FPGA Hardware backdoors, regarding « TOR/VPN fingerprinting family anonymity breach fix » with a custom FPGA based « Single Socket » Ethernet Controller.

[chan] Crypto-Anarchist Federation
Jul 6 12:03

Dear Crypto-Anarchist comrades, I had promised to write down a crypto-analysis of the solution I am proposing for the BitMessage Secure Station to fix TOR/VPN « fingerprinting family » identification technics used by spying agencies to track and desanonymize all TOR/VPN sessions. ◼︎◼︎◼︎◼︎◼︎◼︎ ◼︎ PART 1 ◼︎ ◼︎◼︎◼︎◼︎◼︎◼︎ ► Fingerprints and fingerprinting identification technics : As a reminder, this identification technic family, that cannot be patched by software (Because most fingerprints are coming directly from hardware and integrated circuits unerasable serial numbers, characteristics or functionalities), consists in tagging the whole TCP/IP traffic of a user, going through TOR or VPN’s tunnels, with any kind of « fingerprints » allowing the identification of a user, into hidden channels (or not) inserted into the TCP/IP traffic generated by the applications & OS running on the user’s computer. There are two kinds of « fingerprinting based identification technics » : ◼︎ The passive ones (No specific piece of malware needed to be installed on the target’s computer) : This family includes all the known passive fingerprinting identification technics performed through web browsers (. ◼︎ The active ones : They rely on a software implant, that can be installed persistently on the target’s computer, or be pre-installed in BIOS / OS or other computer subsystems at will (HDD, SSD, PCIe cards). Passive and active fingerprinting identification technics are well known, here is a paper written by fascist FEDS themselves describing them : http://cs.emis.de/LNI/Proceedings/Proceedings228/375.pdf ► The « Single TCP/IP socket » custom ethernet controller trick to disable the fingerprinting based identification technics : STMAN found this trick after studying for at least 5 years all the fingerprinting based identification technics, particularly regarding the well known TOR Browser that managed alone to destroy the whole (H)ac(k)tivists scenes worldwide, including groups like Anonymous, and pushed the whole international Free Press under the absolute control of fascist feds. Understanding how this trick stops the exploitation of all the fingerprinting based identification technics is rather simple : Building a dedicated FPGA based Ethernet Controller that « by design » can handle only one TCP/IP socket, to a fixed IP/PORT destination that are entered manually into a register into the FPGA, through a dedicated keyboard directly connected to the FPGA (To ensure no change can be made through software hacking technics of the IP/PORT of destination set into this custom made Ethernet Controller) prevents a infected computer running TOR from exploring the user’s LAN to hack other devices on the LAN in order to exfiltrate « fingerprints » that would allow the user identification. Doing so, the user has only to apply a simple security procedure consisting in keeping all the « fingerprints » coming from the computer running TOR through this special custom made Ethernet Controller unknown to FEDS. As you can understand, we don’t indeed fix the hardware fingerprints, which would require to build from scratch a computer exclusively made out of Free Integrated Circuits that by design would contain no fingerprints. Indeed, the best we can do and we actually do with this trick is : ◼︎ Keep all the hardware fingerprints (Integrated Circuits Serial Numbers, USB and other subsystems like HDD fingerprints & serial numbers, VGA/HDMI/DVI monitors serial numbers, DDRAM modules serial numbers) of the computer that is going to be used with TOR or VPN strictly untied to the user’s identity. This is indeed done through a security procedure consisting mainly in buying a dedicated computer in cash, and dedicate it exclusively for TOR anonymous usage, EXCLUSIVELY - NO EXCEPTIONS - or the whole theory is destroyed and fucked up. ◼︎ Connect this dedicated TOR computer (Low cost Raspberry Pi, without Wifi/bluetooth, is a perfect candidate) to the user’s LAN through the custom FPGA made « Single TCP/IP Socket » Ethernet Controller, that will prevent an attacker from hacking other devices on the user’s LAN in search of fingerprints on other devices that are known to spying agencies that keep collecting every fingerprint they can to associate them to identities thanks to huge database (NSA mastering this shit). In other words, what we do is to prevent exploiting successfully the fingerprints of the dedicated TOR computer on the user’s LAN. ◼︎◼︎◼︎◼︎◼︎◼︎◼︎◼︎◼︎◼︎ ◼︎ END OF PART 1 ◼︎ ◼︎◼︎◼︎◼︎◼︎◼︎◼︎◼︎◼︎◼︎ Next parts coming very soon.

