Schneier on Security

Clive Robinson • December 28, 2019 5:07 PM

@ SpaceLifeForm,

Aside from our little tweety friends down at the coal face, something else caught my eye.

I’ve occasionally mentioned that English as spoken and written has issues that are almost Escher like, that is you say something with one meaning and it is heard as a different meaning (like the opticall illusion of two faces that can be seen as a vase).

As an example this from Cloudflare,

In August 2019, Cloudflare terminated service to 8chan based on their failure to moderate their hate-filled platform in a way that inspired murderous acts.

The first part is clear, “Cloudflare terminated” 8chan for 8chan’s “failure to moderate their hate-filled platform”. So far so good, all in the past tense etc., but then it all goes wrong.

Cloudflare put “in a way” in their statment thus changed what they probably ment to say…

If they had said “failure to moderate their hate-filled platform that inspired murderous acts.” Most would read from what comes after “moderate” as a single statment. However with the,”in a way” it breaks it into two statments which stops the comment on the reason for failure and instead flips the last part over to what 8chan should have done as remediation for the failure. That is Cloudflare are actually saying that 8chan failed to inspire “murderous acts” with their moderation. Which I assume is not what they wanted to say… but who knows for certain, Cloudflare’s CEO does make odd public statments in this area as I picked up on back when he issued the statment on the first banning (Daily Stormer).

Clive Robinson • December 29, 2019 1:19 AM

@ Carlos,

Any insight you can offer would be most gratefully accepted. Thanks! 🙂

The problem is that most people look at the problem the wrong way around and just about anything involving any kind of bureaucratic input just makes it worse. Hence you get a problem worse than the parable of the three blind men describing an elephant.

So I shall try and keep it simple which means the explanation will be longish. But the 20,000ft over view is,

First look at the data and how it becomes information, secondly the threat model, then how encryption might or might not help. Understand that data is only in one of three states, 1) Being Stored, 2) Being Communicated, and 3) Being processed.

The first thing to grasp is “data” is not “information”. Information consists of two parts, “a value and a meaning”. But also a value likewise consists of two parts “bits and their meanings”.

To see this you first have to realise that all data representation is in a container sometimes some what euphemistically called “A bag of bits” to make sense of it you first have to understand how to give those bits meaning as data values.

To all computers currently data is stored in ordered eight bit groups called bytes where mostly each bit has a meaning that is a power of two different from both the previous and next bits in the order. But which way is the direction of the order? Is the Least Significant Bit (LSB) first? Or is the first bit the Most Significant Bit (MSB). But direction has other meanings as well, as in “on the number line” thus how do you decide if the number is just a natural number or includes negative numbers as well and how you represent them. That is “One’s Complement” or “Two’s Complement” where the sign bit is. But more subtly how do you represent the magnitude or distance along the number line? That is, are the ordered number bits in “binary sequence” or some other sequence such as “gray code”? The reason it is called a “code” is because it forms a mapping from bit pattern to value, which is a form of simple substitution cipher. Importantly you won’t find these mappings in the computer as tables or similar, because they are “built in implicitly”.

But it gets worse, what happens when two or more bytes are needed to store larger data ranges or data types? The answer is “it’s a mess” which is still in flux.

The classic example of this is “endian” behaviour and “network order”. Some computers CPU’s are “little endian” and some are “big endian”. Thus values coded in bit patterns stored in a byte data container are one level of order issue the order the bytes are used is another level of order. So a value stored in one format will not make sense in the other format. Normally this does not cause the computer problems because the bits are stored and loaded into memory in the right order as the computer is in effect a closed environment. Untill that is you plug in a network cable to send data from one computer to another… Which is why the “network order” problem exists and why there are standards for sending the data. Again it is a form of code and built in implicitly.

But it gets worse as the values stored have other meanings or types such as for floating point numbers or alphabets or other more complex objects such as complex numbers.

Understanding how the bits have meaning within such an object as a bag of bits data container is the only way to give the bits meaning as data values. Obviously this problem gets worse as you move upwards from just the implicit data types. Eventually you have to give meaning to what the values represent. The easiest way to thing of this is in terms of a row of data in a database. Values in individual columns are all the same type but what they mean is given by the column definition. Thus a value could be the value in penies in a bank account, or a time in milliseconds since some epoch. In the case of the time the epoch could be one of many standard epochs or one unique to the database. Importantly when not being “processed” the order the columns are “stored” or “communicated” in does not matter as long as the implicit format is known for processing. Infact for communications you could load the columns into memory as an image, then as seen by a third party, read each byte apparently randomly and send it to a second party. As long as the first and second parties know what the order is they both can have the same data image in memory. In essence you are using a simple transposition cipher.

