Low speed, p2p, wireless as a secure alternative to SMS and Signal-like services.

[Steven Schear]

Unlike encryption, which is generally practiced at intermediate wireless
communication protocol layers, implementing covert features  requires
fundamental new tech at the PHY. In commercial stacks the PHY is invariably
implemented in hardware so a prototype (or a limited production) device
using this new tech requires the use of either a FPGA or software
implemented on a GPP. For prototyping on GPPs Matlab or Gnu Radio.

For pure wireless communications I prefer either Point-to-Point (PTP) or
single hop satellite links.


Satjacking
Satellites, especially geosynchronous, have advantages in channel quality
and bandwidth (often 100s of contiguous MHz spread across several
transponders). However, they generally require a good directional antenna
(to compensate for high path losses) and raise issues of being located by
multi-satellite Time-of-Arrival (ToA) or ground based surveillance methods.
Non-geosynchronous birds have individually limited ground visibility,
require somewhat complex doppler shift compensation, expensive and complex
tracking antenna mounts.

ToA can be mitigated by proper tradecraft or by nearfield antenna
techniques, sometimes employed in avionics to prevent ground based
detection of aircraft missile targeting signals.

The great advantage of satellites are their coverage area, high link
quality and that most still use "bent pipe" relay architectures. Although
recent implementations now use techniques (e.g., FFT and IFT) to clean
uplink signals before retransmission they are limited to notching out
frequencies and cannot be applied to offending broadband signals,
especially of the type under consideration.

To be continued...

On Mon, Oct 28, 2019, 11:33 AM Steven Schear <schear.steve at gmail.com> wrote:

> In the academic sphere the favored, publicly released, applications of
> these technologies has been to improve spectrum utilization and jamming
> resistance. However, these same technologies can also confir covertness.
> While encryption can protect the content of communication covertness can
> deny an eavesdropper the more important metadata of who is talking with
> whom and when.
>
> It is well known that early Spread Spectrum (SS) methods (both frequency
> hopping, FHSS, and direct sequence, DSSS) were initially created for
> military purposes though are now part of wireless industry standards. There
> are other SS techniques, like chirp, chaotic and UWB, which have yet to
> find broad use in commercial or consumer products. There are yet other SS
> methods which are still either experimental or used only in military /
> government applications. Sometimes these approaches can be combined to
> significantly increase effectiveness.
>
> There is a general acknowledgement of relationships, in wired
> communications, between certain characteristics (e.g., latency) privacy and
> security. The same generally holds true for wireless. In addition,
> wireless links must often deal with varying and unpredictable channel
> conditions.
>
> Conversely, non-compliant wireless links (the only types of interest here)
> can dynamically choose whatever spectrum fits within the hardware and
> software capabilities and best suits the conversation at hand. It is also
> free of service provider restrictions and costs.
>
> One prominent way for wireless communications to acquire the covert
> characteristics needed is by effectively masquerading as noise. This noise
> can be from natural sources (e.g., lightning), non-communication radio
> emissions (e.g., discharge type street lamps), unintentional communication
> emissions or an uncontrolled mixture.
>
> SIGINT analyst Eve may use a variety of specialized spectrum analysis
> tools including Bragg Cell, electroptical, steering receivers to quickly
> scan wide swaths of spectrum for signals of interests which can then be
> investigated using narrower band devices. These devices can be terrestrial
> or mounted on satellites.
>
> All receivers have design tradeoffs mostly due to frequency coverage,
> instantaneous bandwidth, noise figures, etc. Automated identification and
> classification of unknown signals is an advancing art but still an inexact
> science. If Alice and Bob use weak (very low spectral density),
> intermittent, signals with very close similarity to noise they are,
> individually, problematic for Eve. As the number of simultaneous, unrelated
> and uncoordinated, parties share the spectrum the difficulty for Eve is
> magnified even if she records the spectrum and attempts non-realtime
> analysis. Despite massive SIGINT investments she is at disadvantage but the
> intel agency narratives would have others believe they are all-seeing
> all-knowing.
>
> With proper covert tech the advantage can shift asymmetrically in favor of
> Alice and Bob. The situation has similarities to mixing of blockchain
> transactions. It's also similar to the challenge faced by parties defending
> their online servers from hackers. The defenders must block any intrusions
> the attackers must only find one good exploit to win.
>
> To be continued...
>
> On Sun, Oct 27, 2019, 3:03 PM Steven Schear <schear.steve at gmail.com>
> wrote:
>
>> By choosing a different physical transport means a different and, I
>> maintain, better set of security tradeoffs become available. Unlike
>> approaches which invariably depend on the Internet and heavily monitored
>> commercial gateways, I propose using infrastructure-less or
>> non-permissioned commercial, single-hop, relays. It's not the
>> electromagnetic spectrum isn't also monitored but that the efficacy of that
>> monitoring is, unlike the former environment, much more limited by physics,
>> channel conditions, information theory and the proper application of
>> tradecraft by possible targets.
>>
>> Both as a hobbyist and professional I've delved into the practicality of
>> utilizing and building on commonly available, even consumer grade, Software
>> Defined Signal Processing  (SDSP, the use of the term SDR is verboten in my
>> world due to its inherent regulatory implications) hardware and open source
>> software. My investigations (some openly shared at Cypherpunk-oriented tech
>> conferences) have led me to believe that even a moderate uptake of these
>> SDSP technologies would effectively neutralize most or all SIGINT against
>> parties who aren't already the subject of individual targeting.
>>
>> These technologies aren't some magical new creation but rather the
>> integration and adoption of ideas already well studied and reported in
>> academia but whose implementations are often not openly available for
>> tailoring and testing, mostly due to unfounded fears of regulatory actions.
>>
>> To be continued...
>>
>> Join
>>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 8134 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks/attachments/20191028/2207ac3f/attachment.txt>