Open Source Software/IoT & Security

Hi Everyone.

At the risk of looking 100% ignorant of all things hardware/software related, I want to ask you about the security (real & perceived) of any significantly popular open sourced software.

Specifically, what’s to stop somebody from writing some seriously malicious code & just passing it upstream (uploading) it into the digital foodchain and it getting accepted as a good clean program because it has a relatively subtle zero day attack sleeping in the background waiting until the day it wakes up and wreaks havoc on every computer it has been shared into?

I know the topic has likely been beat to death over 20 years on 1000 forums globally, but I am just curious what my local VHS peeps say about it?

I skimmed over this:

I suddenly got more practically curious about this when I was reading a RaspberryPi basics tutorial and the author mentioned that not only is Raspian open sourced, but it is often shared as bit torrent, instead of having the RaspberryPi home server deluged & crash from the sheer weight of download requests.

My proposed drone project absolutely NEEDS security & I can’t just download any OS that plays dice with it’s code purity.

Can anyone suggest a trustworth alternative OS to Raspian to load into a new Pi ??

If these details help:

1. My drones will never need to communicate over the web. The web has too many computer versions of STDs (which is why they’re called viruses)

2. My drones will never have any USBs, discs, or SD cards plugged into them that has ever been plugged into any computer other than ones that were exclusively used for the drone project from the day they were purchased.

I know that theoretically any software could be contaminated at source, as antivirus software can only detect bad code that has been identified as such. In other words, unless every single line of code a manufacturer sells or releases (as part of an OS, app, patch, or update) is security reviewed, it could still have a zero day virus hibernating in it…

That doesn’t even include hardware embedded virus attacks…

The Pis in the VHS vending machine come with SD cards preloaded with multiple OSs to choose from, but how can we be sure that the original vendor (not Dan Royer) performed an exhaustive antivirus scan of he sourcecode before loading the various OS distributions onto the SD cards? (I suspect that a zero day virus could still evade a security scan at the original RaspberryPi factory, but it would be nice to know that they at least scan everything they send out with up-to-date antivirus software before they load the SD cards & warehouse the PIs for shipping)

For the record, I think Dan’s a great guy and I respect him much, so please don’t get the wrong idea that I am doubting his character of professionality. All I am saying is that it seems that with open sourced Pi software, there seems to be an exponentially higher chance of getting a virus because the original source of the PIs seemed to admit to directing user sourced OS torrents into peoples computers without even necessarily scanning them through their own server.

Can anyone recommend a trustworthy non open sourced OS that can be run on Pi’s ?

There may be an alternative comparable microprocessor that comes pre-loaded with proprietary software that would function well in place of Pis/Raspian…

If most machines run on C as base code, and C is open sourced, can’t people just buy a disc or USB with clean C right from the original source ?

I know I can “get away with” just buying a Pi out to the VHS vending machine and starting from there, but eventually I will need a 100% guaranteed clean operating system to run my drone on. Commercial insurance carriers would want that… (The VHS Pis are probably 100% clean…)

The first time IoT/open sourced OS operated machinery runs amok in a big way, the governmental regulatory bodies, insurers & every corporate & legal stakeholder (and the civilians) will be in an uproar, then everyone running parcel delivery & commercial photography etc. off of open sourced/IoT operated drones will have to suddenly buy clean proprietary drone OS to comply with newly enforced stringent standards (at whatever price the software company charges/gouges), or else go broke while other drone companies running on clean OSs take over their former market share…

Am I just being paranoid… (I assume you guys know that Anonymous hacked the R.C.M.P. server, so maybe I am not too far from an unlikely, but still possible unfortunate future situation… I would rather be prepared ahead of time than sued out of existence…)

What are your guys thoughts ?

(P.S., I would have posted this in the Commercial Ops category, but I really wanted to get a majority member viewpoint. My apologies to the Mods…)

edit

If your product will never be connected to the internet, cellular network, or to an end-user’s computer, the available attack vectors are drastically limited. Rather than looking for a proprietary OS, I’d focus on the securing of all inputs and sensors for the drone. If the radio communication between the drone and your remote control is not encrypted, then that is clearly the greatest attack risk.

