- Describing the methods and useful tips to develop Machine Learning Codes and run experiment inside the Military base of Repulic of Korea Army.
- Referring the security regulations in the military, some of the commercial function and software usage for communications is prohibited. Also, the web access logs are recorded for each personnel and strictly inspected. Special treatments are required for setting up computational equipments and experimental environment.
- We test several frameworks like Jupyter Notebook(For single user server), JupyterHub(For multiple user server) and Docker(Virtualization, Development Environment Management) to fit the security requirements and enable Machine Learning project environments.
- Personal/Public Server or Desktop linked to WAN.
- Internet PC in military base.
- Commercial Web Browser.(Google Chrome, etc).
- Linux series OS usage.
- Basic Network knowledge.
- Understanding of port forwarding functions of secure shell command(ssh) in Linux shell.(-R, -L, -D arguments)
- Example Setting 1
- Access to Personal Server with public IP(A) with machine inside military base(B).
- Example Setting 2
- Access to compute server with no public IP(A) connected to Personal (Gateway Server|NAT|Router) with Public IP(B) by machine inside military base(C).
- Access to compute server with no public IP(A) connected to (Gateway Server|NAT|Router) with Public IP(B) by machine inside military base(C).
*'Personal' implies you have root privilege on the machine and can modify file permissions, port options, services, etc. The point is that ssh outbounds with default port(22) from military base is prohibited and we need significant cares to handle this issue when we cannot change the service port of ssh at destination machine. I noticed that this is not true.
- Cloud-based access/Cloud Computing(Google Cloud Platform, Amazon Web Service, Azure, IBM Cloud, Alibaba cloud, Web-based IDEs, etc)
- HTTP/HTTPS based access
- I recognized that my communication and my data are being proctored (Without the notification to me 😠)
- VPN
- SSH tunneling & Packet encryption
- Tor
- Prepare a Vitual Machine with a network (from Cloud or On-Prem)
- Make a secured connection to the server with secured authorization. (It is recommended to use the method at least strong as ed25519)
- Make a proxy to the server (ex. dynamic forwarding with SOCKS5)
- Prepare a Vitual Machine with a network (from Cloud or On-Prem)
- Make a secured connection to the server with secured authorization. (It is recommended to use the method at least strong as ed25519)
- Torify the outbound traffic of the server
# On linux
sudo apt update
sudo apt upgrade
sudo apt install tor
. torsocks on
Config of Tor
sudo vim /etc/tor/torrc
Parts to change in etc/tor/torrc
Example : https://github.com/torproject/tor/blob/main/src/config/torrc.sample.in
# Service Port
SOCKSPort 9050
# Control Port
ControlPort 9051
# Enable uthentication
CookieAuthentication 1
# Setting password
All other local services will be prevented to be accessed unless you register specific HiddenService
.
# (Optional) HiddenService - ex. for jupyter
HiddenServicePort 80 127.0.0.1:80
Accessing control port
# Access control port
> Telnet 127.0.0.1 9050
Connected to 127.0.0.1.
Escape character is '^]'.
> AUTHENTICATE "<Your-Tor-Password>"
250 OK
# renew identity
> SIGNAL NEWNYM
250 OK
> SIGNAL CLEARDNSCACHE
250 OK
> quit
Connection closed by foreign host.
- Make a port forwarding connection to the port of Tor service at the server
** Important: Do not sign in any account or reveal your identity in the Tor network. Your IP address and location maybe specified by the account usage.
- RCS (Remote Control System)
Galileo
fromHacking Team
, Italy: Android and Desktop. Can be installed without the permission of the device user. (Guess it needs physical access like connecting USB device)
- Run vaccin apps
- Fatory reset your device occasionally
- Try not to root your phone
- (Android) Use
adb
(Android SDK) to force removal of your system apps without rooting. (Need PC) -
- Activate
USB debugging
by touchingBuild Number
multiple times atSettings > Device Info
- Activate
-
- Connect your phone to PC and allow data transfers
-
- Run
adb
at PC
- Run
> adb devices
> shell pm uninstall --user 0 <Valid Package Name>
Success
> shell pm uninstall --user 0 <Invalid Package Name>
Failure (<error message>)
You can disable package instead of uninstalling them. I witnessed some suspicious blotwares which are having strong permissions about my device and not easily stopped running in normal user mode.
- I can't find a better way than turning off Bluetooth when I am not using. It is vulnerable if I use my device at specific place at specific time regularly.
- In general android OS, even if you turn bluetooth off by clicking the button in the menu bar, bluetooth service might be keep learning background and expose vulnerability.
- Go to the
developer settings
and checkout therunning service
section to check whether your bluetooth service is running. - It is known that recent(2018+) BlueTooth applications are updated to prevent such attacks.
- I can't find a better way than using wired devices. (better with C-type to fit the security regulations)
- It seems safe with (tcp/http(s)) proxy server.
- I am not sure Phone copy is possible for 4+G devices. They are known to be safe even if their IMEI number is exposed. (We normally register it to Telecommuniation Service Provider) SIM copy maybe possible.
- Try Starlink. Looks awesome in military if you are in isolated island, top of the mountain or somewhere odd. Dutchpay your fee with your squad members.
- Install mobile OS emulator app to the phone.
- Install Military Mobile Security app (국방모바일보안) inside the virtual environment.
- Machine Learning Engineering for Production (MLOps) Specialization, Coursera and Deeplearning.AI
- 사이버지식정보방 운영 및 관리에 관한 훈령(국방부 인적자원개발과)
- 국가정보원법 보안업무규정(국가정보원)
- 국가정보원법 보안업무규정 시행규칙(국가정보원)
- 국방부 군사기밀 보호법 시행령(국방정보본부 보안정책과)