Iran Cyber Security and Artificial Intelligence (civilian and military)

[BHAN85]

using udp means begging to be hacked

It depends of the implementation.

UDP is just the simple way to send information over internet, the another is TCP.

You can do a TCP implementation over UDP datagrams, if you want.

If you only need send and receive little amount of information to a database in a remote server (like the gas stations task), then UDP is enough.

In short, you dont need one million lines of foreign code to do the tasks of a gas station needs, you can do from scratch, and nobody will hack that, because only you have the code.

But if you use OpenSSL, Linux TCP/IP stack and so on, you can't never be sure of avoid hacking.

 

[Hack-Hook]

It depends of the implementation.

UDP is just the simple way to send information over internet, the another is TCP.

You can do a TCP implementation over UDP datagrams, if you want.

If you only need send and receive little amount of information to a database in a remote server (like the gas stations task), then UDP is enough.

In short, you dont need one million lines of foreign code to do the tasks of a gas station needs, you can do from scratch, and nobody will hack that, because only you have the code.

But if you use OpenSSL, Linux TCP/IP stack and so on, you can't never be sure of avoid hacking.

you can study the code , test it and see if it is vulnerable to attack or not also openssl is not the only stack in linux.

 

[BHAN85]

you can study the code , test it and see if it is vulnerable to attack or not also openssl is not the only stack in linux.

You can see one thousand times same code and dont see the bug.

But security agencies have people studying everyday.

Creating own code from scratch there is no risk as long there are no traitors between your coders.

 

[Hack-Hook]

You can see one thousand times same code and dont see the bug.

But security agencies have people studying everyday.

Creating own code from scratch there is no risk as long there are no traitors between your coders.

and your propriety code can be filled with flaws that you are not aware of but foreign agencies can find with some penetration attack.
and the protocol you mentioned is just begging for disaster in waiting

 

[BHAN85]

and your propriety code can be filled with flaws that you are not aware of but foreign agencies can find with some penetration attack.
and the protocol you mentioned is just begging for disaster in waiting

How can agencies know a thing if you use own software?

It's not so easy see bugs in machine compiled code than in a perfectly commented open source code.

Take as example gas station software to pay, that it was really hacked in Iran several times.

If you do a embedded device, with software from scratch in the connection layer, nobody will be able to discover bugs, because nobody can't see even the compiled code. And if some gas station "lost" the device, there are cctv to disclose traitors.

But if you are use open source code, then everybody can try attacks.

By the other side you didnt understand what UDP is, UDP is just a protocol to send datagrams, information packets.
You can implement TCP over UDP if you want. UDP can be the secure or unsecure you want, it depends on implementation.
In TCP more security is mandatory than in naked UDP, like in SSL is mandatory more security than in naked TCP connections, but that doesnt mean than any TCP protocol is unsecure, because SSL works over TCP, and TCP can work over UDP.

OSI model - Wikipedia

en.wikipedia.org

 

[Hack-Hook]

How can agencies know a thing if you use own software?

how hackers hack system how they find flaws ?

 

[Hack-Hook]

Take as example gas station software to pay, that it was really hacked in Iran several times.

If you do a embedded device, with software from scratch in the connection layer, nobody will be able to discover bugs, because nobody can't see even the compiled code. And if some gas station "lost" the device, there are cctv to disclose traitors.

they can spoof the network and feed what ever they want and get whatever come out just a simple man in middle attack with your udp suggestion , the protocol even don't check it send the data to who

 

[Hack-Hook]

But if you are use open source code, then everybody can try attacks.

some one try to attack but you and anybody check those codes

 

[Hack-Hook]

udp don't check or care data come from where or who get the data . if they get your data they can break your code eventually

and here you are suggesting , reinvent the wheel.
you say design your udp , then design a propriety tcp like protocol to work as another layer , then design a secure layer on top of that.

by the way are you aware that its not as simple as you say , the hardware also must understand those so you must design your hardware also.
we are talking a bout economy of it just think how much it cost.
just don't use the damn spywares , that gave you a good enough protection

 

[BHAN85]

how hackers hack system how they find flaws ?

