BitMessage Secure Station's architecture security review : White Papers & Publications about Designing Secure Hardware and fighting Hardware Backdoors.

Sep 17 03:37

Air Gap computers security procedures - Schneier on Security : An automobile security protocol: Side-channel security against timing and relay attacks : Glitching and Side-Channel hardware analysis for All : Introduction to Hardware Security justifying the need for Free Integrated Circuits (This article is interesting to compare with my work on the BitMessage Secure Station design) : Designing Trustworthy Hardware (Another interesting article to compare with my work on the BitMessage Secure Station) : Security Against Hardware Trojan Attack via Novel Chaos FSM & Delay Chains Array PUF Based Design Obfuscation Scheme (Another very interesting article to compare with my work on the BitMessage Secure Station) : Integrated Circuits Trojan Detection using IC Fingerprinting :

[chan3] general
Sep 18 22:18

Air gaps have been breached. Stuxnet was a breach of an airgap. Unusual and absolutely more sophisticated than nearly any other actor in the world, but a breach none the less... in the real world... not controlled environment and conditions. USB key was brought in, air gap was fucked.

Sep 18 22:19

And if I publish those article, it's because there are many usefull secure design tips. It's to self-educate script kiddies about real challenges we face in cyber security. Most folks ignore just everything about hardware, while it is the most important thing to integrate, as long as software runs on hardware, and if hardware is compromized, what ever you do in software will be. That all. I published those article for educational purpose. Spreading knowledge. Now, if people want to push up to true TEMPEST grade security design tips, let's go.

Sep 18 22:19

Well, I am perfectly aware of malware of the kind "BRUTAL KANGAROO" of the CIA. Many other agencies must have developped similar things. Still, there are many things that can be done to restore air-gapped computers their true isolations. It's mainly security procedure to apply and understand. But there is also another approach consisting in developping accessories, like this project : This project I tried to develop in partnership with wikilkeaks (The partnership failed due to spyshit interferences) is solving the problem of how to extract / inject safely data from or to an air-gapped computer. In the BitMessage Secure Station I am developping, I am using other technics to garantee a safe transmission of information between non-air-gapped Raspberry Pi and an air-gapped one. Details can be found here : Now, I am also aware of the risk and the danger that new kind of secret covert channel within recent microprocessors (Like an undocument RF transmitter/receiver) could make air-gapping computers much more complicated : Maybe it will require that air-gapped computers shall be completely isolated from the outside world within a TEMPEST shielding case, so that any undocument secret RF covert channel within some integrated circuits could not be exploited. In the "FPGA version" of the BitMessage Secure Station, we will implement a few basic known tricks to prevent such covert/side channels to operate properly : - TEMPEST shielding. - Usage of Opto-couplers on data lines of the SPI port used to interconnect the two Raspberry Pi through the FPGA dedicated to this, placing opto-couplers on all signal lines. Then, there is another thing that must be taken into consideration : When using the BitMessage Secure Station, one could have the "air-gapped" security features broken if they would, for example, use a USB keyboard and/or mouse that would contain such RF backdoor. For this reason, I am planning creating a custom made supplementary PCB with an FPGA to replace a standard PCB board in a choosen low cost USB keyboard, by my own safe electronic PCB to manage the keyboard : One would just have to buy de specific model of USB keyboard, open it, get rid of its original PCB, and replace it with our own secure and trusted one. Doing so woulf fuck agencies like NSA with their fucking TAO program. But let's do improve things one step at a time not to discourage ourselves to move forward. For the time being, I am working on the simple "Devleoper version" that is going to be produced in very low quantity, and exclusively sent to BitMessage software Core developers & contributors to help them speed up the adaptation of the BitMessage software so that it can run on the splitted architecture of the BitMessage Secure Station with its two Raspberry Pi. Kind regards, Stman.

