Pages:
Author

Topic: Corrupt OS defeats air gap. (Read 6347 times)

newbie
Activity: 7
Merit: 0
March 12, 2014, 03:50:40 AM
#29
grsec is nice. custom kernel and signing binaries. its a massive job.
avoid binary blobs, you dont know mike whats in the blob.

audit the source and package, use IDS (NIDS/HIDS). audit binaries also.

use decent network devices like something which gives you sources.

switch to opensource networking devices. viz openwrt or debwrt
to protect your network(ing) assets. if your networking assets are
compromised when no matter what you do your system will also
get eventually compromised.

"audit your system and network on 6 hour basis. " automate this
process.

ask application/device vendor for the source code. and audit it.

lastly the bios. its a PITA, try to go for devices which support the idea
of open source bios. disable computrace. computrace is a menace.

lastly security is not a blackbox device, that you install it and forget
everything else. you need to be proactive and must audit it to your
fullest capacity/capability.

look for the hardening guidelines, if you harden your OS, thats
the first step. then harden the hardware second step. then harden
your networking applications viz routers and switches.  then harden
the operation. use strong authentication methods. and lastly have
preying eyes to know who is preying on you. this proactive
approach can help you more than anything else.

lastly look for more information on the web, on what is the threat
scenario and what is/are the counter measures.

hth!
thanks!
-paul
full member
Activity: 205
Merit: 100
March 11, 2014, 08:17:20 PM
#28
Use an OS that predates Bitcoin. Windows XP or some old Linux distribution. Obviously install the vanilla version and don't update it.

The QR code method you propose also works. I believe that JustDice uses this method for transfers out of its cold wallet.

Yes I agree BUT don't make it too old or you'll run into random number generator issues like the Android one, and there was an ubuntu in 2008 or 2009 that had it too I think
newbie
Activity: 39
Merit: 0
March 11, 2014, 11:23:28 AM
#27
0) Read this about air gap: https://www.schneier.com/blog/archives/2013/10/air_gaps.html

1) Buy Blu-Ray-Rom, check the compatibility with linux before!

2) Download this two images of debian: http://cdimage.debian.org/debian-cd/7.4.0/amd64/jigdo-bd/

3) Burn two bd in secure way as it possible, this is what called "chicken and egg" problem:
 3.1) check the signatures..
 3.2) check the sha256sums
 3.3) md5sum....
 3.4) be very paranoid..
 3.5) Disable network physically.
 3.6) Block any EM as you can, e.g. go under the ground, into the cellar of your house. Where your mobile phone can't receive any signal.
 3.7) BURN!
 3.Cool Check burned image. dd if=/dev/bdrom | md5sum dd if=/dev/bdrom | sha256sum
 3.9) Make a duplicate, for availability and backup reasons.

4) This is main one. Set up really rugged Air Gap. Any Emanation must be locked. See, Schneier didn't made anything in this way, he only pluged network cable out.

 4.1) Keep cool jammer near the hands. Enable it everytime when you are doing something serious. Be very carefully, you make noise in this scope, this noise will bring a cops to your house in one hundred percents. Probably, jammer is optional device for your air gapped network.

 4.2) You need something like this http://cryptome.org/bema-se.htm or very very deep hole in the your cellar. Any electromagnetic emanation can be eavesdropped by thefts, and bring them kind of secret information about your job.

 4.3) Power supply must be rugged too. Read about history of American's spies, how they catch them self in the NYC, when in one house secret message was printed on the crypto-machine like Enigma, unbreakable crypto-text was eavesdropped by really simple antenna in the nearest building in pure clear-open-text form. Any your pressing on the buttons on the your keyboard made noise into the power network, each buttons little bit different from each others, physically, because e=mc^2, loops little bit different geographically, etc. The attacker with very sensitive device can eavesdrop your keyboard simply on the power line. See, https://en.wikipedia.org/wiki/Black-bag_cryptanalysis

 4.4) Never move anything except paper out.
      Once optical media, say DVD cross the air-gap line, it must stayed here or annihilated.
      See, your printer too may be marked on the factory side, or on the side of your supplier. NSA or something like that, CIA, FBI, Narco-Bosses could easily install kind of marker into your printer to see everytime is it your printer made this paper or not.