Searching bugs in software.
In difficulty order would be, from easy to harder would be
1. Analyzing source code, it only can be in open source projects and in proprietary software if you are the country manufacturer (Western agencies can do that in Windows and other proprietary Western software, and lone hackers can do that in Linux and other open source projects)

2. Trying software and analyzing machine code, if you have the software compiled code (Lone hackers can do that in Windows)

3. Guessing implementation methods, e.g. a simple web server with no security measures can be vulnerable to "/../" bug to escape from webserver root folder.

If you use own software and that software is hidden inside a embedded device, and nobody but you it has access to it, security would be strongest.
If you foreign made software, security will be the worst possible.

 

[BHAN85]

udp don't check or care data come from where or who get the data . if they get your data they can break your code eventually

and here you are suggesting , reinvent the wheel.
you say design your udp , then design a propriety tcp like protocol to work as another layer , then design a secure layer on top of that.

by the way are you aware that its not as simple as you say , the hardware also must understand those so you must design your hardware also.
we are talking a bout economy of it just think how much it cost.
just don't use the damn spywares , that gave you a good enough protection

Yes, basically the idea to avoid hacking is reinvent a simple wheel, the minimum you need from scratch.

Like Iran does when use own GNSS receivers with SDR.

There is no another way, open source projects dont protect you.

And you dont need another hardware.

It's pretty simple, a device to pay in gas station is a basic machine, you dont need millions lines of code, implementation can be done from scratch, and when you use encryption algorithms, a light modification to keep far from standard implementations, it will do useless any rainbow tables to attack it.

So yes, reinvent the wheel, and modify the wheel lightly is the only possible protection to hacking, and it's affordable to tasks like pay in a gas station.

 

[BHAN85]

some one try to attack but you and anybody check those codes

Two years in OpenSSL with nobody seeing the big bug is enough to untrust in Open Source community ability to check code, and OpenSSL is a very big important project, in less known projects, danger will be greater.

 

[BHAN85]

they can spoof the network and feed what ever they want and get whatever come out just a simple man in middle attack with your udp suggestion , the protocol even don't check it send the data to who

You mistake concepts.

UDP is a transport layer in OSI model (4 level). Everything in internet is sending through datagrams packets. It's the first needed step.

TCP is session layer (5 level). You can implement your own session level over UDP, another "TCP".

To avoid those attacks, you need presentation layer with encryption over the transport layer (like your own "OpenSSL"), it can be done over UDP or over TCP, it doesnt bring more security TCP if you implement your own session layer over UDP.

I said UDP just because is the simplest implementation from scratch to send information over a network device (like a USB 4G Modem).

But obviously you need more steps to bring security, encryption to cypher and authenticate.

 

[BHAN85]

I sum up in a simple statement

How can someone send and receive information 100% securely over internet in the simplest way?

Own IPv4 and UDP stack, Own USB 4G Modem driver, and Own encryption method. <10k lines of c code. It can be implemented in cheap portable embedded devices running armbian or openwrt.

Welcome - Armbian

Armbian 24.8 Yelt Release Highlights: Stability and Performance, and New HW Support Armbian with Preinstalled Home Assistant: Expanding Your Smart Home Horizons In the ever-evolving landscape of smart home technology, Home Assistant (HA) has emerged as a powerful open-source platform, enabling...

www.armbian.com

[OpenWrt Wiki] Welcome to the OpenWrt Project

openwrt.org

Impossible to break encryption method:

One-time pad - Wikipedia

en.wikipedia.org

And today price of pen drives or portable hard disk drives make possible the physical exchange of large amount of information to use as key of "one time pad" encryptin method.

And nobody will be able to spy or hack that.

But if you use Open Source for communication and encryption layer, you will be fcked by Western agencies and even by common lone hackers or cybercriminal groups.

 

[Hack-Hook]

I sum up in a simple statement

How can someone send and receive information 100% securely over internet in the simplest way?

Own IPv4 and UDP stack, Own USB 4G Modem driver, and Own encryption method. <10k lines of c code. It can be implemented in cheap portable embedded devices running armbian or openwrt.

