Espionage On Display As GCHQ Hosts A Temporary Exhibit

At the top of the British electronic intelligence agency is the Government Communications Headquarters (GCHQ), a very public entity whose circular building can easily be found by any inquisitive soul prepared to drive just off the A40 in Cheltenham which is about two hours west of London. But due to the nature of its work it is also one of the most secretive of UK agencies, from which very little public information is released. With over a century of history behind it and with some truly groundbreaking inventions under its belt it is rumoured to maintain a clandestine technology museum that would rewrite a few history books and no doubt fascinate the Hackaday readership.

Perhaps the most famous of all its secrets was the wartime Colossus, the first all-electronic stored program digital computer, which took an unauthorised book in the 1970s to bring to public attention. Otherwise its historical artifacts have been tantalisingly out-of-reach, hinted at but never shown.

A temporary exhibition at the Science Museum in London then should be a must-visit for anyone with an interest in clandestine technology. Top Secret: From ciphers to cyber security occupies the basement gallery, and includes among other exhibits a fascinating selection of artifacts from the Government agency. On a trip to London I met up with a friend, and we went along to take a look.

Continue reading “Espionage On Display As GCHQ Hosts A Temporary Exhibit”

Understanding Elliptic Curve Cryptography And Embedded Security

We all know the usual jokes about the ‘S’ in ‘IoT’ standing for ‘Security’. It’s hardly a secret that security in embedded, networked devices (‘IoT devices’) is all too often a last-minute task that gets left to whichever intern was unfortunate enough to walk first into the office that day. Inspired by this situation, All About Circuits is publishing a series of articles on embedded security, with a strong focus on network security.

In addition to the primer article, so far they have covered the Diffie-Hellman exchange (using prime numbers, exponentiation and modular arithmetic) and the evolution of this exchange using elliptic curve cryptography (ECC) which prevents anyone from brute-forcing the key. Barring any quantum computers, naturally. All three articles should be understandable by anyone, with a simple, step-by-step format.

The upcoming articles will cover implementing security on microcontrollers specifically.  For those who cannot wait to learn more, Wikipedia has a number of articles on the topic of Elliptic Curve Cryptography (comparing it to the more older and still very common RSA encryption) specifically, as well as the Elliptic-Curve Diffie-Hellman key agreement protocol as discussed in the All About Circuits article.

A detail of note here is that the hardest problem in secure communications isn’t to keep the communications going, but to securely exchange the keys in the first place. That’s why a much much computationally expensive key exchange scheme using an asymmetric (or public-key) cryptography scheme  is generally used to set up the second part of the communications, which would use a much faster symmetric-key cryptography scheme, where both parties have the means to decode and encode messages using the same private key.

All the math aside, one does have to wonder about how one might denote ‘secure’ IoT. Somehow ‘SIoT’ doesn’t feel very catchy.

MIT Cryptographers Are No Match For A Determined Belgian

Twenty years ago, a cryptographic puzzle was included in the construction of a building on the MIT campus. The structure that houses what is now MIT’s Computer Science and Artificial Intelligence Laboratory (CSAIL) includes a time capsule designed by the building’s architect, [Frank Gehry]. It contains artifacts related to the history of computing, and was meant to be opened whenever someone solved a cryptographic puzzle, or after 35 years had elapsed.

The puzzle was not expected to be solved early, but [Bernard Fabrot], a developer in Belgium, has managed it using not a supercomputer but a run-of-the-mill Intel i7 processor. The capsule will be opened later in May.

The famous cryptographer, [Ronald Rivest], put together what we now know is a deceptively simple challenge. It involves a successive squaring operation, and since it is inherently sequential there is no possibility of using parallel computing techniques to take any shortcuts. [Fabrot] used the GNU Multiple Precision Arithmetic Library in his code, and took over 3 years of computing time to solve it. Meanwhile another team is using an FPGA and are expecting a solution in months, though have been pipped to the post by the Belgian.

The original specification document is a fascinating read, for both the details of the puzzle itself and for [Rivest]’s predictions as to the then future direction of computing power. He expected the puzzle would take the full 35 years to solve and that there would be 10Ghz processors by 2012 when Moore’s Law would begin to tail off, but he is reported as saying that he underestimated the corresponding advances in software.

Header image: Ray and Maria Stata Center, Tafyrn (CC BY 3.0)

Compiling NodeMCU For The ESP32 With Support For Public-Private Key Encryption

When I began programming microcontrollers in 2003, I had picked up the Atmel STK-500 and learned assembler for their ATtiny and ATmega lines. At the time I thought it was great – the emulator and development boards were good, and I could add a microcontroller permanently to a project for a dollar. Then the ESP8266 came out.

I was pretty blown away by its features, switched platforms, except for timing-sensitive applications, and it’s been my chip of choice for a few years. A short while ago, a friend gave me an ESP32, the much faster, dual core version of the ESP8266. As I rarely used much of the computing power on the ESP8266, none of the features looked like game changers, and it remained a ‘desk ornament’ for a while.

About seven weeks ago, support for the libSodium Elliptic Curve Cryptography library was added. Cryptography is not the strongest feature of IoT devices, and some of the methods I’ve used on the ESP8266 were less than ideal. Being able to more easily perform public-private key encryption would be enough for me to consider switching hardware for some projects.

