wiki:RolePlay

Version 6 (modified by Jamie McClelland, 12 years ago) (diff)

--

This description of a roleplay to demonstrate security practices relate to a workshop being planned for nyc_anarchist_book_fair_2008.

Security demonstration

For this demonstration we'll need a bunch of volunteers.

  • 2 people on opposite sides of the room, mail provider X and mail provider Y.
  • 6 e-mailers:
    • A@…
    • B@…
    • C@…
    • D@…
    • E@…
    • F@…

We can add more folks if we want more successfully sent messages.

  • 1 "You've got mail" person.

Instructions/demonstrate the "mail sending"

I'm Jon@X.com. I want to send a message to Jamie@Y.com. So I write it, and I put Jamie's name on the top, and give my message to X.com. They see that it's for Y.com, and they pass it along to a number of other computers until it reaches the Y.com computers. Next time Jamie decides to check his e-mail, he gets a copy from Y.com. He can reply and send it back, or forward it to someone else.

Since we're on a schedule, I'm going to ask that folks please follow the directions they're given and not decide to send e-mail via paper airplanes etc.

Normally, we don't see this process, so I'm going to ask person B-F to leave the room. The "You've got mail" person will tell you to come in when it's your turn to check your e-mail.

People B-F are handed written instructions (see below) and leave the room. Everyone's instructions have a note at the top asking them to please not share their instructions with others.

Person A starts by sending a message (sending a message means writing it down and then reading it aloud for everyone in the room to hear (but not for the recipient, who is out of the room). When it reaches the mail server for person B, person B is invited into the room and is handed the message. They read the message out loud.

Then, person B sends their message and this continues until everyone has returned to the room.

As each person sits down after sending their message, we ask them to please not say anything to the folks who check mail after them.

Scenarios

Person A

Instructions Send a message with a short incriminating phrase of your choosing to person B. If you can't think of one, use "I bought the dynamite." When you're done, have a seat.

Action Email is successfully delivered

Person B

Instructions You're expecting a message about an upcoming action. Write a message telling your companer@ C when you'd like to plan a scouting run. Plan it for nighttime some time in the next week. Send it when you get an e-mail from person A. After you send your e-mail, have a seat in the room.

Action Police ask a router to hand them the message when it comes to them, take a picture of the message

Person C

Instructions You are planning an action. You are expecting a message from person B about a scouting run in the next week.

Write a message that says, "We'll do the action on the night of _ _ ." When you get the message from person B, fill in a date a few days after the date of the scouting run and put it in the envelope, which represents encryption. Put the address of person D and a subject on the outside of the envelope and send your e-mail. After you send it, have a seat in the room.

Action Police say out loud: Hm. I can't read this message because it is encrypted! However, that won't stop me from replacing it with my own encrypted message that says, "The action is on. Scouting run on Monday at noon."

Person D

Instructions You are planning an action. You are expecting a message from person C about when the action should take place.

Forward that information to person E. Put a note at the top like, "FYI, here's the info." Make sure to encrypt the message by putting it in an envelope. Put the address of person E and a subject on the outside of the envelope Also, sign the envelope with your name across the flap so they know the message came from you. After you send the message, have a seat in the room.

Action I still can't read it, and it appears to be signed. But, what's to stop me from replacing it and signing it mysefl?

Person E

Instructions You are planning an action. Person D will forward the info on the action to you. You should forward it to person F.

Make sure to encrypt the message by putting it in an envelope. Put the address of person F and a subject on the outside of the envelope Also, sign the envelope with your name across the flap so they know the message came from you. After you send the message, have a seat in the room.

Once everyone else (except you and person F) have entered the room, write your signature on a piece of scrap paper and give it to person F and say: "Here's my signature. Keep it so if you receive an email from me, you'll know it's really me."

Action Same as before - police switch out envelope, but with bad signature.

Person F

As the last person, you won't be sending e-mail, just receiving.

However, just before person E enters the room to check e-mail, have an in-person meeting with person E. Ask them to write their signature for you.

When you receive the email from Person E, be sure to compare the signature

Action Compare signature and they don't match