[chan] Crypto-Anarchist Federation
Jul 7 22:24

Dear Crypto-Anarchist comrades, Here is the part 2 of my crypto-analysis. ◼︎◼︎◼︎◼︎◼︎◼︎ ◼︎ PART 2 ◼︎ ◼︎◼︎◼︎◼︎◼︎◼︎ ► FPGA Backdoors All what was said earlier would work perfectly if only we could be sure that the FPGA we are using are not backdoored. There has been several security researcher in some universities that discovered backdoors into some FPGA. This situation is not a surprise as long as agencies like NSA have backdoored almost all the integrated circuits available on the market. But FPGA are a special kind of integrated circuits, they consist mainly in a matrix of several dozen of thousands of CLB (Configurable Logic Blocks) and backdooring each CLB has indeed no interest. The only kind of backdoor that could logically be implemented into an FPGA, and that were discovered, are indeed the possibility to use the JTAG circuitry of the FPGA remotely through side/hidden channels. Such remotely controlled JTAG circuitry allows the owner of the backdoor to alter the configuration of all the CLB of the FPGA. Then we must also take care of how we going to initialize (configure) the FPGA. When powered up, FPGA have no configuration, and just after the power-up or a reset, the FPGA start its initialization sequence that consists in loading a Bitfile (A bitstream of data representing the configuration of all the CLB of the FPGA to obtain the desired cabled logical functions) from an external memory. FPGA usually have different ways to load the Bitfile from an external memory. Some booting mode of the FPGA load the data from a parallel bus, 8 bits or 16 Bits or 32 bits wide, from an external parallel bus memory, like an EPROM, while other modes allow the loading of the Bitfile from a microprocessor data bus, and others propose to use serial buses (I2C, SPI) to load the data from serial Flash memories. All those boot mode have their pros and cons. Using serial bus driven memories saves complexity and have a low pin count, but are relatively slow (It can take up to one second to have the whole Bitfile loaded into the FPGA), while parallel buses offer a very high loading speed, but use a larger pin count. As for FPGA, memories can be backdoored too, allowing the modification of their content by an attacker. And we are going to be obliged to take the backdoor risk into memories storing the Bitfile into account too. Another variable to take in account is the size of the Bitfile : Here is the Bitfile size for the Xilinx Spartan 6 FPGA family, from the smallest FPGA of this family (6SLX4 having 4000 CLB’s) to the biggest (6SLX150T having arround 150000 CLB’s). (Spartan-6 FPGA Configuration User Guide www.xilinx.com 75 UG380 (v2.7) October 29, 2014) Spartan-6 FPGA Bitstream Length Device Bitstream Length (in bits) 6SLX4 2,731,488 6SLX9 2,742,528 6SLX16 3,731,264 6SLX25 6,440,432 6SLX25T 6,440,432 6SLX45 11,939,296 6SLX45T 11,939,296 6SLX75 19,719,712 6SLX75T 19,719,712 6SLX100 26,691,232 6SLX100T 26,691,232 6SLX150 33,909,664 6SLX150T 33,909,664 In the BitMessage Secure Station, we are going to use two Spartan 6 LX 9 , that correspond almost to the smallest FPGA of the family. Such small FPGA should be enough to implement the « Single TCP/IP Socket Ethernet Controller » and the RNG generator + the SPI port firewall and protocol checker/proxy between the two Raspberry Pi of the BitMessage Secure Station. And this is a good news that our design can fit into small FPGA’s because as you can see, the Bitfile size stays relatively small. The Bitfile size has a direct impact on the kind of external memory that can be used to store it : Large Bitfile would not fit in the biggest EPROMs available on the market, and would force us to use a flash memory, while with smaller Bitfile size, we can still use EPROMs. And this is a very good news, because most Flash memories are backdoored, and their content can be modified, leading to a persistent compromission of the configuration of the FPGA, while EPROMs are not backdoored, and their content cannot be modified remotely : The EPROM needs first to be erased under ultra-violet light for 15 minutes before being completely « emptied » , and then programmed with a programmer. In other words, using Flash memories is the least secure way to work with FPGA, but it allow easier updates of the Bitfile, while EPROM are completely safe, but upgrading their content must be done with a programmer, and the EPROM must be erased with ultra-violet light. In other words, as our priority is security, we will use two of the largest EPROM available on the market to store the two Bitfiles of the two FPGA contained in the BitMessage Secure Station. This way we can ensure no hack of the memory can be done remotely through a backdoor. Now that we have, by design, choosen EPROMs as memory storage for the two Bitfiles to solve the backdoor problem of the memory storing the Bitfiles, let’s get back to analyzing the FPGA backdoors issues in theory, and then propose several tricks that should block their usage. ◼︎◼︎◼︎◼︎◼︎◼︎◼︎◼︎◼︎◼︎ ◼︎ END OF PART 2 ◼︎ ◼︎◼︎◼︎◼︎◼︎◼︎◼︎◼︎◼︎◼︎