However, my preferred automated build tool for NodeMCU wasn’t available on the ESP32 yet. Compiling the firmware was required – this turned out to be a surprisingly user-friendly experience, so I thought I’d share it with you. If I had known it would be so quick, this chip wouldn’t have sat on my desk unused quite so long!  Continue reading “Compiling NodeMCU For The ESP32 With Support For Public-Private Key Encryption”

Friday Hack Chat: All About Crypto

What is crypto? Crypto means ‘hidden’, and it’s meant ‘hidden’ since before the Greek alphabet was written, but don’t let that stop you from arguing. For this week’s Hack Chat, we’re going to be talking all about cryptography, a medium of exchange for secrets. If you need confidentiality, integrity, or authenticity, you need cryptography.

Our guest for this week’s Hack Chat will be none other than Nick Sayer. Nick is a frequent attendee of the Hackaday meetups and he’s been building gadgets and gizmos and selling them on Tindie for years now. He’s given talks on design for manufacturing. This year, he designed and developed the Orthrus, an appliance that creates a cryptographically secured USB volume from two microSD cards. Basically, it’s like the Captain Planet team, only instead of rings, you need all the SD cards, and instead of Captain Planet, you summon your data.

For this week’s Hack Chat, we’re going to sit down with and talk about all things cryptography, including understanding what you need, what you don’t, and picking the correct tools. Items of interest will include:

  • When cryptography is needed
  • Cryptography tools
  • The best practices for cryptography

You are, of course, encouraged to add your own questions to the discussion. You can do that by leaving a comment on the Cryptography Hack Chat and we’ll put that in the queue for the Hack Chat discussion.

join-hack-chat

Our Hack Chats are live community events on the Hackaday.io Hack Chat group messaging. This week we’ll be sitting down on Friday, November 16th, at noon, Pacific time. If time zones got you down, we have a handy time zone converter.

Click that speech bubble to the right, and you’ll be taken directly to the Hack Chat group on Hackaday.io.

You don’t have to wait until Friday; join whenever you want and you can see what the community is talking about.

Hackaday Links: June 3, 2018

All the Radio Shacks are dead. adioS, or something. But wait, what’s this? There are new Radio Shacks opening. Here’s one in Idaho, and here’s another in Claremore, Oklahoma. This isn’t like the ‘Blockbuster Video in Nome, Alaska’ that clings on by virtue of being so remote; Claremore isn’t that far from Tulsa, and the one in Idaho is in a town with a population of 50,000. Are these corporate stores, or are they the (cool) independent Radio Shacks? Are there component drawers? Anyone want to take a field trip and report?

A few years ago, [cnxsoft] bought a Sonoff WiFi switch to control a well pump. Despite this being a way to control the flow of massive amounts of water with an Internet of Things thing, we’re still rocking it antediluvian style, and for the most part this WiFi-connected relay worked well. Until it didn’t. For the past few days, the switch wouldn’t connect to the network, so [cnxsoft] cracked it open to figure out why. There was one burnt component, and more than one electrocuted insect. Apparently, an ant bridged two pins, was shortly electrocuted, and toasted a resistor. It’s a bug, a real bug, in an Internet of Things thing.

eInk is coming to license plates? Apparently. Since an eInk license plate already includes some electronics, it wouldn’t be much to add some tracking hardware for a surveillance state.

Hold up, it’s a press release about crypto hardware. No, not that crypto, the other crypto. Asus has announced a new motherboard that is capable of supporting twenty graphics cards. This isn’t a six-foot-wide motherboard; it’s designed especially for coin mining, and for that, the graphics cards really only need a PCIe x1 connection. The real trick here is not using PCIe headers, and instead piping everything over vertical-mount USB ports. Yes, this is a slight cabling nightmare. So, you still think the early 80s with fluorinert waterfalls and Blinkenlights that played Game of Life was the pinnacle of style in computer hardware? No, this is it right here.

Here’s a book you should readIgnition!: An Informal History of Liquid Rocket Propellants by John Drury Clark is a fantastic book about how modern liquid rocket fuel came to be. Want to know why 60s cartoons and spy movies always referenced a ‘secret rocket fuel formula’ when kerosene and liquid oxygen work just fine? This is that. Back when we covered it, the book, used, on Amazon, cost $500. It’s now in print again and priced reasonably. It’s on the Inc. 9 Powerful Books Elon Musk Recommends list, so you know it’s good. Thanks, [Ben] for sending this one in on the tip line.

Distorted Text Says A Lot

Getting bounced to a website by scanning a QR code is no longer an exciting feat of technology, but what if you scanned the ingredient list on your granola bar and it went to the company’s page for that specific flavor, sans the matrix code?

Bright minds at the Columbia University in the City of New York have “perturbed” ordinary font characters so the average human eye won’t pick up the changes. Even ordinary OCR won’t miss a beat when it looks at a passage with a hidden message. After all, these “perturbed” glyphs are like a perfectly legible character viewed through a drop of water. When a camera is looking for these secret messages, those minor tweaks speak volumes.

The system is diabolically simple. Each character can be distorted according to an algorithm and a second variable. Changing that second variable is like twisting a distorted lens, or a water drop but the afterimage can be decoded and the variable extracted. This kind of encoding can survive a trip to the printer, unlike a purely digital hidden message.

Hidden messages like these are not limited to passing notes, metadata can be attached to any text and extracted when necessary. Literature could include notes without taking up page space so teachers could include helpful notes and a cell phone could be like an x-ray machine to see what the teacher wants to show. For example, you could define what “crypto” actually means.

Continue reading “Distorted Text Says A Lot”