Schneier on Security

Clive Robinson • June 9, 2019 7:27 PM

@ Faustus,

Good luck, I look forward to asking a few what if’s at some point.

Oh with regards,

“I also have some legal issues around launching a corporation as a non-citizen. I can’t fully spin up until I have a corporation to shield my personal assets.”

That kind of narrows the “seek and find” range of countries 😉

Clive Robinson • June 10, 2019 10:21 AM

@ Who?,

Each time something like this happens I think “some state actor is testing an adversary network resilience.”

Yes me too, but then comes that awkward moment of “Who?, By Whom?, And Why?”

It’s easy to pick on the wrong pointers give them too much weight in your analysis, or conversely to little and end up chasing your own tail down the rabbit hole to the mad hatters tea party.

Unfortunatly what does not help is people coming out with the same old line of “It’s der Butler wot dun it” or it’s modern equivalent.

I guess it does not matter what happens because they will always say “XXX did it” where XXX is the latest exestential threat target created Orwelian style for the likes of them and they swallow it “hook line and sinker”. As I’ve indicated in the past attribution is very very hard, in part because it’s so easy to fake. The real problem of such slavish devotion to being “on message” is that the oportunites to make attribution not just more effective and reliable go down the drain with all the other “Lost Opportunity Costs”…

Clive Robinson • June 11, 2019 5:09 PM

@ Bob Paddock,

Last I looked, which was Release-15, the highest frequency 5G used was 28.375 GHz (n261).

That’s provisional at best. Frequency allocation is still officially up for grabs. With international discussions not going to happen till later this year at the “UN ITU World Radio Conference 19”,

https://www.itu.int/en/ITU-R/conferences/wrc/2019/Pages/default.aspx

Where the discussions for additional spectrum in support of IMT-2020[1] compliant systems will take place.

Technically what the general public think of as “5G” is still in progress towards meeting the “International Mobile Telecommunications 2020” requirments. Whilst there is a provisional specification for “testing” (chicken and egg issue of standard-v-practical you get with nu-tec spectrum using developments) it is just provisional to do testing.

If WRC19 approves additional spectrum which is what it looks like the current US Administration appears to be pushing for, then that provisional specification hits file cabinate 13 fairly quickly and a whole new bunch of tests will have to be carried out. However even with out the ITU giving it’s blessing to chunks in the 20-60GHz range, the US would still be free to decide to put 5G up there if it wished and force other phones to drop back to 4G-LTE which few users would actually notice (as I’ve remarked before). It would be upto the US to get “US-Use-Only” equipment manufactured. Which to echo another posters thoughts could also include all sorts of Utah “data back up” cloud storage options…

But this is where it gets all political… Because “the rumour on the vine” is the US has already got the testing done/ready up in those higher microwave frequences with a “nod and a wink” blessing or even “brown envelop funding” from the administation. In essence so the US can “steal a march” and stich up the chip market so as to favour the US.

I tend to be cautious with rumours of Governments and questionable if not illegal subsidies to home entities. Because although it’s obviously done, sometimes very obviously, actually getting the level of evidence required is problematic at best.

[1] IMT-2020 requires support for,

1, “enhanced Mobile BroadBand” (eMBB).
2, Additionaly support for new ‘use cases’ requiring,
2a, “massive Machine-Type Communications (mMTC),
2b, “Ultra-Reliable Low Latency Communications” (URLLC)

What ever those may mean on the day you look them up… Because it appears there has been a lock step development between 5G and IMT-2020 requirments (often called “making it up as you go along” 😉

Clive Robinson • June 13, 2019 5:05 PM

@ The Evidence,

Lets use a real-time example of the anxieties and fears of Hong Kong citizens losing freedoms through Chinese telecom gear:

Asside from the peculiar arrangement that is Hong Kong[1] the telecommunications issues apply to almost any supplier of equipment in any country of the world, something I’ve been pointing out for longer than these blog records go back.