 4.5) Only optical media is acceptable for incoming vector. ( CD / DVD / BD )
      Any usb device may be bugged with second floor, one plug-in and your bios will be infected by malware, cause of design of USB protocol on the north-bridge's side.

 4.6) Bring new software only in the open-source form, with careful audit for system calls, use all kind of Jails, AppArmor or SELinux(NSA), and separate bare-hardware for experiments.

 4.7) Keep monitoring inside Air Gap for any signals:
      * http://nuand.com/bladeRF  300Mhz
      * http://greatscottgadgets.com/hackrf/ hackrf a project to build a low cost software radio platform. ( Can eavesdrop satellites )

5) Now you are in the nuclear-like bunker, and participator of 3-rd World War - Information warfare.
 Setup your local repository with two BD from paragraph 2: See, https://wiki.debian.org/HowToSetupADebianRepository
 You will be out-of-date for a long time, you can stay like that without a warning, because you are Air Gapped.

 In this 2 BD optical medias, thousands of softwares that you would like to have in your air-gapped network, bitcoind is one of this. Set it up, don't wait for complete of synchronization, off-line. Enter: `bincoind getnewaddress air-gap`, Take the priv key `dumpprivkey`.

You may generate any amount of addresses to keep cold wallet and prints its priv-keys out to receive money on the on-line station.



Client:
   Your portable / mobile station, say notebook, too might be rugged in cheap way by using low linux distributive with Boot-To-Ram option.
Check this project: http://www.slax.org/
You can always build similar distributive on the air-gap side. With debian tools like `live-build`. There is one problem, your air-gapped network is out-of-date. Somewhere you need to keep middle point to build secure updates into your mobile station. E.g. Tor ( torproject.org ) is your friend.

Snippet:
Code:
$ lb config noauto \
        --bootappend-live toram \
        --package-lists minimal \
        --linux-flavours clean \
        --binary-images iso \
        --bootloader grub \
        --debug \
        --verbose

$ lb build --debug --verbose

In this way, your software part, OS, programs, etc can't be infected. Never keep all eggs in the one basket, keep only needful information on the your mobile station, only todays passwords of e-mails, only todays keys of bitcoind, etc... Regular backup - is a main thing of your stability.

The same boot-To-RAM option may be used for air gapped machine. This prevent software part from infection clearly.

The hardware part is a more clandestine background. You can simply buy bugged hardware and your `out of air-gap game` is over.
See, https://en.wikipedia.org/wiki/Hardware_Trojan.

Between you and me and the lamppost, methinks that every Intel's CPU are bugged from times of Soviet Union Collapse, 486x -> Pentium I -> etc...  AMD - is a 3d copy of Intel HardwareTrojanHorse. The same with GPU, NVidia and Ati(AMD). This undeclared possibilities now coming as a feature, see Absolute Computrace technology:  http://www.absolute.com

The first models, x386, x286, x86, copied by Soviet Union very well. There were full / absolute replication of platforms and OS - DOS, with shameless renames of titles. On the stage of x486 this process has stalled, thanks to `shield technology`. This technology, something like https://en.wikipedia.org/wiki/Physical_Unclonable_Function for the first time prevents to copy chips. There is no way to extract circuit of nowadays Intel CPU, except to capture the laboratory of Intel. The technology to attack such circuit would be much more in cost than design similar CPU by yourself.
 
Back to the history of cypherpunks, OpenBSD project hosts the main site http://www.openbsd.org on the Sun platform - Spark, with native OS. This should tell something.

The other good thing is a box of freedom. Take a low cost bare hardware and launch relay of Tor network. Configure Isolating Proxy. See, https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/IsolatingProxy

BEAWARE, there are still thousands of attacks, to instill a healthy level of paranoia:

 * Evil Maiden.  
Quote
Your main gate can be high and strong and crawling with orcs, but miss one single little spider hole, and two hobbits can ruin your whole day.

 * Security Service.
Quote
 If you are think that they don't track you, this is not mean that they are not track you.
TEMPEST or, "Hey! Who owns that van/RV/delivery truck outside? It never moves!"

You are probably have no chance to hide anything if they are marks you as a `Person of Interest`. See examples: Julian Assange, and things can go wrong, see Chelsea Manning trying to change his sex.

