Low speed, p2p, wireless as a secure alternative to SMS and Signal-like services.

[Steven Schear]

In the academic sphere the favored, publicly released, applications of
these technologies has been to improve spectrum utilization and jamming
resistance. However, these same technologies can also confir covertness.
While encryption can protect the content of communication covertness can
deny an eavesdropper the more important metadata of who is talking with
whom and when.

It is well known that early Spread Spectrum (SS) methods (both frequency
hopping, FHSS, and direct sequence, DSSS) were initially created for
military purposes though are now part of wireless industry standards. There
are other SS techniques, like chirp, chaotic and UWB, which have yet to
find broad use in commercial or consumer products. There are yet other SS
methods which are still either experimental or used only in military /
government applications. Sometimes these approaches can be combined to
significantly increase effectiveness.

There is a general acknowledgement of relationships, in wired
communications, between certain characteristics (e.g., latency) privacy and
security. The same generally holds true for wireless. In addition,
wireless links must often deal with varying and unpredictable channel
conditions.

Conversely, non-compliant wireless links (the only types of interest here)
can dynamically choose whatever spectrum fits within the hardware and
software capabilities and best suits the conversation at hand. It is also
free of service provider restrictions and costs.

One prominent way for wireless communications to acquire the covert
characteristics needed is by effectively masquerading as noise. This noise
can be from natural sources (e.g., lightning), non-communication radio
emissions (e.g., discharge type street lamps), unintentional communication
emissions or an uncontrolled mixture.

SIGINT analyst Eve may use a variety of specialized spectrum analysis tools
including Bragg Cell, electroptical, steering receivers to quickly scan
wide swaths of spectrum for signals of interests which can then be
investigated using narrower band devices. These devices can be terrestrial
or mounted on satellites.

All receivers have design tradeoffs mostly due to frequency coverage,
instantaneous bandwidth, noise figures, etc. Automated identification and
classification of unknown signals is an advancing art but still an inexact
science. If Alice and Bob use weak (very low spectral density),
intermittent, signals with very close similarity to noise they are,
individually, problematic for Eve. As the number of simultaneous, unrelated
and uncoordinated, parties share the spectrum the difficulty for Eve is
magnified even if she records the spectrum and attempts non-realtime
analysis. Despite massive SIGINT investments she is at disadvantage but the
intel agency narratives would have others believe they are all-seeing
all-knowing.

With proper covert tech the advantage can shift asymmetrically in favor of
Alice and Bob. The situation has similarities to mixing of blockchain
transactions. It's also similar to the challenge faced by parties defending
their online servers from hackers. The defenders must block any intrusions
the attackers must only find one good exploit to win.

To be continued...

On Sun, Oct 27, 2019, 3:03 PM Steven Schear <schear.steve at gmail.com> wrote:

> By choosing a different physical transport means a different and, I
> maintain, better set of security tradeoffs become available. Unlike
> approaches which invariably depend on the Internet and heavily monitored
> commercial gateways, I propose using infrastructure-less or
> non-permissioned commercial, single-hop, relays. It's not the
> electromagnetic spectrum isn't also monitored but that the efficacy of that
> monitoring is, unlike the former environment, much more limited by physics,
> channel conditions, information theory and the proper application of
> tradecraft by possible targets.
>
> Both as a hobbyist and professional I've delved into the practicality of
> utilizing and building on commonly available, even consumer grade, Software
> Defined Signal Processing  (SDSP, the use of the term SDR is verboten in my
> world due to its inherent regulatory implications) hardware and open source
> software. My investigations (some openly shared at Cypherpunk-oriented tech
> conferences) have led me to believe that even a moderate uptake of these
> SDSP technologies would effectively neutralize most or all SIGINT against
> parties who aren't already the subject of individual targeting.
>
> These technologies aren't some magical new creation but rather the
> integration and adoption of ideas already well studied and reported in
> academia but whose implementations are often not openly available for
> tailoring and testing, mostly due to unfounded fears of regulatory actions.
>
> To be continued...
>
> Join
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 5755 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks/attachments/20191028/ed80c39b/attachment.txt>