Bitcoin Forum
April 27, 2024, 02:44:57 AM *
News: Latest Bitcoin Core release: 27.0 [Torrent]
 
  Home Help Search Login Register More  
  Show Posts
Pages: [1]
1  Other / Off-topic / Re: Data diode for high security on: August 15, 2014, 09:25:08 PM
Related more to the actual topic, if you want plug and play removal of Rx or Tx, you can use this : https://greatscottgadgets.com/throwingstar/

Just remember this provides very little protection against covert channels and unintended transmissions. You kind of want the optical gap between the systems.

Edit // off-topic. TFC project discussed earlier in this topic is for the most part finished, and ready for use: https://github.com/maqp
2  Other / Off-topic / Re: Data diode for high security on: April 27, 2014, 01:38:05 PM
Quote from: Cubic Earth on April 10, 2014, 08:54:17 AM
maqp - I finally read through the whole paper.  Nice work!  The one-time-pad is the way to go.  For high security applications I would definitely add two redundant sniffers onto my transmit line to make sure only properly encrypted packets were being broadcast.  The sniffers would have copies of the OTP to let them do the proper checks on the data.  The sniffers could have a buzzer or flashing lights or something, or even better an auto-disconnect, if they discovered any thing wrong in the outgoing packets.

This system could be applied to voice as well.  To stop any kind of timing analysis the outgoing data stream itself would have to be at a constant bitrate.  That would obviously limit what kinds of compression could be applied, and you would have to use a bigger one-time-pad.  I can't wait for the OTP to come back into style.  Or maybe just into style for the first time?  I am seeing myself always traveling with dvds or even blu-ray discs full to the brim of truly random bits, each one representing 5GB or 30GB worth of secure communication.  They will be numbered, and I will have a copy of each at home.  When my friends and I have run out of bits to pad our communications with, it will be time for another trip to meet in person.

Thanks. I hope the paper was easy to digest. The bad news is the entire system has been updated and thus the paper is partly deprecated. New paper is available at the same address.  Reddit has some discussion about the implementation: http://www.reddit.com/r/crypto/comments/23xee6/tinfoil_chat_043_pidgin_im_otp_endpoint_security/

I like the idea of a sniffer to verify traffic and hope you come up with implementation for it. A faster diode is required for VoIP; I'm afraid I've had no success implementing faster data rates, even with 1Mbps optocouplers.
3  Other / Off-topic / Re: Data diode for high security on: March 05, 2014, 12:28:14 PM
Quote from: Cubic Earth on March 03, 2014, 07:11:33 AM
Wow, I'm so glad you brought this thread back.  Looking forward to reading the paper.  Just flipped through it though - separate transmit and receive stations, each with diodes - that is the way to do it.

By the way, I was in Helsinki in October.  It's an amazing place.

Quote
main stumbling block I have come to is how to verify that the outgoing packets, leaving the computer you are typing on, have truly been encrypted with the intended public key.
You're right, without the private key you really can't. TFC's OTP encryption can be manually verified using ASCII conversion table (DEC values) and simple clock arithmetics and it's more secure than public key crypto. There are various downsides in convenience regarding OTP but easier auditability and not having to worry about algorithm security makes up a lot of it.

Hashes are used to verify no data errors were present during data diode transmission. From Pidgin you can check what type of message was sent to friend, but in theory a backdoor in both systems could of course send other type of data through serial and into network.

Quoting wikipedia:
Realtime spectrum analyzers are able to see signals hidden behind other signals. This is possible because no information is missed and the display to the user is the output of FFT calculations.

Moreover, you can use a Logic analyzer to store and view raw digital signals.

I'm really glad another person came up with almost the exact same implementation to improve security.
4  Other / Off-topic / Re: Data diode for high security on: March 03, 2014, 06:52:14 AM
Lifting up old topic. I've written a set of tools that utilize an external HW TRNG, OTP encryption together with data diodes to provide most secure communications on civilian market. Open design, FOSS software written with easy to understand python. Describing paper available at cs.helsinki.fi/u/oottela/TFC.pdf
Pages: [1]
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!