home — Resilience Theatre

01 Jul 2023

NIS2 directive

NIS2 directive introduces new "Cybersecurity risk-management measures" where it states:

"(j) the use of multi-factor authentication or continuous authentication solutions, secured voice, video and text communications and secured emergency communication systems within the entity, where appropriate."

What is your "secured emergency communication system within the entity" ?

09 Apr 2023

FIDO2 & LUKS

Noted down how LUKS can be supported by FIDO2 token.

12 Mar 2023

OOB Comm

OOB-Comm is now implemented for reTerminal, Pinephone and RPi400.

comms

11 Feb 2023

Video of Comms

Small video of my Out-Of-Band comms running on Pinephone.

05 Feb 2023

DFIR Comms

comms

Been working with my firmware image for Pinephone. Aim is to have out-of-band communication capability in denied networks or areas.

So no distribution, just plain booting Linux 'firmware' with QT/QML user interface. Payloads currently supported: voice and messages.

02 Feb 2023

SSH with FIDO2 key

sshfido

Continuing experimenting with my FIDO2 key and just found out that ssh keys can be generated with and in FIDO2 usb token.

Found these two post regarding this issue and they work good. Generating SSH key with my FIDO2 Nitrokey allows me to take key with me to my laptop and issue command:

ssh-add -K

And my SSH key is usable for that session. No more key copying and storing on disk.

29 Jan 2023

FIDO2 for LUKS

fido2

Setting up fido2 token to open luks encrypted mount on Fedora 37 was surprisingly easy:

# Check luks details of your drive
cryptsetup luksDump /dev/sda3
# Enroll fido2
systemd-cryptenroll --fido2-device=auto \
--fido2-with-client-pin=true \
--fido2-with-user-presence=true /dev/sda3
# Modify /etc/crypttab
luks-xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx UUID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx - fido2-device=auto
# Regenerate initramfs
dracut --regenerate-all --force

After this my thinkpad asks fido2 + pin code to unlock luks partition. Source is from this post.

22 Jan 2023

WebUI

Been experimenting with Web UI with websocket connection to backend. All activity on this screencast is run on background shell script and data is exchanged via websocket connection to javascript in UI.

20 Jan 2023

Off the grid

From Polar to Casio. From LTE to Iridium.

commsgear

14 Jan 2023

Secure file transfers

stats

Been working with secure file transmission.

10 Jan 2023

Submitted WiP paper last week

Managed to submit that paper. Bit too broad subject but let's see if any feedback surfaces.

Middle east sunset

Extract from personal photos, evening in middle east.

osint

06 Jan 2023

Chinese researchers claim to find way to break encryption using quantum computers

Financial Times article about breaking RSA 2048 with quantum computer. Research paper is here.

31 Dec 2022

Country wide network outage

We had yesterday country wide outage of mobile & fixed network. Things get sorted out pretty quickly but this serves a good reminder - what if?

Most confusing part is that they don't yet know - what caused it.

ficix

25 Dec 2022

Working with paper

Been working with paper about resilient platforms and out of band communication. Stay tuned.