'Endrun' Networks: Help in Danger ZonesNew Networking System Could Assist in Fight Against Ebola
Drawing on networking protocols designed to support the U.S. National Aeronautics and Space Administration's interplanetary missions, two information security researchers have created a networking system that's designed to transmit information securely and reliably in even the worst conditions. Dubbed Endrun, its creators hope the system could be deployed everywhere from Ebola hot zones in Liberia to war zones in Syria.
Grant Dobbe and Brendan O'Connor demonstrated their system at last week's Black Hat Europe conference in Amsterdam, and have released related code to the GitHub source code and change-tracking repository. In an interview with Information Security Media Group, the two researchers say their goal has been to design a system that can be used in cases when relying on insecure or always-on communications might have fatal repercussions. "We've set this up for groups that are extremely marginalized," says O'Connor, who's a senior security consultant at Leviathan Security Group.
Endrun is designed to do an "end run" around the Internet, in favor of moving information, such as medical records, contact lists and causality lists, among very small groups of people, including anyone who might be at danger if that information gets intercepted - such as Syrian rebels - or who may be at risk if information leaks. "Being on a list of people who have been in contact with an Ebola patient can be fatal," he says.
By using Endrun, however, designated health officials inside a hot zone could use the system to send messages to individuals outside the hot zone, as well as to receive treatment instructions back. "You just strap a radio to a motorbike and have someone get within range" of another Endrun device connected to a radio, says Endrun co-creator Dobbe, a former Peace Corps volunteer in Ghana who's now a lead security engineer for NuCivic, which offers a SaaS-based open data platform for governments.
Endrun is also designed to run on credit-card-sized Raspberry Pi computers, both because of their low cost - a well-equipped model, with case, costs about $60 - and weight. "They're designed to be light enough to drop from quadrotors," O'Connor says, meaning they could be inexpensively "airlifted" into dangerous environments via drones.
The approach builds on research into delay- and disruption-tolerant networks, which is based on continuing to send messages, at predefined intervals until they get through. Uses for such networks include supporting interplanetary communications, where connectivity may be intermittent, at best.
Before moving any messages, however, Endrun encrypts all data, then practices "store and forward" message-moving techniques predicated on taking a "spray and wait" approach, Dobbe says. In other words, all of the nodes on the network send each message a predefined number of times, before pausing for a preset period and then sending it half as many times again, and repeating that process until the message-sending counter reaches zero.
That approach avoids using continuous connections, including mesh networks, in which every node in a network can move data for any other node. The military has been relying on mesh networks to support live communications with troops in the field.
"It's built on not having a mesh network, and the reason is a bunch of journalists got killed by missiles that homed in on their satellite phones," O'Connor says. Journalists Marie Colvin and RÃ©mi Ochlik, for example, were killed in Syria in 2012 by a missile that apparently targeted their satellite telephones. Their deaths led experts to recommend that those in war zones maintain strict communications discipline and minimize their use of radio-frequency devices.
After encrypting a message, the sending Endpoint node starts broadcasting the message at predefined intervals, as well as continuing to pass on any messages that it's received, but for which it isn't the intended recipient. During that time, the original message may reach other Endpoint nodes, which will then rebroadcast it, or may have reached the recipient, who can then read it. Crucially, however, only the recipient can read it, and if any of the nodes get compromised, the others can still function.
Endrun is designed to be used with a small number of message-senders; eight is the optimum, based on operational security researcher "The Grugq's" work on the optimal size of small, clandestine cells, O'Connor says.
Transmission: Up to Users
How messages get transmitted is up to users. The researchers say Endrun will work with numerous types of approaches, including "low-power transient unlicensed radio links"; using high-power signals from fixed points, as occurs with spacecraft communications; via amateur, ham radio; or even from smart phones. "We allow very short radio transmissions for people who insist on radio transmissions. So you can go up a hill, broadcast really fast, then get off the hill before the missile comes in," O'Connor says. "The idea is that people who are in really bad situations know their needs better than we do."
Dobbe adds: "The first ones that come to mind are places like Syria where people are being shot and killed for using the Internet wrong. Another case is Ebola hot zones, where you need to be able to move information back and forth, but you also have to maintain confidentiality."