[ Metalevel here : This needs a lot of work and thinking, may take a while. But I need the link for other posts. Also, any thinking anyone would like to contribute will be gratefully stolen, with or without attribution, your choice. I am almost competent to start laying out the issues for some of these, not all, and this is a working document, so expect errors. Pointing to them is appreciated. Thanks for reading. Added later, Richard Stallman is the guru of open source, he discussed this before I did. A company has been formed to provide secure OSS hardware.]
KickStarter is a mechanism for funding ideas of all kinds. Early on, patriots funded projects that guaranteed their win. These were :
- Secure Server Systems Hardware Design
The first problem is subversion of the tools. If the tools are not clean, there can be backdoors in any programs or hardware generated by the tools. Compilers of computer software and hardware languages are several levels deep, each must be validated. Hardware Definition Language compilers are easier to validate, that idea of Ken Thompson (one of the designers of Unix at AT&T) only applies to compilers that compile themselves. Only the software language compilers normally compile themselves.
However, ‘backdoor’ is not easy to define for hardware, and so not easy to watch for. Most designs will use ‘Systems On A Chip’. These combine processor, I/O logic and the switch or bus to connect them. SOCs generally have 10s to 100s to 1000s of ‘registers’, addressable elements that are readable, writable or read/writable, used to initialize and control the logic, report internal state, or for ordinary Input/Output. Hiding nefarious intent in one of those is possible. (I don’t have enough hardware design experience to comment further, am checking with friends.)
Chips have to be protected at every stage of manufacture. Otherwise, some persons of evil intent could replace the chip with one that contains a backdoor, is otherwise identical. Or worse. Is there an equivalent to a checksum for the chip, via JTAG?
Given chips that are clean, the problem repeats at the board level. Those design tools have to be clean and the boards protected at every stage of manufacture. Every layer of the board should be compared with the reference images, as well as the stuffed and soldered board. That component has to be protected to ensure components are not replaced after it was made. Sparkle finger-nail polish, photos and software equivalent to a blink comparator can do this.
The design should have several different components with processors and independent memories, each capable of looking at the rest of the system. The BIOS for each can run that inspection at startup. Inspection will include reading the other BIOSs to make sure they have not been modified, checking the hardware with JTAG, …
The Trusted Computing hardware and software work at the BIOS level. I haven’t looked at this recently, but it originates in big companies and therefore should not be trusted. Whether the Open Source world needs an equivalent, I don’t know, have to think it all through again, haven’t got the time just now.
This is a discussion of the design of a secure system for an insecure environment, physical intrusion is possible.
This is an open-source design that is an example of what needs done, tho not a provably-secure design.
- Ultra-suspicious BIOS for the SSSHD
The function of the BIOS is to initialize hardware, run an initial self-test, run a very careful set of checks of the hardware, and then boot the software.
- OpenBSD for the SSSHD
Probably minimal work, as OpenBSD already runs on ARM SOCs.
- OpenBSD Training : Scaling OpenBSD’s Security Model
The OpenBSD team is close to the most experienced and sophisticated in carefully inspecting code. They find new classes of bugs. That process needs to be taught to others. Bug-free software is expensive, Theo’s team also needs paid better and expanded.
- OpenBSD version of Software Defined Networking
- OpenBSD Tails Tools
Tails is a high-security set of tools for anonymous communications. They will be improved by the OpenBSD team’s code inspections.
- OpenBSD Servers for Overlay Networks
Overlay networks use TCP as their transport, but run entirely separate protocols on that transport. These are distributed networks, meaning there is no central location controlling the total network. Some also distribute storage. All use encryption on the overlay links.
- OpenBSD Mail Gateway To Overlay Networks
A gateway is TCP <–> application <–> overlay network.
Applications for handling email, e.g. postfix and sendmail, are nearly all open source. Because of the TCP connection accepting connections from other mail handlers, the program is vulnerable if it has bugs. So one of the simpler handlers should be made bug-free via intensive inspection.
- ?OpenBSD base for a smart phone?
There is already at least one secure phone company/project, don’t know more.
- “Open Smart Phone project? Security focus and interface to SSSHD.
The Hacking Team cell phone hacking software indicates cell phones need to pay more attention to security. Given the close connections between NSA and Google over the years, android is very likely to be open to NSA and friends. Given so many closed-source applications, if android has bugs, you know it leaks information.
I think this may exist, need to go looking, may have time soon.
This could easily be a WiFi phone and building an open WiFi system with repeaters around town is easy, products plugging into sockets or using solar power. Then your tablet or cell phone can be secure and won’t leave metadata on servers of AT&T or the other criminal organizations spying for NSA.
- License Plate Reader Software — Apps for smart phones and webcams
Part of citizen’s surveillance. Walk along the cars outside of city hall every once in a while, the local hot sheet hotel, …