As far as open source software and security, most open source vulnerabilities are discovered bugs, not planted backdoors, just like in closed source software. If somebody wants to add a backdoor to an open source project, all that’s stopping them is the diligence of those who own the repository. The same goes for backdoors that end up in closed source software, except in closed source software you’re less likely to have a trail of evidence showing the change. If you’re getting software from an untrusted source, you should at least be verifying it with a trusted hash or signed certificate, regardless of whether it’s open or closed source.

As for a recommended quadcopter OS, I’m not familiar with what’s available. My first instinct would be hesitation to task a general purpose OS like Linux (or Windows) with running a quadcopter. I’d at least want a smaller processor with a RTOS to handle the mechanics of flying.

BTW, you can edit your posts on the forum.

Thanks Shane !!

Trust is hard for me… (I’ve been burned too many times…)

You mentioned “the diligence of those who own the repository”. Is that what they mean by “code maintenance” ? (forgive me, I was leaving school just as computers were coming in, so I missed a lot. I have had time to learn, but was focussed on other things until lately)

In the meantime since I made my previous posts & now, I came to the conclusion that I may as well just download some free drone OS and run it on a compatible microcontroller. Fearing viruses that have not yet surfaced isn’t going to save me. Maybe learning how to debug & maintain my own open source drone OS will. That way, if a zero day virus ever pops up, I just deploy the parachute, retrieve the drone, run antivirus, and redeploy. Keeping several untouched identical copies of the drone OS may make it easier to debug & do antivirus work until I am reasonably sure that I have a self maintained, bug & virus free secure drone OS…

I pretty much figured I would need an RTOS. Node.js is fast, but I am not sure if it is equal to an RTOS or not ??

These ones look good:

http://www.stevebate.net/chibios-rpi/GettingStarted.html

I wonder if this would run on the AT Mega? :

http://rtos.com/products/threadx/atmel_sam3_sam4

On another side issue, I guess not everyone likes node.js :

https://www.semitwist.com/mirror/node-js-is-cancer.html

Other robotics people love it :

http://www.amazon.com/Make-JavaScript-Robotics-Raspberry-BeagleBone/dp/1457186950

http://johnny-five.io/

http://nodebots.io/

Many options…

Hello,

I wouldn’t be too worried about a virus or malware infecting it that targets drones. As has been mentioned, deliberate backdoors don’t get snuck into repositories very often, and even if one did it is unlikely to have any effect on the drone when it isn’t connected to the internet. It would just be a backdoor that could be used to steal data, control computer when connected online.

However, if you’re worried about someone hacking the drone mid-flight, that is an actual problem. Here is a link to a 45-minute presentation last year at Defcon 23 regarding two popular drones and hacking them. https://www.youtube.com/watch?v=5CzURm7OpAA

There are a whole host of problems. The cheap one is a flying open wifi router, ftp server, various executable commands are just sitting there in the root directory that can be accessed, etc. The more expensive one isn’t really any more secure either. Since most of these drones just use standard 2.4GHz wifi for communication they are open to all the wifi attacks you could use on a normal router. Deauth attacks, password cracking, creating fake access points with the same ESSID (network name) but a higher signal so the computer automatically connects to that rather than the drone’s wifi and the drone is now uncontrolled, etc. On top of that, since most of these are just considered hobbyist toys, security is less than an afterthought and no significant resources are spent securing these devices.

Thank you Lewis !!

I am not a cryptologist, but I have a concept for signal security that should be 100 % unbreakable. I does not operate like any of the current encryption systems advertised and I don’t think anyone has even thought of it. It would use a combination of existing technologies synergistically. I know that may sound like a ridiculously arrogant thing for a non techie like me to say, but I am not 100% untechnical, I am just climbing a steep learning curve with no formal training. Thank God for helpful forums like VHS, YouTube tutorials, and free online learning resource sites…

If I can network with the right people, I know I can make a “must have” commercial drone system. All I need is the right team of electronics people & programmers to take the thing from concept to reality. Even just one guy that has a reasonably solid grasp of the basics in both skill sets could make it happen. For now, I will just keep learning both until I can wire up a microprocessor & microcomputer to the right sensors and modify the programming of an existing open source drone OS myself… ( www.dronecode.org looks pretty good )

Thanks for the YouTube link.