Information as data can be in one of three states, stored, communicated and processed. Each of these states has it’s own threat models which can become very complex as you dig into what becomes possible. But whilst any form of encryption can be used for stored data and communicated data, currently that is not true for data being processed, in fact it’s wise to assume data being processed is in plaintext not ciphertext format.

But the important question is what or where is data when being processed? And the answer realy depends on what you mean by being processed. Technically it’s only being processed when it transitions through the ALU of the CPU. At all other times it’s being communicated to or in a storage unit. The storage units being CPU registers, CPU cache, Core RAM, then the various forms of secondary and tertiary storage. Once outside of the ALU the data can be encrypted before it is stored. For various reasons whilst inside the CPU data is rarely encrypted, but encrypting it before it gets written to core RAM is becoming more common.

Thus encryption can be applied to individual “bags of bits” of any size from individual data types, through files and whole storage devices. That is the individual fields in database records can be individually encrypted or the records, or the coloumns depending on the database security requirments. Likewise user files can be individually encrypted or encrypted by individual applications and can be held in core RAM either in plaintext or ciphertext depending on the security requirments. A users files can be individualy encrypted in secondary storage under “file keys” or all their files encrypted under a “user key” with a users process space in core RAM encrypted under a “sesion key”.

Which brings us to how the computer is set up, all core RAM could be encrypted under individual sesion keys, where even if a user can get to another users process space they can only see ciphertext. However if the computer usez a “system key” if one user can see another users process space it will see “plaintext” but if the computer core is squirted with liquid nitrogen and the CPU halted an attacker reading out the core RAM contents will only see ciphertext.

However in most modern “user” computers such as PC’s don’t encrypt core RAM so a liquid nitrogen attack will get the plaintext of data being used, unless the application encrypts the memory it uses, unfortunatly it is most likely that the encryption key being used will also be in core RAM… This is one of the reasons the threat model can become quite complicated.

Thus it’s not just if data is encrypted or not, it’s where the keys are stored and if they are in plaintext or ciphertext format.

From this point on you are talking about key issues for all secondary and tertiary storage. Once the key is known or the storage in use then plaintext becomes available to an attacker. It’s why Full Disk Encryption is only of use when the disk is not in use, otherwise it’s open to any user or user agent that has access permissions to use the storage device, or that can obtain the device key from core memory.

Clive Robinson • December 29, 2019 12:21 PM

@ Chris,

– Learn some more python

Maybe, maybe not. Because Python is begining to show the signs of “going the way of Perl”.

I’d look for a scripting language on the way up with vigour and a clear path it’s following. Rather than on one apparently “having a mid-life crisis”, and not knowing where to go other than on the start of it’s way down to the retirement home…

There are too many differing interests all pulling in different directions and noses are being put out of joint all be it discreetly at the moment. Python can not be “all things to all men” or if you prefere “a jack of all trades but master of none” and either it gets a single captain back at the helm, or it’s just going to go nowhere, not even fast.

The Python community still has time to sort it out, but the so did Perl…

As we know Perl has not sorted it’s self out and spent the better part of two decades dicking about between Perl 5 and Perl 6 befor supposadly finally splitting. But… still the two intermingle showing no clear direction thus the future appears to be at the mercy of which ever way the wind blows, which is not good if you back the wrong horse.

A similar fate actually awaits Python. During the Perl dicking about two decades, Pyrhon showed strong direction thus people moved away from Perl and quite a few moved towards Python.

And much was done under Python 2.x then Python 3.x came about with it’s incompatabilities. This caused quite a few problems, so much so that the End Of Life for Python 2.x was moved by half a decade, and there are very many scripts out there that still can not be moved or won’t be moved to Python 3. But as is the nature of what some feel is betrayal these Python 2.x scripts will probably be switched in prefrence to the next up and comming scripting language, what ever it might be.

So you have a choice, rather than get caught clinging to the flotsam and jetsam in the currently eratic Python wake, it’s possibly best to jump ship to another scripting language that shows a clear direction and steady course.

If you can show a good reason to learn Python 2.x or 3.x that is of benifit now then do so, but if not have a look around for a more profitable or long term scripting language.

