A software toolkit built for DARPA to test and validate covert communication networks is now open source, and it could help orgs who want to experiment with new kinds of secure, anonymous communications tools.
Defense contractor RTX, formerly Raytheon Technologies, said on Wednesday that its BBN research arm had released Maude-HCS under the Apache 2.0 license on GitHub for anyone who wishes to try it. Built using the Maude programming language, as you might’ve guessed from the name, it’s one of the first generalized and modular tools for experimenting with the design of hidden communication systems (HCS) at practical scales, the team says.
HCS, for those unfamiliar with the term, are systems that hide particular network traffic amid the flood of other network activity. Per a paper [PDF] the RTX team published on Maude-HCS alongside the news, HCS techniques can include protocol tunneling, mimicry, obfuscation, reflection/refraction, cloud fronting, proxying, steganography, and the like.
“An important property common to these systems is how they balance performance with risk of detection,” the team wrote in the paper. “Both performance and risk of detection by the adversary are of paramount importance to the HCS user, whose needs are generally driven by mission requirements.”
In other words, this is the sort of thing that people sneaking messages out of warzones, or leaking sensitive information to the press, are thinking about when trying to decide the best course of action in a given situation. This was traditionally the realm of trial-and-error testing, weeks of research, and possibly just hoping a chosen design would work once deployed. That’s where Maude-HCS comes in, with RTX claiming it makes finding the right design for a given situation just a matter of tweaking software settings.
HCS designers using Maude-HCS need only “specify protocol behavior, adversary observables, and environmental assumptions,” and Maude-HCS will generate results based on a range of scenarios that “can be used to audit claims of undetectability,” the team said.
According to RTX, Maude-HCS is able to predict latency, data rate, and how long a system can operate without detection, with a 1 percent to 9 percent error rate when compared with physical experiments. RTX added that the same analysis can be completed in hours rather than weeks.
Beyond the national security community, the open-source release could also give universities, industry partners, and other researchers a way to test hidden communication designs outside classified environments.
Either way, the team hopes next to invert the process developed with Maude-HCS, using it to design an HCS system that can then be tested, fine-tuned, and generated automatically based on the model’s suggestions.
Maude-HCS was developed as part of DARPA’s Provably Weird Network Deployment and Detection (PWND2) program, which was designed to support internet freedom as well as protecting US forces operating in hostile areas. ®