I can bring you millions of great names of folks who were chased by SS. Like John Forbes Nash, Jr. or Bobby Fischer. Probably, most of us are know much of them, but no one knows how to fold.


http://www.saunalahti.fi/parazite/defactodejure.png

de jure NOT FREE LAND
de facto NOT FREE LAND
NOT LAND

http://www.saunalahti.fi/parazite/index.shtml

John Forbes Nash, Jr. has tried to run away from CIA, he took not a right door - France, the only one way to run away from one land to another is to choose right door. He was very clever man, he knew that Communism in Soviet Union was a fake. There are thousands of examples of the Military Junta in the humanity history, the Soviet Union was a greatest example of the Spy Junta.
 
Todays Russian's FSB (KGB) is a branch office of CIA, not more. It is ultra-right wing of the New World Order. Everything what you can see on the youtube about the Ukraine now - is a theater of socket puppets of KGB and CIA. This Russian Army in the Crimea is the last accord of pop composition of Secret Services that plays their bloody game for a two years. See, there are up to 10 similar revolutions across the post Soviet Union. Everytime there is one scenario - they burn out the center of the capital and win.
member
Activity: 247
Merit: 10
March 11, 2014, 05:08:44 AM
#26
Using linux OS would is rather safely
full member
Activity: 128
Merit: 107
March 11, 2014, 02:51:37 AM
#25
Offbit was made for exactly this purpose: https://bitcointalksearch.org/topic/annrfc-offbit-off-grid-bitcoin-txs-v0001-488915

You can use it like this:
* pre Bitcoin computer without wifi, bluetooth
* pre Bitcoin live CD OS
* signing code never in contact with anything but clean OS
* only volatile memory in contact with your privkey
* all code in Python relatively easy to review without any dependencies to install
legendary
Activity: 3472
Merit: 1722
March 09, 2014, 08:22:06 AM
#24
Somebody told me they use an air-gapped PC and only transfer information between the two with webcams and QR codes... seemed pretty bulletproof to me (I know, I know... nothing is bulletproof).

I think dooglus uses this method for transferring just-dice funds.
member
Activity: 118
Merit: 10
March 09, 2014, 07:28:02 AM
#23
Of course, if the OS cannot be trusted, then the photo method won't work anyhow.

How can you be sure that when the bitcoin address was generated, the OS didn't supply a false "random" private key?  Perhaps the OS uses a hidden algorithm to provide private keys that appear to be random, but which are actually predictable?

This is why I think a 3-tiered architecture should exist for cold storage.

1) Key generation device: Simple device which takes some entropy and generates a private key / HD wallet.  This could do it using coin flips, or with a tamper proof, trusted RNG.  It doesn't have to be a full fledged computer with OS.
2) Offline signing device: Used for storing the private keys and signing transactions.  This could run on any pre-bitcoin OS as suggested by someone else on this thread, or a modern OS image that you trust.  So long as it is airgapped, the keys shouldn't ever be compromised.
3) Blockchain management device for generating unsigned transactions and transmitting signed transaction to the bitcoin network.

The tricky part is making sure that the signed transaction from device 2 does not contain some kind of hidden encoding of your private key.  But that should be unlikely if device 2 isn't compromised with malware.
sr. member
Activity: 406
Merit: 252
March 08, 2014, 08:51:13 PM
#22
Aside from the aforesaid air gap suggestions, don't overlook your operating system.

Also consider your opinion on binary blobs.

Depending on one's skill-level and paranoia, I suggest the aforesaid Trisquel, gNewSense, or other FSF-endorsed OS.

Or one could try an offbeat OS like KolibriOS, or, if you want to get your hands dirty, BareMetal OS.

AmigaOS on a Big Endian machine would work for some people. The BSDs and some linux distros run on PowerPC/Big Endian architecture. Security via obscurity and/or obsolescence.

FreeBSD has many virtues, including: https://bitcointalksearch.org/topic/we-cannot-trust-intel-and-vias-chip-based-crypto-freebsd-developers-say-370435

Absent compiling from source from trusted code, one could always order an official distribution disc. OpenBSD discs ship very fast, are incredibly secure, have spectacular documentation, and have the famous ports collection.