Clive Robinson • December 29, 2019 6:07 PM

@ Tatütata,

I gather that all those electrolytics are dead

They all go in some way or another (just like rechargeable batteries). Some you can regenerate others blow their wad or can and have to be replaced.

I’ve got a Sony ICF2001 radio receiver[1] that was state of the art for it’s time fourty years ago and still out performs many portable HF receivers today though small form factor[2] and battery life[3] appear to be overriding decision makers for modern intelligence agencies like the CIA NSA and Diplomatic corps.

The problem is after fourty years some of the electrolytics need replacing, as I doubt reforming/regeneration will work. This gives me a problem, as being a very low serial number unit it’s not just of historic interest it’s a collectors item, which I happen to use almost daily. Do I open it up and change the electrolytics so I can keep using it, or do I stop using it and restore it to “factory quality” and put it on display along with the rest of the historic spy radio stuff I have collected over the years?

Oh for those wondering what I use the Sony for, it’s to put audio into a USB sound card and connect upto an ASUS Intel based netpad that runs software to decode very narrow band data signals used by Ham Radio and other operators, WeatherFAX and similar information usefull in doing propergation prediction and the like.

[1] The ICF2001 is the predecessor of the ICF2001D / ICF2010 and all of them were used by many intelligence services in many countries for use not just with “number stations” but for getting more general news coverage and the likes of “Some messages for our friends”. You can read a little of their history at,

https://cryptomuseum.com/spy/icf2001d/index.htm

[2] As a matter of interest to some the US State Dept now buys the much inferior “countryman” version that does SSB but it also has a number of what I would consider “critical defects”, such as improper internal grounding and shielding, thus not just hand desensing, but detuning as well making operation harder than it should be with weak or narrowband signals. However the Countryman is a lot smaller and lasts longer on batteries[3], especially rechargables.

[3] Battery life is one of the things that you don’t often get to hear about as a “critical success factor” in peoples “Bug-out Kit” equipment. Whilst you will get to hear about buying ham radio HF trancievers the recommendations are usually wrong. 100watt RF output SSB units can draw as much as 4amps continuously off of a 12-13.8V supply even in receive only due to bias issues in the RF linear amplifier. Which means a 7amp/hour SLAB will only work for a little over an hour before it needs to be recharged[4]. Even QRP trancievers like the FT817-ND draw between 0.25 and 0.37 amps with a 11-13.8V supply whilst considerably better giving you upto 20hours off of a 7amp/hour SLAB it’s still not even 24hours use. They are thus of little or no use for mainly listening operation which is what “stay behind” and similar semi or fully covert units do. Thus a radio that does 120 hours –five days– continuously off of a pair of rechargable AA cells is what you want to be using.

[4] The State Dept also buys in a well known brand of “powerfilm” solar generators for their intelligence agencies like the CIA NSA and Diplomatic corps who might have to “field operate” for even moderate periods. Exactly the same brand are also being purchased in very large numbers by the US military for use by not just special forces. Whilst not entirely bullet proof unlike traditional solar cells that fail with any tiny damage or even a little shading, powerfilm solar pannels can and do work with one or two bullet holes and in the shade under cammo nets and the like. Also their surface is more mat than glassy thus they reflect a lot lot less which is kind of important when you are trying to stay covert.

Clive Robinson • December 30, 2019 3:50 AM

@ Anders,

China has massively started to produce dirt cheap DSP
radios.

Yes they have, but…

They are mainly not SSB receivers just Broadcast AM and Wideband FM which immediately limits their usefullness immensely.

However, like other “consumer products” with limited market size, the producers might not “in house” manufacture or have sufficient quality control (something Japan learned the lessons of back in the 60’s which as I’ve mentioned before is why we have ISO and similar quality standards).

But it gets worse a lot worse, and is an aspect that everyone should be aware of because it effects “basic security and safety”…

The ones I’ve tried have had quite bad build quality and the RF front end can be just a nightmare with desense and detune due to insufficient shielding and grounding (which is also a major safety concern). Even the best of them only become tolerable if used with an antenna tuning unit (ATU) or tuned mag-loop antenna at many times their price, which if they are “amplified” can also cause safety issues with these radios… Which cost and safety aside also means they are useless for people who lack sufficient radio-op training with weak signal monitoring (whilst it’s easy enough to teach, you have to know someone who can teach you).