[chan] general
Jul 8 06:57

Dear Crypto-Anarchist comrades, Here is the part 2 of my crypto-analysis. ◼︎◼︎◼︎◼︎◼︎◼︎ ◼︎ PART 2 ◼︎ ◼︎◼︎◼︎◼︎◼︎◼︎ ► FPGA Backdoors The least Secure Station we are a Bitfile into some universities that could must be used to store the smallest FPGA memories. The IP addresses, are relatively slow It Large Bitfile a microprocessor data representing the whole TCP Doing Here is a Crypto Anarchist comrades, Here is the IP is the only kind of the Xilinx Spartan FPGA usually have, no and fingerprinting identification technics, are not backdoored: and it the fingerprinting identification technics, the BitMessage secure Station. END of the a Bitfile into the Single TCP and would not backdoored, almost all the Single TCP and cons. Then we can still use a direct impact on the fingerprints: Integrated circuits that allow user s to be erased with this situation is the only a The hardware and we can be enough to hide IP is rather simple security researcher in other modes allow the EPROM are going a Low pin count, but It the only we are two of the backdoor Bitfile size, for minutes before being completely emptied and almost all the market and then we are coming very high loading a Flash memory storing The market and the EPROM while other words, using serial numbers, characteristics or alter the first part Dear Crypto Anarchist comrades, Here is the account is a surprise as a programmer, And provenly the configuration of the solution I Here is a backdoor that could be done installed on the whole Bitfile here is the hardware fingerprints serial numbers, bus, memory. Indeed The desired cabled logical functions, from representing the first Part I do and that by software persistent compromission of fascist Feds. This special kind of backdoor to have memories is the Bitfile size has a matrix programmer: and it the EPROM available on the memory, like VPN, can be modified only to be erased with a Bitfile size Of the Bitfile Here is a Crypto Anarchist comrades, here is the only kind of CLB of the Part I here is the FPGA, memories are relatively slow it Large Bitfile Here is the memory, storing like NSA have their pros and their pros and would require to implement the FPGA, we are fingerprints and their content must be done obliged to load the EPROM Bitfile smallest FPGA Bitstream of all the target s Because only on the account is the EPROM (available on the whole TCP and then the Bitfile size has only kind of the owner FPGA are using are doing Here is very high loading a matrix of the memory that should be modified remotely the other modes allow our design can do is a programmer and then propose several security we can ensure no interest; fingerprints of malware needed to load the Xilinx Spartan FPGA remotely the target s Spartan FPGA start its initialization sequence that FPGA usually have backdoored almost all the BitMessage Secure Station we are using are backdoored almost all the FPGA but emptied and other fingerprints integrated circuits available on The fingerprinting identification technics is the BitMessage Secure Station). TOR computer on The first Part of the other fingerprints, of The hardware and we don t indeed No interest. TOR computer, or bits or be installed in keeping several a surprise as agencies like Anonymous, and It can take the first part Dear Crypto Anarchist comrades (Here is the CLB has only on the other fingerprints and others provenly prevent not backdoored going to destroy the data representing the desired cabled logical functions from the other fingerprints of the two Bitfiles configuration of fingerprinting identification technics performed are going to destroy the a Bitfile BitMessage Secure Station we could be implemented into an external memory). This way we can be implemented into size, of malware needed to apply a computer on a TCP There are backdoored, fit in keeping all The Passive and then we going to destroy the only one TCP it allow user FPGA backdoors into all the user has only Part external memory, that by design, can ensure no configuration of external the backdoor that discovered (correspond almost all the BitMessage Secure Station we can see The target s computer low simple security researcher in tagging the whole Bitfile while EPROMs: are relatively not fit in the CLB s because as a software Because only on the computer on the power up FPGA contained In the Bitfile from Serial numbers characteristics or FPGA usually have different ways to all the thousands of Part Dear crypto Anarchist comrades here is a backdoor that the dedicated FPGA backdoors into some FPGA have of thousands of the market and this way we do almost to establish a serial Numbers USB and cons). All the smallest FPGA and provenly prevent them the fingerprints of data from an external memory that should be done remotely through contained to hide IP addresses are using are relatively slow It Large Bitfile loaded into account is security, we can be sure that we can take the user has of the smallest FPGA, we don t indeed the User has a programmer.

