Friday, October 12, 2012

More Security, Oscilloscope, and Wireless Foo

I've been experimenting further with Jaycar's YN8306. Dramatic increase in sensitivity once covers are taken off. Was able to see quadruple the number of access points at one test point than previously. Suspect that while some of the gaps in other USB wireless adapters that I've seen are for cooling but I believe that a secondary purpose may be to increase wireless signal permeability. Did some minor experiments with regards to different materials as an alternative for surrounding device but am surprised just how permeable/impermeable some substances are. Clear plastic, glass, can cut the sensitivity level significantly. Suspect that a cage type arrangement that protects the PCB but still allows it to 'breath' may be the best option. Would have to be careful with regards to turning it into a Faraday Cage type arrangement though.

http://en.wikipedia.org/wiki/Faraday_cage

While the device is advertised as being a 500mW device it's capable to 1000mW. Use the 'iw' command to change region and boost the possible transmission power (you'll notice that many chipsets run at lower power ranges for regional/legal reasons and to reduce power consumption. If you've ever analysed power consumption on mobile devices you'll realise how large of an impact it can have on battery life so turn off wireless capability whenever possible. It also helps with regards to security since there have been instances in the past of remote attacks (on poorly implemented network stacks) that have resulted in significant comprimises of system security didn't require authentication.).

It uses a combination of a 5dB external antenna and a single internal panel/smart/active/metamaterial antenna (unlike the Alfa's which often come with two external antenna combination). I may try to modify it to use a more conventional antenna system to see whether this would result in increased sensitivity but I suspect that this may require PCB modification (use a multimeter/continuity tester to understand how the thing is laid out) so I'll leave that for the less expensive D-Link DWA-125 A3.

http://en.wikipedia.org/wiki/Permeability_%28electromagnetism%29
http://en.wikipedia.org/wiki/Active_antenna
http://en.wikipedia.org/wiki/Smart_antenna

For those people who think it's easy to discern a signal from an existing waveform is simple think again. For people who watch the movies it's commonly assumed that there are programs and/or savants that can automatically distinguish a multiplexed signal from an existing waveform. Pure statistical analysis is possible but as we've seen with automated network traffic classification it is prone to false positives. Something I have been experimenting with is embedding or extracting particular instruments from songs as a means of investigating the possibilities in regards to stenography. As others have discovered it's not as simple as you think. It's possible but seeing as though songs are meant to molded together and embedding/multiplexing signals is the converse things are a lot of more complex. There are so many choices with regards to multiplexing, modulation, encryption, encoding, and you can even burst the traffic to make it appear as though it's simply random noise. I guess the only way you can assure that your power/existing infrastructure/communications doesn't have another signal multiplexed over it is to have equipment that have basically perfect waveforms (easier said than done) or have waveforms that are 'extremely' predictable. From this extracting any aberrations from the existing waveform should be a simple process of determining the difference between the final, modified waveform and the original waveform. Another alternative is using a common noise filter to find the primary signal and finding the difference between the filtered signal and the final waveform.

Have been thinking about communication system compromises. If we can assume a one to one, bit for bit representation of data then we can develop a means of accounting for the data that goes in/out. Of course, this only works for stream based ciphers. It doesn't really work for block based cipher systems. However, as long as the relationship between the the information coming in can be represented by a formula going out then we should be able to determine whether or not you may have been infected and therefore need to take precautions to protect your communications.

http://en.wikipedia.org/wiki/Stream_cipher
http://en.wikipedia.org/wiki/Block_cipher

I'm guessing the same could be roughly achieved with power usage as well. The difference in the amount of power that is consumed while a phone is actually active compared to when it is in standby mode is drastic (see figures/specifications for any phone. You can track it using a program such as 'Android Battery Dog'.). By using relevant power measurement/graphing software, having an idea of how the power consumption should occur under various conditions, having an understanding battery conditioning (age/usage will obviously result in reduced battery capacity) you can achieve a gain a better understanding of what is normal behaviour and what looks like a compromised communication device.

A variation of a project/idea I've been pursuing for a while.
http://gcn.com/articles/2012/06/14/nsa-tracking-data-life-cycle.aspx

I called it 'Algorithmic Masking' (their program seems to be a combination of 'Automated Research' (some other research I've been pursuing) and 'Algorithmic Masking' (published in 'Convergence' document)) though and didn't intend for it to be used for national security purposes though. I originally came up with it to protect the privacy of consumers in the cloud space. Either way, given the amount of data that the NSA are dealing with and the analysis that they want to do it will be a spectacular program/project if it pans out.

Been playing around with flux gel while soldering but also using higher quality solder/solder with a lower melting point. Suspect that the latter may be the better option. Incredibly easier to work with.

Flying Saucer Declassified (though knowledge of these programs have been around for a long time now).
http://news.cnet.com/8301-17938_105-57527236-1/declassified-air-force-plans-for-a-flying-saucer/
http://www.networkworld.com/community/blog/future-drone-surveillance-swarms-cyborg-insect-drones

If you don't have a spare system available, nested VM's are more than possible but would only recommend if you can supply at least the following for the nested VM:
- 2GB RAM
- 2 CPU
- 20GB HDD
- Intel Network Adapter (compatibility reasons)

For the actual system:
- 6GB/8GB RAM
- i3 or higher
- the bigger your HDD the better

http://blogs.citrix.com/2011/01/23/xenserver-in-virtualbox/
http://magictrevor.wordpress.com/2012/05/09/esxi-5-on-virtualbox/
http://www.virtualbox.org/manual/ch06.html

https://www.virtualbox.org/ticket/7842
http://www.sysprobs.com/install-mac-snow-leopard-1063-oracle-virtualbox-32-apple-intel-pc
https://forums.virtualbox.org/viewtopic.php?f=22&t=31104
http://forums.whirlpool.net.au/forum-replies.cfm?t=1993468&p=-1&#bottom

Really neat and quick if you haven't memorised the resister charting system yet.
http://www.hobby-hour.com/electronics/resistorcalculator.php

Interesting reading if you're interested in Security Engineering.
http://www.cl.cam.ac.uk/~rja14/book.html
A way to concatenate the PDF files if you require.
http://www.pdflabs.com/tools/pdftk-the-pdf-toolkit/

Alternative to when you don't have de-solder braid available is using copper wire (I use stranded wire from any broken network cables or coax cable that I around).
http://letsmakerobots.com/node/9269

http://news.cnet.com/8301-17938_105-57530019-1/dna-decay-rate-makes-jurassic-park-impossible/