Also like the likes of BaoFeng UV-5R cheap Handheld Transceivers (HTs) they also suffer from extreamly variable performance on delivery, often being out of FCC or EC spec. So if you buy one it might be good, but buy a second and you might find you’ve got a “house brick” or worse “charcoal bricket” (yes some do indeed catch fire when connected to a mains supply). So you have to be carefull when reading reviews, because reviewers that get sent review units get those the manufacturer “hand picks” for quality of the manufacturing line and carefully distributes. Unlike purchase reviews where the reviewer has forked over money like any ordinary consumer who gets pot luck at the end of both the variable supply chain and dodgy delivery service, with cracked or broken cases or ratteling due to internal items comming adrift…

Also the software can be appaling, for instance one I purchased to test that had an alarm function to turn the radio on. Whilst in normal use with an old style radio you turn the radio on the first time and set the volume, and when you turn it on in future uses it retains the same volume setting as you would expect. Well this digital radio worked that way, except when the alarm function turned it on, then it reset the volume to full on, which is most definitely not what you want in a “traveling radio”… Other times the wrong country code boards go in the cases. Thus if you buy a “UK World Radio” but have a “German World Radio” inside you loose the bottom end of the HF spectrum –ie marine band– and top end of the HF band –ie the 11m CB and 10m Ham bands etc– which is not helpfull if those are the bands you want to listen to. Likewise Russian VHF broadcast radio for what was originally political reasons does not cover the frequencies used in Europe, US, Japan or other places you might want to go… It’s at times like these you realy find out what the “returns policy” is all about…

Clive Robinson • December 30, 2019 8:20 AM

@ Gerard van Vooren, Wesley Parish,

it’s been a long time ago that I have heard about real and proper new security features in the kernel

The short answer as to why not is “why bother?”.

Apparently nobody want’s security, and the few that realy do know that the OS is to far up the computing stack to stop all the security vulnerabilities Intel and Co are quite deliberately building into the hardware layers, down below the ISA level which is as about as far as software such as the OS can effectively reach security wise.

Yes a more secure kernel is desirable and OpenBSD and Minix are probably the only way’s you have available to you to get it these days.

However the only real security path you’ve got currently with these low down the computing stack hardware vulnerabilities is to come up with “sensible mitigations”.

Of which only one mitigation makes any real sense, –if the only thing you have control on is the OS and Apps which can not help,– is “segregation”.

Or to put it another way, it does not matter how vulnarable your systems are if you can guarantee keeping attackers away by other means.

And realistically that’s all you have left these days is “segregation” and that is now at the point where if microelectronics is involved it has to be “Energy Gapping” because you just can not tell what is tucked away inside SoC’s or even SMD chips the size of a grain of rice…

For those that think their hardware will never get the attention of the SigInt agencies hiding stuff inside after intercepting the delivery, think again. Many years ago we had a battle over the “Fritz Chip” where the idea was,manufactures would be forced to put in DRM chips without exception into all electronics. We kind of won that battle but we are loosing the war. Why? Because we now have GPS chips in our mobile phones and other smart devices in the faux name of Health and Safety. But LEO’s are not going to stop pushing for “backdoors” unless politicians make overwhelming push back against it every time the LEO’s open their mouths to spout FUD and things they know to be either untrue or deliberately engineered / manipulated by them to get favourable corner cases.

Thus the old joke about,

“The only computer that is secure is the one disconnected from all communications and power encased in tonnes of reinforced concrete and sunk in the deepest part ot the Mariana trench”

Wwould be comming true, if it were not for the fact we now have the technology to retrieve it and dig it out of the concrete…

That is physical means are nolonger enough against a determind attacker, we need properly thought out Crypto. Which unfortunatly means we realy have to understand how to do “segregation” and “energy gapping” properly not just for “data at rest” in turned off storage devices, or being communicated in and out of the system storage devices but also when the data is being processed inside the system as well.

As @Thoth keeps reminding us Intel’s publicity about secure enclaves etc is realy nonsense. Intel’s publicity is “Guarded Vault Door on a tent” where the guard is not alowed to look around the sides or back lest he sees the que of people waiting to go through the unlaced flap on the other end of the tent…

As we are unlikely to do crypto in microelectronics securely again the way things are blowing politically. We need to think about how to do secure crypto off of potentially backdoored microelectronics like Intel CPU chips… If we get that right then the machinations of LEO’s becomes pointless for them and largely irrelevant to those who take a little care in what they do.