From a hardware perspective, computers that predate Bitcoin are ideal for the hyper-paranoid.

All really depends on one's needs, but there are many options available.
legendary
Activity: 1008
Merit: 1000
March 08, 2014, 12:18:03 PM
#21
Somebody told me they use an air-gapped PC and only transfer information between the two with webcams and QR codes... seemed pretty bulletproof to me (I know, I know... nothing is bulletproof).
member
Activity: 80
Merit: 10
Lead developer
March 08, 2014, 10:50:58 AM
#20
@jubalix: When setting up two-factor, you usually have an option to remember some kind of recovery code, that you can use later should you ever lose your phone. Even if you don't have it, we would get you through the user verification procedure again to make sure it's not a hacker who tries to access your account, and if everything's fine we would disable 2-factor temporarily so you could sign in and set it up again.
legendary
Activity: 2632
Merit: 1023
March 08, 2014, 08:49:02 AM
#19
I know it's hard to understand because systems like Mt. Gox created a mindset in people that you are totally blind regarding your Bitcoins. That's not the case with multisignature-based services though!

Problem: People STILL don't know what happened to Mt.Gox coins. Whose hands they are now, when exactly they were transfered, what addresses the cold storage was on, etc., etc.
Solution: In a multisig service you can monitor your wallet in real time on the blockchain. If we somehow stole coins from you, you would know that immediately. We would have no excuse.

Problem: When a centralized service fails, often all users lose money. That was the case for Mt. Gox, inputs.io, Flexcoin and others.
Solution: You cannot steal from all users in a multisig service, unless Bitcoin itself has some fatal flaw (in which case we're all doomed). It could be possible to plant malicious javascript to the website, but that would be detected quite quickly and only a handful of users that were using the site at that specific time could be harmed. The "reward" is much, MUCH lower for a thief, so there's less incentive to risk a criminal act.

Sample scenario: let's say that at some point we have 10,000 BTC in our wallet (hint: we have *much* less at this moment). Most users only store few BTCs in their wallet, and only 5% of Bitcoins is in active usage at any given moment. So if we're lucky, we're get 500 BTC out before people find out. Is ~250,000 EUR worth risking jail time? For an individual, maybe. For a trade registered AG company with 75,000 EUR founding capital, not so much I think.

i never  quite undestodd with  2fa eg google authenticator or phone based system, what happens if you loose your phone???
member
Activity: 80
Merit: 10
Lead developer
March 06, 2014, 06:24:11 AM
#18
I know it's hard to understand because systems like Mt. Gox created a mindset in people that you are totally blind regarding your Bitcoins. That's not the case with multisignature-based services though!

Problem: People STILL don't know what happened to Mt.Gox coins. Whose hands they are now, when exactly they were transfered, what addresses the cold storage was on, etc., etc.
Solution: In a multisig service you can monitor your wallet in real time on the blockchain. If we somehow stole coins from you, you would know that immediately. We would have no excuse.

Problem: When a centralized service fails, often all users lose money. That was the case for Mt. Gox, inputs.io, Flexcoin and others.
Solution: You cannot steal from all users in a multisig service, unless Bitcoin itself has some fatal flaw (in which case we're all doomed). It could be possible to plant malicious javascript to the website, but that would be detected quite quickly and only a handful of users that were using the site at that specific time could be harmed. The "reward" is much, MUCH lower for a thief, so there's less incentive to risk a criminal act.

Sample scenario: let's say that at some point we have 10,000 BTC in our wallet (hint: we have *much* less at this moment). Most users only store few BTCs in their wallet, and only 5% of Bitcoins is in active usage at any given moment. So if we're lucky, we're get 500 BTC out before people find out. Is ~250,000 EUR worth risking jail time? For an individual, maybe. For a trade registered AG company with 75,000 EUR founding capital, not so much I think.
sr. member
Activity: 294
Merit: 250
March 06, 2014, 05:53:41 AM
#17
The good thing about our approach is that you don't have to take my word for it. All of the code that handles Bitcoin is in uncompressed Javascript for everyone to inspect. You can also check network requests to see exactly what's happening. Of course you need to have some knowledge to perform this kind of audit, but if you don't, someone else will. We couldn't possibly try to do anything fishy here that would go undetected.