[chan3] general
Sep 18 22:19

> Still, there are many things that can be done to restore air-gapped computers their true isolations. Problem #1, first and foremost is that NO, you can not guarantee the absolute isolation of an airgap. Even surrounded by a faraday cage of lead, somebody will find a way. Is your power being generated inside of the cage? Do you have ANY KIND of ingress/egress of air or power? Noise? People? The mechanism you're using between the green and red networks... will be an attacker's target. Air gaps are a line of defense, but they're by no means a guarantee.

[chan3] general
Sep 19 00:47

Yes. I am a skilled electronician, and I know all the power analysis side/covert channels issues. Having the Air-gapped Raspberry pi Powers by rechargeable batteries within the TEMPEST shielding is a MILITARY GRADE measure of protection to fight SIGINT and TEMPEST captation of electromagnetic signals. Military usually add jammer outside the TEMPEST cage, to ensure that the very few signals that manage to escape the cage will me diluted into the noise generated by the jammer. But hey, here you are pushing me up to military grade TEMPEST protection design. What we are seeking with the BitMessage Secure Station project is to be able to block ALL remote hack attacks, including those who could exploit secret RF transmitters. We have never said we would go up to a perfect TEMPEST shielding. Still, the hardware we are designing is "ready" to me pushed to such military grade protection, but this will not be in the standard version, because it is out of scope of the goals we were reaching. I just wanna be able to block massive automated or targeted hack attacks. But not make the device 100% TEMPEST proof. Imagine that in our of the keyboard you would use, there would be a secret BLuetooth LE transmitters, we want to block such attack, but this is the highest level of protection we were seeking. It's a matter of ballance between cost / protection and simplicity of the security procedure to use the station. I have a small military background regarding those matters, I know what I am talking about. So I agree with you, true air-gapping is hard, it's technical speciality, TEMPEST, that military know by heart. We clearly, in full transparency, defined the security level we were seeking to obtain. We never pretended to have a fully TEMPEST proof system.

[chan3] general
Sep 19 00:48

Air baps have been bridged. All of these are commodity articles. What's your point?

[chan] general
Sep 19 00:48

Air gaps have been attacked under carefully controlled conditions in carefully controlled environments in very close proximity, with predictable and carefully designed use of the key generation software. It's success only in highly controlled and favorable circumstances with a stacked deck. It would be easier for the spooks to break in and install a physical logger inside the machine.

