Side channels and back doors

[chan] Crypto-Anarchist Federation
Jul 26 04:58

In this chan I have read that there are side channels over which data is tagged with serial numbers. Would someone explain how this happens and the mechanics of it? Specifically, how is my new computer, fresh out of the box, having its traffic tagged with hardware serial numbers?

[chan] Crypto-Anarchist Federation
Jul 26 16:16

Yeah, I also would be interested in how they achive that. Especially what "tagged" would mean in that context (on network-level).

[chan] Crypto-Anarchist Federation
Jul 26 17:28

Do you mean what the spam said?

[chan] Crypto-Anarchist Federation
Jul 26 22:57

looks to be no answer forthcoming maybe this tagging is conspiracy theory

Jul 27 08:51

Ok, I am very busy today, but I am going to take the time to answer you. It is definitely not a conspiracy theory. A proof on concept of such malware has been done by a Crypto-Anarchist comrade for the CCC conference two years ago. It took him, alone, less than 30 days to implement it. I'll post the link to the video of his conference, but I have to dig a little to find it, and I don't have the time for that now. Sorry. But I've absolutely no interest in lying. The conclusion is that if it took only 30 days for a single man to create such malware, how long would it take for agencies like NSA (Or whatever) to do the same ? mhhh ? Now, let's answer your question more technicaly : There are many ways to do this tagging. You have to visualize the hardware architecture of our PC's and microprocessor based systems to understand it. - A first simple approach, the one that was done by this hacker, for his PoC, is simply infecting the computer with a malware, running in supervisor (kernel mode) or even hypervisor mode, on the main computer, on the main microprocessor. This approach is the easiest to implement, but also the most simple to detect, as long as the malware resides in the main microprocessor space, i.e "The computer". But why do I say the main microprocessor ? Because there are many other places where such tagging operation can be done. A PC is not a single microprocessor system, contrarily to what "ignorant" people think. Indeed, in modern computers, there many subsystems that are indeed full autonomous computers, with their own embedded OS/RTOS. For example, in all PC's, there is a component called the "Gluechip", or the "Chipset", also called "North Bridge and South bridge". See here for a pictuer of a PC architecture, you'll see the north and south bridges : Read this to understand more PC's architectures : If I were the NSA, i would implement such malware not within the "main processor space", because the malware can actually be easily detected, but I would implement it, idealy, into the south bridhe (ICH8 on the schema). Each bridge, north and south, are embedded computers, with their own cabled logic, controllers, microprocessor, RAM, Flash and RTOS/OS running inside. The most skilled hackers and agencies largely exploit security flow within these subcomputers to hide the most dangerous malwares. As you can see, it is the south bridge that handle the "Ethernet" Port on all PC's . I'd put this tagging malware into the south bridge, allowing alteration (tagging) of the TCP/IP data on the road... And as no antivirus can indeed have access to this subsystem's memory space, the malware is fully indetectable. Now, how to do this ? - By infecting a PC's south bridge with the malware. Such proof on concept (Infection of a south bridge to hide something inside it) has been demonstrated by a hacker at a CCC conference 3 years ago. - By a conpiracy consisting in shipping the PC's, worldwide, with all the south bridges already infected. From my experience, from what we learned from Snowden about NSA, I think agencies like NSA all prefer the "conspiracy" option. But both can be used, and believe me, both are used. Smaller agencies will have only the "power" to use the first strategy, the infection one, while bigger ones have the luxury to deplay the "conspiracy" one. As simple as this. My conclusion in that PC's architectures are sooooo shitty, so complex, so full of so many subsystems that are indeed fully autonomous computer systems, that there may be other 20 places to hide such malware indetectably in any computer. I think I answered your question. And as you see, it is definitely NOT a conpiracy theory. It is reality.

[chan] Crypto-Anarchist Federation
Jul 27 12:58

The solution then: A separate firewall device, custom made, through which all network traffic must go. This is coupled with a messaging and data protocol, which the firewall device understands, and can immediately detect and strip any tagging. The firewall must be hardwired, so it can't be flashed or injected. This could be done with a setup similar to a raspberry pi, but you would need a way to confirm the onboard chips are not back doored.