I have no doubt your 100% correct.

However does it matter if you are detected when the pot is worthy of a criminal act. Hell is it even a crime to steal bitcoins and if so in which country and with what kind of recourse for the victim?

Please don't think I am some noob ( I am really a tec noob) that's having ago at your product. I don't mean to do that at all and out of personal interest and respect to you I will take some time to have a good read up on it.

Point I am trying to get at is it seems without Companies being truly accountable (fear of punishment) for screw ups and outright fraud with respect to btc what is stopping them?

Things need to change if we want mass adoption and we have to understand not everyone wants to understand the blockchain or how to make things secure they just want it to work and not be terrified of loosing wealth to hackers every time they turn their PC/phone on. Or does the bitcoin global future only belong to the few? I for one have no wish to become the 1%


Again not directed at you at all I take my hat off to anyone trying to make bitcoin a safer and better world.
member
Activity: 80
Merit: 10
Lead developer
March 06, 2014, 04:06:28 AM
#16
The good thing about our approach is that you don't have to take my word for it. All of the code that handles Bitcoin is in uncompressed Javascript for everyone to inspect. You can also check network requests to see exactly what's happening. Of course you need to have some knowledge to perform this kind of audit, but if you don't, someone else will. We couldn't possibly try to do anything fishy here that would go undetected.
sr. member
Activity: 294
Merit: 250
March 06, 2014, 04:00:23 AM
#15
Sure sounds great but.. your far more tech smart than the likes of myself this requires me to trust in you?

No you might say but if I don't understand the details of what your doing then how can I really have a clue if its safe?

I know we can never have anything really safe I get that but we need more than than promise's now days.

Bitcoin is far ahead of just about every law enforcement agency in the world. I just don't see how this can go mainstream without the bloodied piles of victims along the road to mass adoption.

Way I see it its these victims (like myself) that are holding up mass adoption. Every victim is one more human being with a bad story to tell about bitcoin.

The one answer my little brain can come up with is accountability. From my experience many crimes don't happen because people fear getting caught. No one ever seems accountable for lost bitcoins.

Disclaimer: I still believe in bitcoin.
member
Activity: 80
Merit: 10
Lead developer
March 06, 2014, 02:40:51 AM
#14
This is exactly the issue we solved with Bitalo, where you can create a multisignature wallet that will be safe even if your computer is compromised when setting it up. To achieve that we use MePIN 2-factor authentication, which unline Google 2FA talks directly from our servers to your mobile device, so your computer never sees the secret key for 2-factor.

So now to move your funds from your Bitalo wallet you have to:

- know your account password (which also acts as a key to unlock your part of private key) - this will be known to the attacker because your computer is compromised
- have your mobile device with MePIN app, that will confirm that the transaction is legit. Again, your computer doesn't take any part in it - you just press a button in the MePIN app and their servers send a message to ours that this request is OK.

Only after BOTH of these steps completed we proceed to sign your transaction with our private key and only then it gets submitted to the network and accepted.
sr. member
Activity: 294
Merit: 250
March 06, 2014, 02:18:05 AM
#13
I am not a super tec guy like many here but would consider myself above average joe on the street.

If I have constant fears that my cold storage is not safe even if I installed The bitcoin client on a clean Laptop made physical back ups then turned it off how then on earth is this ever going to get adopted by the mainstream?

hero member
Activity: 784
Merit: 1000
March 05, 2014, 12:32:00 PM
#12
If you want to get down to the bottom of it, no code that you don't personally authored can be trusted. http://cm.bell-labs.com/who/ken/trust.html
full member
Activity: 128
Merit: 107
March 05, 2014, 04:05:41 AM
#11
Use offbit: https://bitcointalksearch.org/topic/annrfc-offbit-off-grid-bitcoin-txs-v0001-488915

You can use an offline computer without your privkeys ever coming into contact with persistent storage.

legendary
Activity: 1031
Merit: 1000
March 04, 2014, 11:05:08 PM
#10
what is the solution to this?

the only sure fire way I can think of is you would photograph a qr code that held the signed transaction then this photo could be uploaded onto the client.

Someone already made this solution for Armory.
Pages:
Jump to: