The experts finally get to the point of integrating different hardware and firmware components into a single device intended for one’s security when traveling.Marc Rogers: There are Tor pluggable transports (see right-hand image), which is a great tool. There are seven of them that are live right now, I think this is still accurate. And there’re a couple that are much more popular than the others. The benefit of the Tor pluggable transports is they have recognized that there is no one tool that will solve the problem. There’s no silver bullet. And whatever solution you use needs to be variable, because if you keep doing the same thing, eventually someone is going to catch on to it. Plus, if you make as many people develop as many different things as possible, you are going to get some real genius. And, honestly, some of these pluggable transports are phenomenal. The general concept of this is to take Tor traffic and to transform it so that it doesn’t look like Tor traffic. And the next level up from that is to take this transformed traffic and make it look plausibly like some other form of traffic. This (see left-hand image) is probably one of the best ones. A lot of the censorship tools out there are quite crude. What they do is they use regular expressions to look at the protocol and make a judgment as to what they think it is. If you use those same types of regular expressions yourself you can play to them and make your traffic look like whatever you want. The screen here is transformed Tor traffic that has been put through a transform that makes it look like SSH. While it won’t stand up to immediate scrutiny – any of you who are familiar with SSH look to that – you’ll say it’s clearly not SSH. The point is, with this vast volume of traffic going through, the only people who are going to get that special extra scrutiny are people who have popped up a red flag. This is about not popping up that red flag. As long as your traffic hides amongst the general Tor traffic, there’s going to be no reason for them to dive deep enough to say this is suspicious. Ryan Lackey: And then there’s an additional tool (see right-hand image), where if you have a cooperating end point on the other end, such as Google App Engine, you can encode your traffic as normal HTTP traffic and then also put it inside HTTPS; you can make it look like it’s going to a regular website. You can do a lot of cool stuff there. And I guess the ultimate thing would be to make it look like natural language. Bananaphone does this. It obviously won’t stand up to a human analyst looking at this after the fact if you aren’t routinely sending literature back and forth with someone, but you can imagine a scenario where this evades an automated detection system or even where you build a system on top of that (see left-hand image). Then there’re of course the classic network tunneling tools (see right-hand image) that are primarily used for getting around, like, captive portal authentication systems with dnstunnel and things like httptunnel. These are pretty cool.
Marc Rogers: The point of going through all of these is these are the tools that we looked at for building the travel router. The travel router itself, really, isn’t that much to it, but what we did was we looked at all the best tools out there and we built them into this as a library so that you have an OS build that is going to sit on device that you can carry anywhere, it’s tiny, and all of these things will be available to you to choose. And we are hoping to build some intelligence onto it as well so that it will make some of those choices for you to say: “Are you sure you wanted to select that? That might not be the best thing.”Ryan Lackey: There’s no silver bullet, so it’s a bunch of separate tools that are combined (see left-hand image). As we were thinking about this we had the practical concern – we travel a lot, we go to places, we’re not really the most interesting targets, but we get some level of target, and I know a lot of people that are much greater targets. And it’s really difficult. I can build something that I can use myself, mostly out of existing software. But building something I can have somebody else use that’s easy for them to use, simple, that I don’t have to then go with them all the time – is a much harder problem.
We looked at a lot of the VM systems. VMs are great but the problem is, if something gets subverted in the top level operating system, fingerprinting stays the same and there’s really no way to know that the system is intact. I’ve worked on a lot of stuff with the TPM tamper-resistant computing stuff, and it still is not quite there. And the other problem is this stuff is expensive. If you were to build it out of pure software on dedicated high-end laptops with virtualization, like 16GB RAM MacBook Pro’s, you can’t really afford it. Most of the people that really need this stuff are also people that are not rich. They are also not willing to throw away a 3000-dollar laptop every time it might be compromised. So it wasn’t really the most ideal target. So we looked at something that would be providing much of the same protection but be a lot cheaper, a lot easier to use and a lot easier to support, and ideally something that people already have to use. And we came up with secure travel routers being the sweet spot.They are pretty awesome (see right-hand image) because they are $20-100 each, they are made by a bunch of vendors – TP-Link, Linksys, D-Link – all the standard low-end network companies make this stuff. They are available everywhere. A lot of people use them when they go to hotel and they have to pay per WiFi device or per MAC address. This lets you share a wired connection in a hotel room with a lot of connections. There’s a lot of cool stuff you can do, but they really weren’t explored as a security tool very much.
Marc Rogers: One of the challenges we have there is that hardware is incredibly variable across the whole range. Some of them have a fair amount of flash memory; some of them have almost no flash memory. So the next version of the device is going to have a kind of a “kitchen tool”. What you’ll do is you’ll put in the version of the travel router that you’re working with – you’ll look it up in the library and know how much resources it has – and it will then tell you which modules you can select. So you can have Tor plus these transforms, or if you want to have secure voice you can have this SIP phone plus these other things added in – just enough to squeeze it in without filling it up.
Ryan Lackey: We’ve used a lot of OpenWRT built on that, there’s a lot of open-source firmware for these routers, for home routers. I think maybe the Linksys WRT54G was the grandaddy of this stuff, where it came with pretty crappy firmware. You added awesome firmware to it that was free – and you’d have a great device. Unfortunately, wireless hardware has moved on, so you need to use newer stuff, but that whole wireless router hacking community has been going on for a while, it just hasn’t been focused on the travel router market or the “building security tools into it” market. The EFF is sort of working on a project to make secure routers for home use, primarily focused on protecting them from outside threats as opposed to using them for security tools themselves. And that’s a huge improvement over the status quo even a year ago. The problem with these things is they are embedded; there’re, like, a billion different ones of them. The toolchain process takes about two weeks to self-host, so it’s a pain. It’s not a huge pain; it’s not as much of a pain as dealing with very minimal-resource embedded stuff, but it’s still not the easiest thing to do.Other people have worked on this stuff before (see right-hand image). The Pogoplug guys have the Safeplug, which is pretty cool, but they don’t do pluggable transports. The have Tor, they don’t do pluggable transports. It’s not really a portable device; it’s more for home use. Onion Pi, which Adafruit – the awesome company – has, is sort of like a “learn how to do something” project. It uses a device, Raspberry Pi, and has some external WiFi hardware and stuff. And there’s Portal, which I found out about when I started talking to Grugq. I’ve been looking at this stuff individually and then I talked to Grugq, and then I realized that the guy who was working on Portal was actually the same Grugq that I’d been talking to on other stuff. So it was kind of an obvious thing to do; Marc and Grugq have known each other for forever.
Marc Rogers: There is only one Grugq.
Ryan Lackey: Yeah, it’s not that rare a name, so… The original Portal from a couple of years ago had Tor pluggable transports and voice, but it was a huge pain to install – there’s, like, a GitHub page for it. It did a lot of the stuff but it wasn’t an all-in-one thing.
Read previous: Masquerade 3: “The Great Firewall of China”
Read previous: Masquerade 5: Closing Thoughts