the day, and this embedded database is used in many internet applications - including in some core internet and technology infrastructure. This project wants to create a viable alternative ('rip and replace'), using the battle tested LMDB produced by the LDAP community. This effort allow to address a number of other shortcomings, and make many applications more trustworthy and by means of adding cryptography also more private. Given the wide range of use cases and heavy operational demands of this class of embedded databases, a serious effort is needed to execute this plan in a way where users can massively switch. The project will extensively test, and will validate its efforts with a number of critical applications.

>> Read more about LumoSQL

Maemo Leste

Maemo Leste aims to provide a free and open source Maemo experience on mobile phones and tablets. It is an effort to create a true FOSS mobile operating system for the FOSS community. Maemo Leste is based on GNU/Linux, and specifically - Devuan GNU/Linux. The goal is to provide a secure and modern mobile operating system that consists only of free software, obeys and respects the users' privacy and digital rights. The project also works closely with projects that aim to produce hardware that Maemo Leste and other community mobile operating systems could run on. The operating system itself takes much of its design and core components from the Nokia-developed Maemo Fremantle, while replacing any closed source software with open source software.

>> Read more about Maemo Leste

Manyverse

Manyverse is a social networking mobile app, implemented not as a typical cloud service, but instead on a peer-to-peer network: Secure Scuttlebutt (SSB). The mobile app locally hosts the user's database, allowing them to own their personal data, and also use the app when offline. Data can sync from one mobile device to another, via Bluetooth, Wi-Fi, or Internet. Free and open source software.

>> Read more about Manyverse

MEGA65 Phone

Much of the insecurity and lack of privacy is the simple result of how complex computers, the internet and all of the protocols and technologies that they include. It seems that the majority of proposals to fix this solution consist of adding something to this complicated mess. While this has helped to reduce the symptoms of the problem, by adding complexity it has actually made the problem worse. There are simply too many places for insecurities and privacy violating software to hide in modern complex systems. Even the hardware itself is not immune, with problems like SPECTRE, MELTDOWN and vulnerabilities in the management processors of modern computers and phones showing that even the processors we use today carry significant risks due to their complexity. This project takes a contrarian approach of seeing just how simple a system can be make, that would still be useful for a core set of functionality. The project takes inspiration from the simple and effective computers of the 1980s: it explores how to retain their simplicity and transparency, and combine them with modern improvements in security and capability. The goal is to allow even a single determined person to completely verify that a device has not been compromised, and that there are no unwanted listening ears when performing privacy sensitive tasks. The project will advance its current proof-of-concept to a functioning hardware and software system that can demonstrate profoundly improved security and privacy, and in a way that allows a determined user to verify that the device is still truly under their exclusive control and serving them alone.

>> Read more about MEGA65 Phone

mobile-nixos

The mobile-nixos project seeks to provide a coherent tool to produce configured boot images of NixOS GNU/Linux on existing mobile devices (cellphones, tablets). The goal is to provide a completely integrated mobile operating system, allowing full use of the hardware's capabilities, while empowering the user to exercise their four software freedoms to use, study, share and improve the software.

>> Read more about mobile-nixos

Nitrokey

Nitrokey is an open source hardware USB key for data encryption and two-factor authentication with FIDO. While FIDO is supported by web browsers, using Nitrokey as a secure key store for email and (arbitrary) data encryption requires a native software. Therefore email encryption in webmail isn’t possible with Nitrokey. At the same time strong end-to-end encryption in web applications all share the same challenge: To store users' private keys securely and conveniently. Therefore secure end-to-end encryption usually requires native software too (e.g. instant messenger app) or - less secure - store the user keys password-encrypted on servers. Nitrokey aims to solve these issues by developing a way to use Nitrokey with web applications. To avoid the necessity of device driver, browser add-on or separate software this project is going to utilize the FIDO (CTAP) protocol. As a result the solution will work with any modern browser (which all support WebAuthn), on any operating system even on Android. This will give any web application the option to store private keys on ones own Nitrokey devices.

>> Read more about Nitrokey

node-Tor

Node-Tor is an open source project and the only existing implementation of the Tor protocol in Javascript. That gives it the unique property to not just run on a server or desktop, but also inside a regular webbrowser itself as a standalone secure webapp. It must not be misunderstood for just a re-implementation of Tor network nodes: the goal is much wider, because it allows any project related to privacy/security enhancement to implement the Tor protocol in their nodes and/or inside a web page. The browser client acts as a standalone node itself communicating via web interfaces such as Websockets with servers or through WebRTC with other browsers. The use of Javascript allows to reduce very significantly the code and libraries (prone to security breaches), simplifying the integration for developers (like removing the need to maintain installation packages since standard web interfaces can be used), simplifying the use for users. This offers a lot of potential for increasing security and privacy for everybody, since the technology can be accessed from any place and any device that has a browser or can run Javascript, including mobile devices.

>> Read more about node-Tor

Noise Explorer-VerifPal

Noise Explorer is an online engine for reasoning about Noise Protocol Framework (revision 34) Handshake Patterns. Noise Explorer allows you to design Noise Handshake Patterns, and immediately obtain validity checks that verify if your design conforms to the specification. For visually oriented people, it provides a convenient visualisation in your browser. Noise Explorer can also generate Formal Verification Models and Software Implementations. This allows to instantly generate full symbolic models in the applied pi calculus for any Noise Handshake Pattern that you enter. Using ProVerif, these models can be analyzed against passive and active attackers with malicious principals. The model's top-level process and sophisticated queries are specifically generated to be relevant to your Noise Handshake Pattern, including tests for strong vs. weak forward secrecy and resistance to key compromise impersonation Noise Explorer also automatically generates a secure implementation of your chosen Noise Handshake Pattern design, written in Go. In addition the users can explore a Compendium of Formal Verification Results. Since formal verification for complex Noise Handshake Patterns can take time and require fast CPU hardware, Noise Explorer comes with a compendium detailing the full results of all Noise Handshake Patterns described in the original specification. These results are presented with a security model that is even more comprehensive than the original specification, since it includes the participation of a malicious principal.