In more recent times –as you can look up– I’ve been quite vocal about not using secure messaging apps as they can not by their current design be made secure, none of them. I’ve actually said what needs to be done to remove the more obvious week links in the security chain but people are still buying into the “oh so secure app” nonsense. They will eventually pay the price for not thinking or listening. As they say “you can lead a horse to water…”.

I got a fair amount of abuse when I started pointing out the obvious, funny I don’t see anyone apologizing now I’ve been shown to be correct, so you will pardon me for being blunt it is after all for your own good.

What you appear to have trouble with is this is not a “China” or a “Chinese vendor” issue. It’s actually an issues with “All Nations” and “All Vendors”.

As I pointed out you could just as well say “USA” and “US-Cisco” because we know the NSA implant the equivalent of backdoors and malware on US-Vendor equipment as it is shipped.

As I said drop the China slant and open your eyes otherwise you are going to fall foul of the likes of the US Patriot Act or UK Regulation of Investigatory Powers Act or that whole raft Australian’s got lumbered with by their Government not so long ago.

Get wise, because that is the way the Western World is turning, “Away from Democracy” and think about what that means for you your friends and your loved ones.

The fact much of the rest of the world, is as I’ve argued repeatedly in the past, due to the falling price and increasing capability of technology going the same way if not faster. What is going on in Hong Kong is happening all over the Middle East and a hundred more countries besides. What you don’t get taught at school is that Democracy critically depends on the state being restricted in it’s capabilities. Technology has unstoppered that bottle for good, and that political experiment that was democracy is comming to a close.

We in the West with our “arms trade” amongst other things have hastened that end, all due to “quick profit” “short term thinking” and it was all entirely predictable with many signs at the side of the road and red warning flags waving. Heck I’ve put up a few and waved a few of them myself, you can read some of them on this blog. However unlike many I’ve also said how to mitigate these issues, again you can read them in this blog and others for free.

But this increasing surveillance is after all also “old news” go back and read the various articles about the CIA/NSA getting inside the Greek Mobile Telephone network before, during and after the Greek Olympics. There was no Chinese or Chinese vendors involved there, just US and European vendors.

It’s a very real and freedom/democracy wise existential problem but it’s not unique to Australia, China, Europe, Israel, Russia or the USA. Nor is it unique to anyone of the vendors.

Most of those things the Hong Kong protestors are doing is not at all savey as some will no doubt find to their cost in the future. Switching one vulnerable app for another is like running under trees in a storm, you will get wet, and the chance you will suffer harm or die goes up. The time to start doing things is long before people start getting angry and it’s something you and most of the readers on this blog should realy realy think about because it’s heading your way.

One of my pieces of advice to people about privacy/security is that “just like charity it should begin at home” and likewise “be taught to the children”.

My generation and perhaps the one after may be lucky enough to die before what we call freedom / privacy / democracy does. Unless the other generations take that on board and deal with it the dystopian futures we’ve read about will be pale shadows of the future reality. Why? because story writers imaginations are limited by their present, they can only guess where technology will go, and if history is any judge it will almost always be for the worse, which does not bode well even for dystopian stories.

[1] I lived through “the return of Hong Kong” and many in the UK felt that we had betrayed those living there. The reality was there was little or nothing the UK Government could do. Believe me if there was, the then Prime Minister Margaret Thatcher would probably have done so, as she did with Argentina and the Falkland Islands, because Hong Kong was way more strategically important at the time. But as was pointed out at the time China would not even have to “starve them out” because as they had shown on many previous occasions all they had to do was turn the water off (or worse poison it in some way). For better or worse Hong Kong belongs to China, the few extra freedoms it has from the negotiations of the hand back are what makes it different. The simple fact is the people of Hong Kong are on their own just as are many small nations around the South China Seas. If you feel like blaiming anyone, then how about all those companies that despite being warned outsourced work to China to make their economy stronger at the expense of their own economy.