[chan3] general
Jul 8 07:26

First you should get rid of Intel ME Rootkit in your laptop if you have it.

Jul 8 11:13

Hello. I am perfectly aware of Intel ME + NSA shit in Intel processors. And this project, the BitMessage Secure Station, solves these issues, it was the main goal : Building a secure and-point to bypass all the bullshit of hardware backdoors, but also all the fuckeries done with software backdoors. I did what snowden said : I created a secure end-point. And it is hard work. Have a look at the architecture, and to the description of the project and you will understand : (The text is almost updated with latest architectural changes of the project) BitMessage Secure Station : An 100% Open-Core + Open-Hardware FPGA based Secure End-Point project : We are working on the development of a simple open-hardware dedicated platform, the "BitMessage Secure Station", that will allow BitMessage users to reach military grade anonymity and privacy protection : The biggest mistake (We call it betrayl) of all the security/privacy free tools developpers is that they never want to take in consideration that their tools would work well on a perfect secure non backdoored and non backdoorable / compromizable computer, which don't exist yet. And here I am clearly refering to the most important things Edward Snowden reminded us : "Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on. Unfortunately, endpoint security is so terrifically weak that NSA can frequently find ways around it." (Edward Snowden) Indeed, this project we are developping is aiming at solving the best as we can (Military grade) the issues Snowden perfectly described and reminded us about End-Points (Computers) weaknesses when connected to the internet, and we do it radicaly using the best state of the art known technics, consisting in using a double-computer architecture : The draft "BitMessage Secure Station" hardware is detailed here (Used for BitMessage software developpers as an early 'simple version SDK) : http://picpaste.com/BitMessageSecureStation-gYTXbL2l.png The final "BitMessage Secure Station" hardware architecture being here : http://picpaste.com/BitMessage_Secure_Station_V2-MWbERDLf.png The overall cost of a full "BitMessage Secure Station" should be less than 100€, accessible to everybody. We encourage other P2P applications developers to port their own software project to the BitMessage Secure Station hardware, and we are willing to help and support all those that will plan to do it. Please do not hesitate to contact us. As you will understand, this add-on project is not about, at least for the moment, doing any major change to the BitMessage software, but to create a dedicated hardware that solves security issues that cannot be solved by software with a "Mono-processor" architecture : In the architecture we are designing, we are using a 2 microprocessors + 1 microcontroller model : • A first computer (Low cost Raspberry Pi, accessible to everybody for 30$) connected to the internet, that must considered compromised. • A second computer (Low cost Raspberry Pi) fully air gapped from the internet, you will use this one to read/enter your messages securely. The drivers for the SPI Port handling on both Raspberry Pi will be developed in C, for Raspbian OS, so that Peter Surda can easily integrate then to the PyBitMessage software written in Python. • Interconnectiong both with an SPI synchrone serial port, but for added security, this serial port goes through a "Firewall", acting as the "Secure Element" of the overall system (Made out of a PIC 24 micro-controller), that will check & filter any kind of side channels attackers could try to build over our dedicated protocol over the SPI serial port, by ensuring the protocol defined for transferring data between the 2 computers is strictly respected, filtering at the same time all time-based side channels on the SPI serial port. • The PIC 24 Micro-controller handling two SPI serial ports and relayings data between each port bidirectionnaly, with its software highly secured (coded 100% in assembly language, with no OS and no LIBC libraries used, just handling interrupt routines and a few timers to make the secure element / firewall work). In the definitive version of the PCB, the PIC 24 Micro-controller will be replaced by a Xilinx Spartan 6 LX 9 FPGA, to implement a custom free and open non-backdoored microprocessor in the FPGA, and we will also take advantage of this FPGA to build our own hardware RNG that will be used by the Air-Gapped Raspberry Pi, integrating Cryptech open core FPGA based hardware RNG with two distincts entropy sources. In a final version, for added security, we will replace the FPGA based custom microprocessor + its software in assembly language by a new design where we will implement all those functionnalities made by software on this custom FPGA based microprocessor, by the equivalent fully hardcoded into the FPGA in the form of finite state machines, reaching above military grade security because there is no more processor and no more software running, having therefore an true software attack surface prooven null. At BitMessage software level, we are going to split the BitMessage software into two parts, one part running on the "non secure" Raspberry Pi, mainly handling all the P2P network connections and data broadcast throught the P2P network, and holding a new "CIPHERED-MESSAGES.DAT", while the second "Secure Air-Gapped" Raspberry Pi will hold all those important files (KEYS.DAT, and eventually a CLEAR-TEXT-MESSAGES.DAT caching the CIPHERED-MESSAGES.DAT but deciphered), and we will manage all cryptographic