Eternity - an alternative approach
-----BEGIN PGP SIGNED MESSAGE----- In one of the messages on the eternity thread someone suggested using radio signals. This is an interesting approach which certainly deserves further attention but digital radio requires special hardware which I prefer to avoid. However, some of the characteristics of radio signals can be emulated on the internet. Radio links are perfect for hiding the location of receivers. The equivalent for this is of course services like usenet and IRC. Both are already used for providing anonymity. Radio is also quite good at hiding the location of the transmitter - you tune your radio and the signals are just there, coming down your antenna. It takes special equipment to locate where they originated. It occured to me that the equivalent on the net would be to receive packets with invalid source addresses. They are just there, coming dowm the phone line to your modem. It takes significant resources and snooping on a massive scale to locate where they are coming from.. All this is assuming you can find some way to send a request with your address to the server. For eternity this means that the location of servers where documents are stored can be kept secret if they transmit the documents using packets with invalid source addresses. Receivers of eternity documents will not be able to tell where they are coming from. Since there is no bidirectional link between transmitter and receiver the protocol must be implemented over UDP. To protect against packet loss the data may be encoded with redundancy. The correction code can be similar to that used on RAID disk arrays - adding redundant blocks consisting of XOR of other blocks. Missing blocks can be reconstructed by XORing together other blocks received. To provide even better anonymity the transmitter may send the messages through one or more onion routers which decrypt one layer of encryption. These routers do not store information, do not know what information passes through them and do not know where it's coming from. Any packets they forward are sent without a valid source address. This should make them less vulnerable to attacks of all kinds. Can anyone speculate about their liability under US law? Putting caches on the routers will help both performance and security. Will it affect their liability in any way? If encryption is implemented properly all packets will look identical: blocks of random data of the same size and no source address. This will make traffic analysis difficult. The distance to the transmitter can be hidden by initializing the packet's time-to-live field to a value with random variations. That was the easy part. The hard part is to get the requests to the document servers without knowing their addresses. This can be done through the equivalent of remailer reply blocks or some kind of broadcast medium. The reply blocks would be implemented by the onion routers. Each hop could generate several copies, both for redundancy and as decoys. Packets used in reply blocks can look identical to packets with document data, including the use of invalid source addresses. In the broadcast version clients and servers subscribe to channels with many participants to hide their identity in the crowd. The system could use an existing service like IRC or a dedicated network, possibly based on modified IRC server code. Sympathizers with bandwidth to spare can subscribe too to provide better cover for the actual document servers. Servers could listen using trusted proxies or chains of semi-trusted proxies. The division into channels allows growth of the system if the total bandwidth of requests becomes too high. Using the public IRC networks has the advantages of being less suspicious and not requiring the deployment of new infrastructure. Requests could even be hidden steganographically in IRC traffic. Unfortunately, IRC server operators are touchy about abuse of their systems. Requests should be small. This allows replicating them to a large number of receivers without taking too much bandwidth. They can also be made to be of fixed size and contain no controversial information. Requests contain the document index as a compact one-way hash, the requester's IP address and the server's ID code. It may also contain hashcash or ecash payment. Requests should be encrypted to the server's public key. To keep them small, elliptic curve encryption may be used. A server may send random cover packets to hide the correlation between a request and its response. It may also add random delay before responding to the request. Delay will also help limit the bandwidth. Users of eternity need to be more patient that the average web surfer and the protocol should use generous timeouts. Since UDP has no flow control the server should always assume the client is using a modem connection and limit its transmission speed accordingly. Security has a price. The client software may be implemented as a local web proxy (in Java?) which identifies requests to eternityspace and converts them to this protocol. Public gateways may be set up to allow anyone to read eternity URLs. These public may also be used to protect the anonymity of the reader like the Anonymizer. Document servers and routers must be located on networks where there is no spoofed packet filtering. Since the common use of spoofed packets is in denial-of-service attacks more and more filters are being installed. It may become harder in the future to find places to put the servers and routers. I believe it should always be possible since it is not practical to implement filtering in places where there is a lot of traffic from different sources. In cases where the document server is located on a filtered network it may have to trust the routers to hide its location. This system is far from perfect: it has too many components and the weakest link is the transmission of requests to servers. I still believe it has some interesting sides which deserve further discussion. Your ideas are welcome. - ----------------- Kay Ping nop 'til you drop finger kping@nym.alias.net for key DF 6D 91 18 A6 59 41 96 - 89 01 69 B7 9D0 4 AE 53 -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia Charset: cp850 iQEPAwUBNL26txHPAso8Qp7tAQGLEAfPeRgIL3OqiG67CLBO9TCe/oV5lmw66Pz1 Wl17ajHeSCX6qjACSZ3La73drUjIftL0G/18PkLd48VGmsF6izCnXB4fh8MAB6Ve QWjhRTvRSkKkwXK4t2tx6CUCdxOaJ9Phd6J02Z+MdjEGJ3jAdUdaHWo5zM5i6Ris wkgATEhGMpw8tjlnvR4erwu51iSrt62huPWJXl1pjyPfQbl0iyQtcGdQ1spIWLJC oaOI7QchHK3LjSuzN54MVCjRdz8fiI6JHAUnlqqsW29LBOZQkSnQedORCuIALwqe qOhSxMKbciLdVde3BBtpILpz5y91ulAecxOOwcnc7m5Pjw== =iLP5 -----END PGP SIGNATURE-----
Kay Ping wrote on 1998-01-16 22:02 UTC:
Radio links are perfect for hiding the location of receivers.