Clive Robinson • June 14, 2019 10:43 PM

@ Lurker,

I’m a bit old, and slow on the uptake, but umm?

Not that I’d noticed, but then you might be in good company 😉 Im not exactly as sprightly as I once used to be 🙁

If you’ve got a bunch of infrastructure that’s critical to your civilization, and it’s sort of working OK now without 5G, why is there a compulsion to connect everything to the 5G net?

Well the first thing to realise is that 5G is no more dangerous, than any of the other GSM specifications. It is effectively of European origin and the technological input is open to any who wish to contribute, and like most other Standards bodies there is a voting process in place. Thus anything obvious would, you would expect, get dropped early on.

The problem is that historically telecommunications standards committees tend to be full of “second hand spooks/wannabes”. They want the telecommunications standards to have insecurities for their own snooping.

This goes back to atleast the 1980’s to my direct knowledge, and based on others it goes back atleast another thirty or fourty years before that so from the very early 1950’s if not earlier. So all Western SigInt agencies connected to the “Eyes” know what the game is and they tend to play tag amongst themselves to ensure they get what they want.

But since the Ed Snowden revelations and the NSA getting caught red handed in various skulduggery manipulating standards amongst other things the “spook club” has been more than obviously outed… Thus various other eyes of investigative journalists and trade press are peering in to the actions of such committees looking for a “finesse” or two in progress. Further not all those on those committees are part of the “spook club” and they are not just suspicious but voting away from the path laid down by the spook club managment. This has displeased a number of people greatly, who basically want the sheep to return to their fold and bleat for those faux “health and safety” and similar changes. Changes that let that chill wind in the “tradesmans entrance” giving rather more than just a sense of intrusion.

Thus the chances are the Huawei submissions to the standards bodies are probably amongst the least suspicious of the submissions to the committees. Why because you need to remember Huawei have that center in Banbury in Oxford where the UK’s GCHQ get to see all their software…

Thus the “spook club” has a mainly unseen advantage, they get to see Huawei’s code as it is developed and have done for a while. Which is rather more than they get from others who submit ideas etc to the standards committees.

Thus GCHQ could have tried the tactic of highlighting faults in Huawei’s submissions. But if they tried that it appears not to have worked out on the standards committees. However GCHQ like the rest of the UK IC does have close links to the US IC, we know for instance money gets transfered out of the NSA budjet to the GCHQ budget. So you have to ask what that gets the US Government directly and indirectly.

That said the thing everyone should take on board is by far the majority of telecommunications networks including all the public access networks are totally insecure…

That’s because they were never designed to be secure in the first place[1], just have high “availability” and more recently “interoperability”. That is they are designed to be both robust and simple to work with. Which no one who has worked with secure communications networks could say of SecureComms because they are often neither simple nor robust in usage (speak to anyone who was in on the early days of IPv6-Sec to see more frown lines than you’d find furrows in a ten acre field).

As I’ve indicated GCHQ are well aware the networks are insecure and the security is decreasing with time and integration. They make this abundantly clear to the UK Gov this from time to time at NSC meetings, and the GCHQ view point is so well known in the industry it’s not even classified at “restricted”. However In one recent NSC briefing GCHQ informed the current UK executive of this and how they intended to deal with the problem by mitigation. Thus that Huawei could participate in UK networks as could any other supplier. However there were certain areas that were still security critical that would require secure equipment but did not specify what equipment or from which vendors. Again nothing unknown in this view point in the industry. However somebody decided to make political milage out of it to embarrass the current UK executive… So now the information should be known to all who can read a newspaper, read a web site or watch the TV news…

So “shock horror” all the networks you as a member of the public have access to are “insecure by design” in that no encryption or authentication is built in.

But this has been true since the first digital networks back in the 1960’s if not a lot earlier if you consider the old Telex and Telegraph networks as digital.

