New product idea - Nitro Tunnel

It would be an OpenBSD on a MIPS or ARM Cortex A7 SoC without SPECTRE and bootkits.

With a software like
https://securityrouter.org/wiki/Pricing

Tunnel could be done via OpenSSH or OpenVPN inside OpenSSH port forwarding configured to use strongest Nitrokey PRO2 & HSM2 algos for authentication of both sides (client and server) and many client keys would be needed as an option of hybrid client keys.

It could provide many fail over channels to prevent local ISP attacks.
They could be implemented as bonded VPN channels and even improve bandwidth.

Also anonymization via obfsproxy, TOR, I2P, public proxies can be added, very useful for countries with censoring.

You can find something like it without anonymization and penetration at:
https://www.rutoken.ru/products/all/rutoken-vpn/

But I guess, my idea would offer stronger protection?
I do not care about its bandwidth performance, for me only security and penetration through different types of DPI do matter.

Would be very useful for remote offshore work.

1 Like

The SmartCard-HSM has a build-in peer authentication key derivation mechanisms that was designed in a BSI project to protect SRTP communication channels. It uses card verifiable certificates to establish authentic peer public keys and derives session keys from ECDH secrets using FIPS SP800-56C. See the examples/agreeKey.js in sc-hsm-workspace (part of the starterkit) for details.