If you want to learn more about cryptography, a good book to check out would be Practical Cryptography by Neils Ferguson and Bruce Schneier. They also did a follow-up called Cryptography Engineering but I haven’t gotten around to reading it. Cryptography is really hard to get right. Even if you get all of the math right, and have a 100% unbreakable mathematical proof, (which as far as I know doesn’t exist, just ones that are assumed to be secure and publicly take an impossibly long time to crack), you then need to implement it correctly. A lot of times it isn’t the mathematical underlying of the cryptography itself that is compromised, but instead it is a failure in the design and implementation trying to use it.

For example, one big issue is random number generation. There are many cryptology methods that are solid and secure as long as it is done with true random number generation. The problem is getting truly random number generation is actually very difficult. That is just one of a number of problems.

I’m not sure exactly what you have in mind for your ‘commercial drone system’, but you should be aware that it is likely more difficult than whatever you have in mind. First of all, you should look up regulations regarding drones in Canada. There are some different rules for commercial vs. hobbyist use. For both there are restrictions within 9km of airports, etc. Then of course there is the matter of insurance for them for commercial purposes, and I doubt drone insurance has been fully figured out yet and there needs to be enough of a market for them to make it all worthwhile.

Back to the security issue however, even if you have “signal security that should be 100 % unbreakable”, which I’m admittedly very sceptical about, you would need to consider the security of the device as a whole. Anyone attacking the device is simply going to take the easiest route possible. Even if the signal security is 100%, there are other attacks that can be launched. De-authenticating connected users to drop connections. Connecting to the device and launching a denial of service attack by sending it tons and tons of gibberish that it must process. Simply jamming the connection altogether. Security is very complicated to get right.

PS. Just noticed the “boilerwelder” username. Not sure if that is actually related to what you do, but I’m actually a Non-Destructive Technician and find cracks in boilers in pulp mills.

If you’re not a cryptologist, I STRONGLY advise you to NOT trust your own approach to cryptography.

I’m not trying to put you down or anything. It sounds like you are a smart guy. It’s just that this is a very VERY difficult problem space, and unless you can mathematically prove that your system is secure, you can’t know that it’s secure. In fact, it almost certainly isn’t secure unless you can mathematically prove that it is, and even then, there are probably going to be bugs in the implementation that render it insecure. No matter how smart you are, or how good of a coder, no one writes perfect code unless the program is trivial.

The only way to totally protect a system from network-based attacks is to not connect it to any networks.

In my team, we joke that the best way to make something totally secure is to smash it with a hammer.

Also, the only way to know for certain that there’s no malicious code in your system is to write all of it yourself. If you don’t want (or have the time) to do that, you have no choice but to trust someone else. Fortunately, most people are basically good, and I think that the open source community tends to have a higher percentage of basically good people in it than the closed source community. Unfortunately, good people can still write bad code, so it’s best to take some steps to protect yourself from bugs, as well as limit the damage that can be done if someone does exploit a bug to hack into your system. Sandboxing/containers are a good approach, but can be hard to do yourself, and can introduce a lot of overhead.

It’s all about managing risk. If the reward for attacking your system is much less than the effort required to successfully attack it, then your risk is probably low. But as soon as you tell people that you have an “unhackable” system, the risk goes up, because someone will want to prove that it’s hackable.

Cheers,

For anyone interested in practical crypto knowledge, I highly recommend the Cryptopals (formerly Matasano) crypto challenges.

It took me between 15minutes and 4 hours per challenge, and there are 8 per set. I completed up to the 7th set before losing interest. It was a fantastic way to learn real-world crypto, and also a good opportunity to learn a new programming language you’ve been wanting to learn (you can do the challenges in any language). It walks you through from simple toy problems to actual vulnerabilities in the real-world cryptosystems of the last decade. Fascinating stuff.

If anything, the challenges really drove home how incredibly difficult it is to have confidence in any crypto system. Sure, crypto primitives can be provably unbreakable, but once you start combining them into a practical application, other factors such as pseudorandom number generators, usability tradeoffs, and physical limitations can quickly erode the “security” of the system.

I promise that after completing these challenges, one will have a far deeper understanding of cryptography and a far lower confidence in their own ability to make anything secure.