If a few more people thought about this as part of their “New Year Resolutions” then peoples privacy could take significant steps forward.

But people should keep in mind that trying to fight new battles with old tactics that have lost before, is not the best use of peoples time.

Clive Robinson • December 30, 2019 5:57 PM

@ Electrolytic capacitor,

I’ve never heard from anyone else over the years who had a power supply blow like that – plugged in but turned off and ruined the motherboard.

I’ve seen similar a number of times, and they all involved the capacitors of a certain Far Eastern manufacturer… DELL computers used the capacitors and had a run of their computers going pop in this way.

The simple fact is most electrolytic capacitors rely on the insulating properties of a very very thin layer of oxide or similar on the surface of a metal foil or metal particulate. If that breaks down then they become conductive in the electrolyte which being a liquid rises in temprature and eventually becomes a vapour with a significant “over preasure” and things go kinetic just like bullets do if there is not a way to release the pressure more safely.

When I was younger some four decades or so ago, as part of funding my way through education I had a part time job doing “goods inward test” on electronics for a major broadcasting organisation that designed it’s own equipment but had it built by others.

A lot of this equipment was designed to fit into sub modules in 19 inch rack equipment. Thus it was generally an “open design” with a front pannel four extrusions that were also slide rails near the corners and a back pannel that had the connectors fuses and similar mounted on it. The PCB would sit between two extrusions and might have a semi rigid plastic insulator against the solder joint side (no surface mount back then) if high voltages were used.

One day I had a hundred power supplies to not just test but set up and calibrate. This involved adjusting potentiometers with a jewlers screwdriver to get the right values then putting a drop of a locking compound on them. Thus you had to look inside the unit when it was powered up…

The procedure was “visually inspect” first, then connect into the test jig and power it up, then adjust.

On one I did not see that a large electrolytic was the wrong way around and shortly there after it’s can went past the side of my face and cut my ear in passing. Luckily I wore glasses, and the molten and burning electrolyte and foil splattered on them and my face giving a few small burns. Unfortunatly I did breath in some of the vapour/smoke which I’ve been told would have been rich in not just toxic materials but ones that are also carcinogenic…

Not a good, day but a lesson learned about the time delay on electrolytics exploding after power up the wrong way around.

On telling a close friend who was also power RF electronics mad about the shear explosive force, he revealed he had a box of twenty year old electrolytics that were no good. So we got a couple of car batteries and a four foot length of plastic water pipe the capacitors just fitted nicely into, being a little under an inch and a three quaters across and about three and a half inches long with screw connectors at the bottom. Well we screwed some leads on put a capacitor in the bottom of the pipe and connected it up the wrong way with around ~26V a short fraction of time later it exploded and the can went very much higher than the house and quite a distance away into a neighbours garden some eight houses down…

It did not take long to “get the range” up and accurate, we even got it to go over the house, across the road over the houses on the other side, over their gardens and into the gardens behind then where they landed.

All good fun, and it was not untill wearing the green that I improved on that using two thunder flashes. You would strike one drop it in the pipe wait a second or two strike the second and drop it on top. The first would explode flinging the second into the air where it would explode making a faily good imitation of a mortar attack. But we also went one better with “diver recalls” which are in effect thunderflashes that are electrically detonated and will quite happily be immursed in liquids without problems…

So take a large thick plastic container used in the catering industry for bulk delivery of vinegar and similar liquids. Throw a rope over the top of a tall tree[1] and tie it to the handle, pour in a pint or so of petrol / gas and about a third that of diesel / fuel oil optionally add about a half cup of sugar and give it a good shake to mix it up. Then wire up the diver recall drop it in and screw the top down tight pull the container as high into the tree as you can get it. Connect the wires from the diver recall to a drum of “Don 10” field telephone cable and get as far away from the tree as you can. Put on ear defenders and wait for signs of the “blue team”.

