[Cryptech Tech] Roadmap & remarks about the opportunity of developing a secure TOR router on the Novena platform.

★ STMAN ★ stman at riseup.net
Sat Aug 2 16:41:19 UTC 2014


Hello Randy,

Yes.

With Linus (TOR Team), we are having two goals :

- Find a suitable development environment to implement secure TOR routers with 100% self made electronics (The closed path to this goal is using FPGA (That are NSA backdoored sometimes: The JTAG module can be remotly controled with top secret hidden channels)) using FPGA and self design processors / peripherals (Ethernet Port, Memory controllers, USB Controller, PCIe bus, serial ports, etc..: Let’s say a self made SoC) in VHDL : This is the best solution we have to get as much control of the hardware as possible, and then port a self-made IP Stack inside this environment and also port the TOR daemon routines in this environment : In order to reduce the software attack surface, we exclude, for now, using ANY KIND OF OS, as long as for such particular application where we just need to implement a TCP/IP stack and a few other things, is it not necessary to have an embedded OS. Doing so, we are drasticaly reducing the attack surface of the whole system : The hardware, and the software attack surface too.

- Communicating with the PC and any other kind of OS (Debian, Mac OS, or what ever) is just a facility. We are not obliged to have the PCIe part of the FPGA design operationnal. It is perfectly possible to keep both systems completly isolated one from the other.

Let’s say it is just a commodity.


In the future,

We will use a new generation of self-made microprocessor architecture that is able, by design, to stop ALL THE LOW LEVEL security breach family : Stack Overflow, Buffer Overflow (And all their cousins: Integer Overflow), but also, the most dangerous low level way of exploiting such low level security breach : ROP (Return Oriented Programming). This new processor also stops by design all ROP exploits.

This new generation of processor is still in its prototyping phase.

When ready, we will not only build hyper-secure routers and peripherals, we will also provide our crypto-anarchist community with full FPGA based secure computers, much more secure than the security level of the Novena, which is just, to me, a good application note of « Freescale » most powerfull SoC : One of the biggest blackboxes ever. The implementation of an FPGA in the Novena, as is, is just for marketing reasons for the moment : They can say « We have an FPGA inside ». But the way it has been inserted in the design of the computer itself doesn’t allow the user or developper to do anything interesting with it, until Novena dev team accept to do a few changes in the design which they refused until now.

As we all know, FreeScale was unfortunatly bought by the CIA.
And as we should also know (See Snowden leaks about hardware TAO implants) , ARM and XILINX are cooperating with the NSA : They are the manufacturers of most of their hardware implants chips.
Then, for the sake of it, let’s say big brother « culture » , we learned this week, after MOSSAD was hacked by Anonymous, that MOSSAD has implanted backdoors into several Basebands chips on the market.

What a wonderfull world we live in.


As a crypto-anarchist, I am doing political lobbying with a few others in Europe so that the European Parlmanent would invest in a plant of Free FPGA :

We definitnly need Free FPGA to be able to get our privacy back.

I’m looking forward to hearing from you,

Kind regards,

@Stman 
 

Le 2 août 2014 à 18:01, Randy Bush <randy at psg.com> a écrit :

>>> For the replacement of the Novena which is not « suitable » for
>>> prototyping secure TOR routers
>> And the pee cee is such a safe environment. and very few of the parts
>> at NSA poisoned.
> 
> sorry, i was not well-focused on you wanting this for tor routers.  i
> have no idea what is a good environment there.  we are focused on
> function and as much assurance as we can get for a development
> environment.
> 
> randy

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <https://lists.cryptech.is/archives/tech/attachments/20140802/041e1f9c/attachment.sig>


More information about the Tech mailing list