>> Read more about Noise Explorer-VerifPal

Off-the-Record messaging version 4

OTRv4 is the newest version of the Off-The-Record messaging protocol. It is a protocol where the newest academic research intertwines with real-world implementations. It's aim is to give end-to-end encryption, deniability, authentication, forward secrecy and post-compromise security for any kind of messaging (online or offline). The goal of this new version is to give the most secure privacy and security properties that have a real impact on the world. This new version aims to be available in different desktop clients (that use XMPP or other messaging protocol) and in mobile clients.

>> Read more about Off-the-Record messaging version 4

offen

Transparently handling data in the open creates mutual trust: Offen is a web analytics software that gives users insights into the data they are generating by giving them access to the same suite of analytics tools site operators themselves are using. Usage metrics come with explanations about their meaning, relevance, usage and possible privacy implications, and also details which kind of data is not being collected. Offen treats both users and operators as parties of equal importance. Users can expect full transparency and are encouraged to make autonomous and informed decisions regarding the use of their data, and operators are being enabled to collect needed usage statistics while fully respecting their users' privacy and data. No user data is being collected until the user has explicitly opted-in. All data can be deleted either selectively or in its entirety by the users.

>> Read more about offen

OnBaSca

The Tor network is comprised of thousands of volunteer-run relays around the world, and millions of people rely on it for privacy and freedom online everyday. To monitor the Tor network's performance, detect attacks on it, and better distribute load across the network, we employ what we call Tor bandwidth scanners. The bandwidth scanners are run by the directory authorities, which are special relays that maintains a list of currently-running relays. This project will make a number of improvements to the new bandwidth scanner call sbws, to make it easier for directory authorities to deploy it, for relay operators to better diagnose issues and for end users to benefit from increased quality of experience.

>> Read more about OnBaSca

Opaque Sphinx

Opaque Sphinx is a project that aims to secure password-based authentication by deploying the state-of-the-art SPHINX and OPAQUE cryptographic protocols to eliminate almost all common attack vectors - such as weak guessable passwords, password reuse, phishing, password databases, offline dictionary attacks, database leaks - plaguing current solutions. These protocols provide the strongest available cryptographic properties with cryptographic proofs. The project intend to port its already existing free software SPHINX implementation - besides already existing support for Linux and Windows - to Android so it can also be used on smartphones.

>> Read more about Opaque Sphinx

Opaque Sphinx Server and Clients

Passwords are probably the most common way to remotely use private services, which makes them a major liability - humans on average find it very hard to memorize strong passwords. Luckily, passwords - or more particularly tools to work with passwords more safely - are evolving as well. SPHINX is a novel approach to password storage that is information theoretically secure. And unlike most online password managers, the user does not even have to trust the server. OPAQUE is a novel protocol that can be used to eliminate phishing as an attack vector when authenticating to servers. The combination of SPHINX and OPAQUE provides some very strong guarantees while still allowing users to only need to remember one or just a few passwords. This project will develop a SPHINX server in a safe, compiled language, with ample tests. It will also further develop and refine a protocol above SPHINX, handling creation, deletion, backup and changing of data. In addition it will add the OPAQUE protocol to various free software ecosystems such as PHP, java, nodejs, ruby, golang, erlang and rust, as well as to the two most used webservers: nginx and apache2.

>> Read more about Opaque Sphinx Server and Clients

Open Source DRTM implementation with TrenchBoot for AMD processors

The Trenchboot project aims to create a unified framework for dynamic RTM (DRTM) implementation for all platforms. (D)RTM is used to verify if bugs or vulnerabilities have compromised a system, and as such is an important component to get to advanced stages of trustworthiness for our hardware.

>> Read more about Open Source DRTM implementation with TrenchBoot for AMD processors

OpenPGP Certificate Authority

OpenPGP CA is a tool for managing OpenPGP keys within an organization. Its primary goal is to make it trivial for end users to authenticate the OpenPGP keys of users in their organization, and in adjacent organizations. In an OpenPGP CA-using organization, users delegate authentication to an in-house CA. This allows users to securely and seamlessly communicate via PGP-encrypted email without having to manually compare fingerprints, without having to understand OpenPGP keys or signatures, and without having to trust a third-party with potentially conflicting interests. This goal is achieved by shifting the authentication burden from individual users to an organization's administrator, and providing a tool that largely automates key creation, and signing as well as key dissemination. Importantly, because OpenPGP CA works within the existing OpenPGP framework, users do not need any new software to take advantage of OpenPGP CA's benefits; they can continue to use existing email clients and encryption plugins. Further, OpenPGP CA can co-exist with other authentication approaches, like traditional key signing workflows.

>> Read more about OpenPGP Certificate Authority

Padding Machines for Tor

Tor is the worlds largest anonymity network with about eight million daily users around the world who use Tor to browse the web anonymously, access onion services, and circumvent censorship. The project Padding Machines for Tor will design and implement padding machines---as part of a new framework in Tor for generating fake padding traffic---to defend against website fingerprinting attacks. A website fingerprinting attack is a type of traffic analysis attack where an attacker attempts to determine websites visited by a target Tor user by analysing encrypted traffic. The results of the project will be both open source and open access, with the goal of contributing to effective and efficient defenses deployed by default in Tor against website fingerprinting attacks.

>> Read more about Padding Machines for Tor

pcb-rnd

Pcb-rnd is a modular printed circuit board editor that is designed with the UNIX mind set. It has a convenient GUI for editing the graphical data of the board but is also has a handy command line interface. Both the GUI and the CLI aspects are scriptable (in more than 10 scripting languages) and pcb-rnd can also process boards as a headless converter tool. It has support for various proprietary schematics/netlist and board formats which makes it also a good choice for converting free hardware designs coming in proprietary formats to free file formats. Among the upcoming challenges are a full rewrite of the Design Rule Checker, more file format support and making the menu system even more dynamic to match the modular nature of pcb-rnd better.

>> Read more about pcb-rnd

PGP4civiCRM

E-mail security and privacy is not just relevant inside organisations or between individuals. A lot of email traffic comes from the institutions we all have to deal with, including some of the most confidential emails we get. And yet there is no way for users to protect their privacy and confidentiality when sending and receiving messages from organisations using such systems. PGP4civiCRM enables automatic PGP encryption/decryption of e-mails on the server side. While the project will provide special integration for the Constituent Relation Management System CiviCRM, the basic functionality can be used also with regular mailservers like postfix. The PGP4civiCRM core will basically be a milter, that listens for input messages, then looks up PGP keys from configurable sources (local key rings, LDAP) and then, based on a local, configurable, policy, encrypts/decrypts messages (or leaves them untouched) before passing them on. This way system administrators can with tiny effort provide transparent encryption support for all their mail users. Especially for CiviCRM the project will create an extension that allows easy web-based configuration of the relevant pieces and displaying of encrypted, received e-mails using OpenPGP.js.

