BitMessage Secure Station's architecture security review : White Papers & Publications about Designing Secure Hardware and fighting Hardware Backdoors.

BM-2cWZW87PJN5VZjtJCpk3hXcYefhNCxdjU6
Sep 17 03:37

Air Gap computers security procedures - Schneier on Security : https://www.schneier.com/blog/archives/2013/10/air_gaps.html An automobile security protocol: Side-channel security against timing and relay attacks : https://www.researchgate.net/profile/Mohd_Anuar_Mat_Isa/publication/318465223_An_automobile_security_protocol_Side-channel_security_against_timing_and_relay_attacks/links/5975c7800f7e9b4016a35a2b/An-automobile-security-protocol-Side-channel-security-against-timing-and-relay-attacks.pdf Glitching and Side-Channel hardware analysis for All : https://recon.cx/2015/slides/recon2015-13-colin-o-flynn-Glitching-and-Side-Channel-Analysis-for-All.pdf Introduction to Hardware Security justifying the need for Free Integrated Circuits (This article is interesting to compare with my work on the BitMessage Secure Station design) : http://www.mdpi.com/2079-9292/4/4/763/htm Designing Trustworthy Hardware (Another interesting article to compare with my work on the BitMessage Secure Station) : http://tiw2013.cse.psu.edu/slides/tiw.pdf Security Against Hardware Trojan Attack via Novel Chaos FSM & Delay Chains Array PUF Based Design Obfuscation Scheme (Another very interesting article to compare with my work on the BitMessage Secure Station) : http://www.springer.com/cda/content/document/cda_downloaddocument/9783319270500-c2.pdf?SGWID=0-0-45-1545067-p177811907 Integrated Circuits Trojan Detection using IC Fingerprinting : http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.123.467&rep=rep1&type=pdf

[chan3] general
Sep 18 22:18

Air gaps have been breached. Stuxnet was a breach of an airgap. Unusual and absolutely more sophisticated than nearly any other actor in the world, but a breach none the less... in the real world... not controlled environment and conditions. USB key was brought in, air gap was fucked.

BM-2cWZW87PJN5VZjtJCpk3hXcYefhNCxdjU6
Sep 18 22:19

And if I publish those article, it's because there are many usefull secure design tips. It's to self-educate script kiddies about real challenges we face in cyber security. Most folks ignore just everything about hardware, while it is the most important thing to integrate, as long as software runs on hardware, and if hardware is compromized, what ever you do in software will be. That all. I published those article for educational purpose. Spreading knowledge. Now, if people want to push up to true TEMPEST grade security design tips, let's go.