@inchcombec

Thanks for the crypto book recommendation. I am sure there are 100s if not 1000s of good/great books on the topic. What makes my concept different is the synergistic combination of existing (off-the-shelf) technologies that have no peer that I see. I don’t need perfect math. It’s about much more than that. I wish I knew you to tell you, but I can’t post the glorious guts of the concept out publicly. (yet or ever)

Yes, I know there is a ton of legislation to shovel through. Everyone faces it, so that levels the playing field… Consider this: If I can get a few local guys to collaborate with me & we pull this off (at least the secure control signal part), then that chops out a big chunk of the control safety regulatory hurdle. Since my competitors would not likely be able to meet/beat that performance, I could advertise that & take market share while they try to explain to the feds & provinces & their insurers & investors why they can’t guarantee signal security, but I can…

Regarding de-authenticating my signal, they wouldn’t know what my drone controller was digitally listening for, so they wouldn’t know what to mimic…

Regarding jamming, unless they overcame my signal by jamming all frequencies at greater amplitude than my base signal (and the closer to my drone the worse), then there are other ways to interpret my original control signal that would still tell my drone controller to ignore whatever they throw at it. If they jam all frequencies at very high amplitude as many places as possible, then they will overcome my control signal. No magic overcomes that attack initially, but that’s when the 100% autonomous factor kicks in & executes plan B. Most guys would have Return to Base as plan B. I am not most guys…

@biohazard

In the beginning, the cost of writing everything from scratch & sandboxing it all will be cost prohibitive. That’s because I am unable to do it myself & can’t afford to pay someone. However, “selling” inve$tor$ on a project can be done at any stage of the game, so for me it’s about getting a basic control system that can safely/reliably fly my custom airframe in a basic proof-of-concept vehicle to have an initial prototype to debug & woo in inve$tor$ for second round tech refinement etc., etc.

You are right about bragging unhackability. There are people whose livelihood & internal sense of self worth utterly depend on their cyber ninja reputation of being able to bypass all security. They will hate me…

Your team is generally right, but there is a little known & even lesser employed second option. Smashing the "cyber burglar"with a “cyber hammer”…

@lukecyca

You are correct, but cryptologists are zoned into the box. I am not. In-the-box thinking keeps them trapped there where all their equal peers also stay equally trapped I wear no such mental handcuffs. I am not zoned in. I just understand communication unpredictability in other ways than a digitized datatrain of 0s and 1s.

All I need is the know how to use even basic low grade cryptography (not RSA2048) and in combination with my other signal “factors”, they will be locked out. If I don’t even know the keys, neither will they be able to guess it, no matter how many terra bytes of power their super-mainframe is running & no matter how many millions of man hours they have inve$ted in paying the best programmers available. Because I can’t be too revealing, we may have to agree to disagree.

@ all who posed in response recently

I suspect that all of you are much smarter & more educated than I. Unfortunately, education sometimes teaches error & to a degree, error sometimes handcuffs intellect. I wish I could share my concept openly, but then security would be compromised because it would provide a starting point for reverse engineering the system. I am not insinuating any of you would waste your time on that, I am only saying that pure security doesn’t leave doors & windows open unnecessarily. Even if I spelled it out here in detail, it would only allow someone to beat me to a patent, it wouldn’t guarantee cyber burglars access to such a system.

I genuinely thank you people for your opinions & taking the time to post them here. If I appear argumentative, please understand that I mean no such offense. I may appear irrationally optimistic & argumentative because I just can’t divulge my core concepts of innovative handshaking & signal authority. Maybe one day if/when I get a team together & actually build it & patent it…

Thanks again !!

This is the same arrogant attitude that leads many to develop their own crypto solutions instead of using proven ones. It, in all cases I have ever seen, leads to horribly insecure and easy to break solutions.

The only way to develop new crypto is to publish freely and widely, and solicit feedback from (other) experts. There will be weaknesses that you can’t see. You need many expert eyes evaluating any new entrant for many years before it can be considered secure. This is how serious crypto has worked for 30 years and even if you do have a revolutionary idea, nobody is going to trust it until you follow the same process.

If you’ve read the theory and think you still have a viable idea, publish it and see it get ripped apart, then refine or start over and try again.

Okay, I’m just going to reply to a couple of the most glaring points you’ve mentioned in your last post boilerwelder. I gotta say though, every time you throw out some phrase like “synergistic combination of existing (off-the-shelf) technologies” you sound like the manager from the Dilbert cartoons. You seem to be way over confident in whatever idea you have.