Actually, this is only true for extremely carefully shielded military receivers and not for normal radios. Every receiver contains a local oscillator to bring the signal down to intermediate frequency (IF), which is emitting EM waves itself. In addition, the IF signal is emitted as well. As Peter Wright reported in his autobiography, British counterintelligence (MI5) used vans and planes already in the 1950s to detect spys while they received radio communication messages from Moscow and to protocol, which frequency bands the embassies were monitoring (operation RAFTER). Efficient receiver detection is an active process: You send out short bursts of a wideband jamming signal and try to find the downtransformed intermediate frequency equivalent of your burst in the compromising emanations of the receiver. This way, you get not only the location of the receiver, but also the precise frequency to which it is tuned. Locating radio receivers within a radius of many hundred meters this way was already state of the art in the spook community over 40 years ago, so you can safely assume that with digital signal processing, the performance parameters of modern systems have been increased significantly. Sending out spread-spectrum style pseudo-noise signals in the active probing bursts could give you in modern receiver detectors a considerable signal gain. Markus -- Markus G. Kuhn, Security Group, Computer Lab, Cambridge University, UK email: mkuhn at acm.org, home page: <http://www.cl.cam.ac.uk/~mgk25/>
Kay Ping wrote on 1998-01-16 22:02 UTC:
Radio links are perfect for hiding the location of receivers.
Actually, this is only true for extremely carefully shielded military receivers and not for normal radios. Every receiver contains a local oscillator to bring the signal down to intermediate frequency (IF), which is emitting EM waves itself. In addition, the IF signal is emitted as well.
As Peter Wright reported in his autobiography, British counterintelligence (MI5) used vans and planes already in the 1950s to detect spys while they received radio communication messages from Moscow and to protocol, which frequency bands the embassies were monitoring (operation RAFTER). Efficient receiver detection is an active process: You send out short bursts of a wideband jamming signal and try to find the downtransformed intermediate frequency equivalent of your burst in the compromising emanations of the receiver. This way, you get not only the location of the receiver, but also the precise frequency to which it is tuned.
Locating radio receivers within a radius of many hundred meters this way was already state of the art in the spook community over 40 years ago, so you can safely assume that with digital signal processing, the performance parameters of modern systems have been increased significantly. Sending out spread-spectrum style pseudo-noise signals in the active probing bursts could give you in modern receiver detectors a considerable signal gain.
Markus
Hi, I talked to some RF guys about the RAFTER attack about a year ago. Their opinion was that since modern receivers have GaAs FET mixers, they don't leak the LO or IF out the antenna like the old fashioned inductor based mixers did. This should be trivial to confirm with a spectrum analyzer. Eric
There has been quite a bit of discussion on the list of late regarding covert radio communication. I've been doing some investigation and have identified a promising low probablity of intercept technology for terrestrial, ground-to-air and earth-to-satellite communication. I'd like to assemble a small team to build and test a proof of concept. Anyone with interest and skillsplease contact me? --Steve
On Mon, Jan 19, 1998 at 01:55:55PM -0800, Eric Blossom wrote:
Kay Ping wrote on 1998-01-16 22:02 UTC:
Radio links are perfect for hiding the location of receivers.
Actually, this is only true for extremely carefully shielded military receivers and not for normal radios. Every receiver contains a local oscillator to bring the signal down to intermediate frequency (IF), which is emitting EM waves itself. In addition, the IF signal is emitted as well.
As Peter Wright reported in his autobiography, British counterintelligence (MI5) used vans and planes already in the 1950s to detect spys while they received radio communication messages from Moscow and to protocol, which frequency bands the embassies were monitoring (operation RAFTER). Efficient receiver detection is an active process: You send out short bursts of a wideband jamming signal and try to find the downtransformed intermediate frequency equivalent of your burst in the compromising emanations of the receiver. This way, you get not only the location of the receiver, but also the precise frequency to which it is tuned.
