[Cryptech Tech] Crypto-Anarchist Federation TAZ/DMZ DML on BitMessage + "BitMessage Secure Station" Open-Hardware project and Cryptech RNG module :

★ STMAN ★ stman at riseup.net
Sun May 21 20:04:31 UTC 2017


Dear fellow Crypto-Anarchist comrades,

There is a new TAZ (Temporary Autonomous Zone) / DMZ (Demilitarized Zone) DML (Decentralized Mailing List) for the worldwide Crypto-Anarchist Federation available on BitMessage (Uncensorable, 100% P2P & decentralized, based on Libtorrent and Libbitcoin) where we invite all the Crypto-Anarchist to advertize their true Crypto-Anarchists projects.

Chan Name (Case sensitive, must be entered as written here): Crypto-Anarchist Federation
Chan Address : BM-2cWdaAUTrGZ21RzCpsReCk8n86ghu2oY3v

We have started a simple Open-Hardware project (Not yet implemented with fully Open-Core IC’s on FPGA, but it will come soon) in order to secure BitMessage against Keyloggers, Keyescrow, screen dumper, and enhance the anonymity of BitMessage when using it with TOR, solving issues with TOR that cannot be solved by software (All the fingerprinting identification family).

We contact you first to inform you of the existence of this channel.
Don’t be surprised by some nazi/FEDS trolls that come on it. It’s part of the game with uncensorable channels. Just ignore them, or blacklist them if they use personal addresses and not the chan address to post.

Then we have today planned to add a secure hardware RNG and of course, I have informed all my Crypto-Anarchist friends of your development on that matter, that are to me from far the best independent work I have seen worldwide.
We will add your RNG design in future versions of our « BitMessage Secure Station ».



Here are the goals of this Crypto-Anarchist Federation chan :
---------------------------------------------------------------------------------
This is the Crypto-Anarchist Federation channel were Crypto-Anarchists are invited wolrdwide to talk about topics that matter to them :

- Crypto-Anarchism and Crypto-Anarchist community worldwide, to share infos, actions and get organized better.
- Direct Crypto-Anarchist Actions.
- Crypto-Anarchist projects funding support requests.
- Crypto-Anarchist tools & projects list, annoucement.
- Support requests for Crypto-Anarchists in trouble with authorities.
- Crypto-Anarchist Federation technological roadmap and planning.
- Cyber-Security tips.
- Hacking Tools.
- Security Breaches papers & Workarounds.
- Crypto Analysis papers.
- New Crypto-Anarchist tools & projects.
- Crypto-Currency news, tools, & projects.

As there is no possible censorship on BitMessage public DML (Decentralized Mailing Lists) channels, we sometime face various kind of trolls, it's part of the game, and these last hours we had an unprecedant amount of trolling from FEDS and nazi, but we don't care. The goal here is to ensure Crypto-Anarchists can spread important informations to other.

The advantage of BitMessage is that nobody can indeed know that you are reading the chan : Reading a chan is really fully anonymous (We can demonstrate it).
Posting to a chan can be fully anonymous too using chan's address instead of personnal addresses.

As you will see in this chan, in order not to betray our fellow anarchists comrades' trust, we are working on the development of a simple open-hardware dedicated platform, the "BitMessage Secure Station", that will allow BitMessage users to reach military grade anonymity and privacy protection : The biggest mistake (We call it betrayl) of all the security/privacy free tools developpers is that they never want to take in consideration that their tools would work well on a perfect secure non backdoored and non backdoorable / compromizable computer, which don't exist yet.

And here I am clearly refering to the most important things Edward Snowden reminded us : "Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on. Unfortunately, endpoint security is so terrifically weak that NSA can frequently find ways around it." (Edward Snowden)



Here are our « BitMessage Secure Station » characteristics so far, for comment and remarks :
-----------------------------------------------------------------------------------------------------------------------------

Indeed, this project we are developping is aiming at solving the best as we can (Military grade) the issues Snowden perfectly described and reminded us about End-Points (Computers) weaknesses when connected to the internet, and we do it radicaly using the best state of the art known technics, consisting in using a double-computer architecture :

The draft "BitMessage Secure Station" hardware is detailed here : http://picpaste.com/BitMessageSecureStation-gYTXbL2l.png

As you will understand, this add-on project is not about, at least for the moment, doing any major change to the BitMessage software, but to create a dedicated hardware that solves security issues that cannot be solved with a "Mono-processor" architecture : In the architecture we are designing, we are using a 2 microprocessors + 1 microcontroller model :

• A first computer (Low cost Raspberry Pi, accessible to everybody for 30$) connected to the internet, that must considered compromized.
• A second computer fully air gapped from the internet, you will use this one to read/enter your messages securely.
• Interconnectiong both with a serial port, but for added security, this serial port goes through a "firewall" (Made out of a PIC microcontroller) that checks no side channels exist by ensuring the protocol defined for transfering data between the 2 computers is strictly respect, fitering at the same time time-based side channels on the serial port.
• The PIC Microcontroller handling two serial ports and relayings data between each port bidirectionnaly, with its software higly secured (coded in assembly language, with NO OS and NO Libraries).