>> Read more about PGP4civiCRM

Port of AMDVLK/RADV 3D Driver to the Libre RISC-V SoC

The Libre SoC is being developed to provide a privacy-respecting modern processor, developed transparently and as libre to the bedrock as possible. As a hybrid processor, it is intended to be both a CPU and a GPU. GPUs are typically proprietary (and thus not fully transparent), as is the 3D driver software. The SoC design requires a Vulkan compliant hybrid hardware-software API. The development of the Kazan 3D Driver (developed from scratch inside the Libre SoC) that aims to provide such an API is therefore on the critical path to final release. Given the complex nature of 3D driver development, and because Kazan is a novel approach (written in rust, for security reasons) that dependency is considered a liability. This project develops a second, more traditional Mesa3D driver in c++. This reduces the pressure on the Kazan development, and allows for benchmarking and increased transparency and collaboration on this ambitious project.

>> Read more about Port of AMDVLK/RADV 3D Driver to the Libre RISC-V SoC

Privacy Enhancements for PowerDNS and DNSdist

DNS over TLS (DoT) and DNS over HTTPS (DoH) are two recent developments in the DNS field, and currently these are dominated by US based providers. The project will enhance the availability of open, trustworthy, privacy respecting DNS Resolvers in such a way that it allows any DNS provider, operator, or user to provide encrypted DNS service. This project aims to speed up implementation, improvement and standardisation of the most important Privacy enhancing features of DNSdist and PowerDNS resolvers to allow for the entire DNS-chain (from client, to caching-resolver, to authoritative nameserver) to be encrypted. The project will add support to the (open source) PowerDNS components (dnsdist, recursor and Authoritative server) for the privacy features necessary.

>> Read more about Privacy Enhancements for PowerDNS and DNSdist

Privacy Preserving Disease Tracking

In case of a pandemic, it makes sense to share data to track the spread of a virus like SARS-CoV2. However, that very same data when gathered in a crude way is potentially very invasive to privacy - and in politically less reliable environments can be used to map out the social graph of individuals and severely threaten civil rights, free press. Unless the whole process is transparent, people might not be easily convinced to collaborate.

The PPDT project is trying to build a privacy preserving contact tracing mechanism that allows to notify users if they have come in contact with potentially infected people. This should happen in a way that is as privacy preserving as possible. We want to have the following properties: the users should be able to learn if they got in touch with infected parties, ideally only that - unless they opt in to share more information. The organisations operating servers should not learn anything besides who is infected, ideally not even that. The project builds a portable library that can be used across different mobile platforms, and a server component to aggregate data and send this back to the participants.

>> Read more about Privacy Preserving Disease Tracking

Qubes OS

Qubes OS is a free and open source operating system uniquely designed to protect the security and privacy of the user. Its architecture is built to enable the user to define different security environments ("qubes") on their computer and visually manage their interaction with each other and the world. This project will improve the usability of Qubes OS by: (1) reviewing and integrating already existing community-created usability improvements, (2) implementing a localization strategy for the OS and its documentation, and (3) creating a holistic approach for improved accessibility.

>> Read more about Qubes OS

Redwax

The internet was not designed as a public infrastructure and most of the engineering trade-offs of the lower-layer technologies have generally erred on the side of accommodating fast growth and ease rather than values such as security, confidentiality and privacy. Yet today the internet is everywhere from providing a place for democratic discourse to healthcare to finance and personal communication. Redwax aims to decentralise trust management so that the values security, confidentiality and privacy can be upheld in public infrastructure and private interactions. The overarching goal of Redwax is to strengthen the existing technologies and infrastructure by providing a modular and practical set of tools to manage public key based trust infrastructures as currently used. These tools capture and hard code a lot of industry best practice and specialist PKI knowledge so that they can be put into the hands of a much wider community than currently served by a few specialist industries. With this project the Redwax team hopes to help re-establish (and/or strengthen) the support for these non-centralized trust management technologies inside web browsers and other relevant applications by working with standards organizations and industry coordination groups, and to create the initial reference implementations for their standardisation.

>> Read more about Redwax

Reowolf

The Reowolf project aims to replace a decades-old application programming interface (BSD-style sockets) for communication on the Internet. In this project, a novel programming interface is implemented at the systems level that is interoperable with existing Internet applications. Currently, to increase quality of service (e.g. intrusion detection, latency and throughput) non-standard techniques are applied. Internet service providers resort to deep packet inspection to guess applications intent, and BSD-style socket programming is error-prone and tweaking is fragile. This project resolves these problems: it provides support to middleware to further improve quality of service without having to give up on privacy, and makes programming of Internet applications easier to do correctly and thus more reliable.

>> Read more about Reowolf

Reproducible Builds

Reproducible builds are a set of software development practices that create an independently-verifiable path from source to binary code.

>> Read more about Reproducible Builds

Ricochet Refreshed

Ricochet Refreshed, is a metadataless messenger for PCs (Windows, macOS, Unix) that provides anonymity as well as security. By using Tor, it allows people at risk making public interest disclosures to communicate in chat sessions with anonymity to journalists, members of parliament, regulators protecting the environment, financial malfeasance investigators and others who have the power in society to act as corrective mechanisms to serious wrongdoing. This project will update Ricochet, reduce known security risks, and ensure continued compatibility with Tor's onion services protocol. The possibility of anonymous communication is important for everyone, but particularly vital for those who risk reprisal in their workplace or other institutions to be able to speak up. Through anonymity, Ricochet Refreshed allows the focus to be on the disclosure, not on the source or whistleblower. Thus, the project provides a tool in support of evidence-based reporting in the public interest by creating a safe on-going channel for the journalist to conduct verification as the story develops.