Back then the security stratagem was public and private networks that were “air gapped” or kept entirely physically seperate. These secure networks were in effect “hard routed circuits” and to equipment at the consumer premises effectively four screw terminals on a block on the wall, just like any other fixed capacity “leased line”. This alowed for “point to point” communications with encryption along the entire circuit as a single link. But in practice encryption was rarely used the security was by “trust” of the state owned telecommunications provider and one group of it’s “secret squirrels” keeping it air gapped at all levels.

The 1980’s however saw the deregulation of the telecommunications markets and the introduction of mobile phone[3] networks. Initially such networks were “laid over” the existing phone networks. It was realised fairly quickly that the existing phone networks were rapidly approaching if not had reached the end of their life. Thus the phone network got replaced with a data network thus both phone and data were carried not just together but thoroughly intermingled. Thus the likes of leased lines became virtual not physical and their effective “air gap” security had disappeared.

The other problem was deregulation brought multiple service operators all with access to the control side of the network. This control network (Signaling System 7) again was never designed for security, just simplicity and efficiency…

This integration of “services” and thus having just one future proof network is what 5G is the current aimed for culmination of. It is in a Tolkien way “One Network to Rule them All”. And because of that it will almost certainly be the cause of a whole new class of security practice in the next few years.

To see why you need the simple realisation that whilst some security can be switched in via software, what can be switched in by legitimate users can be switched out again accidently or by design by both legitimate and illegitimate users. We see this happening all the time with the Boarder Gateway Protocol (BGP). We can expect it to become worse with 5G irrespective of who supplies the equipment because it’s built in as a fundemental part of the design of ALL public communications networks currently.

Thus the outcome of that Australian experiment was well known even before it was thought of, hence it was a “chicken little” publicity stunt aimed at Australian press and politicians, to achive the expected outcome. Thus Australians should be asking which of the other Five-Eye nations thought it up and put the play in place?

It’s a reasonable bet that the UK was involved technically, likewise the US politically.

With regards the issue of “critical infrastructure” being some how “air gapped” one old way used to be by using the radio spectrum. But mobile communications has put such a demand on the spectrum that governments are gleefully clawing it back from existing users and then auctioning it off at what they hope will be large sums that can then be used to bribe voters with come the next elections.

Thus due to politicians not making provision, critical infrastructure will have no choice but to use 5G networks as they are installed and existing networks removed.

Douglas Adams had a throw away gag line about a planet falling into economic suicide because of the proliferation of shoe shops. He called it the “Shoe event Horizon”[8] like that of a black hole event horizon, where once you have gone beyond it escape is not possible. Well telecommunications is kind of heading for it’s own “event horizon” for basically the same reasons.

But it’s not just commercial data communications, even Amateur Radio is heading that way in the US due to the ARRL. Put simply they want more members, thus they need to broaden their appeal. One way is to “Day Boat Skippers” and sailors. For various reasons you don’t get much in the way of data comms at sea unless you pay large quantities of money to satellite service providers. However low bandwidth data comms that will alow text based Email will work “over the horizon” in the HF bands. There is a service available to day boat skippers and the like but it’s not free and there are stringent data caps. Various people have pointed out that Amature Radio Operators use HF bands and have a very similar Email service some have set up[9], but it is free to use and has no data caps… Thus you see articles in sailing magazines and similar saying day boat skipers should get their Technician Class Licence and get data comms for free. Well if you look at the entire HF spectrum there is less bandwidth than you get out of an old ADSL line. But that does not stop the tale being told that the land of Amature Radio is paved with streets of very broad bandwidth. None of which is helped by the ARRL going into discussions with the FCC and others to change the current HF band plans to be all digital modes which would appear to fascilitate the day boat skippers dreams of free data comms…

[1] Designing an efficient secure communications network[2] is –beyond a couple of trivial examples,– extreamly difficult[5]. Designing one with international public access to unknown data streams is effectively impossible and would not be alowed by most countries.