BM-2cWZW87PJN5VZjtJCpk3hXcYefhNCxdjU6
Sep 18 22:19

Well, I am perfectly aware of malware of the kind "BRUTAL KANGAROO" of the CIA. Many other agencies must have developped similar things. Still, there are many things that can be done to restore air-gapped computers their true isolations. It's mainly security procedure to apply and understand. But there is also another approach consisting in developping accessories, like this project : https://blogs.mediapart.fr/stman/blog/170717/another-snowdens-dream-secure-processor-less-100-fpga-made-usb-condom This project I tried to develop in partnership with wikilkeaks (The partnership failed due to spyshit interferences) is solving the problem of how to extract / inject safely data from or to an air-gapped computer. In the BitMessage Secure Station I am developping, I am using other technics to garantee a safe transmission of information between non-air-gapped Raspberry Pi and an air-gapped one. Details can be found here : https://blogs.mediapart.fr/stman/blog/090717/snowdens-dream-bitmessage-secure-station-open-hardware-open-core-project https://blogs.mediapart.fr/stman/blog/090717/torvpn-fingerprinting-family-anonymity-breach-fix-custom-fpga-based-ic Now, I am also aware of the risk and the danger that new kind of secret covert channel within recent microprocessors (Like an undocument RF transmitter/receiver) could make air-gapping computers much more complicated : Maybe it will require that air-gapped computers shall be completely isolated from the outside world within a TEMPEST shielding case, so that any undocument secret RF covert channel within some integrated circuits could not be exploited. In the "FPGA version" of the BitMessage Secure Station, we will implement a few basic known tricks to prevent such covert/side channels to operate properly : - TEMPEST shielding. - Usage of Opto-couplers on data lines of the SPI port used to interconnect the two Raspberry Pi through the FPGA dedicated to this, placing opto-couplers on all signal lines. Then, there is another thing that must be taken into consideration : When using the BitMessage Secure Station, one could have the "air-gapped" security features broken if they would, for example, use a USB keyboard and/or mouse that would contain such RF backdoor. For this reason, I am planning creating a custom made supplementary PCB with an FPGA to replace a standard PCB board in a choosen low cost USB keyboard, by my own safe electronic PCB to manage the keyboard : One would just have to buy de specific model of USB keyboard, open it, get rid of its original PCB, and replace it with our own secure and trusted one. Doing so woulf fuck agencies like NSA with their fucking TAO program. But let's do improve things one step at a time not to discourage ourselves to move forward. For the time being, I am working on the simple "Devleoper version" that is going to be produced in very low quantity, and exclusively sent to BitMessage software Core developers & contributors to help them speed up the adaptation of the BitMessage software so that it can run on the splitted architecture of the BitMessage Secure Station with its two Raspberry Pi. Kind regards, Stman.

[chan3] general
Sep 18 22:19

> Still, there are many things that can be done to restore air-gapped computers their true isolations. Problem #1, first and foremost is that NO, you can not guarantee the absolute isolation of an airgap. Even surrounded by a faraday cage of lead, somebody will find a way. Is your power being generated inside of the cage? Do you have ANY KIND of ingress/egress of air or power? Noise? People? The mechanism you're using between the green and red networks... will be an attacker's target. Air gaps are a line of defense, but they're by no means a guarantee.

[chan3] general
Sep 19 00:47

Yes. I am a skilled electronician, and I know all the power analysis side/covert channels issues. Having the Air-gapped Raspberry pi Powers by rechargeable batteries within the TEMPEST shielding is a MILITARY GRADE measure of protection to fight SIGINT and TEMPEST captation of electromagnetic signals. Military usually add jammer outside the TEMPEST cage, to ensure that the very few signals that manage to escape the cage will me diluted into the noise generated by the jammer. But hey, here you are pushing me up to military grade TEMPEST protection design. What we are seeking with the BitMessage Secure Station project is to be able to block ALL remote hack attacks, including those who could exploit secret RF transmitters. We have never said we would go up to a perfect TEMPEST shielding. Still, the hardware we are designing is "ready" to me pushed to such military grade protection, but this will not be in the standard version, because it is out of scope of the goals we were reaching. I just wanna be able to block massive automated or targeted hack attacks. But not make the device 100% TEMPEST proof. Imagine that in our of the keyboard you would use, there would be a secret BLuetooth LE transmitters, we want to block such attack, but this is the highest level of protection we were seeking. It's a matter of ballance between cost / protection and simplicity of the security procedure to use the station. I have a small military background regarding those matters, I know what I am talking about. So I agree with you, true air-gapping is hard, it's technical speciality, TEMPEST, that military know by heart. We clearly, in full transparency, defined the security level we were seeking to obtain. We never pretended to have a fully TEMPEST proof system.

[chan3] general
Sep 19 00:48

Air baps have been bridged. All of these are commodity articles. What's your point?

[chan] general
Sep 19 00:48

Air gaps have been attacked under carefully controlled conditions in carefully controlled environments in very close proximity, with predictable and carefully designed use of the key generation software. It's success only in highly controlled and favorable circumstances with a stacked deck. It would be easier for the spooks to break in and install a physical logger inside the machine.