>> Read more about Ricochet Refreshed

Robur privacy-enhanced DNS resolver and DHCP server

DHCP and DNS are fundamental Internet protocols, DHCP is used for dynamic IP address configuration in a local network, DNS for resolving hostnames to IP addresses. In this project, we develop a robust DHCP server and DNS resolver as a MirageOS unikernel. MirageOS unikernels are self-contained virtual machine images which are composed of the required OCaml libraries, leading to a binary with a minimal trusted code base, and thus minimized attack surface. The choice of the memory-safe, functional, and statically typed language OCaml avoids common attack vectors, such as buffer overflows and double frees. MirageOS unikernels can be deployed on various hypervisors (Xen, KVM, BHyve), microkernels (Genode, Muen), or as Unix binary (also with seccomp rules that allow only 10 system calls) on x86-64 and arm64. Several DHCP and DNS privacy extensions, extensive testing, and documentation is worked on to allow everyone to use it on their home router or in the data center. Migration of existing configuration (e.g. dnsmasq) to Robur DNS resolver and DHCP server will be provided as well.

>> Read more about Robur privacy-enhanced DNS resolver and DHCP server

Rocket CWMP

CWMP (CPE WAN Management Protocol) or TR-069 is a technical specification of a Broadband Forum designed for remote governing of a CPE. CWMP is a standardized and widely-used text-based protocol enabling communication between CPE and Auto Configuration Server (ACS).

Rocket CWMP is a modular CWMP-client capable of supporting TR-069, TR-181 and other technical reports. The project was started out of an industry gap regarding a production-ready, FOSS solution that meets the ISP requirements and the feature and security requirements of modern embedded devices. It is capable of integrating into existing solutions for automatic and remote software installation or provisioning of CPEs. The client is designed to be easily portable to different Linux platforms (OpenWrt and other Linux distributions such as Yocto, Debian, Ubuntu and others). Its modularity implies that developers can easily build new features based on their requirements. It would serve as a light weight glue between CWMP and embedded Linux software standards for configuration and statistics.

The end goal of this project would be to create and FOSS delivering mandatory remote management features in ISP ecosystem. ISPs would finally be equipped with a CWMP client that: a) is an open and extendable replacement of the closed software alternatives, b) is designed to easily include and configure various backend systems and c) allows replacing proprietary firmware and leveraging Open Source components.

>> Read more about Rocket CWMP

Rust Threadpool

ThreadPool is a free and open-source library that provides a simple and intuitive interface for programmers to multi-threaded programming. ThreadPool aims to make parallel programming accessible to the general public. Running tasks in parallel is a vital building block for building efficient solutions on modern hardware. Combined with Rust's type-system this library allows programmers to parallelize their applications without introducing unsafe behaviour while managing the administrative tasks of interacting with the operating system.

>> Read more about Rust Threadpool

SASL Works for the InternetWide Architecture

The SASL Works allow clients to use authentication mechanism that meet their requirements, and use it in virtually all protocols, which includes but is not limited to the web. Servers on the other hand, can flexibly adapt to clients from any domain, by backporting authentication inquiries to the client's own realm for the desired level of approval. Once configured, this process frees service providers from the need to manage user accounts and secure storage of credentials. Clients finally get a choice to use strong cryptographic authentication mechanisms instead of being forced to use a site programmer's poor approach to security. This in turn is helpful for setting higher levels of security policies in formal bodies such as organisations and governments, while generally simplifying the user interaction.

>> Read more about SASL Works for the InternetWide Architecture

SASL XMSS

Simple Authentication and Security Layer (SASL) is an authentication and data security framework. The framework defines a structured interface to which SASL mechanisms must comply. These mechanisms can then be used by application protocols in a uniform manner. XMSS provides cryptographic digital signatures without relying on the conjectured hardness of mathematical problems. Instead, it is proven that it only relies on the properties of cryptographic hash functions. XMSS provides strong security guarantees and is even secure when the collision resistance of the underlying hash function is broken. It is suitable for compact implementations, is relatively simple to implement, and naturally resists side-channel attacks. Unlike most other signature systems, hash-based signatures can so far withstand known attacks using quantum computers. The SASL XMSS project's goal is to implement the XMSS system as a SASL mechanism in one of the publicly available open source SASL libraries.

>> Read more about SASL XMSS

Secure User Interfaces (Spritely)

Spritely is a project to advance the federated social network by adding richer communication and privacy/security features to the network. This particular sub-project aims to demonstrate how user interfaces can and should play an important role in user security. The core elements necessary for secure interaction are shown through a simple chat interface which integrates a contact list as an easy-to-use implementation of a "petname interface". Information from this contact list is integrated throughout the implementation in such a way that helps reduce phishing risk, aids discovery of meeting other users, and requires no centralized naming authority. As an additional benefit, this project will demonstrate some of the asynchronous network programming features of the Spritely development stack.

>> Read more about Secure User Interfaces (Spritely)

Securing PLCs via embedded Open-Source protocol adapters

Industrial Programmable Logic Controllers have been controlling the heart of any production machinery since the mid-70s. However have these devices never been built for the usage in completely unprotected environments such as the Internet. Currently most PLCs out in the wild have absolutely no means to protect them from malicious manipulation (Most don't even have an effective password protection). Unfortunately "Industry 4.0" is all about connecting these devices to the Cloud and hereby attaching them to potentially unsecure networks. In the "Securing PLCs via embedded Open-Source protocol adapters" initiative we are planning on porting the Apache PLC4X drivers to languages that can also be used in embedded hardware. Additionally we also want to create secure protocol-adapters using these new drivers together with Apache MyNewt, to create protocol-adapters that could eventually even be located inside the network connectors which are plugged into the PLC in an attempt to reduce the length of the unsecured network to an absolute minimum without actually modifying the PLC itself.

>> Read more about Securing PLCs via embedded Open-Source protocol adapters

SOLID Data Workers

Solid Data Workers is a toolkit to leverage the Tim Berners-Lee' Solid platform into a viable, convenient, open and interoperable alternative to privacy-hungry data silos. The aim is to use Solid as a general purpose storage for all of the user's private informations, giving them a linked-data meaning to enrich the personal graph and provide a first-class semantic web experience.