[2] Networks consist of links and nodes over which traffic needs to be optimally balanced. To simplify things in the past “circuit switched” networks were used, these make sense for continuous traffic that requires low latency but are not efficient even for that type of traffic especially with modern data encoding and compression algorithms. With computer data circuit switching is even less efficient so packet switching is used, but this requires each packet to carry an overhead of source and destination information so it can be routed. This means that the nodes need to see that information to route a packet towards it’s destination. Therefore whilst you can encrypt all data on links you can’t encrypt the routing meta-data through the nodes. Thus you end up with link encryption for the meta-data even if you youe end to end encryption for the payloaf/message data. Whilst you can use tricks such as Onion routing it does not scale particularly well and nore is it efficient because it is in effect a form of circuit switching that takes no account of network load thus balance.

[3] For those of us old enough telepones were once boxes that sat on a table or hung on a wall that had a “hook switch” that a corded handset hung off in various ways. Back in the 1960’s with transistor technology, it became possible to do away with both the mechanical hook switch and the cord from the handset to the box on table or wall. These handsets thus became known as “cordless phones” for the obvious reason. Superficially to a user a cordless phone and a mobile phone look and behave the same around the home. However a cordless phone is tied to a fixed point on the Plain Old Telephone System (POTS) network just as the old box on table or wall were. Mobile phones however work to anyone of a number of available receiver sites with the radio network responsible for switching to the POTS trunk circuit. Cellular networks are a way of making mobile networks more efficient in operation by sharing not just frequency bands but individual channels in various ways. The “coverage” size of cells ranges from many square miles in rural areas down to less area than the old cordless phones had. In many ways there is little difference between such small cells and home WiFi access points (APs), which is why you can buy phones using VoIP via WiFi. In fact all smart phones should with an appropriate piece of software be capable of doing the same, but your “contract” provider obviously did not want you doing that whilst differentiation alowed increased profits[4].

[4] 5G is supposed to get rid of all such distinctions and present an open interface to the future. Thus you have sources of data and sinks of data that may or may not be connected together in various ways. As some services such as “mobile video conferences” require multiple streams of data to be sent to multiple users and remain synchronized there is quite a bit of complexity going on under the hood[5].

[5] Unfortunately in the general case where there is complexity, efficiency or both there are usually security issues with side channels, traffic analysis and other problems of the likes of key distribution. These can be designed out, in the specific if you know how and importantly what attacks you are preventing. Unfortunately though the SigInt and other IC agencies don’t want you to be able to do that. So they try where possible to keep things secret “unto them selves”[6].

[6] This is what GCHQ means in part by it’s mitigations. There are various suppliers of NATO CommSec equipment, the design of such equipment is built to various EmSec and other requirments. Often it is modular, such that a Secure Phone is designed by one manufacturer but the Crypto Unit it uses is designed by a different manufacturer and supplied in tamper proof&evident casing via a highly audited process. Again the Crypto Unit is built with chips that are supplied from another secure manufacturer by another highly audited process. The ovarall process is inordinately expensive[7], grossly inefficient and even with care still suffers from supply chain issues.

[7] Because of it’s expense secure communications is a prime target for axe grinding politicians, who have in the past in the US –where these things are more visable– forced the use of “consumer grade” systems onto government in general. Unsurprisingly as the consumer grade equipment has not been designed with security in mind specifically because secure design techniques have been kept largely secret from manufacturers by the SigInt and IC entities, the government has suffered all sorts of security issues just as commercial organisations and individuals have…

[8] http://www.thehistorialist.com/2017/05/so-long-and-thanks-for-all-shoe-stores.html

[9] Which is hardly supprising when you learn that the data communications protocols the expensive maratime service uses to give data comms to day boat skippers were originally developed by Amature Radio researchers and experimenters quite a few decades ago. As such they are not upto the same efficiency as other more modern protocols developed by Amatures some of which are way ahead of anything the industry is producing.