When the blue team get about two hundred yards away press the switch… The result is a very large bang and a realy good mushroom cloud… Watch through binoculars to see if blue team do their NBC drills properly or not, when they are getting their gasperators on then hit them with simulated mortar fire… Few blue team members ever pass the test even the second time as it realy is mind numbing 😉

It might sound cruel but, back in the 80’s the cold war was still hot, and the use of battle field nukes or “suitcase nukes” by the Russian’s was expected. Also as far as training went no where near as cruel as what we were told the Russians were doing. They apparently trained with real chemical weapons and would accept 10-12.5% real casualties during training, then punnish those who didn’t die…

[1] Best done with a catapult and fishing line as a “leader line” to then pull the rope up, a skill learned from being involved with medium wave pirate radio… Apparently amoungst US Ham Radio operators getting a line over a tree has now become a fun mildly competitive sport, but there is always one…,

https://m.youtube.com/watch?v=RyC2g-5uMIo

Clive Robinson • December 30, 2019 7:28 PM

@ SpaceLifeForm, ALL,

With regards the Wyze statment of,

… but Wyze does not share user data with any government agencies in China or any other country,”

Spot the loop hole?

Yup no mention of “private agencies” which many Govetnments put in as buffers or fire breaks.

Which as we know from both US and UK Govenment behaviour is a way to stop the likes of Freedom of Information requests and much else including gaining “plausable deniability” via “commercial confidentiality” of a legal entity. In the case of the UK this included killing people in large numbers…

Clive Robinson • December 31, 2019 2:58 PM

@ ALL,

With regards the “capacitor-plague” you might find this interesting,

https://www.theguardian.com/technology/blog/2010/jun/29/dell-problems-capacitors

By the way some court cases over this appear to be still rumbling on currently, so be cautious.

Oh and note the words of caution given in there article of,

Back in 2003, Dennis Zogbi, president of Paumanok Publications, an expert on the market for passive components, told me that the problem is that “People want Western quality at Chinese prices,” he said. “Well, you can’t have both.”

Especially when people forget to thing about how defective components are easily “re-branded” and sold again under a different name back into the “grey market”.

It’s a reoccurring problem and the wheel appears to rotate every nine months or so on this, with some of those original bad caps still turning up even today. They have a habit of ending up on “none-in-house lines” that make first run of electronic toys and IoT devices.

So if you are going to go cheap electronic buying via “China markets” here is another piece of advice from people who wear the green, which is,

One is none and two is one.

Put simply if you are going to buy on the likes of Chinese market places it’s best to buy more than you need as some are guatenteed “DOA”.

Clive Robinson • January 1, 2020 3:43 AM

@ SpaceLifeForm,

AWS is pwned.

As well as being owned by people who care not a jot about the problem, because it’s not AWS’s risk or liability as they have “externalized it”.

You had to check it was AWS, obviously the reporter who wrote the article would have known it was AWS but for some reason did not mention it… Perhaps people should ask why the reporter did not mention it?

The problem with the big “X as a Service” suppliers is they now consider themselves like banks as being “too big to fail” but also not encumbered by any legislation traditional deposit takers are bound by.

I know people don’t like the idea of legislation and regulation being applied to “information industries” but if “information is the new currancy” that people claim it is, then we should apply the hard lessons learned from history with traditional deposit taker legislation and apply it to information deposit takers.

I suspect that AWS’s and other “cloud” providers overly paid lobbyists are already hard at work quashing such ideas as fast as they arise.

Clive Robinson • January 2, 2020 4:59 AM

@ SpaceLifeForm, Electron 007,

No. It is actually possible. It’s just not trivial. It takes effort.

Short answers : Yes, Yes, Yes, plus some thoughtfulness.

I’ve mentioned it befor with the “Fleet Communications” idea which @Thoth has thought some more on.

The longer answers require an understanding of the underlying arguments. The simplest of which is,

All communications reveal one bit of information,
That is a communication is taking place.

It appears obvious but actually it’s not when you start digging down far enough into the art and science of communications. At the bottom of things is “Noise” specifically “Thermal Noise” all molecules vibrate, those that have a charge will generate a signal[1]. Likewise charges moving in a conductor due to thermal energy. As thermal energy is usually not coherent the signal produced is likewise decoherent or “random” with an average power level.

Thus you have a signal source that is always on and it is random in nature, if quite low in average power. So if you can make your communications signal look random and at or below the noise floor at a receiver it will not reveal it’s presence. This is the reasoning behind “Low Probability of Intercept (LPI) communications.

The other thing is it’s a broadcast system that is anyone in range with the right information can find the signal, but within reason only those operating the receivers know where they are not those at the transmitter on any other receiver. Unlike modern cell phones and other routed systems

Which means at first look LPI does not Unfortunately work on most communications networks that are cabled and routed. So is their anything to learn from it, and the answer is yes quite a bit actually.

From traffic analysis it is known that the content of the message is not realy required if you can see the shape of the individual messages such as length, time and how many messages are being sent.