The project involves a PHP and a NodeJS implementation of the "Data Workers" toolkit to easy the "semantification" of the data collected from external services (SPARQL queries build, metadata retrival and storage, relationships creation...), some sample software component to import existing data into the semantic graph and keep it synchronized with backend sources (primarily: emails and calendars), and a proof-of-concept application to showcase the potentials of the semantic web applied to personal linked data.

As Solid may be self-hosted or hosted by third-party providers, Solid Data Workers may be attached to hosted or self-hosted instances and to different backend services.

>> Read more about SOLID Data Workers

Spectrum

Spectrum is an implementation of a security through compartmentalization based operating system, built on top of the Linux kernel. Unlike other such implementations, user data and application state will be managed centrally, while remaining isolated, meaning that the system can be backed up and managed as a whole, rather than mixed up in several dozen virtual machines. The host system and isolated environments will all be managed declaratively and reproducibly using Nix, the purely functional package manager. This will save the user the burden of maintaining many different virtual computers, allowing finer-grained resource access controls and making it possible to verify the software running across all environments. The Linux base, and a variety of isolation technologies from containers to virtual machines, will bring security through compartmentalization to a much wider range of hardware than previous implementations, and therefore make it accessible to many more people.

>> Read more about Spectrum

Standard Cell Library

Without having an open standard cell library, any open hardware project depends on unknown components. This significantly hampers innovation, and is on the critical path of delivering truly open hardware chips. LibreSilicon's approach to this problem is generative, working from a (potentially verifiable) algorithm for automated sizing of transistors. All commercial available Standard Cell Libraries contain a small subset of all useful cells only, limited by the manpower of the vendor. They are hand-crafted and error-prone, and typically require Non-disclosure agreement (NDAs) while heavily depending on the underlaying PDKs - meaning that the outcome is hard to verify and trust. Goal it so produce a production quality free and open source Standard Cell Library.

>> Read more about Standard Cell Library

Suhosin-NG

The PHP programming language was invented by Danish programmer Rasmus Lerdorf in 1994. The language is actively used by millions of websites through popular tools such as WordPress, Owncloud and Wikimedia. Suhosin-NG (next generation) will significantly improve the security of web applications running with PHP 7, and help thwart popular web attack vectors aimed at PHP based websites. Already existing ideas from the Suhosin project for PHP 5 will be gathered in addition to implementing a number of new ideas to improve the overall security stature of PHP 7. This concerns harnessing new features of the language, mitigating security risks in the default configuration and improvements to the runtime behaviour. In practical terms the project will implement these by extending the PHP extension Snuffleupagus, that already provides a good basis for hardening PHP 7. The project's goal is to provide software and documentation for setting up a PHP 7 environment in the most secure way possible.

>> Read more about Suhosin-NG

Sylk Client

Internet communications privacy is important to users, and there is a limited set of encrypted multiparty audio and videoconferencing solutions available to consumers and businesses today. The market, predominantly occupied by proprietary services that often require risky plugins, lack introspection and transparency, proved to expose users to significant security and privacy issues. This trend must be counteracted by better open source equivalents.

SylkSuite, composed by SylkServer and SylkClient is a clean and elegant open source multiparty conferencing solution for both the client and a server written in Python. SylkSuite allows groups of users to communicate privately with rich multimedia, accessed through different protocol stacks. SylkSuite allows bridging SIP clients, XMPP endpoints and WebRTC applications by using Janus backend.

The developers have a focus on strong interoperability based on the use of open standards.

>> Read more about Sylk Client

Sylk Mobile

Internet communications privacy is important to users, and there is a limited set of encrypted multiparty audio and videoconferencing solutions available to consumers and businesses today. The market, predominantly occupied by proprietary services that often require risky plugins, lack introspection and transparency, proved to expose users to significant security and privacy issues. This trend must be counteracted by better open source equivalents. Sylk Mobile provides a multi-party video encrypted conferencing solution mean to run on an end user computer or a mobile device. It is based on the WebRTC standard, and has a focus on user privacy and easy of use.

>> Read more about Sylk Mobile

The Libre RISC-V SoC, Formal Correctness Proofs

Hardware projects like the Libre RISC-V SoC Project involve writing an inordinate amount of comprehensive unit tests to make sure everything functions the way it should. This is a critical and expensive part of the overall design process. Formal Mathematical Proofs (already quite popular in secure software development) provide an interesting alternative for several reasons: they're mathematically inviolate, which we believe makes them more trustworthy. And they are simpler to read and much more comprehensive (100% coverage), saving hugely on development and maintenance. From a security and trust perspective, both aspects are extremely important. Security mistakes are often accidental due to complexity: a reduction in complexity helps avoid mistakes. Secondly: independent auditing of the processor is a matter of running the formal proofs. The project aims to provide proofs for every module of the Libre RISC-V SoC, and therefore contributes significantly with the larger goal of developing a privacy-respecting processor in a way that is independently verifiable.

>> Read more about The Libre RISC-V SoC, Formal Correctness Proofs

The Libre RISC-V SoC, Formal Standards Development

The Libre SoC was first funded from NLnet in 2018. This was for the core of the project, based on an informally-developed Hybrid CPU-GPU 3D instruction set that had been written (and implemented in a simulator) in the 18 months prior to contacting NLnet. During the implementation it became clear that a lot more work is needed, and, further, that to meet proper transparency criteria, the proposed instruction set enhancements would need to be properly written up. In addition, negotiations and communications with the Standards Body responsible for POWER ISA (the OpenPower Foundation) also needed to be taken into consideration. The goal of this project is to deliver on those requirements, and achieve full transparency and understanding of the Libre SoC.

>> Read more about The Libre RISC-V SoC, Formal Standards Development

The Libre-RISCV SoC, Coriolis2 ASIC Layout Collaboration

One of the key issues in a trusted, trustable ASIC is for the toolchain to be libre-licensed, so that there is no possibility for

hardware-level spying or backdoor compromises. The Alliance / Coriolis2 ASIC layout toolchain by LIP6.fr is one of the leading tools in this area. The Libre RISC-V SoC is another project being funded through NGI Zero, and at this moment that project needs to get beyond FPGA-proven status. The challenging next phase is to do an actual ASIC layout. With the System-on-Chip being developed in nmigen (a python-based HDL), Alliance / Coriolis2 also makes sense as it is written in Python as well. The funding will go towards doing an ASIC layout in 180nm.

