Patriot KickStarter Projects

[ Metalevel here : This needs a lot of work and thinking, may take a while. But I need the link for other posts. Also, any thinking anyone would like to contribute will be gratefully stolen, with or without attribution, your choice. I am almost competent to start laying out the issues for some of these, not all, and this is a working document, so expect errors.  Pointing to them is appreciated. Thanks for reading. ]

KickStarter is a mechanism for funding ideas of all kinds.  Early on, patriots funded projects that guaranteed their win.  These were :

  • Secure Server Systems Hardware Design

The first problem is subversion of the tools.  If the tools are not clean, there can be backdoors in any programs or hardware generated by the tools.  Compilers of computer software and hardware languages are several levels deep, each must be validated.  Hardware Definition Language compilers are easier to validate, that idea of Ken Thompson (one of the designers of Unix at AT&T) only applies to compilers that compile themselves.  Only the software language compilers normally compile themselves.

However, ‘backdoor’ is not easy to define for hardware, and so not easy to watch for.  Most designs will use ‘Systems On A Chip’.  These combine processor, I/O logic and the switch or bus to connect them.  SOCs generally have 10s to 100s to 1000s of ‘registers’, addressable elements that are readable, writable or read/writable, used to initialize and control the logic, report internal state, or for ordinary Input/Output.  Hiding nefarious intent in one of those is possible.  (I don’t have enough hardware design experience to comment further, am checking with friends.)

Chips have to be protected at every stage of manufacture.  Otherwise, some persons of evil intent could replace the chip with one that contains a backdoor, is otherwise identical.  Or worse.

Given chips that are clean, the problem repeats at the board level.  Those design tools have to be clean and the boards protected at every stage of manufacture.  Every layer of the board should be compared with the reference images, as well as the stuffed and soldered board.  That component has to be protected to ensure components are not replaced after it was made.  Sparkle finger-nail polish, photos and software equivalent to a blink comparator can do this.

The design should have several different components with processors and independent memories, each capable of looking at the rest of the system.  The BIOS for each can run that inspection at startup.  Inspection will include reading the other BIOSs to make sure they have not been modified, checking the hardware with JTAG, …

The Trusted Computing hardware and software work at the BIOS level.  I haven’t looked at this recently, but it originates in big companies and therefore should not be trusted.  Whether the Open Source world needs an equivalent, I don’t know, have to think it all through again, haven’t got the time just now.

This is a discussion of the design of a secure system for an insecure environment, physical intrusion is possible.

http://ask.slashdot.org/story/13/08/11/1345247/ask-slashdot-bestnewest-hardware-without-trusted-computing

This is an open-source design that is an example of what needs done, tho not a provably-secure design.

  • Ultra-suspicious BIOS for the SSSHD

The function of the BIOS is to initialize hardware, run an initial self-test, run a very careful set of checks of the hardware, and then boot the software.

  • OpenBSD for the SSSHD

Probably minimal work, as OpenBSD already runs on ARM SOCs.

  • OpenBSD Training : Scaling OpenBSD’s Security Model

The OpenBSD team is close to the most experienced and sophisticated in carefully inspecting code.  They find new classes of bugs.  That process needs to be taught to others.  Bug-free software is expensive, Theo’s team also needs paid better and expanded.

  • OpenBSD version of Software Defined Networking

http://www.networkworld.com/article/2956777/security/sdn-switches-arent-hard-to-compromise-researcher-says.html

  • OpenBSD Tails Tools

Tails is a high-security set of tools for anonymous communications.  They will be improved by the OpenBSD team’s code inspections.

  • OpenBSD Servers for Overlay Networks

Overlay networks use TCP as their transport, but run entirely separate protocols on that transport.  These are distributed networks, meaning there is no central location controlling the total network.  Some also distribute storage.  All use encryption on the overlay links.

I haven’t looked at overlays.  Tor has improvements, Gnunet, Maidsafe

  • OpenBSD Mail Gateway To Overlay Networks

A gateway is TCP <–> application <–> overlay network.

Applications for handling email, e.g. postfix and sendmail, are nearly all open source.  Because of the TCP connection accepting connections from other mail handlers, the program is vulnerable if it has bugs.  So one of the simpler handlers should be made bug-free via intensive inspection.

  • ?OpenBSD base for a smart phone?

There is already at least one secure phone company/project, don’t know more.

  • “Open Smart Phone project?  Security focus and interface to SSSHD.

The Hacking Team cell phone hacking software indicates cell phones need to pay more attention to security.  Given the close connections between NSA and Google over the years, android is very likely to be open to NSA and friends.  Given so many closed-source applications, if android has bugs, you know it leaks information.

I think this may exist, need to go looking, may have time soon.

This could easily be a WiFi phone and building an open WiFi system with repeaters around town is easy, products plugging into sockets or using solar power.  Then your tablet or cell phone can be secure and won’t leave metadata on servers of AT&T or the other criminal organizations spying for NSA.

  • License Plate Reader Software — Apps for smart phones and webcams

Part of citizen’s surveillance.  Walk along the cars outside of city hall every once in a while, the local hot sheet hotel, …

Advertisements

6 thoughts on “Patriot KickStarter Projects

  1. How about Bunny Bangers? While that name is new to me, I’ve been kicking around the same idea for a while now… Contact me if you want to discuss.

    Like

    1. I heartily approve, you are welcome to all of it, including the name. Outrage proudly!

      Keep us up to date, I, and no doubt other commenters, will help as we can.

      Do the Youtube videos of the equipment, open-source the drivers, etc. and so do the patriot movement a favor.

      Your background is? What help do you need?

      You do understand, I hope, that I do not believe killing people advances civilization, has far too awful side-effects to be a useful tool? But every now and then idiot primitives force you into defending yourself, and being prepared for that is always Conservative.

      Shooting bunnies, however, I think no civilization has fallen as a result of that. 8)

      Like

  2. Ack, one thing I hate about blog is trying to contact anyone without making everything visible to the public. I’m a hardware guy, mostly in PICmicros and Atmel. I have some ideas about the PIC32 crypto module and its application to the above post. Email me back if you are interested in pursuing.

    Like

    1. I have come to the conclusion that keeping things encrypted isn’t hard, am writing that up now, may take a while to finish and get posted.

      Wrt your idea, my advice is to either share insights in public fora or go form a company and make $ out of it. I am overloaded, can’t help with those. Sorry.

      Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s