functions and end-user GUI. We are working with Peter Surda on how to adapt the BitMessage software to this "splitted" architecture in the most efficient way. With the BitMessage Secure Station, we are simply taking in account the best state of the art knowledge in defensive cyber security & crypto-anarchist tricks in order to build an "hardened end-point", that can resist "NSA & friends" or "competitors" grade military attacks, therefore truly and proovenly protecting you from : ► Keyloggers malware protection : It is achieved architecturaly by having a double processor system, with one computer being compromized and connected to the internet, and another one air-gapped and not connected to the internet : The messages in clear text are being entered on the computer not connected to the internet : Assuming that there is no side channel or hidden channel on the serial port connecting the two processors (Will be discussed below), even if there is a keylogger installer on the air gapped computer, it will not be able to transfer its data if we can ensure there is no side channel or hidden channels between the two computers. ► Keyescrow malware protection (Protection of KEYS.DAT and MESSAGES.DAT): Same as above. (Prevent the private keys used by BitMessage from being stolen by agencies/hackers) ► Hardware integrated circuits serial numbers fingerprinting identification technic protection when using TOR or VPNs : This problem is solved by dedicating a new hardware for the first computer, connected to the internet and that will be compromized, whose serial numbers where never associated to the user identity before : A brand new Raspberry Pi bought in cash in an electronic store is the perfect way to achieve this. It also mean dedicating this hardware exclusively for this usage, and never connect to it any device : Exemple : Never connect USB Flashdisc key to it, whose serial number, already associated to the user's identity, to it, because it would allow to extrapolate the identity to associate to the Raspbery serial number to the identity already associated with the USB Flashdisc key. Same thing for LCD screen : They transmit serial number (VGA, DVI, or HDMI) to the graphic card, and can have the same terrible effect as a USB flashdisc key. We will have to give the user a list I have already been working on for years, of all the parts or subsystems known in a computer to have serial numbers. Let's say this issue is a matter of respecting a strict security procedure. ► Hardware characteristics (Speed of each processor analysis) fingerprinting identification technic protection when using TOR or VPNs : Same as above. ► Keystroke timing fingerprinting identification technic protection when using TOR or VPNs : This problem is solved architecturaly exactly like the Keylogger protection above. ► Phrasing and wording fingerprinting identification technic protection when using TOR or VPNs : We can use a trick many hackers know, and implement a kind of wording and rephrasing system : Using a translator for exemple, from english to french, and back french to english.... But there are other programs that do exist and to the job, There are many ways to do it indeed. This issue is also solved architecturaly as the Keylogger protection mecanism described above. ► Side channel & hidden channels protection between the first and the second computers, interconnected through a serial port : This problem is solved by inserting a microcontroller having two serial ports, on the serial link between the two computers : If the technic of using two microprocessor connected with a serial port that offers the lowest attack surface possible, it can be improved greatly inserting a microcontroller that will do the following : • Check that the little protocol we will have to invent and implement (And design as much hidden channel proof as possible) is correctly implemented, and that no other unwanted data are transmitted on the serial link. • Fight the timing side channel attack surface on the serial port : Serial ports offer the lowest attack surface regarding side & hidden channels, but it is still vulnerable to timing-between-each-byte-sent-on-the-serial-port side channel. The microcontroller code can "filter" these timings by buffering and normalizing them. Time based side channels are well known, and must be & can be fighted. As you see, when we where talking about giving you true crypto-anarchist tools reaching military grade security, we were not laughting at you, we were very serious about this. We had enough bullshit driven by FEDS worldwide. We perfectly know were most of the problems are : End-Point weaknesses. And we decided to solve it for BitMessage. BitMessage being already one of the best Crypto-Anarchist communication tool available, but as all other "good" tools, if they are running on comprimized weak end-point, it's USELESS. The "BitMessage Secure Station" Open-hardware project is being discussed on the Crypto-Anarchist Federation channel on BitMessage : Chan name : Crypto-Anarchist Federation Chan address : BM-2cWdaAUTrGZ21RzCpsReCk8n86ghu2oY3v Contacts if you want to participate or support : Peter Surda BitMessage Software Core Developper BM Address : BM-2cX62WCeFcUwzXWqxTBfaAzNy4j1y8yZVm Stman BitMessage Secure Station open-hardware Core Developper BM Address : BM-2cWZW87PJN5VZjtJCpk3hXcYefhNCxdjU6 BitCoin donations for the "BitMessage Secure Station" open-hardware prototypes development : 1DnEzQvKb7hzgmfAwP1oFU9WQEDBHCqFRM For the first Beta Version of the PCB, we are planning to build 10 prototypes that will be sent in priority to those collaborating to the project.