[chan] general
BM-2cW67GEKkHGonXKZLCzouLLxnLym3azS8r

Subject Last Count
Flat earth We did'nt land on the Moon Former NASA Scientist admits Game over for NASA Oct 21 09:00 3
Sage of Quay Radio Hour: Sofia Smallstorm – Assange, WikiLeaks and Beyond AI Oct 21 08:54 2
Flat earth We didn't land on the Moon Former NASA Scientist admits Game over for NASA Oct 21 08:52 3
Julian Assange and Pedophile Baby Farms Oct 21 08:49 8
The NSA gets a bad rap. The NSA is not spying on me or you. They were not even spying on WikiLeaks, a high visibility target for the fascists, until the traitor Snowden proved there was a viable link Oct 21 08:43 2
Stallman admits GPL flawed, proprietary licensing needed to pay for MySQL development Oct 21 08:23 2
The Coming Age of Special War Oct 21 08:08 1
The Real Ed Snowden Is a Patsy, a Fraud and a Kremlin-Controlled Pawn Oct 21 08:04 1
Scientist Shows Proof That Rockets Do Not Work In The Vacuum of Space Oct 21 07:58 2
Do You Believe In Magic? Apollo - Soyuz Oct 21 07:54 1
Neil deGrasse Tyson Exposed - Hollywood Actor Oct 21 07:51 1
Outer Space Photos are Fake. Oct 21 07:50 6
The Moon Does Not Reflect Sunlight. Oct 21 07:49 2
Richard Spencer and His Kook-Right Ilk Are Agents of Russian Influence Oct 21 07:49 2
band 1023MB Oct 21 07:48 4
Homosexual Glasses Make Remote Objects Look Spherical. Oct 21 07:47 2
Helios is the god worshipped by astro-physicists Oct 21 07:46 2
This man is Johnny Cash reincarnated.. and he's a flat earther this time. Oct 21 07:46 1
The earth is a flat plane, not a globe. Oct 21 07:43 2
Interview w/ Former NASA Employee Turned Flat Earther Oct 21 07:42 1
Flat Earth Man sings a song to you - Photoshop Cartoon Earth Photos Oct 21 07:39 1
The 9 Russian Words That Explain KremlinGate Oct 21 07:37 2
A Flat Earth Song: "Puppet Show" YOU HAVE TO HEAR THIS!! Oct 21 07:35 1
Google Project Loon Proves Flat Earth Oct 21 07:33 1
Ships and the Horizon - Proof of a Flat Earth. Oct 21 07:32 2
Former NASA Scientist Confirms the Flat Earth What he said will Amaze You Oct 21 07:31 1
NASA Insider Exposes the Flat Earth! Oct 21 07:29 1
Neil Disgrace Tyson is Falling Faster Than The Globe Oct 21 07:26 1
Does gawd Forgive Child Molesters? Oct 21 07:19 1
What is the best BM Channel? Oct 21 04:43 3
WikiLeaks Vault7 confirms CIA can effectively bypass Signal + Telegram + WhatsApp + Confide encryption Oct 21 04:20 45
Sattelite pirating Oct 21 03:17 16
Tesla on the Flat Earth Oct 21 03:16 2
gates & windows Oct 21 02:55 1
Free as in free beer. Oct 21 02:52 1
Hypocrisy alarm... Richard Stallman charging money for (restricting) speech: Oct 21 02:49 1
ILLUMINATI Melania Trump is a tranny man - Duration: 4:03. Michelle X 3,717 views. 4:03. Lucille Ball. Man. Hellywood SRA Satanic Tranny Cult. Oct 21 02:43 1
Jared Kushner is a beautiful wife to Ivanka Oct 21 02:38 1
Flat Earth - Bible Truth in an Unstable World Oct 21 02:33 2
MADONNA IS A MAN: Anatomy of an Illuminati Tranny Oct 21 02:30 1
The Largest Cult in the world: GNU/GPL Oct 21 02:27 1
