I’ve made some progress with using hardware acceleration on the BeagleBone Black (BBB) and running Tor. It appears that OpenSSL cryptodev engine does not use all the algorithms that the linux-cryptodev module makes available. I believe this can be changed with a patch for the OpenSSL cryptodev engine. But otherwise, at least from running Tor as a client, initial results seem better than before.
This is an update for those following along with my BeagleBone Black’s hardware crypto project. The TL;DR is that the cryptodev module with OpenSSL is unstable in my testing. What follows is a list of my experiments and some results / observations: Continue reading “Tales from the Crypt-o: Update on BBB Crypto Hardware Trials”
I presented a few slides on Tor, the BeagleBone Black (BBB), and my BeagleBone Black Tor relay tonight. I think it went over well. There were some people who hadn’t heard of the BBB and they were excited about using it in all sorts of ways. On the Tor side, the question were more technical. The Tor project is an impressive example of security and anonymity engineering; even the NSA thinks so.
There was a good question about the practicality of the BBB’s hardware random number generator. I ceded to this point as I have yet to see much documentation (besides a marketing white paper) on the technical details of the HW_RNG. In response to my thread on the mailing list, somebody recommend looking into haveged, which seems to be a good way to gather entropy on headless servers. Anyway, my last message to the list outlines my next steps.
I’m happy to be the local BeagleBone Black and Tor Evangelist!
This HOWTO describes the process of enabling acceleration for certain cryptographic algorithms on the BeagleBone Black(BBB). A week ago, I tried and failed due to all sorts of kernel modules problems, but it now appears I have everything in order. Specifically, I will detail how to configure OpenSSL to use the BBB crypto hardware. Update 3/22/14: In the 3.13 kernel, the OMAP TI crypto drivers are enabled by default (for the BBB images).
Last weekend I received a LCD Touchscreen Cape for the BeagleBone Black (BBB). I attached it to a BBB running the latest Angstrom image and it came up nicely. I have yet to try it with Debian / Ubuntu, but it seems like people have done this. While it was responsive to my fingers, a stylus would work much better.
I’m planning on using it for a display for Tor Arm (which is nice, because I won’t need X!) If my workshop is accepted, I think it would be cool to show of the BBB Tor relay in real-time. Having crypto acceleration working would be nice too. I talked to more knowledgeable kernel hacker than I and I think I have a strategy to rebuild the module and install the kernel. Now I just need the time to try it…
For completeness, here are the latest entries in my log. It’s obviously not a workhorse, but it’s hanging in there. That and I’m getting closer to the t-shirt.
Bleeding Edge is filled with 9/11 conspiracy theories, eccentric characters, and a wild alternative universe called the “Deep Web.” It is very Pynchon; the only difference is that this universe is found through computers and not through hallucinogens like some of his other books.
This was the most comprehensible Pynchon book to me. Probably because I was alive during 2001, I’ve lived in Manhattan, I am familiar with the techno-jargon, and I’ve at least heard of the exuberant tales of tech boom. For those that are worrying that Pynchon is becoming more accessible, fear not as Jonathan Lethem writes in his review:
Thomas Pynchon is 76, and his refusal to develop a late style is practically infuriating. The man’s wildly consistent: the only reason Bleeding Edge couldn’t have been published in 1973 is that the Internet, the Giuliani/Disney version of Times Square and the war on terror hadn’t come along yet. This book, and Inherent Vice, make jubilant pendants on his mammoth enterprise, neon signposts to themes he took no trouble to hide in the first place.
But in the deep web of this book, lurks a darker message. Bleeding Edge could not have been released at a more appropriate time. At its core there is a struggle between those who want to get lost on the Internet and those who want to find them.
My Beaglebone Black (BBB) has been humming along nicely as a Tor relay for the last two and half weeks. I upgraded to 0.2.4.17-rc by building from source on the BBB with no issues. I probably should have tried cross compiling, but it was a small enough package that it didn’t take too long.
Today three major news agencies, the New York Times, the Guardian, and ProPublic released details of the most intrusive NSA activity to-date. The NSA and the GCHQ, the British version of the NSA, have “been looking for ways into protected traffic of popular Internet companies: Google, Yahoo, Facebook and Hotmail.” Microsoft apparently handed over pre-encryption access to Outlook e-mail, Skype and SkyDrive. Companies have also put back doors into hardware and software products at the request of the NSA.