Welcome - Armbian

Armbian 24.8 Yelt Release Highlights: Stability and Performance, and New HW Support Armbian with Preinstalled Home Assistant: Expanding Your Smart Home Horizons In the ever-evolving landscape of smart home technology, Home Assistant (HA) has emerged as a powerful open-source platform, enabling...

www.armbian.com

[OpenWrt Wiki] Welcome to the OpenWrt Project

openwrt.org

Impossible to break encryption method:

One-time pad - Wikipedia

en.wikipedia.org

And today price of pen drives or portable hard disk drives make possible the physical exchange of large amount of information to use as key of "one time pad" encryptin method.

And nobody will be able to spy or hack that.

But if you use Open Source for communication and encryption layer, you will be fcked by Western agencies and even by common lone hackers or cybercriminal groups.

sorry you can't use that for things that need always on connection like gas stations, power grids
by the way ,OpenWRT , Armbian , don't you think they smell open source ?
and openwrt can't be used by all hardware , that's why governments when do large amount of hardware first they want to audit the firmware
by the way your otp is a technique , the software to use it is probably open source and you are welcome to use it with thousands of connection this from yor article

Despite Shannon's proof of its security, the one-time pad has serious drawbacks in practice because it requires:

• Truly random, as opposed to pseudorandom, one-time pad values, which is a non-trivial requirement. Random number generation in computers is often difficult, and pseudorandom number generators are often used for their speed and usefulness for most applications. True random number generators exist, but are typically slower and more specialized.
• Secure generation and exchange of the one-time pad values, which must be at least as long as the message. This is important because the security of the one-time pad depends on the security of the one-time pad exchange. If an attacker is able to intercept the one-time pad value, they can decrypt messages sent using the one-time pad.[18]
• Careful treatment to make sure that the one-time pad values continue to remain secret and are disposed of correctly, preventing any reuse (partially or entirely)—hence "one-time". Problems with data remanence can make it difficult to completely erase computer media.

Exploits​

While one-time pads provide perfect secrecy if generated and used properly, small mistakes can lead to successful cryptanalysis:

• In 1944–1945, the U.S. Army's Signals Intelligence Service was able to solve a one-time pad system used by the German Foreign Office for its high-level traffic, codenamed GEE.[41] GEE was insecure because the pads were not sufficiently random—the machine used to generate the pads produced predictable output.
• In 1945, the US discovered that Canberra–Moscow messages were being encrypted first using a code-book and then using a one-time pad. However, the one-time pad used was the same one used by Moscow for Washington, D.C.–Moscow messages. Combined with the fact that some of the Canberra–Moscow messages included known British government documents, this allowed some of the encrypted messages to be broken.[citation needed]
• One-time pads were employed by Soviet espionage agencies for covert communications with agents and agent controllers. Analysis has shown that these pads were generated by typists using actual typewriters. This method is not truly random, as it makes the pads more likely to contain certain convenient key sequences more frequently. This proved to be generally effective because the pads were still somewhat unpredictable because the typists were not following rules, and different typists produced different patterns of pads. Without copies of the key material used, only some defect in the generation method or reuse of keys offered much hope of cryptanalysis. Beginning in the late 1940s, US and UK intelligence agencies were able to break some of the Soviet one-time pad traffic to Moscow during WWII as a result of errors made in generating and distributing the key material. One suggestion is that Moscow Centre personnel were somewhat rushed by the presence of German troops just outside Moscow in late 1941 and early 1942, and they produced more than one copy of the same key material during that period. This decades-long effort was finally codenamed VENONA (BRIDE had been an earlier name); it produced a considerable amount of information. Even so, only a small percentage of the intercepted messages were either fully or partially decrypted (a few thousand out of several hundred thousand).[25]
• The one-time tape systems used by the U.S. employed electromechanical mixers to combine bits from the message and the one-time tape. These mixers radiated considerable electromagnetic energy that could be picked up by an adversary at some distance from the encryption equipment. This effect, first noticed by Bell Labs during World War II, could allow interception and recovery of the plaintext of messages being transmitted, a vulnerability code-named Tempest.[39]: pp. 89 ff 

also i suggest you read what come between the two part