[chan] general

Subject Last Count
suicide.note Dec 16 04:52 2
GBCREHX6 Dec 16 02:34 3
Grammar and Syntax Totalitarianism Dec 16 01:59 2
we hack the government Dec 15 22:51 3
bitcoin rising like crazy Dec 15 22:12 28
launch torIRC straight from a BM Dec 15 22:09 2
The Blue whale Game Dec 15 21:19 1
fuck me I have 80 connections Dec 15 18:42 2
Camelot Dec 15 18:39 2
under control Dec 15 18:33 2
actually working mp4 file repair Dec 15 17:09 17
Geminid meteor shower peak Dec 13-14 Dec 15 15:39 18
cultists on the linux forums browbeat them into sticking to linux Dec 15 15:37 3
god fucking damn it fuck those cocksuckers at the FCC Dec 15 13:05 7
evolution - RNA world hypothesis Dec 15 13:03 7
windows93 Dec 15 10:01 1
check it out or die Dec 15 07:58 1
help Dec 15 03:58 2
Dear NASA phan boiz Dec 14 20:36 4
xxx Dec 14 19:20 1
please post your onion and uptime in UTC London time in this list Dec 14 16:43 6
RetroShare Dec 14 14:27 11
Hacking 101 Dec 14 08:21 2
Cat Goddess on the beach Dec 14 07:51 12
Profit Dec 14 07:45 1
Genghis Koyn warned about SEC clampdown months beforehand Dec 14 00:14 2
Nyx Dec 14 00:10 1
torIRC server Dec 13 23:53 16
mass extinction of BM users Dec 13 18:06 2
when you die Dec 13 15:56 1
Programming/hacking services provider Dec 13 13:23 2
OK lets start a chat Dec 13 07:19 15
Muhammad.. peace be upon him Dec 13 05:01 2
Bitmessage dead? Dec 13 03:22 7
why the fuck is nobody anything ? Dec 12 23:16 8
torIRC server online Dec 12 18:11 9
(no subject) Dec 12 17:09 10
Burkhard Heim Dec 12 15:14 2
CIA - Project STARGATE Dec 12 14:59 1
United States gravity control propulsion research Dec 12 14:15 1
torIRC Monday Dec 12 13:33 1
torIRC Monday Dec 12 13:29 23
new onion torirc Dec 12 05:23 1
torIRC mini ver. Dec 12 03:37 5
torIRC -- u gonna use it or not ? Dec 12 03:36 2
sent via API : Dec 12 03:29 15
The Revolution of Crypto-Anarchism is to design and spread rapidly a non-paradoxal cyberspace. Dec 11 15:59 2 Dec 11 15:14 4
torIRC Monday - code Dec 11 10:44 1
eerily quiet on bitmessage Dec 11 09:31 7
So much bullshit here! Dec 11 08:05 7
suicide Dec 11 03:16 8
Does this work Dec 11 02:15 2
Hello everyone! :) Dec 11 01:10 1
Is down? Dec 11 00:37 2
BitText importantY: important-info Dec 11 00:16 1
BitText mission007: The "general" chan's mission statement Dec 11 00:06 1
BitText LIST Dec 10 23:54 1
BitText ivr3ouAEyI: AfD_Mitgliederliste_16-05-01.csv Dec 10 21:02 2
BitText NYQIVP_0JH: AfD_WhatsApp_Name_bis-500 Dec 10 18:58 1
BitText 84p9HtVqo2: Afd-Mitglieder 2015 unvollstaendig csv Dec 10 18:44 1
torIRC Dec 10 18:05 5
((i)) UPDATE files Dec 10 17:08 1
Hyphenated-American BM-2cXw4tSPxWu7q6ed51WoZgXXyJJ5kyB7Nx Dec 10 11:12 1
with style Dec 10 10:00 6
All I want for Christmas is White Genocide Dec 10 09:58 7
pedos Dec 10 09:34 3
Tor Browser 7.0.11 is released Dec 10 08:08 2
Greece citizens storm authorities buildings Dec 10 07:40 1
[chan] suicide-note Dec 10 06:50 2
[chan] suicide-note BM-2cVbzUVY4b21avMSbXMHmVR1pc6a5wEeTN Dec 10 06:42 3
[chan] suicide BM-2cTpc3iowqRLsz2CPf2eGZyUpZBDdhp1NB Dec 10 06:24 1
There is no place in modern Europe for ethnically pure states Dec 10 04:49 3
white countries for everyone (except whites) Dec 10 04:48 3
Harvard Magazine Promotes White Genocide Dec 10 02:30 2
White Australia must be Asianized Dec 10 02:18 1
Whites are a global minority Dec 10 02:18 2
strike fear in the heart of the white man Dec 10 02:09 1
hi there Dec 10 02:05 4
you can't breed out the africans Dec 10 02:04 1
We should commit mass suicide Dec 10 02:04 2
policies to enforce racial mixing of whites Dec 10 02:00 1
The extermination of white people is good news Dec 10 01:55 1
Race Traitor Magazine promotes white genocide Dec 10 01:50 1
anti-white 'supercultural' society Dec 10 01:45 1
We have got to eliminate the gringo Dec 10 01:41 1
Caucasians must be eliminated Dec 10 01:36 1
the challenge of racial interbreeding Dec 10 01:32 1
Everyone is our neighbour (except white people) Dec 10 01:26 1
To the flat earthers Dec 10 01:25 3
what if the NSA Dec 10 01:25 2
Eliminating Caucasians is a good thing Dec 10 01:21 1
not allowed to be white anymore Dec 10 01:16 1
White Europe will not survive Dec 10 01:11 1
bisexual anti-whites love fantasies of slaughtering white people Dec 10 01:07 1
Gradually get rid of whites in Australia Dec 10 01:03 1
the genocide of Europeans is such a good thing Dec 10 00:57 1