1, The message content can be hidden by it being effectively randomized (encryption)

2, A messages start can be hidden by hidden by sending it immediatly after another transmission with out a break.

3, A messages end can be hidden by sending another message immediately.

4, A messages length is unknown if it’s start and finish are successfully hiden.

5, Not all messages need to carry information, they can be just random “noise” data.

So messages can be effectively hidden if the transmitter sends a randomized, continuous, fixed rate transmission. Because that hides any message start, end, or length, or the fact a message is being sent at all.

So the question the arises since the message can be hidden what about the messages origin and destination? In a traditional broadcast system the transmitter position is known but the receiver unknown unless it needs to respond. In a data network the direction of a transmission from one node to another is known.

Thus the problem is not hiding the position of transmitters and receivers, that can not be done in a cabled network system, but hiding the fact of which node is communicating with another node. The more nodes there are the less certain it is that any node is communicating with any other node. If each node sends a continuous rate and receives the same rate from another node then messages passed between them are not known. If each node talks to atleast two other nodes then provided care is taken to balance the data rates such that the total number of packets in match the total number of packets out then an attacker has no notion of how traffic arives or leaves a node.

The easiest way to do this is that each node sends and receives data from another node on a “fixed rate ring system”. That is node one sends a packet to node 2 and node 3 sends a packet back. If this is done at a fixed rate with randomized packets then an observer learns only that a node is part of a network and the immediate nodes it is connected to.

The function of the nodes can be further obfuscated by also making them “store and forward” that is traffic can be priorotized with high priority “bursty” messages gettong padded with lower priority messages and so on.

Thus the nodes form a “circuit switched network” on top of any other underlying network topology. Provided each node uses “link based encryption” with seperate keys for each link, an observer will see no correlation between the links, only random packets in and out that always balance each other.

As for routing from node to node it is best that this also be obsficated thus point to point routing be used at the low level with Onion style routing at a higher level. And messages also application level encrypted.

There are other precautions that need to be taken but that should give the overall idea of a five level network ontop of an existing network. The levels being,

1, Application level encryption.
2, High level Onion routing.
3, Mesh network and routing.
4, Ring network link level.
5, Link level encryption.

The important thing to remember is that there is no distinction between computers used as clients, servers and nodes they are all nodes and they only communicate to other nodes.

There’s a lot of other things that need to be done, but the above should atleast convince people it can be done.

[1] To understand this you need to understand the “Pithball experiment”. A pithball is a very light organic material shaped into a ball around twice the radius of a pea. One of it’s properties is that it can hold an electric charge without it leaking away, thus it gets used in “static electricity” or “charge” experiments. You can see it’s charge with a “gold leaf electroscope”, as if by magic bringing a charged pithball near it will cause the gold foil to move, even though there is no electrical connection. If you have a charged pithball on one end of a fine thread there is nowhere for the charge to go, but the charge effects any objects around the pithball (in theory out to infinity). If holding the other end of the thread and you spin the pithball around in a circle, you are putting work into moving the charge in a circular pattern. This creates an E field that moves, in turn this creats an H field that then in turn creates another E field and so on outwards. We call this an EM field and it’s outward movment radiation, that as it radiates as a surface on a sphere the E field decreses in magnitude as 1/(r^2). Because we are spining the pithball in a circle the E field varies as a sinusoid with a frequency f directly related to the inverse of the length of time it takes the pithball to go around one compleat circle (hence the old expression for frequency being “cycles per second”). The important thing to note is that it is the movment of the charge that creates the field, and that the charge remains constant and does not leave the pithball. Thus the energy in the field comes from the motive force which is part of the energy in your arm and the length of the thread. Likewise it is the charge moving backwards and forwards on a length of wire –but again not leaving it– that a communications transmitter uses to radiate out a signal. As with a guitar or piano string being plucked the length of wire has a resonant length related to the speed the charge can be moved up and down the wire, the speed is an appreciable fraction of the speed of light C. Hence the relation to frequency is the “wavelength” and is called lambda and in freespace it is given by C/f if there are other conductors or dialectrics near the wire the length of the wire is effectively changed by a constant. For insulated wire it is small but the ends of the wire effectively have capacitance with an air dielectric and if the wire is near the ground there is further capacitance to ground, which further reduces the length, which in total reduces the length of the wire by around 5% for a horizontal dipole a quaterwave above ground.