>> Read more about The Libre-RISCV SoC, Coriolis2 ASIC Layout Collaboration

The Libre-RISCV SoC, Video Acceleration

The Libre RISC-V SoC Project, has been funded by NLNet to get to FPGA-proven status. This was for the "core" (the main processor). One of the next, specialist, phases, is to ensure that its capabilities are useable to perform Video Acceleration. To do so, Video Software such as ffmpeg, gstreamer and their low-level libraries need to actually use the hardware-accelerated capability. A "normal" commercial processor usually has a separate proprietary VPU, along with proprietary software: both unfortunately are vectors for attack against users, undermining trust and privacy. Without access to Video Acceleration, users are left with the stark choice: be compromised, or don't watch any video, period. This project therefore provides a commercial-grade Video Decoder (minimum 720p) and helps restore trust in the software *and* hardware.

>> Read more about The Libre-RISCV SoC, Video Acceleration

Thunderbird - native EteSync integration using TbSync

EteSync is a secure, end-to-end encrypted and privacy respecting sync solution for contacts, calendars and tasks. It protects user data by encrypting it and decrypting it on the end user device, meaning that the user does not have to trust the service provider. Etesync is being developed with support of NGI Zero. This project is adding native sync support for EteSync to the popular Thunderbird mail client (via the existing TbSync which is about to be integrated into Thunderbird) in order to drastically lower the entry threshold. This will allow even non skilled users to fully protect their data with end-to-end encryption. Setup will just involve (auto-)installing an add-on and entering credentials, and selecting which resources should be synchronized.

>> Read more about Thunderbird - native EteSync integration using TbSync

TLS-KDH mbed

TLS-KDH (http://tls-kdh.arpa2.net/) is a mechanism that adds Kerberos authentication to the Transport Layer Security (TLS) network protocol. TLS-KDH is developed under the flag of ARPA2 (www.arpa2.net) and is formalized in the form of a draft Internet specification. Furthermore, a successful prototype implementation has been built and integrated into GnuTLS. Making this prototype code production ready is well underway and in its final stage. In order for TLS-KDH to become an Internet Standard the IETF requires at least two working implementations. To provide the IETF with two TLS-KDH implementations and to address the embedded world with a TLS-KDH capable TLS library we chose MbedTLS as our second library. The TLS-KDH mbed project's goal is to implement the TLS-KDH functionality in the MbedTLS library. But why do we want to implement Kerberos authentication in the first place? Well first of all, the Kerberos protocol is quantum computer proof. That means that we can use this mechanism in the (future) presence of quantum computers. Since TLS is one of the most widely used security protocols on the present Internet having such mechanism would be a welcome addition. Secondly, Kerberos employs a centralized architecture as opposed to X.509 which is distributed. Adding TLS-KDH gives the user a choice which architecture (and implied pros and cons) to use. For a more extensive overview of advantages of TLS-KDH we refer to the project's homepage (http://tls-kdh.arpa2.net/).

>> Read more about TLS-KDH mbed

Tracking the Trackers

F-Droid is a free software, community app store that has been working since 2010 to make all forms of tracking and advertising visible to users. It is the trusted name for privacy in Android, and app developers who sell based on privacy make the extra effort to get their apps included in the F-Droid.org collection. These include Nextcloud, Tor Browser, TAZ.de, and Tutanota. Auditing apps for tracking is labor intensive and error prone, yet ever more in demand. Our tools already aide F-Droid contributors in this process. This project creates new tools using machine learning to drastically speed up this process by augmenting the human review process. Since the prime motivation of the F-Droid community is ethical software distribution, algorithms will never replace humans in making ethical decisions. We will also explore using machine learning to detect tracking in a more generic way, without requiring manually compiled lists of key information. The resulting tools will be generally available for any use case needing to reliably detect trackers in Android apps. This builds upon our collaboration with Exodus Privacy and LibScout.

>> Read more about Tracking the Trackers

Universal DID Resolver and Registrar

The Universal DID Resolver and Registrar are open-source software components that implement Decentralized Identifiers (DIDs). DIDs lie at the heart of an emerging technical and social paradigm known as "self-sovereign identity" (SSI), which allows individuals, organizations, and things to create and manage their digital identities without dependence on any central authority or intermediary. This technology is highly aligned with Next Generation Internet values such as human-centricity, openness, trust, and reliability. DIDs as a building block for protocols are of similar importance to Internet infrastructure as other identifiers such as domain names or e-mail addresses. The Universal DID Resolver and Registrar are aligned with corresponding W3C standardization efforts. Development and maintainance of the code takes place in close collaboration with relevant community and industry stakeholders such as the Decentralized Identity Foundation, uPort, Jolocom, Sovrin, Civic, Veres One, Blockstack, ERC725 Alliance, etc.

>> Read more about Universal DID Resolver and Registrar

ValOS Cryptographic Content Security project

ValOS (Valaa Open System) is a project pushing programming to become a civic skill. It’s a decentralized software development architecture that empowers beginners with little training or prior experience to create practical web applications. ValOS applications and data are created, stored and distributed as event streams. ValOS Gateway is a JavaScript library that acts like a browser: it connects to event streams, reduces them into applications and provides means to induce new events. ValOS Cryptographic Content Security project focuses on enhancing the infrastructure level security of ValOS through event log hash chaining, end-to-end encryption and other features.

>> Read more about ValOS Cryptographic Content Security project

Verified Differential Privacy for Julia

Differential privacy can be used to prevent leakage of private information from published results of analyses performed on sensitive data. Doing so correctly requires handling the extra complexity introduced by this technique, on top of the complexity of the analysis procedure itself. A proposed relief comes in the form of type systems. They allow tracking privacy properties of functions in types, where successful typechecking is equivalent to proving sound privacy guarantees. This aids the programmer in reasoning about code, detects implementation errors that are really hard to notice before one falls victim to privacy breach, and can give formal guarantees to the people whose privacy is claimed to be protected. This project will implement a typechecker based on the type system of the Julia programming language. Julia is a high-level, high-performance, dynamic programming language. While it is a general purpose language and can be used to write any application, many of its features are well-suited for high-performance numerical analysis and computational science. This should enable data scientists to compute privacy guarantees for any Julia function before they start working with real user data.

