Four Brisbane security researchers are fighting back against government surveillance by building a router based on open source components designed to make security and privacy verifiable and more accessible to users.
The Open Router Project (ORP-1) router would be built on open source hardware and software to allow users to check that the unit was free of vulnerabilities and backdoors.
Developers Justin Clacherty, Jason Richards, Ryan Hodge and Andrew Kinmont of Brisbane outfit Redfish opened the project to crowdfunding yesterday and have gained $900 at the time of writing to their $200,000 goal.
The money would cover costs up to the first manufacturing run
Many users underestimated the impact mass surveillance and data retention would have, Clacherty said.
"US government surveillance might seem far away from Australia, but the fact is that many Australian individuals and businesses host their data with American companies that are subject to American law and American surveillance," Clacherty said.
"These days, anyone who communicates online and doesn't want the US government snooping on their data need to protect it, it's that simple."
He said he would like interested security testers to report any bugs they find in the project.
"We are also interested in opening it up to the wider infosec community, the more testing we can get done the better. If there are any holes we'd like them closed asap. Community involvement really is key to a project such as this."
Clacherty said the router's IPSec performance and user interface for establishing IPSec tunnels would appeal to businesses with multiple satellite offices or telecommuters.
"While we're aiming at the higher end home users and the tech community at large, we really want businesses to pick this up and run with it. It's not just about privacy and anonymity, it's also about data security," he said.
The developers (@ORP_1) expect to ship the first device to a limited number of early crowdfunding adopters by April and to all backers by May 2014.It would be
The router would be built a custom Linux Yocto distribution running a Freescale QorIQ P1010 processor that includes a hardware encryption engine and secure boot.
We're not just about privacy and anonymity. The ORP1 you can also run multiple high-speed encrypted VPN tunnels. We're for business too!— ORP1 (@ORP_1) November 25, 2013
"IPSec testing has shown full-duplex IPSec performance at 700Mbps, and we are expecting this to be line speed with 15 - 20 percent CPU usage by manufacture."
If the project received additional funding, developers would aim to include:
- TOR Advanced (allow routing of certain services through your IP, limit internal IPs that use TOR, etc);
- Intrusion Detection / Prevention;
- Certificate Management for IPSec (plus on-board CA for certificate creation);
- QoS/traffic shaping;
- User management;
- SSL VPN;
- SSH key management;
- Remote syslog;
- MAC filtering;
- USB storage;
- USB WiFi;
- Packet capture and display for diagnostics,
- Implement secure boot features.