“Regarding de-authenticating my signal, they wouldn’t know what my drone controller was digitally listening for, so they wouldn’t know what to mimic…” Nonsense. Anyone who wants to attack will figure it out what frequency you are operating on rapidly. It is now ridiculously cheap. For $25 you can get one of these: http://www.rtl-sdr.com/buy-rtl-sdr-dvb-t-dongles/http://www.rtl-sdr.com/buy-rtl-sdr-dvb-t-dongles/ which can scan from 25MHz to 1750Mhz. There is a whole community of people out pushing these devices farther every day. They are receive only, but could be used for signal analysis before upgrading to transmitter for the attack. For $500-$700 someone could get a HackRF, BladeRF or USRP which have ranges of 1MHz to 6000MHz and can transmit whatever they want at your drones. Software defined radios, and signal analysis due to them, has become absurdly cheap in the last several years.

This right here: “I wish I could share my concept openly, but then security would be compromised because it would provide a starting point for reverse engineering the system” is a major security fail. This very mindset even has its own term in the security community, “Security through obscurity”. I would never trust any device or system that has secrecy as part of its security structure. If you can’t release details because it would be reverse-engineered, then it is NOT secure. The common cryptography methods in use today are all 100% public, are fully understood and work well because even when the ‘bad guys’ know 100% how the system works they can’t be easily broken.

Not trying to be rude, but you are way too confident in your idea, whatever that is, and don’t seem to really have a solid understanding for all of the security vulnerabilities and attack vectors that may exist. You should seriously cool your heels a bit and do a lot more research.

@ktims

“The only way to develop new crypto is to publish freely and widely, and solicit feedback from (other) experts. There will be weaknesses that you can’t see. You need many expert eyes evaluating any new entrant for many years before it can be considered secure. This is how serious crypto has worked for 30 years and even if you do have a revolutionary idea, nobody is going to trust it until you follow the same process.”

I understand that crypto is very very deep complicated stuff. Many vulnerabilities etc. etc… I still don’t buy the idea that telling everyone how a secret keeping system works is going to keep it secure. Yes, I got the peer review & community assessment point. I still think top secret systems must exist and are not advertised. If they fail, they are not advertised. If they work reliably, they are even less than not advertised. The idea of asking “hey everyone, does this look secure”, and then expecting a successful cyber burglar to advertise his exploit is seemingly naïve. I know “that’s how it works”, but cyber criminals are not part of the security apparatus. Their motives & methods are likely largely opposed. If you could diddle any internet connected bank on the planet out of billions at the click of a button, would you advertise that exploit? Would the bank? I think we may have to agree to disagree…

@inchcombec

It seems you ridiculed the use of “off the shelf” components by referring to more off the shelf components (RTL-SDR) as proof that such solutions are cartoonishly impossible.

I had typed, “Regarding de-authenticating my signal, they wouldn’t know what my drone controller was digitally listening for, so they wouldn’t know what to mimic…” Somehow you read “Regarding de-authenticating my signal, they wouldn’t know what FREQUENCY my drone controller was digitally listening for, so they wouldn’t know what to mimic…” I am aware of encryption key changes, full spectrum jamming, and frequency hopping. I never mentioned frequencies at all.

Obviously I would hop frequencies, and obviously “they” would need to scan all, then determine which of my encrypted signals the drone was listening for among the decoy signals sent. They would need to have cracked the code to know which frequency was the one used next in order to know what to decrypt. They could decrypt every signal picked up on any frequency, but that still doesn’t address the missing parts of the puzzle (which I am still not revealing).

" I would never trust any device or system that has secrecy as part of its security structure. If you can’t release details because it would be reverse-engineered, then it is NOT secure. The common cryptography methods in use today are all 100% public, are fully understood and work well because even when the ‘bad guys’ know 100% how the system works they can’t be easily broken. "

I would never trust any intelligence agency that tells the planet how it encrypts stuff. Regardless of industry methods, I think the idea of depending on the entire planet to let the target know if they had found an exploit is just plain silly. No offense is intended in saying that, but it’s just that I honestly think essentially asking strangers for mercy because of the global scientific community’s tradition of peer review is not a good idea. Battlefields have merciless strangers…

I was not asking you to trust my signal security concept. I was asking everyone what they think about the safety/purity of open sourced software, then the focus shifted.