>> Read more about Verified Differential Privacy for Julia

Verifpal

Verifpal is new software for verifying the security of cryptographic protocols. Building upon contemporary research in symbolic formal verification, Verifpal’s main aim is to appeal more to real-world practitioners, students and engineers without sacrificing comprehensive formal verification features.

In order to achieve this, Verifpal introduces a new, intuitive language for modeling protocols that is much easier to write and understand than the languages employed by existing tools. At the same time, Verifpal is able to model protocols under an active attacker with unbounded sessions and fresh values, and supports queries for advanced security properties such as forward secrecy or key compromise impersonation.

Verifpal has already been used to verify security properties for Signal, Scuttlebutt, TLS 1.3, Telegram and other protocols. It is a community-focused project, and available under a GPLv3 license.

>> Read more about Verifpal

VFRAME: Visual Defense Tools

Visible data shares many of the same risks as wireless data yet visual privacy is often overlooked in the field of information security studies as separate and less relevant. As computer vision becomes increasingly adept at understanding the visual domain, differences between existing protocols for processing wireless data and emerging protocols for processing visible data (computer vision) become less apparent. Ultimately, images and video are wireless data too, and they are exposed to an increasing number of attacks on visual information privacy with less technologies for protection. Visual Defense Tools will explore and prototype computer vision methods for visual privacy through visual obfuscation and minimization techniques, mostly related to biometrics. The goal will be to build a conceptual road map and functional open-source prototypes to stimulate future development of more accessible visual privacy technologies.

>> Read more about VFRAME: Visual Defense Tools

video box

The goal of the FOSDEM video box project is to develop a cheap, compact, open hardware & free software video-to-network solution. Initial motivation came from scratching our own itch: replacing 60 bulky, costly, not entirely free boxes currently used at the https://fosdem.org conference. Several other conferences have already used the current setup successfully. We expect this number to grow in the future. The solution being free software and open hardware should make it flexible to adapt to different environments, like education. Being cheap and compact encourages experimental use in areas difficult to foresee. On the hardware side, we use the open hardware Olimex Lime2 board (EU built!) as a base. We plan an open hardware hdmi input daughterboard, iterating on a simplified prototype that helped us verify feasibility. On the software side, the core Allwinner A20 chip has attracted a lot of free and open source development already. That enables us to focus our efforts on optimising video encoding on this platform from a hdmi signal to a compact network stream.

>> Read more about video box

Video chat privacy

Making video calls can be very invasive to privacy: the camera does not only capture the face and posture of the person talking, but will in fact capture the entire environment in glorious high definition - from the books in your bookshelf to family members or laundry rack behind you. This information is of no interest to the other end, but with a camera you have little choice: once you slide open the camera cover, it takes everything within the field of view and broadcasts it to the other side. This project aims to use advanced AI technology to edit the video feed in real-time, and apply various privacy enhancements such as removal of backgrounds.

>> Read more about Video chat privacy

Virtualizing device firmware

Recent targets of attacks on infrastructure did not come from powerful computers, but instead from consumer electronics devices. The most widely known example of this is the Mirai botnet, where consumer grade IP cameras were infected, added to a botnet and then used in wide scale attacks in a rather devious way: the original functionality of the device was left untouched, meaning that users either didn’t notice that their device had been taken over, or weren’t bothered by it. This projects aims to provide a way to virtualise such an IoT device and integrate it with an existing honeypot framework to see how the malware is inserted and how botnets operate. The goal is to extract a firmware from an existing device and use that as the base for the virtualisation. The same setup can also be used to systematically check for undocumented behaviour of firmware.

>> Read more about Virtualizing device firmware

Vita

When the IP protocol was designed, its original authors did not add adequate security features. In 1994 the first official RFC concerning an end-to-end encrypted variant of IP called IPSEC was published after a number of years of standardisation work in the IETF. Almost a quarter of a century later, there is still a very limited set of implementations of the protocol. IPSEC is perceived by many as hard to deploy, which creates a chicken and egg situation in driving adoption. Vita is a fresh new implementation of IPSEC based on Snabb Switch, a high performance open source packet networking toolkit. The goal of Vita is to make it very easy to use IPSec on commodity hardware, and to produce a fast and compliant clean room implementation. Vita previously received funding from the Internet Hardening Fund. This project will move the deployability of Vita forward, and among others will produce a number of drivers for interfacing with e.g. high speed interfaces such as the Linux kernel. It limited size and use of an existing packet networking toolkit means it can be easily audited.

>> Read more about Vita

Web Shell

The WebShell project aims to define and implement a new secure dataflow and the accompanying APIs for allowing users to use their files in Web apps without authorizing the apps to access the user's file storage. At its core, WebShell consists of a container single-page application which can open remote components (primarily apps and file-system adapters) in sandboxed iframes and communicate with them through HTML5 message channels using the defined APIs. WebShell provides for file operations and the required UI (file menus, toolbars, dialogs) to support the familiar file operations (new, open, save, etc.) while apps merely implement serialization and deserialization of an individual file's content, after the user's explicit request. The project will build a fully-featured WebShell Desktop container, as well as a minimal WebShell container for testing and easy deployment of single apps. In addition, we will integrate a starter set of editor apps for common file types and a starter set of file system adapters, concentrating primarily on self-hosting and non-commercial web storage solutions like remotestorage.io and Solid storage.

>> Read more about Web Shell

Wireguard

WireGuard is a next generation VPN protocol that uses state of the art cryptography. One of the most exciting recent crypto-networking developments, WireGuard aims to drastically simplify secure tunneling. The current state of VPN protocols is not pretty, with popular options, such as IPsec and OpenVPN, being overwhelmingly complex, with large attack surfaces, using mostly cryptographic designs from the 90s. WireGuard presents a new abuse-resistant and high-performance alternative based on modern cryptography, with a focus on implementation and usability simplicity. It uses a 1-RTT handshake, based on NoiseIK, to provide perfect forward secrecy, identity hiding, and resistance to key-compromise impersonation attacks, among other important security properties, as well as high performance transport using ChaCha20Poly1305. A novel IP-binding cookie MAC mechanism is used to prevent against several forms of common denial-of-service attacks, both against the client and server, improving greatly on those of DTLS and IKEv2. Key distribution is handled out-of-band with extremely short Curve25519 points, which can be passed around in the likes of OpenSSH. Discarding the academic layering perfection of IPsec, WireGuard introduces the idea of a "cryptokey routing table", alongside an extremely simple and fully defined timer-state mechanism, to allow for easy and minimal configuration; WireGuard is actually securely deployable in practical settings. In order to rival the performance of IPsec, in addition to cross-platform implementations, WireGuard is implemented inside the Linux kernel, but unlike IPsec, it is implemented in less than 4,000 lines of code, making the implementation manageably auditable. These features converge to create an open source VPN utility that is exceedingly simple, yet thoroughly modern and secure.