The Globe is DEADER than EVER Oct 21 02:24 1
Satellites Are Fake - Just Another NASA Hoax Oct 21 02:20 1
Police Change Vegas Shooting Story Again Oct 21 02:17 1
GNU software is simply subsidized software. Oct 21 02:13 1
FLAT EARTH!! Outside The Dome!! Waters Above!! The Firmament Above!! Oct 21 02:13 1
Free software makes millions for Richard Stallman's cult. Oct 21 02:12 1
Antarctica is NOT a continent Tiger Dan925 Jumped Ship Oct 21 01:59 1
Perspective Focus on the Horizon Causes the Sun to Set. Oct 21 01:53 1
look into my oven herr stallman. Oct 21 01:50 1
Dunderheads in an imaginary mathematical universe Oct 21 01:48 1
Does God Forgive Child Molesters? Oct 21 01:45 1
PUTTING TO REST FAKE SATELLITES USING HALE TELESCOPE by Captain Obvious Oct 21 01:43 1
KATE MIDDLETON IS A MALE PACKING HAM INTO WILLY LITTLE TEETH Oct 21 01:38 1
Stallmanism Oct 21 01:31 1
Hell: You've Got it All Wrong! Oct 21 01:24 1
The Sun Cult of the Globe Earther Freemasons. Oct 21 01:23 1
Beware! The 7 Trumpets are About to Blast! Oct 21 01:18 1
Einstein described the world's smartest man Oct 21 01:12 1
NASA Faked Footage of ISS Space Station using Augmented Virtual Reality Oct 21 01:11 2
Globe Earthers Spend More Effort Opposing the Flat Earth Than They Spend Opposing Child Molestors. Oct 21 01:08 2
3 types of people Oct 21 01:03 4
King of the North - Ottoman Empire Oct 21 01:00 2
Gravity is a mystical force invented by Freemasons. Oct 21 00:55 4
All Aboard Trump’s Tranny Train! Oct 21 00:53 2
The Moon Is ONLY 70 Miles Wide! Oct 21 00:53 2
Snowden's clearly an anarchist and traitor. Those who endorse him are just as dangerous. Oct 21 00:49 1
PROOF GPS Satellites Do Not Exist Oct 21 00:46 3
MELANIA IS A MAN---UFACTURED WOMAN 100 PC Oct 21 00:43 2
Memorial Day and the Rising Gorge: More than I Can Take Oct 21 00:38 6
The Stallman Tax Oct 21 00:35 4
bm ad Oct 20 23:47 1
Poland Pushes Back Against Putin’s Special War Oct 20 21:05 2
MeinCoin: NOTICE OF ADDRESS CHANGE Oct 20 20:34 10
No. Really. No. Oct 20 20:27 9
man gave cigarettes to teenagers Oct 20 19:33 4
CypherSaber: academia says to avoid overkill with encryption Oct 20 11:54 2
political activism Oct 20 10:17 3
some people need to suffer Oct 20 09:30 2
Are you Christian? Oct 20 07:16 22
50 ways Oct 20 07:07 1
Uncommon law Oct 19 23:44 1
The Bitmessage Primer for Patriots Oct 19 21:41 1
(no subject) Oct 19 17:12 5
The Blue whale Game Oct 19 13:21 60
LGBT Bullshit Oct 19 12:04 2
Wifi is totally insecure Oct 19 10:54 27
BURN THE WITCH! Oct 19 06:34 5
Hire a professional hacker Oct 19 05:38 2
The real purpose of homophobia Oct 18 20:58 1
Wikileaks - Made By The NSA Oct 18 19:19 1
Free Speeeeech Oct 18 17:50 3
list: CHANBOT Response Oct 18 16:55 3
Neutron star heading for Earth Oct 18 15:26 5
[DELETED] Oct 18 10:40 13
Your first date. Oct 18 09:12 2
blue whale Oct 18 08:02 3
Random B/W Pixels Oct 18 07:06 12
funny Oct 18 06:54 1
Officers used excessive force after I punched my lawyer in face. Oct 17 17:42 7