I would like to obtain open sourced software in a ROM format, so that I can duplicate it, then debug and modify/update the copy until it is proven reliable and effective under all known and tested circumstances. Once a more proven version is ready, it could then also be made into ROM version to work from. Since it is nearly impossible to foresee & test for all possible combinations of aeronautical circumstances, the second ROM version will likely need eventual copying & revision as field data indicates the need for more updates. At least by using a software that is always refined from ROM versions originating from previous ROM, it is unlikely to ever have suffered any contamination via an outside unfriendly counterfeit signal that somehow slipped passed security measures. Any performance issues would likely need to be honest bug related issues, not malicious attacks.

@everyone

Even if I am absolutely wrong, I hope that we can keep common civility in this thread. My disagreement with anyone is not intended to be taken as disrespect.

A strong cryptosystem doesn’t depend on secrecy of its method for its security. Any that does is a failure, as protecting the method is much more difficult than protecting the key material (which is not trivial either), especially if you want it to see general use. Since you can’t depend on the secrecy of your method, what is the point in making it secret? Even governments understand this, and hold public competitions for crypto standards, which they then approve for use with TOP SECRET communications.

It’s not even that crypto is complicated - the math itself is actually fairly straightforward. The hard part is putting the crypto building blocks together in a way that doesn’t leak information about the key material or plaintext. There are lots of clever attacks that are not at all obvious from just looking at the math and how the algorithm functions. From a naive point of view even the weakest of crypto will seem unbreakable. Since you admit you have no knowledge or experience of cryptography, I don’t think you have any hope of developing something remotely competitive with modern algorithms that are developed in full public view, especially if you try to do it in secret. Your system may not be attacked until it becomes interesting to an attacker, but that doesn’t provide any actual security when that interest appears. This has played out time and time again in the history of computing, though thankfully it seems most developers have gotten the memo and just use standard crypto primitives these days.

Consider elliptic curve cryptography. It was proposed in the late 80s, studied for many years, and available implementations became available in the early 2000s. It has only really entered wide use in the past few years. And this is not even a fundamentally different type of cryptography, it’s really just a different ‘hard to reverse’ function to use to generate the public key. The fundamental public key crypto scheme is unchanged, and this idea took 20-30 years of public study to reach full acceptance by the academic and security community.

Few ideas are unique, and I’m really skeptical that you have discovered anything novel. Most likely whatever clever idea you have has been proposed before and was found to be weak, or didn’t even get that far because it was obviously unusable to those with the expert knowledge to investigate such things. I will +1 the recommendation for (any of) Bruce Schneier’s book(s). He is a well-respected cryptographer and has skill at communicating the concepts to a non-expert.

@ktims

" A strong cryptosystem doesn’t depend on secrecy of its method for its security. Any that does is a failure, as protecting the method is much more difficult than protecting the key material (which is not trivial either), especially if you want it to see general use. Since you can’t depend on the secrecy of your method, what is the point in making it secret?"

I am NOT saying that I would not use a publicly developed core algorithm for my concept. What I AM saying is that I can’t/won’t explain EXACTLY why I believe my approach to data encryption is radically different. This is not a case of the dumb kid in the schoolyard saying “I know a secret you don’t know” in order to appear smart, it’s a case of me saying (despite to list of all your folks points of input) that I think I have a concept of communicating between machines that is so novel it should be at least functionally unbreakable, if not truly so.

I could easily use the highest civilian available publicly known encryption algorithm as my core, and then add the missing factors that I can’t openly elaborate on here. If it works as envisioned, it will be a combination of technologies that makes the difference, not me trying to write the core encryption program.

“The hard part is putting the crypto building blocks together in a way that doesn’t leak information about the key material or plaintext. There are lots of clever attacks that are not at all obvious from just looking at the math and how the algorithm functions.”

I understand and agree. I still can’t change my original opinion though.

“Since you admit you have no knowledge or experience of cryptography”

That’s not what I said. Here’s what I actually said :

“At the risk of looking 100% ignorant of all things hardware/software related”
“forgive me, I was leaving school just as computers were coming in, so I missed a lot.”
“I am not 100% untechnical, I am just climbing a steep learning curve with no formal training”

There is no statement absolute ignorance in there. You may choose to take it that way, but that’s an emotional response because it just isn’t written there in the absolute way you have stated it.

