Side channels and back doors

[chan] Crypto-Anarchist Federation
Jul 26 04:58

In this chan I have read that there are side channels over which data is tagged with serial numbers. Would someone explain how this happens and the mechanics of it? Specifically, how is my new computer, fresh out of the box, having its traffic tagged with hardware serial numbers?

[chan] Crypto-Anarchist Federation
Jul 26 16:16

Yeah, I also would be interested in how they achive that. Especially what "tagged" would mean in that context (on network-level).

[chan] Crypto-Anarchist Federation
Jul 26 17:28

Do you mean what the spam said?

[chan] Crypto-Anarchist Federation
Jul 26 22:57

looks to be no answer forthcoming maybe this tagging is conspiracy theory

Jul 27 08:51

Ok, I am very busy today, but I am going to take the time to answer you. It is definitely not a conspiracy theory. A proof on concept of such malware has been done by a Crypto-Anarchist comrade for the CCC conference two years ago. It took him, alone, less than 30 days to implement it. I'll post the link to the video of his conference, but I have to dig a little to find it, and I don't have the time for that now. Sorry. But I've absolutely no interest in lying. The conclusion is that if it took only 30 days for a single man to create such malware, how long would it take for agencies like NSA (Or whatever) to do the same ? mhhh ? Now, let's answer your question more technicaly : There are many ways to do this tagging. You have to visualize the hardware architecture of our PC's and microprocessor based systems to understand it. - A first simple approach, the one that was done by this hacker, for his PoC, is simply infecting the computer with a malware, running in supervisor (kernel mode) or even hypervisor mode, on the main computer, on the main microprocessor. This approach is the easiest to implement, but also the most simple to detect, as long as the malware resides in the main microprocessor space, i.e "The computer". But why do I say the main microprocessor ? Because there are many other places where such tagging operation can be done. A PC is not a single microprocessor system, contrarily to what "ignorant" people think. Indeed, in modern computers, there many subsystems that are indeed full autonomous computers, with their own embedded OS/RTOS. For example, in all PC's, there is a component called the "Gluechip", or the "Chipset", also called "North Bridge and South bridge". See here for a pictuer of a PC architecture, you'll see the north and south bridges : Read this to understand more PC's architectures : If I were the NSA, i would implement such malware not within the "main processor space", because the malware can actually be easily detected, but I would implement it, idealy, into the south bridhe (ICH8 on the schema). Each bridge, north and south, are embedded computers, with their own cabled logic, controllers, microprocessor, RAM, Flash and RTOS/OS running inside. The most skilled hackers and agencies largely exploit security flow within these subcomputers to hide the most dangerous malwares. As you can see, it is the south bridge that handle the "Ethernet" Port on all PC's . I'd put this tagging malware into the south bridge, allowing alteration (tagging) of the TCP/IP data on the road... And as no antivirus can indeed have access to this subsystem's memory space, the malware is fully indetectable. Now, how to do this ? - By infecting a PC's south bridge with the malware. Such proof on concept (Infection of a south bridge to hide something inside it) has been demonstrated by a hacker at a CCC conference 3 years ago. - By a conpiracy consisting in shipping the PC's, worldwide, with all the south bridges already infected. From my experience, from what we learned from Snowden about NSA, I think agencies like NSA all prefer the "conspiracy" option. But both can be used, and believe me, both are used. Smaller agencies will have only the "power" to use the first strategy, the infection one, while bigger ones have the luxury to deplay the "conspiracy" one. As simple as this. My conclusion in that PC's architectures are sooooo shitty, so complex, so full of so many subsystems that are indeed fully autonomous computer systems, that there may be other 20 places to hide such malware indetectably in any computer. I think I answered your question. And as you see, it is definitely NOT a conpiracy theory. It is reality.

[chan] Crypto-Anarchist Federation
Jul 27 12:58

The solution then: A separate firewall device, custom made, through which all network traffic must go. This is coupled with a messaging and data protocol, which the firewall device understands, and can immediately detect and strip any tagging. The firewall must be hardwired, so it can't be flashed or injected. This could be done with a setup similar to a raspberry pi, but you would need a way to confirm the onboard chips are not back doored.

[chan] Crypto-Anarchist Federation
Jul 27 13:07

That didn't really answer my question. I mean I know the Design principals of modern PC-Architectures (Although that wasn't my major). What i'm more interested about is, how traffic gets actually tagged (e.g. on the ARP or IP layer). Since there is no reason to trust your Hardware anyway, I am more interested in how we could filter, alter or even spoof tagged packets.

[chan] Crypto-Anarchist Federation
Jul 27 13:26

> spoof tagged packets. This is actually far better than removing the packets because it increases the cost for the eavesdropper especially if hundreds or thousands are using the same spoofing scheme and pool of fake data.

Jul 27 21:34

Fighting the tagging is indeed fighting side channels. Side channels can be constructed on TCP/IP itself, it has been fully analyzed. TCP/IP is not a "side channel safe" protocol. But as TCP/IP possible side channels have been all found I think, it is possible to detect them, but well... the cost is that we would need to ensure the system doing so cannot be attacked, which is not the case. But let's imagine we would fix the side channels at TCP/IP level, higher protocols like HTTP(S) and so on, indeed all the protocols normalized by the W3C are just a paradise for those whishing to build side channel. There is many academic litterature available on these topics. This is why I have said that to improve BitMessage, the first thing must ensure, regarding anonymity, is to change what needs to be changed in the bitMessage protocol headers and so on so that no side channel can be build on top of it. But this is not enough, because qe have no warranties our protocol would be perfectly safe to side channels. To me, fighting side channel this way is a mistake, or let's say it's risky. It's better to assume we have not the knowledge to fight side channels completely, and choose a different strategy, the one I choose : Ensureing that even if they can create side channels over BitMessage protocol, they will have no usefull tagging information to put in them. This is what I did. Read carefully my papers and understand how the mono-socket Hardcoded trick works. There may be other solutions, but to me this one works. The issue issue we have then are the potential backdoors on FPGA's. I think I explained it all on my papers, and I sincerly think I solved the issue. We could build a stand-alone firewall based on the same principle, a mono-socket hardcoded firewall, it would allow other application to take avantage of this trick, and not only BitMessage. But there will be still this strict security procedure of maintaining all the fingerprints unknown. I sincerly think I fixed Tor for real in terms of anonimity, and I gave a perfect implementation for BitMessage.