We are simply taking in account the best state of the art knowledge in defensive cyber security in order to build an "hardend end-point", that can resist "NSA & friends" or "competitors" grade military attacks, therefore truly and proovenly protecting you from :

► Keyloggers malware protection :

It is achieved architecturaly by having a double processor system, with one computer being compromized and connected to the internet, and another one air-gapped and not connected to the internet : The messages in clear text are being entered on the computer not connected to the internet : Assuming that there is no side channel or hidden channel on the serial port connecting the two processors (Will be discussed below), even if there is a keylogger installer on the air gapped computer, it will not be able to transfer its data if we can ensure there is no side channel or hidden channels between the two computers.

► Keyescrow malware protection (Protection of KEYS.DAT and MESSAGES.DAT):

Same as above. (Prevent the private keys used by BitMessage from being stolen by agencies/hackers)

► Hardware integrated circuits serial numbers fingerprinting identification technic protection when using TOR or VPNs :

This problem is solved by dedicating a new hardware for the first computer, connected to the internet and that will be compromized, whose serial numbers where never associated to the user identity before : A brand new Raspberry Pi bought in cash in an electronic store is the perfect way to achieve this. It also mean dedicating this hardware exclusively for this usage, and never connect to it any device : Exemple : Never connect USB Flashdisc key to it, whose serial number, already associated to the user's identity, to it, because it would allow to extrapolate the identity to associate to the Raspbery serial number to the identity already associated with the USB Flashdisc key. Same thing for LCD screen : They transmit serial number (VGA, DVI, or HDMI) to the graphic card, and can have the same terrible effect as a USB flashdisc key.

We will have to give the user a list I have already been working on for years, of all the parts or subsystems known in a computer to have serial numbers.

Let's say this issue is a matter of respecting a strict security procedure.

► Hardware characteristics (Speed of each processor analysis) fingerprinting identification technic protection when using TOR or VPNs :

Same as above.

► Keystroke timing fingerprinting identification technic protection when using TOR or VPNs :

This problem is solved architecturaly exactly like the Keylogger protection above.

► Phrasing and wording fingerprinting identification technic protection when using TOR or VPNs :

We can use a trick many hackers know, and implement a kind of wording and rephrasing system : Using a translator for exemple, from english to french, and back french to english.... But there are other programs that do exist and to the job, There are many ways to do it indeed.

This issue is also solved architecturaly as the Keylogger protection mecanism described above.

► Side channel & hidden channels protection between the first and the second computers, interconnected through a serial port :

This problem is solved by inserting a microcontroller having two serial ports, on the serial link between the two computers :
If the technic of using two microprocessor conected with a serial port that offers the lowest attack surface possible, it can be improved greatly inserting a microcontroller that will do the following :

• Check that the little protocol we will have to invent and implement (And design as much hidden channel proof as possible) is correctly implemented, and that no other unwanted data are transmitted on the serial link.
• Fight the timing side channel attack surface on the serial port : Serial ports offer the lowest attack surface regarding side & hidden channels, but it is still vulnerable to timing-between-each-byte-sent-on-the-serial-port side channel. The microcontroller code can "filter" these timings by buffering and normalizing them. Time based side channels are well known, and must be & can be fighted.

As you see, when we where talking about giving you true crypto-anarchist tools reaching military grade security, we were not laughting at you, we were very serious about this.
We had enough bullshit driven by FEDS worldwide. We perfectly know were most of the problems are : End-Point weaknesses.
And we decided to solve it for BitMessage. BitMessage being already one of the best Crypto-Anarchist communication tool available, but as all other "good" tools, if they are running on comprimized weak end-point, it's USELESS.

We fight mass surveillance.
We fuck all big brothers.
And we master our art.

Crypto-Anarchist Federation contributors.
In solidarity to our Anarchists Antifa comrades.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.cryptech.is/archives/tech/attachments/20170521/dc445830/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <https://lists.cryptech.is/archives/tech/attachments/20170521/dc445830/attachment.sig>


More information about the Tech mailing list