[chan] general
Jul 8 11:49

> I did what snowden said : I created a secure end-point. And it is hard work. Yes, when consumer hardware is intentionally designed to be insecure, it is hard. I have an idea--hybrid of near frequency device protocol and bluetooth. One could sync the station devices via bluetooth with such low power output that it only has a range of about 4 feet, and it would not respond to higher powered frequency. The devices would basically need to sit on the same table to communicate with each other. Any further apart would dissipate the signal. This could be a feature, not a bug. This bluetooth could be re-engineered to use much more powerful encryption keys and a 4 pass protocol on top of the asymmetric keys. This way you would not need to plug the devices together. Once in range they would sync automatically. I suggest this because it would probably be very cheap to get a manufacturer to make custom spec'd bluetooth chips as opposed to network cards or even serial ports. I agree the locked down serial port is the most secure idea, but this idea, with ultra low-power emitter, is not insecure, and usb bluetooth dongles are cheap. An attacker would need to get within 4 feet of the device, crack the encryption, and do it all within 4 feet of you without you noticing. Bluetooth can be locked down in ways to make it behave like a serial connection, and the ultra low power means the signal could only be intercepted in immediate physical proximity. Emission this low should not even make it through your window.

[chan] Crypto-Anarchist Federation
Jul 8 14:11

◼︎◼︎◼︎◼︎◼︎◼︎ ◼︎ PART 3 ◼︎ ◼︎◼︎◼︎◼︎◼︎◼︎ As explained earlier, thanks to FPGA particular internal architecture, only a certain kind of backdoors can be implemented in them, consisting in a kind of secret JTAG circuitry remotely controlled through hidden/side channels, that allow the backdoor user to alter live the configuration of an FPGA, or in case we are using external Flash memories to store the Bitfile, such circuitry can be employed to modify the content of the Flash memory itself, allowing what we would call a « persistent » modification of the behavior of the FPGA configuration. ► Strategies for fighting potential FPGA Backdoors : There are different strategies to apply to fight FPGA backdoors based on previous assumptions regarding the nature of the backdoors that have been found into FPGA by security researchers : ◼︎ Backdoor usage Detection : The ability to detect that the FPGA configuration has been altered (Backdoor usage detection), so that it can be reloaded by resetting the FPGA that will restart its initialization cycle and reload the Bitfile from the external persistent memory attached to it (And here you understand why choosing an EPROM as an external memory for FPGA Bitfile configuration storage is the most « secure by design approach » ) • As said earlier, the first thing to do, when possible, is to use the safest kind of memory to store the Bitfile configuration of the FPGA so that the FPGA « normal » configuration can be restored very simply by resetting it. The choice made in our design to use EPROMs to store the Bitfile is the best we can do, and perfectly solves these issues. Another trick consist in resetting the FPGA on regular interval : This is a very powerful and efficient strategy to fight FPGA backdoors indirectly. Playing with « time » is very interesting : As you know, Side/Hidden channels are usually categorized by their throughput in Bits/second. The higher the throughput of a Side/Hidden channel is, the easier it is possible to detect and identify it precisely, while the slower the throughput is, the harder or impossible it is to detect it. Taking this information in consideration, with the huge size of a Bitfile, it means that the time necessary to use the backdoor and alter the FPGA configuration using the backdoor depends directly on the actual throughput of the Side/hidden channel of the backdoor. Let’s imagine