[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

One Laptop Per Terrorist

A microcontroller as TCB doing OTP with HWRNG-generated keys. Sounds a
lot like the OTP-version of Tinfoil Chat ( github.com/maqp/tfc ). It
doesn't take a spy or terrorist to create something like this: TFC was a
hobby of a CS-student.

Distribution of key material isn't the big problem, keeping the keys
secure from end-point exploitation is as TAO, ANT-implants, COMMONDEER,
even these could be addressed in TFC - enforcing the need for close
access operations, close proximity malware injection or retro reflectors
and other HW implants is the only way to avoid untasked targeting from
becoming the mass surveillance of next generation; It's the sweet spot
of security, as the attack can not be automated, and the cost increases
linearly with the number of targets.

On 28.03.2015 03:02, Juan wrote:
> Seems to me that it's rather easy for terrorists to create simple
> hardware for at least secure text messaging (or more). 
> The recipe goes something like this :
> 1) a microcontroller.
> 2) a keyboard 
> 3) an 'old' lcd text display
> 4) eeprom memory - sd card
> 5) a bunch of discrete components for a noise generator.
> The idea is to mix all those ingredients plus code to get a system that
> can 
> 1) generate random data to be used as key in 'one time pad' encryption
> 2) input text messages (and encrypt them of course)
> 3) decrypt text messages to the screen
> (if the microcontroller can act as an usb host it maybe possible to get
> data from devices like cameras and encrypt it)
> The thing is, distribution of the key material should be trivial for
> any 'terrist' worth his salt.  So the only drawback of the allegedly
> secure one time pad isn't really an issue. 
> I'm guessing that any real 'spies' out there have been using something
> like this for a while.