what up cuties

You are viewing a single thread.
View all comments View context
0 points

This is sweet!

I had a similar idea a while back that I never fully fleshed out, but using WiFi mesh networking instead of lora. I figured lora was more specific, but I didnā€™t know as much about itā€™s long range capability. The idea was to build handsets using esp32 modules with external antennas, and build out a huge city wide mesh network working on wifi bands based on small, local repeaters (also ESP based). Esp32 since you can encrypt the onboard flash, theyā€™re pretty powerful and decently cheap.

Since your threat model here includes the most enthusiastic spy agency of any nation-state, I would be EXTREMELY careful about the firmware flashed onto the phones. Frankly, I donā€™t trust android or IOS for something like this - maybe using a linux ROM on android would be good enough, but Iā€™d say the preferable and way more labor intensive option would be to build your application specifically for your hardware, and only using open source packages. Iā€™d also encourage the ability to perform on-air key revocation, so if a radio is confirmed to have been compromised it can be removed from the talkgroup immediately.

Maybe using a pi would be a good idea, since the radio can communicate over both serial and usb? Or if you can manage to shave the code down enough, you could try to run it directly off of another microcontroller.

Iā€™d love to talk more about this if youā€™re able to, let me know.

permalink
report
parent
reply
1 point

but using WiFi mesh networking instead of lora

so I know for a fact we can use WiFi-Direct for a lot of this as itā€™s one of the things we regularly test at work. problem is the range is much shorter and that matters real fast when youā€™re surrounded by buildings.

The idea was to build handsets using esp32 modules with external antennas, and build out a huge city wide mesh network working on wifi bands based on small, local repeaters (also ESP based). Esp32 since you can encrypt the onboard flash, theyā€™re pretty powerful and decently cheap.

we actually explored doing this a couple of years ago as well. main issue came down to not having a suitable hub for a backhaul to the internet from which we could expand the network. weā€™re better situated now and might pick this up at some point.

Since your threat model here includes the most enthusiastic spy agency of any nation-state, I would be EXTREMELY careful about the firmware flashed onto the phones.

I mean more make a ROM myself to kill the wireless capabilities on the device, then ensure itā€™s done through mechanical damage to the antenna. this gets us as close as we can feasibly get to airgapped and our primary mode of attack becomes the radios themselves. we canā€™t solve the trusting trust problem, obviously, but we can do enough to make it so that the people using these have to be explicitly targeted by the NSA, using techniques weā€™ve only theorized to exist ā€“ Iā€™m ok with that for a prototype. with more time, thereā€™s a lot we can do to make the underlying network safer by, for example, abandoning tcp/ip (it assumes you can trust the network under you) for more suitable alternatives ā€“ these canā€™t compete with the maturity of tcp/ip, so any implementation time is going to be massive here. and thereā€™s a bunch of stuff like that.

maybe using a linux ROM on android would be good enough

yeah, this is definitely one of the things I want to try. weā€™re also considering not starting with phones and instead working up from like beagle boards or something but I think the form factor becomes too unwieldy, unfortunately. weā€™ll see, though ā€“ depends on how testing goes.

but Iā€™d say the preferable and way more labor intensive option would be to build your application specifically for your hardware, and only using open source packages

yeah, of course. the part I canā€™t do too much about are the firmware blobs to run the various hardware components on basically every android phone (reallyā€¦ itā€™s virtually every piece of hardware you might conceivably use for thisā€¦). one of the advantages here, though, is that these devices never, ever touch the internet and the goal is to kill all the radios but the one weā€™re attaching (a radio thatā€™s fully open hardware, open software, etc.). so there are only two modes of attack ā€“ try and get on the network and then spoof one of the other identities, a mode of attack thatā€™s actually well covered by signalā€™s double ratchet/libolm, or to get physical control of one of the devices. we have some thoughts on how to protect against this last mode of attack but this is an area where weā€™re going to be trying things and right now Iā€™m leaning towards ā€œwipe the device at the first sign of intrusionā€.

Maybe using a pi would be a good idea, since the radio can communicate over both serial and usb? Or if you can manage to shave the code down enough, you could try to run it directly off of another microcontroller.

yeah, definitely considering this. the main worry here is that the device is difficult to actually use in practice because people are very used to phones. remember that one of the goals is to get people to stop bringing their phones to anything even mildly spicy and to use these instead to talk to their comrades, instead (and we really are focused on that mode right now ā€“ Iā€™m not putting together any plans right now for trying to authenticate and validate communication between unknown parties for the forseeable futureā€¦ the plan right now is to force everyone into the same room together to generate and cross sign keys, and that will be the only way on to these things.) the usage model is already going to be strange for people and people working in a mode they donā€™t understand, taking shortcuts, or just bypassing security features altogether is a much more likely cause for compromise than anything else weā€™re discussing. that said, this was also my first thought when I sat down to try and put together a plan for this project and something much more custom is very likely if we make it to a second round of development (right now we really just need to prove to ourselves and others that this is viable in the first place, with the caveats of what this canā€™t protect you from up front and center).

and yeah, Iā€™m super excited about this and Iā€™d love to talk more. Iā€™m @therivercass:matrix.org, hit me up.

permalink
report
parent
reply

Post_Cats_on_Main

!main@hexbear.net

Create post

THE MAIN RULE: ALL TEXT POSTS MUST CONTAIN ā€œMAINā€ OR BE ENTIRELY IMAGES (INLINE OR EMOJI)

(Temporary moratorium on main rule to encourage more posting on main. We reserve the right to arbitrarily enforce it whenever we wish and the right to strike this line and enforce mainposting with zero notification to the users because its funny)

A hexbear.net commainity. Main sure to subscribe to other communities as well. Your feed will become the Lionā€™s Main!

Good comrades mainly sort posts by hot and comments by new!


State-by-state guide on maintaining firearm ownership

Domain guide on mutual aid and foodbank resources

Tips for looking at financials of non-profits (How to donate amainly)

Community-sourced megapost on the main media sources to radicalize libs and chuds with

An Amainzing Organizing Story

Main Source for Feminism for Babies

Maintaining OpSec / Data Spring Cleaning guide


Remain up to date on what time is it in Moscow

Community stats

  • 1.4K

    Monthly active users

  • 1.6K

    Posts

  • 13K

    Comments