<moved to misc@; it's still not on-topic, but this message may be somewhat interesting>
On Fri, Oct 10, 2014 at 07:31:50PM -0400, Ian Grant wrote: > I want to try to implement some form of concealed port knocking in > OpenBSD, along the lines of Martin Kirsch: > > https://gnunet.org/sites/default/files/ma_kirsch_2014_0.pdf Looking through the abstract and introduction, that's just port knocking. As the paper points out, "Port knocking is a well-known technique to hide TCP servers from port scanners". (The thesis does aim at security against a global eavesdropper, which is not traditionally a goal of port knocking; and the implementation does try hard to work with existing software, which is nice. I don't think port knocking is actually useful - see below - but this does look like a competent execution of its concept.) > The application is electronic democracy. I want to demonstrate how it > is possible to do secure comms. over untrusted networks and hardware. But it *isn't* possible to do secure comms from/to compromised hardware; that is what "compromised" means. Note that the thesis above merely aims at cryptographic port knocking; a global adversary can still just read the unencrypted traffic. The thesis also requires a pre-shared key; if you have a PSK, why not use real crypto (e.g. a VPN) instead? Also, note that securely pre-sharing keys is a pain even in a small group of friends; there is no way you can scale that to "every human in the world". > I hope to be able do this by carrying out a global referendum. See > > http://livelogic.blogspot.com/2014/10/the-foundation-parts-iii-iii.html A very quick read shows that you want to do, roughly, electronic voting. A number of proposals exists to achieve secure (or verifiable) electronic voting; I believe you should be able to find fairly accessible introductions to the cryptographic scheme proposed by Ron Rivest (of RSA fame). No proposal that I'm aware of even contemplates using compromised hardware, though, and all proposals assume a functioning census. > My plan is to use a virtual interface which magically shows behind the > physical interface when connections are made with the right ISN key in > the SYN packet. If the ISN is not one of the 'knocks' then the > connection sees the ordinary physical interface. > > Then I want to make a connection between applications and the TCP > stack so that the knocks can be determined only by data from within > the VPN. Then the knocks will vary non-deterministically. To bootstrap > into the VPN a machine will need a direct trusted connection to > another machine which is already in the VPN, and which can send it the > initial knock key sequence which will allow it to handshake into the > VPN, and thereafter have a connection. > > The VPN will be tunneled over TCP and/or IP datagram connections. > Within the VPN the routing and representation of data within real TCP > network packets will also vary non-deterministically according to data > passed over the VPN. > > The VPN will be used for trusted core protocols for authentication, > key-exchange and verification. So it need not carry such high volumes > of traffic The bulk of data will be carried over the exposed network. > > If anyone here has a better idea, or any other useful advice (even if > it's "this has already been done!" or "It won't work," but please > explain exactly why.) or pointers: I am new to this game: I have never > seriously looked at network protocol driver code in OpenBSD or any > other OS. This is way too large; start with something *much* smaller. Very smart people have been working on the kind of things you're thinking about for decades; you're not going to solve this in a weekend, or in just a hundred lifetimes. Some things that you may find interesting: - http://curvecp.org/: djb's "encrypt the whole internet" scheme. One useful first contribution might be to get the efficiency measurements that http://curvecp.org/efficiency.html promises; this is not easy. - Tor is the most realistic choice for internet anonymity at the moment; there are plenty of issues with it, but it's something. Consider setting up a tor node; do not set up an exit node without consulting an appropriate legal professional. - the global poor are getting more and more access to mobile (dumb-)phones; consider things like http://en.wikipedia.org/wiki/M-Pesa. It has been very hard for the open source world to do much of anything in this area, since (a) it's desperately uncool and (b) telecom companies are hesitant to allow any arbitrary code on their devices. Nonetheless, some (extremely ambitious) projects might be worthwhile: + try turning Karsten Nohl's research into something like Cydia, a platform for rooting SIM cards and installing custom applications on them. Again, consult a legal professional; this is definitely not legal everywhere. + create an e-voting application and bring it to market with the telecom operators' approval. This has probably been tried. (Again, there is a political dimension to this, which I'll hint at by saying "informed voter".) + investigate this area more - I'm not even remotely competent. - Estonia is running some interesting experiments, notably http://e-estonia.com/e-residents/become-e-resident/. Do note http://en.wikipedia.org/wiki/Electronic_voting_in_Estonia ("computer security experts (...) have voiced sharp criticism"). There are also many political dimension to this; that is even less appropriate for misc@. Do consider concepts like "coercion", "buying votes", "informed voter", etc. (This was enough of a diversion; I'll shut up now, and my apologies to anyone unhappy to receive this message.) Joachim