The NSA and the companies who allowed the back doors have broken the public’s trust. It’s time we take back the Internet. As usual, the Electronic Frontier Foundation has an excellent summary on this issue and a list of actions you can take. This is a two-pronged attack. First, we should petition our elected officials, which is very easy to do from the EFF’s take action site. Second, if the companies don’t stand up for their users, you can vote with your feet and leave their feudal system. I don’t use Microsoft, Yahoo, or Facebook, but I do use Google and Apple. While Google has claimed there are no back doors, Google is also asking permission from the Government to tell the public about what it does provide. That sounds like a Kafka novel to me and I think I’m going looking for a new email provider. Apple lost me when I had to ask permission to install applications. In the writing of this post, I discovered something new about myself; I don’t like asking permission for things 🙂 .
But also we should step-up your defense. Bruce Schneier published a list of recommendations to maintain (some) control over privacy and security online. Read the article for the details, but the short list is:
- Hide in the network. (i.e. use Tor)
- Encrypt your communications. (use HTTPS Everywhere)
- Assume that while your computer can be compromised, it would take work and risk on the part of the NSA so it probably isn’t.
- Be suspicious of commercial encryption software, especially from large vendors.
- Try to use public-domain encryption that has to be compatible with other implementations.
For those looking for a more complete software list, check out PRISM Break.
Lastly, Bruce Schneier closed with this call-to-arms:
To the engineers, I say this: we built the internet, and some of us have helped to subvert it. Now, those of us who love liberty have to fix it.
A simple and inexpensive way to do accomplish this is to go buy a $45 Beaglebone Black and set it up as a Tor relay and help grow the Tor network. You can follow my instructions to set this up and have a low-power, freedom protecting, Tor relay.
My BeagleBone Black (BBB) is now helping preserve Internet freedom by running a Tor relay. Tor is:
free software and an open network that helps you defend against a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security known as traffic analysis.
For those that want to help contribute to the freedom loving Internet, consider running a Tor relay on that nice 1GHz BBB. Of course, you can run a relay from the Browser Bundle, but when your turn your computer off or close your laptop lid, your relay goes nighty-night too. Plus the BBB is low-wattage so it won’t run up your electric bill as much while you help Tor grow.
The great Ladyada has an Onion Pi project which runs a Tor proxy and a wireless access point. It’s a very cool project but it’s not a relay AFAIK. Also, if you want Tor to really work, you should use the Tor Browser Bundle. So, these are directions for setting up a Tor relay, which helps others use Tor.
How did you find out that Ryan Lochte took gold in the 400 meter IM over Michael Phelps yesterday? Did you read about in your paper this morning? Did you watch it on NBC’s evening broadcast? Or did you find out via some sort of online media (hopefully not my blog… 🙂 )?
Hopefully, this will be the last olympics ever that subscribes to a traditional broadcast pattern of waiting until prime-time to deliver the highlights for the day. Obviously, there are time-zone issues at play, but it appears that NBC is actively blocking streaming online unless one is a cable television subscriber (in the U.S.). I don’t subscribe to cable TV and I don’t see the point of cable TV anymore. For TV shows, I watch Hulu, for movies: Netflix and Redbox, for news, I read the Philadelphia Inquirer via my Kindle and read Hacker News. The only thing I’m missing is sports and I was o.k. with a YouTube style ad at the beginning of an olympics bite, but no.
The model is broken. Instead of trying to cram the day’s events into a commercial infested prime time package, stream the events online so that all those dressage fans can watch their horse prance away to hip-hop. Oh, wait, you’re living in the U.K., that service is available via the BBC. The olympics are one of the last truly equalizing events around, so why are they closed-source? Lets have an open olympics!
So here’s how to get around it 🙂 Instead of subscribing to cable, subscribe to a VPN. See, the website is filtering the live streams based on your IP address, which is mapped to a geographical region and more specifically to an ISP. With a VPN, your IP address appears to the world as the IP address at the end of the “VPN-tunnel,” so if you pick a VPN in the U.K., guess what, the website can’t tell the difference between a physical computer in the U.K. and your virtual one! Game on! This trick is equally useful when trying to buy books from Amazon.de (for a German based VPN host).
Of course there are other good reasons to have a VPN anyway, the main one being protection on open wifi hotspots. The VPN will protect all traffic over the open (read public readable) hotspot and the ISP. Of course, so will SSL, but even with SSL, it’s still possible to discover to whom you’re talking. For extra protection, add Tor to the mix and check out this awesome interactive chart from the EFF on Tor and HTTPS benefits.