“Few ideas are unique, and I’m really skeptical that you have discovered anything novel.”

I believe you, but skeptical means open minded, but demanding solid proof prior to acceptance. Generally that’s a good safe position, but I have made it clear that I think I have something extremely different to add to the soup and respectfully refuse to explain what it is. You can’t accept this position because you can’t believe a relative layman could ever have insight beyond zoned in experts. I know they have a broad knowledge base too, but in what study of cryptography that I have done, there was never any mention of anything like this. At all. Anywhere.

You seem locked into the proposition that communications security needs everyone’s understanding of all it’s secrecy mechanisms for it to be strongest. I also know that’s what the experts say, but I still fundamentally disagree. I know why. You don’t. (It’s not because I am emotionally incapable of admitting error. It’s because I know the missing security factor and won’t share it yet. Once published, an inventor has 2 years in which to file, or he loses prior art.)

Combining an internal combustion engine with a glider changed history. The wright brothers were high school dropouts, but they saw the obvious needed combination & then added control surface manipulation to the big picture and surpassed all their nearest peers to invent controlled flight. A big game changer. At one time, all the big name experts confidently stated that man would never fly". As well, the Titanic was unsinkable. The experts agreed that even God could not sink it. Many experts can be wrong. Nuclear fission, the microwave oven, penicillin and X-rays were all discovered by accident. True skepticism starts with open mindedness.

@everyone
I support free speech and know other guys who posted here with similar opinions may likely want to come back and add their most recent $ 0.02 , but I really hope people get the point that I have read all the currently posted arguments against my concept and I still believe in the concept. Not because of general ignorance, emotional argumentativeness, dishonest arrogance, or any other mental or moral defect issue, but because I KNOW the missing components & strategies I want to develop. If I just openly stated exactly what I want to do, you would all get it instantly. I simply can’t/won’t do that. The other thing is, this thread is seriously off topic. It was about source code purity, not signal security.

I don’t mind new arguments against my signal security concept in my source code security thread because I see how they relate. Please don’t just regurgitate the same arguments over & over. On the street I would not argue endlessly for the last word, but I started this thread for a reason and would appreciate input on that topic, or at least fresh input on signal security that has not already been addressed and answered…

I do mostly appreciate everyone’s input though.

Thank you.

I’m glad to hear you’re interested in using the “highest civilian available publicly known encryption algorithm” in your product. That would presumably be AES, which is approved by the NSA for communication and storage of US government top secret information. Maybe you could improve it with your secret missing factors, but I won’t add to the earful you’ve already heard on that subject.

The nice thing about AES is that it’s implemented in hardware already with most of the microcontrollers you’d likely use in an IoT project. That’ll improve speed and power usage, if nothing else.

Then onto your software question. This one is actually harder, because the encryption problem is “just math”. By contrast, security is a process. Open vs closed source is a somewhat tangential and philosophical debate. It sounds like you are grappling with this process concept already with your ROM versions etc., but all I can really recommend is the same thing you’ve been told here again; read Schneier and any other security writers of his calibre. The best we’d be able to do here is repeat what they say, poorly. Certainly we could try to help with specific questions, but it’s really hard to do that when someone wants help with a secret system. It’s too easy to make irrelevant assumptions, and I for one don’t want to waste my time and yours on that.

Just for a fun starter on the process of security, try to deal with this old chestnut from Ken Thompson.

If AES is such good stuff & it’s preloaded on most IoT hardware, why are so many people freaked out by IoT security?

I AES really good, but most common hacker programs even better?

Because when IoT security turns out to be broken on a device, the problem was in something other than AES.

Who would have guessed that Defcon 22 agrees with me about Security by Obsecurity :

It’s about 80 % of the way through, but watch the whole thing…

I also loved Defcon 19 :

Making a better Anonymous… LOL…

I had to take the bait on this one. If anyone else cares, I’m pretty sure @boilerwelder is talking about the mention of Code talkers starting at about 45:28 in that first video.

Direct quote: “We all like to make fun of security by obscurity, right? But sometimes that’s all we have.”

That’s not exactly what I would call a ringing endorsement.