Laptop connected via Ethernet to Raspberry Pi-based secure radio device with antenna

Secure LoRa Mesh Communication Network

The Internet has allowed us to communicate more easily than ever before, and thanks to modern cell-phone networks, we don’t even have to be tied down to a hard line anymore. But what if you want something a little more direct? Maybe you’re in an area with no cell-phone coverage, or you don’t want to use public networks for whatever reason. For those cases, you might be interested in this Secure Communication Network project by [Thomas].

By leveraging the plug-and-play qualities of the Raspberry Pi 4 and the Adafruit LoRa Radio Bonnet, [Thomas] has been able to focus on the software side of this system that really turns these parts into something useful.

Window showing secure text communications
Messages are tagged as “authenticated” when a shared hashing code is included in the message

Rather than a simple point-to-point radio link, a mesh network is built up of any transceivers in range, extending the maximum distance a message can be sent, and building in resilience in case a node goes down. Each node is connected to a PC via Ethernet, and messages are distributed via a “controlled flooding” algorithm that aims to reduce unnecessary network congestion from the blind re-transmission of messages that have already been received.

Security is handled via RSA encryption with 256-byte public/private keys and additional SHA256 hashes for authentication.

The packet-size available through the LoRa device is limited to 256 bytes, of which 80 bytes are reserved for headers. To make matters worse, the remaining 176 bytes must contain encrypted data, which is almost always more lengthy than the raw message it represents. Because of this, longer messages are fragmented by the software, with the fragments sent out individually and re-assembled at the receiving end.

If you’re in need of a decentralized secure radio communications system, then there’s a lot to like about the project that [Thomas] has documented on his Hackaday.io page. He even includes an STL file for a 3D printed case. If you need to send more than text, then this Voice-over-LoRa Mesh Network project may be more your style.

Add Mycelium To Your Mesh Networks

In many parts of the world, days after a good rainfall, it’s fairly common to see various species of mushrooms popping up out of the ground. These mysterious organisms aren’t the whole story, though. The living being is a vast network of hidden fibers, called mycelium, spreading through the ground and into any other organic material it can colonize. Its air of mystery and its vast reach are the inspiration for entire Star Trek shows and, of course, projects like this LoRa-based mesh network called Mycelium.

Mycelium is the invention of [Catamine] and includes many novel features compared to more typical mesh networks. For one, it is intended to be used in low power applications to give users the ability to send messages over a distributed network rather than a centralized network like a cell phone service provider. For another, the messages are able to be encrypted and authenticated, which is not currently possible with other mesh networks such as APRS. The idea is that a large network of people with nothing more complicated than an ESP32, an antenna, and this software would be able to communicate securely in situations where a centralized network is not available, whether that is from something like a natural disaster or from a governmental organization disabling the Internet during a political upheval.

The mesh network is currently in active development, and while messages can not yet be sent, the network is able to recognize nodes and maintain a keybase. There are certainly plenty of instances where something like this would be useful as we’ve seen before from other (non-encrypted) LoRa-based network solutions which are built around similar principles.

Thanks to [dearuserhron] for the tip!

New Part Day: A Truly Secure Workstation

There is a chain of trust in every modern computing device that starts with the code you write yourself, and extends backwards through whatever frameworks you’re using, whatever OS you’re using, whatever drivers you’re using, and ultimately whatever BIOS, UEFI, Secure Boot, or firmware you’re running. With an Intel processor, this chain of trust extends to the Intel Management Engine, a system running independent of the CPU that has access to the network, USB ports, and everything else in the computer.

Needless to say, this chain of trust is untenable. Any attempt to audit every line of code running in a computer will only be met with frustration. There is no modern Intel-based computer that is completely open source, and no computer that can be verified as secure. AMD is just as bad, and recent attempts to create an open computing platform have met with frustration. [Bunnie]’s Novena laptop gets close, but like any engineering task, designing the Novena was an exercise in compromise. You can get around modern BIOSes, coreboot still uses binary blobs, and Libreboot will not be discussed on Hackaday for the time being. There is no modern, completely open, completely secure computing platform. They’re all untrustworthy.

The Talos Secure Workstation, from Raptor Engineering, an an upcoming  Crowd Supply campaign is the answer to the untrustworthiness of modern computing. The Talos is an effort to create the world’s first libre workstation. It’s an ATX-compatible motherboard that is fully auditable, from schematics to firmware, without any binary blobs.

Continue reading “New Part Day: A Truly Secure Workstation”

Physical Security For Desktop Computers

There’s a truism in the security circles that says physical security is security. It doesn’t matter how many bits you’ve encrypted your password with, which elliptic curve you’ve used in your algorithm, or if you use a fingerprint, retina scan, or face print for a second factor of authentication. If someone has physical access to a device, all these protections are just road bumps in the way of getting your data. Physical access to a machine means all that data is out in the open, and until now there’s nothing you could do to stop it.

This week at Black Hat Europe, Design-Shift introduced ORWL, a computer that provides the physical security to all the data sitting on your computer.

The first line of protection for the data stuffed into the ORWL is unique key fob radio. This electronic key fob is simply a means of authentication for the ORWL – without it, ORWL simply stays in its sleep mode. If the user walks away from the computer, the USB ports are shut down, and the HDMI output is disabled. While this isn’t a revolutionary feature – something like this can be installed on any computer – that’s not the biggest trick ORWL has up its sleeve.

ORWL2The big draw to the ORWL is a ‘honeycomb mesh’ that completely covers every square inch of circuit board. This honeycomb mesh is simply a bit of plastic that screws on to the ORWL PCB and connects dozens of electronic traces embedded in this board to a secure microcontroller. If these traces are broken – either through taking the honeycomb shell off or by breaking it wide open, the digital keys that unlock the computer are erased.

The ORWL specs are what you would expect from a bare-bones desktop computer: Intel Skylake mobile processors, Intel graphics, a choice of 4 or 8GB of RAM, 64 to 512GB SSD. WiFi, two USB C ports, and an HDMI port provide all the connections to the outside world.

While this isn’t a computer for everyone, and it may not even a very large deployment, it is an interesting challenge. Physical security rules over all, and it would be very interesting to see what sort of attack can be performed on the ORWL to extract all the data hidden away behind an electronic mesh. Short of breaking the digital key hidden on a key fob, the best attack might just be desoldering the chips for the SSD and transplanting them into a platform more amenable to reading them.

In any event, ORWL is an interesting device if only for being one of the few desktop computers to tackle the problem of physical security. As with any computer, if you have physical access to a device, you have access to all the data on the device; we just don’t know how to get the data off one of these tiny computers.

Video below.

Continue reading “Physical Security For Desktop Computers”

Win At Hangman, Gain Entry

Do not put anything in this box that you will need in a rush. You’ll have to successfully guess the word in a game of hangman to gain entry. He’s using an Atmega328 as the brains of this project with a rotary dial and an LCD for input and display. If you win, the box is unlocked and you can open it up to get whatever is inside. There are links to various tutorials along the way to help with each step, including the Arduino source code he used to build it. We think he should bump it up a notch and have the box destroy the contents if you fail. Sounds like fun, right?