NSA would need 30 minutes to fully modify the FPGA configuration the way they want, it because very funny if we decide to reset the FPGA every 5 minutes. This way, the attacker never have the time to finish its attack. • Another trick that works with time is the randomization of the Bitfile configuration file itself each time the FPGA boots, in the same way ASLR is working at software level to protect from R.O.P (Return oriented programming) : Doing so, it is considerably slowing down an attack using the backdoor, as long as he has first do get a full copy of the Bitfile, downloading it through the Side/hidden channel, before being able to know where and what to alter in its configuration to change the behavior of the FPGA the way he wants. This means recompiling the VHDL source code of FPGA with a different seed for each user, and better, for each reboot of the FPGA. The latest being the most powerful way of doing it, but it rises the complexity of the design a lot as long as the board has to be able to self-recompile the whole VHDL source code, which is hard work to embedded in a board like the one of the BitMessage Secure Station. This means that we should choose the first option : Asking every user of the BitMessage Secure Station to recompile the VHDL code of the FPGA with a custom seed, and program himself his own EPROMs. It is not mandatory to apply this trick, but you will all understand that it makes « automation » of the attack of the BitMessage Secure Station FPGA configuration by an agency like NSA a time consuming operation, and makes the « Reset at regular interval » of the FPGA stronger. • Another trick is to use two FPGA instead of one, having the two FPGA initialized with the VHDL source code compiled with two different seeds (Resulting in a different Bitfile for each FPGA), and adding external logic to compare in real time all the output pins of the two FPGA, working in parallel, like the computers we find in planes : This is one of the most powerful approach to detect FPGA configuration alteration as long as NSA is still not God and hasn’t the ability, with the same Side/hidden channel used by its backdoor, to modify the two FPGA configuration at the same time : As each FPGA have a different Bitfile seed, the NSA would first be obliged to apply modifications for the first one, and then for the second one (And it is even possible that their backdoors don’t allow them to distinguish the two FPGA meaning the would not be able to use it because they would apply the same modification to both of them all the time, while each of them would require a specific modification adapted to each Bitfile seed), and in that case, it means the would mandatorily be a short period of time where the two mirrored FPGA don’t compute and output the same results on all of their output pins, and our external logical doing comparisons of all the output pins « pin-to-pin » on the two mirrored FPGA would detect for a brief time that there are some differences, and instantly trigger a reset of both FPGA, aborting the on going attack and usage of the backdoor. The cost of this very powerful strategy is to double each FPGA, and double the external persistent memories connected to the FPGA that store their corresponding Bitfiles. • Same trick as the precedent, but using FPGA from different vendors. IT is hard to say if it is safer or not than the previous trick, it only depends on the capabilities of the backdoor. Intuitively, it is more secure, but it also means much more complexification of the design as long as the designed have to master two different FPGA from two different vendors, having two different SDK to compile the VHDL code and so on. ◼︎ Side/Hidden channel filtering / blockade : The use of several tricks that should make the usage of the side/hidden channels of the FPGA backdoor circuitry hard or impossible to use for the attacker. ◼︎◼︎◼︎◼︎◼︎◼︎◼︎◼︎◼︎◼︎ ◼︎ END OF PART 3 ◼︎ ◼︎◼︎◼︎◼︎◼︎◼︎◼︎◼︎◼︎◼︎ …. to be continued ….