[chan] Crypto-Anarchist Federation
Jul 27 21:55

What about runnig a program inside a virtual machine? I guess it will not help against hardware backdoors; but if software has any soft backdoors it should not be possible to read host machine serials numbers or get any other private info. Right?

Jul 29 16:25

It's useless. Agencies of the power like NSA can fuckeverything in hypervisor mode, or with things like Intel ME engine. There is no fix without open core open hardware like we are doing with the BitMessage Secure Station.

[chan] Crypto-Anarchist Federation

Subject Last Count
NATO member Turkey boast that Russian S-400 SAMs can take out American B-52s, F-22s and Tomahawks Sep 22 12:25 1
twister micro blogging Sep 21 23:12 5
BitText LIST Sep 21 12:33 1
bit text Sep 21 12:31 1
tor bridges Sep 21 09:42 2
gram: CHANBOT Response Sep 20 21:25 6
Feature Mashup Sep 20 20:01 9
oops: CHANBOT Response Sep 20 19:19 3
#cypherpunk EFnet Sep 20 08:21 5
Rewarded help needed for scanning old amazon (Or any other website) shipment barcodes (Reward $10 in Bitcoin per scan). Sep 19 22:19 1
wikileaks Russia spy files Sep 19 21:17 1 -- new low censor website Sep 19 15:31 3
[chan] Sep 19 15:28 1
Your privacy - VPN & Firefox (+ other Gecko browsers)* rev. 0.3.7 Sep 19 13:40 4
Wifi related dangerous fascist things you should all know. Sep 19 00:47 7
BitMessage Secure Station's architecture security review : White Papers & Publications about Designing Secure Hardware and fighting Hardware Backdoors. Sep 19 00:47 4
list Sep 19 00:46 2
Great article about fighting Hardware Backdoors and how to design secure open-hardware open-core systems (BitMessage Secure Station) Sep 17 11:57 1
Spy-o-cratie Sep 16 23:48 1
Bottle at the sea request about Raspberry Pi potential undocumented RF side channel. Sep 16 23:45 1
Native Oberon Sep 16 18:23 2
Papers Sep 15 13:43 8
SHARK - Secure Hash Algorithm Regenerative Keys Sep 15 06:01 3
A History of U.S. Communications Security (David G. Boak, NSA, 1973) Sep 15 05:59 2
BitMessage Secure Station open-core open-hardware "developer" version news : Git repository creation. Sep 14 17:08 17
I wouldn't recommend researching who is behind gangstalking Sep 14 08:20 2
BitMessage Secure Station open-core open-hardware "developer" version news. Sep 14 00:00 1
BitMessage Secure Station "version developer" security update Sep 13 20:53 1
A self-study course in block-cipher cryptanalysis Sep 13 13:14 2
ISS Space Station - Augmented Virtual Reality Sep 13 12:56 2
Bullshit: From Cold Fusion to Quantum Computers Sep 13 11:15 1
BitMessage Secure Station (Developer Version) open-core open-hardware project PCB routing advancement : 75% Sep 13 10:51 1
Anticipating the future : A Quantum Resistant Ledger white paper. Sep 13 07:40 1
First pics of the PCB of BitMessage Secure Station version "developper" with PIC 24 Microcontroller (And also Microstick2 compatible - Double implantation). Sep 11 13:10 1
BitMessage Secure Station news. Sep 11 11:51 16
Project Oberon - Publications by Niklaus Wirth Sep 11 07:08 1
OTP is not secure Sep 10 09:49 24
Tor relays Sep 9 08:34 4
3301: SWTOENGSSGNEOTWS Sep 9 05:58 6
Leaked document: EU Presidency calls for massive internet filtering Sep 7 11:54 1
Wow. $3500 secure cell phone platform. Sep 7 11:33 1
World's Most Secure OS now FOSS Sep 5 09:21 5
Is One-time Pad History? Sep 5 09:20 3
NSA is not what you are told Sep 4 19:40 1
NSA is able to decrypt SSL, 4G, VPN and SSH connections. Sep 4 12:08 1
NSA has infected 50,000 computers worldwide [state on 2013]. Sep 4 12:04 1
Flat earth We did'nt land on the Moon Former NASA Scientist admits Game over for NASA Sep 4 08:22 3
NASA comes clean declaring 'We Lied About Everything'. A MUST SEE'er Sep 4 06:16 1
Your privacy - VPN & FireFox (+ other Gecko browsers)* rev. 0.3.5 Sep 3 16:14 1
SHA-512 versus SHA3-512 Sep 3 02:23 41
bruh Aug 31 16:52 2
MINDMAPPING Aug 30 21:40 1
Putin's Reign of Terror, Part Two Aug 29 05:26 3
Question: Generating One-Time-Pads Aug 28 20:23 1
FAKE NEWS? Aug 27 22:21 1
fighting fascism? Aug 27 15:18 2
Stream cipher generation question Aug 27 11:17 11
ElectrumX Server back online Aug 27 00:13 1
New to BM- Security Question Aug 26 00:35 1
TOR hidden services addresses. Aug 25 23:26 1