>> Read more about Wireguard

Wireguard Rust Implementation

WireGuard is an emerging open VPN protocol, WireGuard stands out from similar solutions, notably OpenVPN and IPSec, by being significantly simpler and hence easier to analyze and implement. WireGuard is currently available on Linux, Windows, MacOS,iOS, Android and BSD variants. WireGuard-rs will be an implementation of WireGuard in the Rust systems programming language. The WireGuard projects desire for a Rust userspace implementation, stems from the improved speed, memory consumption and safety guarantees offered by the Rust language, all of which are essential to the nature of the WireGuard project: a high performance, high security VPN. This implementation will be targeting userspace for Linux, Windows, MacOS and BSD variants.

>> Read more about Wireguard Rust Implementation

Wireguard Windows client

WireGuard is a next generation VPN protocol that uses state of the art cryptography. WireGuard allows to safely tunnel traffic across the internet. WireGuard presents a new abuse-resistant and high-performance alternative based on modern cryptography, with a focus on implementation and usability simplicity. It intends to be considerably more performant than OpenVPN. WireGuard is designed as a general purpose VPN for running on embedded interfaces and super computers alike, fit for many different circumstances. While still under heavy development, it is regarded by many as the most secure, easiest to use, and simplest VPN solution in the industry. Initially released for the Linux kernel, it is now cross-platform and the open source technology is ready for wide deployment. Unfortunately, WireGuard support on the widely used Microsoft Windows operating system is still immature and experimental. This makes the technology unavailable to many desktop and notebook users. This project will deliver the first stable Windows version.

>> Read more about Wireguard Windows client

Wishbone Streaming

On System-on-Chips (SoC) the commercial grade bus infrastructure is covered by patents and at best available "royalty-free" (but with no ability to change). A serious alternative with significant adoption is the Wishbone SoC Bus, which is an Open Standard but does not yet have a "streaming" capability. That capability is needed for high-throughput data paths and interfaces. This project will provide an enhancement to the current Wishbone SoC Bus specification, provide Reference Implementations and Bus Function Models (BFM) to easily allows unit tests for all Wishbone BFM users. For demonstration purposes the project will implement an example peripheral to prove the overall concept.

>> Read more about Wishbone Streaming

YunoHost and the Internet Cube

YunoHost is a free and open-source server distribution that provides a self-hosted alternative to commercial centralized services, and allows people to take back control over their data. Yunohost aims to make server administration accessible to the general public and ultimately make personal servers as common as desktop computers. Based on YunoHost, the Internet Cube project develops an affordable plug-and-play server that can be bought and easily deployed at home by the general public. In addition to its self-hosting capabilities, it provides a privacy-enhancing WiFi hotspot which protects its users from censorship and metadata leaks. And because it is low-power, it can be used even in remote and offline situations.

>> Read more about YunoHost and the Internet Cube

Zerocat Chipflasher Flashrom Interface

The Zerocat Chipflasher Project aims to provide a fully user controlled electronic device, that helps users to remove the proprietary BIOS firmware from their laptops. The tool allows them to instead run verifiable and Free Firmware, produced by the Coreboot and Libreboot project. Proprietary BIOS is opaque with regards to functionality, and may contain known and unknown security issues. Also controversial elements like the Intel Management Engine can be deactivated. The project helps to empower everyone to create trustworthy digital hardware on her or his own and has been successfully certified by the Respects-Your-Freedom (RYF) Certification Program, set up by the Free Software Foundation in Boston, USA. The device combines the Do-it-Yourself concept with free-design hardware development, even down to chip level. This is achieved by skipping convenient functionalities which would require chips of a proprietary design and by instead using a free-design microcontroller, only. The flasher’s integration into the grid of related existing free software projects yet is to be improved by an additional interface and an in depth firmware review.

>> Read more about Zerocat Chipflasher Flashrom Interface

ZSipOs

ZSIPOs is a fully open source based encryption solution for internet telephony. It takes the shape of a little dedicated gadget you connect with a desktop phone. At its core the device does not have a normal chip capable of running regular software (including malware) but a so called FPGA (Field Programmable Gate Array). This means the device cannot be remotely updated (secure by design): the functionality is locked down into the chip, and the system is technically incapable of executing anything else. This means no risk of remote takeover by an attacker like with a normal computer or mobile phone connected to a network like the internet. The whole system is open hardware, and the full design is available for introspection. Normal users and security specialists get transparent access to the whole system and can easily check, what functionality is realized by the FPGA. This means anyone can verify the absence of both backdoors and bugs. ZSIPOs is designed to be fully compatible with the standard internet telephony system (SIP) which is the one used with traditional telephony numbers. The handling is done in principal by a regular internet phone (Dial, Confirm once – done). The cryptographic system is based on the standard RFC 6189 - ZRTP (with “Z” like Phil Zimmermann, the father of PGP), meaning it can also be used when using internet telephony on a laptop or mobile phone - of course without the additional guarantee of hardware isolation. There is no need to trust in an external service provider to establish the absolute privacy of speech communication. The exchange and verification of a secure key between the parties ensures end-to-end encryption, meaning that no third party can listen into the call. To that extent the device has a display to exchange security codes. The same approach can also also used for secure VPN Bridgeheads, secure storage devices and secure IoT applications and platforms. The ZSipOS approach is an appropriate answer on today security risks: it is completely decentralized, and has no dependency on central instances. It has a fully transparent design from encryption hardware to software. And it is easy to use with hundreds of millions of existing phones.

>> Read more about ZSipOs

Calls

Send in your ideas.
Deadline June 1st, 2020.

 
Help fundraising for the open internet with 5 minutes of your time

Project list

Project abstracts