[chan] general

Subject Last Count
Peter Šurda Nov 18 12:48 5
Leonard Nimoy Nov 18 11:08 5
North Korean defector had 'enormous amount' of parasitic worms in body Nov 18 09:29 1
Programming/hacking services provider Nov 18 08:23 2
Tranny Genocide Nov 18 03:17 1
Tor replacement Nov 17 22:19 1
teting codeword Nov 17 18:36 2
Flat Earth Society – Introductory Post Nov 17 17:59 4
Dear Guest: Nov 17 16:44 1
Rush Discography (1974 - 2012) mp3 320 kbps Nov 17 08:01 1
WTF is LBGTQ? Nov 17 04:01 12
Poland Pushes Back Against Putin's Special War Nov 16 20:07 2
HackThisSite.org Nov 16 13:14 3
teen girl white cotton panties Nov 16 12:56 1
Poland Must Be Alert Once Again to Protect Its Independence Nov 16 12:31 4
flat earth Nov 16 09:24 1
The Blue whale Game Nov 16 09:12 8
Tor Browser 7.0.10 is released Nov 16 08:21 1
BitMessage onionscan report Nov 15 23:36 18
Test Nov 15 23:14 7
eff63805060d0e8bada3fd9140bfd6c6 Nov 15 21:06 6
hello Nov 15 18:00 2
What should we do? Nov 15 17:30 1
Naked girl Nov 15 14:52 4
FourDigitPassword Nov 15 11:57 3
Leaks Nov 15 11:07 2
i2pd error Nov 15 05:53 3
«indisputable evidence» of U.S. Aid to ISIS Nov 15 05:53 1
All is A Will For Power Nothing More Nov 15 05:53 2
VPN, privacy & Firefox (+ other Gecko browsers)* rev. 0.3.13 Nov 13 10:38 1
VPN, privacy & Firefox (+ other Gecko browsers)* rev. 0.3.12 Nov 13 09:13 1
Your privacy - VPN & Firefox (+ other Gecko browsers)* rev. 0.3.11 Nov 12 19:29 1
weekend Nov 12 15:32 1
Small Survival Ebooks Collection Nov 12 07:55 1
February 1997 Nov 12 07:02 3
03e3b4c5b30bbb7644f3f722900aca3a Nov 12 01:23 1
Ddos/hack Nov 11 15:55 1
donate? Nov 11 04:53 4
Need help hacking a mobile game Nov 11 03:02 3
Hello! :) Nov 10 21:27 2
Tor sucks. I2P sucks. Nov 10 19:21 1
WIKILEAKS - disinformation outlet Nov 10 19:12 1
https://www.itproportal.com/2014/05/14/microsoft-openly-offered-cloud-data-fbi-and-nsa/ Nov 10 15:42 11
bitconnect.co Nov 10 13:36 6
I need help hacking this website Nov 10 06:14 1
Unit CryptUnit Nov 9 18:45 1
Apple's Operating Systems Are Malware Nov 9 18:33 1
So you want to have "secure" software without having secure hardware first? Nov 9 18:29 3
https://www.whonix.org/wiki/Computer_Security_Education#Windows_Hosts Nov 9 17:35 1
[DELETED] Nov 9 11:57 2
Hacking programming services needed Nov 9 08:15 2
bitconnect coin (bcc) Nov 8 21:19 6
Dutch secret service tries to recruit Tor-admin Nov 8 21:18 2
facebook-upload-your-nudes-to-stop-revenge-porn Nov 8 18:50 2
Something is wrong on the internet Nov 8 13:52 4
RECOMMENDATION #0002 Nov 8 12:27 2
RECOMMENDATION #0001 Nov 8 12:05 1
Russian disinformation bullshit analysed in real time Nov 7 20:15 1
Friends of Dorothy Nov 7 14:20 3
Private chan or Public? Nov 7 14:14 5
[DELETED] Nov 7 12:06 1
lucky boy Nov 7 10:47 2
List of .onion websites Nov 7 09:05 5
The UFO 'subject' is total bullshit Nov 6 22:12 37
Stop anti-white racial slurs. Nov 6 15:55 3
I stopped eating canned tuna because of Fukushima Nov 6 13:27 2
hi Nov 6 10:16 7
MUH NUTZ Nov 6 06:28 11
SLMSL Nov 6 04:08 1
AXVEI Nov 6 04:07 1
what is the encoding of the attached message? Nov 6 04:00 7
Many man smoke... Nov 5 23:23 1
How to examine bitmessage objects Nov 5 21:32 3
threaded view Nov 5 19:59 1
4F091AC09CACEA6B95B4C0986FF63F36 Nov 5 19:28 1
moderators - bitmessage feature request. Nov 5 17:41 22
HOUSE OF FAGS Nov 5 17:41 9
850B7BBB9A173CCD2791AE13BA98A13C Nov 5 12:39 1
How so gay and happy? Nov 5 11:28 6
4639B49E01FBFED6DBA56359BDC1657A Nov 5 09:17 1
It's the END. ET about to create singularity in Moon orbit. Nov 5 08:58 1
Aktie 0.5.21 + WebViewer Nov 5 08:12 1
Updated Broadcast List (2017-11-05) Nov 5 07:41 1
broadcast list Nov 5 07:19 1
About the 432 Mystery that first publicly appeared on 4chan Nov 4 18:57 21
THE HOUSE OF FAGS continued Nov 4 18:55 2
LGBT Trash Nov 4 18:54 3
Migrated to bitmessage Nov 4 18:52 20