Locating radio receivers within a radius of many hundred meters this way was already state of the art in the spook community over 40 years ago, so you can safely assume that with digital signal processing, the performance parameters of modern systems have been increased significantly. Sending out spread-spectrum style pseudo-noise signals in the active probing bursts could give you in modern receiver detectors a considerable signal gain.
Markus
Hi,
I talked to some RF guys about the RAFTER attack about a year ago. Their opinion was that since modern receivers have GaAs FET mixers, they don't leak the LO or IF out the antenna like the old fashioned inductor based mixers did.
This should be trivial to confirm with a spectrum analyzer.
Eric
This varies a great deal. Generally cheap vhf/uhf scanners and the like radiate quite a bit of energy and can be easily seen on a spectrum analyzer at hundreds of feet (with no special effort). A good bit of energy escapes many scanners through the cheap and poorly shielded plastic case and power cords rather than leaving via the antenna, so even if a good broadband preamp is used between the antenna and the input of the scanner - which should effectively eliminate LO radiation from going out the antenna because the preamp is going to have to have a great deal of loss for energy routed through it backwards (output to input) or it would be unstable and oscillate - the signals radiated from the radio itself and the power cord will give it away. First local oscillator energy is the most easily seen radiation from scanners - IF radiation is much lower in level in most modern gear because of the very short lead lengths and comparitively low signal levels and good decoupling from the antenna - IF frequencies (save the first IF on many scanners) are low enough so the component leads don't act like a very good antenna because they are such a tiny fraction of a wavelength. High grade military/spook class receivers are much better shielded, some in fact to TEMPEST level specs, and don't have the problems that most cheap scanners for hobbiests have. If used with a good preamp ahead of them they are very hard to detect if the shielding is intact and undamaged (which may or may not be the case for a unit that has been kicked around for years and carelessly repaired and modified). But a fair number of modern HF (2-30 mhz) communications receivers and transcievers use no or very little RF amplification before the first mixer in order to maximize dynamic range and third order intercept and their 1st LO's (usually in the low VHF range) are not as well isolated from the antenna. However, most modern receivers use synthesized local oscillators phase locked to a local crystal oscillator and the LO is not as likely to be detectably modulated by the audio the receiver is receiving as was the case with the vacuum tube era communications receivers in the RAFTER era that used free running LC tuned oscillators. Power supply regulation and decoupling is much better in modern gear, and this combined with the use of phase locked synthesized oscillators means that while it may be possible to detect radiation from the receiver LO, it is not as easy to detect fm and am sidebands coming from the receiver audio which was the basis of a lot of RAFTER work. But sensitive spectrum analyzers are available and not uncommon these days, so anyone who is trying to operate an undetected receiver for any serious purpose now has the tools to determine just how much his gear is radiating. Of course the detection gear has gotten better too, but careful shielding up to and including faraday cages, use of good preamps and circulators and use of spectrum analyzers to check for stray radiation makes it less likely that someone will easily find a carefully hidden receiver than in the past. But a plastic cased consumer grade scanner from Radio Shack may be detectable a half mile away... or more... -- Dave Emery N1PRE, die@die.com DIE Consulting, Weston, Mass. PGP fingerprint = 2047/4D7B08D1 DE 6E E1 CC 1F 1D 96 E2 5D 27 BD B0 24 88 C3 18
-----BEGIN PGP SIGNED MESSAGE----- On Sat, 17 Jan 1998, Markus Kuhn wrote:
Kay Ping wrote on 1998-01-16 22:02 UTC:
Radio links are perfect for hiding the location of receivers.
[...]
As Peter Wright reported in his autobiography, British counterintelligence (MI5) used vans and planes
IIRC the BBC uses such vans to detect unlicened recivers in Brition. (However I have also heard that such vans are more effective at spreading FUD). - -- Please excuse my spelling as I suffer from agraphia see the url in my header. Never trust a country with more peaple then sheep. ex-net.scum and proud You Say To People "Throw Off Your Chains" And They Make New Chains For Themselves? --Terry Pratchett. -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQCVAwUBNMWHZKQK0ynCmdStAQFukQQAqRsMoLTPkunuFQWoyzvG7vLtRNEh0Xgf L/V/J9/O6PeCKXZhURMdR9FHQvsZ7ETS677LsuAdapoS+swwtRxWhwHBXdJkDa3M Oyz23S4Q3QR5WtvfRz7gj843yjpig7Hm/mwVUMTmUXC+lp6TXmKJAH/vFHyOkxPl CgFsMHGFUN0= =DeXr -----END PGP SIGNATURE-----
participants (6)
-
? the Platypus {aka David Formosa} -
Dave Emery -
Eric Blossom -
Kay Ping -
Markus Kuhn -
Steve Schear