[tor-talk] Using SDR
Sean Lynch
seanl at literati.org
Fri Feb 5 20:52:55 UTC 2016
On Thu, Feb 4, 2016 at 9:17 AM coderman <coderman at gmail.com> wrote:
> On 2/3/16, Jeremy Rennicks <jwr4 at pct.edu> wrote:
> > Would it be worthwhile or feasible to route Tor traffic through SDR.. For
> > example if I were a node on Tor and data came to my system would routing
> it
> > through my SDR to another system then back over the ISP backbone add
> > anonymity or be of any use?
>
>
> where i have wanted SDR most is for wide area digital broadcast of Tor
> consensus, for example, along with extended descriptor information,
> perhaps over DVB-T bands adopted for the purpose (like the Sweedish
> experiments?)
>
> in terms of observability, it may actually be worse to use SDR links
> unless they also provide strong authenticity and privacy guarantees at
> the physical layer - WirelessWarrior discusses this in talks and
> cypherpunks.
>
> an interesting idea, even if not near-term practical :)
>
>
Radio is being used right now to provide anonymity, but it's being used[1]
to hide endpoints similar to the duct-taped payphone trick depicted in
Hackers, in order to avoid attacks like the one used to capture Ross
Ulbricht without giving him a chance to wipe his computer (they snuck up
behind him and pinned his arms, but they would have just rushed him had
that not been possible). If you use a device like the ProxyHam and you sit
somewhere where you can see it, there's a reasonable chance you'd spot
someone who's trying to find you, giving you a chance to hit your panic
button and escape.
The older, lower-tech version of this trick is to use a high-gain antenna
like the Cantenna or a Yagi to use a public wifi AP from a stealthy,
defensible location. The problem with this is that this presents no
challenge to RDF (radio direction finding) equipment designed for WiFi.
That's the big advantage of the ProxyHam, since whoever is looking for you
probably won't know in advance what frequency you're using. And solving
that problem in a general way requires MUCH more expensive gear than just
locating WiFi clients.
If you're concerned about someone coming after you with much more capable
RDF equipment, you are now talking about LPI (low probability of intercept)
communications. This could be something as simple as a longwave infrared
optical link, which won't show up on regular CCD or CMOS camera even
without an IR filter. With SDR you might use some form of non-sinusoidal
spread spectrum with extremely high processing gain so you'll be well below
the noise floor and your carrier won't be recoverable using autocorrelation
techniques. Some UWB techniques fall into this category, though because
"legal" UWB is required to be confined to a narrower bandwidth, it's
probably detectable.
It MAY be possible to use SDR to achieve LPI while still remaining within
FCC Part 15 just by using very low bitrates relative to the bandwidth
allowed to you by law. There is a minimum energy per bit dictated by the
noise spectral power density (W/Hz) no matter how much processing gain you
have, which means there's only so much wider-bandwidth modulation can do to
prevent you from being noticed as a source within whatever bandwidth you're
using. To go lower, you have to lower your bitrate or use a higher gain
antenna.
Actually, that gives me an idea: MIMO precoding[2] (versus spatial
multiplexing, which is useless for your purposes). MIMO precoding devolves
to beam-forming in the absence of reflectors like buildings, but in an
urban environment, you get a complex combination of signal paths, with only
a part of the signal following any given path and coming together only in
the vicinity of the other station, but from multiple directions. I would
think that would make RDF extremely difficult without fooling the target
transceiver into talking to the wrong radio. This is state-of-the-art
stuff, though, requiring multiple transceivers, a decent amount of
computing power, and someone with a lot of knowledge in the field. But it
would be a really neat project with a lot of practical applications.
MIMO precoding requires a "training" phase where they discover one another
by transmitting some easily "locked-onto" signal so that each receiver can
find the other transmitter independently. This doesn't have to make them
easier to detect by an outsider, though, even during training: with
synchronized clocks and a secure PRNG, the search space the "friendly"
radio has to search through can be made small, while anyone who doesn't
know the random seed or clock offset would still be stuck trying to use
autocorrelation to find the carriers.
Now that I think of it, though, it's possible that plain ol' direct
sequence spread spectrum using an effectively infinite pseudorandom
sequence and a rake receiver[3] at each end to deal with multipath would
probably be good enough. It won't stop you from being found once your
adversary is close, but multipath should make it hard to track you once the
base station is found. You'd still need to have some way of knowing the
base station has been discovered, though.
[1]
http://fossbytes.com/how-to-make-your-own-proxyham-for-anonymous-browsing/
[2]
https://en.wikipedia.org/wiki/Precoding#Precoding_for_Point-to-Point_MIMO_Systems
[3] https://en.wikipedia.org/wiki/Rake_receiver
More information about the tor-talk
mailing list