Blackout Comms Security
Blackout Comms offers two different operating models with slightly different security. The Private Cluster security model is described below.
.png){kind=small}
Private Clusters
Devices in a cluster share a common root (admin), and must be onboarded one time by that device, in-person and in proximity.
Devices are ignored & blocked from communication unless they are part of the private cluster.
.png)
A cluster is a group of 2 or more Blackout Comms devices that trust one another and assist in mesh-related functions.
Frequency Hopping
The cluster automatically rotates frequencies every minute or so in an unpredictable pattern, determined by a key-dependent algorithm.
Not only does this keep off-cluster devices from seeing the traffic, but also lowers risk of interference & jamming.
When two devices exchange packets directly, each packet is transmitted on a different frequency, determined using an asymmetric-key dependent algorithm, meaning the pattern is specific to those two devices.
Digital Signatures
All messages are automatically digitally signed with the sender’s private key, using ECDSA. The signature follows the message all the way to the the recipient.
Thanks to the chain of trust, all devices on the cluster will automatically receive one another’s public keys, and be able to validate the signature.
The signature includes a timestamp element, so the freshness can be validated, along with the content.
For asymmetrically encrypted messages, any device in the cluster can validate the signature before meshing, even though it can’t decrypt the payload.
Chain of Trust
All devices that the root device trusts become automatically trusted by other on-cluster devices.
​
Check the onboarding page for more details about this, but in essence a chain of trust, with root at the top, helps keep the cluster secure and private.
​
Encryption
Every message, ping, location, and mesh packet is encrypted during transmission.
Direct messages (one device to another) are encrypted asymmetrically, so even other devices assisting in delivery cannot decrypt.
Broadcast messages and pings are encrypted symmetrically, so all on-cluster devices are able to decrypt.
All sensitive data is symmetrically encrypted at rest using your password or device-generated key.
Data Storage
With private clusters, no keys are ever manually shared or even viewable. You cannot export or view any symmetric or private keys.
​
If you are using an SD card, all sensitive data and configuration is encrypted at rest, with a password you choose, or by a device-generated key if you don’t choose one.
​
No Operating System
Blackout Comms is a fully embedded firmware system. Depending on your device, it either uses Free RTOS or no OS.
Either way, there is simply no mechanism for an OS to analyze your data and decide whether to leak it or not. There is no way for the OS to suddenly decide to disable an “app” or lock / share your data.
The device is also not leaking your position and behavior to tech companies 24/7.