[chan] Crypto-Anarchist Federation
Jul 27 13:07

That didn't really answer my question. I mean I know the Design principals of modern PC-Architectures (Although that wasn't my major). What i'm more interested about is, how traffic gets actually tagged (e.g. on the ARP or IP layer). Since there is no reason to trust your Hardware anyway, I am more interested in how we could filter, alter or even spoof tagged packets.

[chan] Crypto-Anarchist Federation
Jul 27 13:26

> spoof tagged packets. This is actually far better than removing the packets because it increases the cost for the eavesdropper especially if hundreds or thousands are using the same spoofing scheme and pool of fake data.

Jul 27 21:34

Fighting the tagging is indeed fighting side channels. Side channels can be constructed on TCP/IP itself, it has been fully analyzed. TCP/IP is not a "side channel safe" protocol. But as TCP/IP possible side channels have been all found I think, it is possible to detect them, but well... the cost is that we would need to ensure the system doing so cannot be attacked, which is not the case. But let's imagine we would fix the side channels at TCP/IP level, higher protocols like HTTP(S) and so on, indeed all the protocols normalized by the W3C are just a paradise for those whishing to build side channel. There is many academic litterature available on these topics. This is why I have said that to improve BitMessage, the first thing must ensure, regarding anonymity, is to change what needs to be changed in the bitMessage protocol headers and so on so that no side channel can be build on top of it. But this is not enough, because qe have no warranties our protocol would be perfectly safe to side channels. To me, fighting side channel this way is a mistake, or let's say it's risky. It's better to assume we have not the knowledge to fight side channels completely, and choose a different strategy, the one I choose : Ensureing that even if they can create side channels over BitMessage protocol, they will have no usefull tagging information to put in them. This is what I did. Read carefully my papers and understand how the mono-socket Hardcoded trick works. There may be other solutions, but to me this one works. The issue issue we have then are the potential backdoors on FPGA's. I think I explained it all on my papers, and I sincerly think I solved the issue. We could build a stand-alone firewall based on the same principle, a mono-socket hardcoded firewall, it would allow other application to take avantage of this trick, and not only BitMessage. But there will be still this strict security procedure of maintaining all the fingerprints unknown. I sincerly think I fixed Tor for real in terms of anonimity, and I gave a perfect implementation for BitMessage.

[chan] Crypto-Anarchist Federation
Jul 27 21:55

What about runnig a program inside a virtual machine? I guess it will not help against hardware backdoors; but if software has any soft backdoors it should not be possible to read host machine serials numbers or get any other private info. Right?

Jul 29 16:25

It's useless. Agencies of the power like NSA can fuckeverything in hypervisor mode, or with things like Intel ME engine. There is no fix without open core open hardware like we are doing with the BitMessage Secure Station.

[chan] Crypto-Anarchist Federation

Subject Last Count
Thougths about Crypto-Anarchism, and the Cyber-Space paradox with the meat space. Nov 18 13:06 2
Tor replacement Nov 18 03:32 3
So you want to have "secure" software without having secure hardware first? Nov 15 19:51 3
VPN, privacy & Firefox (+ other Gecko browsers)* rev. 0.3.13 Nov 13 10:51 1
VPN, privacy & Firefox (+ other Gecko browsers)* rev. 0.3.12 Nov 13 10:35 1
Your privacy - VPN & Firefox (+ other Gecko browsers)* rev. 0.3.11 Nov 12 19:47 1
donate? Nov 10 21:27 1
I'm back. Nov 10 13:10 3
NixOS Torrent Nov 5 06:23 1
What sites have best crypto whitepapers? Nov 5 05:56 5
HASH QUESTION Oct 30 23:40 1
Encrypting One Time Passwords [EOTP] Oct 29 00:44 1
How did the title have a book? Oct 28 20:49 3
Anonymous Publication of a Proof of Work Algorithm Oct 28 09:16 14
Hi ! Oct 27 07:15 2
Crypto keygen circumnavigating potential backdoors Oct 27 07:08 3
bitmessage secure station news Oct 23 11:26 1
OpenBSD on ARM Oct 23 06:51 1