Clive Robinson • June 15, 2019 6:13 AM

@ Paul,

This may be plausible but it appears that the more advanced spooks such as USGov would want insecurities that can be exploited by themselves only, not available to all other participating operators.

That is relatively modern and realy only possible with certain types of system where there is a high degree of redundancy.

If you have experience of mechanical ciphers and some early electromechanical and later electronic ciphers based on them you will know that if your opponent grabbed a copy then all was in effect visable to them. More importantly they could relatively easily duplicate them.

Thus if you had the mathmatics you could work out there were “weak keys” and “strong keys” in such systems unless you designed them out.

In tactical cipher systems which are the ones most likely to be captured by the opponent the actual strength of the cipher does not have to be great, just strong enough to make tactical battle plans visable to your troups whilst invisable to the opponent. Thus “ease of use” and just a few days security against somebody using pencil and paper upto around the mid 1950’s were effectively the requirments for a field or tactical cipher.

Then somebody worked out there was a “knowledge gap”…

What if you had the mathmatics but your opponent did not, what advantages could you get from that?

Well lets say you designed a mechanical cipher system that had a large key space, but had a range of strength of keys from very weak through to very strong. If your opponent copied it what would that get you?

Well firstly remember a very large key space gives a lot of redundancy. So if the opponent did not have the mathmatics they would make their key selection process random “over the whole key space”. They would on average have their messages encrypted by the proportion of key strengths. Whilst you with the mathmatics make your key selection process random “over only the strongest key space”. Thus you only ever use strong keys because there is sufficient redundance in the key space to alow you to do so.

When backed up by the likes of the methods developed and refined at Bletchly during WWII of catalog building for probable plain text and traffic analysis to make the probable plain text selection more refined, breaking the opponents communications becomes almost trivially easy. You get “plain text” from their usage of weak keys which with traffic analysis makes the breaking of stronger keys easier and so on. Even if you don’t read the messages they encrypt under the strongest keys as you have a high percentage of the messages any way, and traffic analysis will fill in the blanks in the oponents order of battle etc.

In the 1970’s and early 80’s the release of memoirs from those involved with the work of Bletchly made obvious to those who had not realised it before the strength of both catalogues and traffic analysis along with “weak key” usage.

Thus knowledge gap techniques exploitin redundancy in key space went away for a while.

With mathmatical ciphers it’s come back again but now we have an open crypto community with intense academic rivalry. The easy gains against key space redundancy in RSA for instance have been realised[1] thus the knowledge gap between the SigInt agencies and the open community has collapsed a lot and in some cases the open community may well be ahead of the game. I certainly have reason to believe so.

But as we know the NSA,tried it on with the dual eliptic curve random geberator. Some were suspicious but let it go untill the NSA did a couple of stupid things. One was the behaviour of their chosen person on the NIST committee was so bad they drew deep suspicion on thrmselves and got called. Another was the payment to RSA to promote what was a very inefficient algorithm to be the default. This made some with suspicions look a little deeper and say things, which with the competitiveness in the open community had a snow ball effect and NIST ended up with the ignominy of withdrawing a standard. One result of which is the NSA representatives are treated with the highest suspicion currently. It also highlighted some of their earlier tricks with the AES competition which was much more proffessionaly “finessed” but still caught by the open community fairly quickly though it’s taken an age for people to act on it.

But the story of exploitation of redundancy in random number generator did not die. If you remember it came back to life in Jupiter Networks source code for some reason that is still not satisfactorily explained. Thus yes I expect such NSA originated behaviour to continue. The flip side is that the fear of NOBUS in standards is making some people to “roll their own” which may be just as bad in the long run.

Which brings us around to Simon and Speck and the NSA goings on there. Whilst they did not make it into a standard they don’t appear to die…

The recent paper has caused some controversy about the open crypto community. The question is was it just something odd or an actual attack on not just the open crypto community but on what the open crypto community has achieved.

For by far the majority of people we have to take what the open crypto community says on faith because we have our own knowledge gaps. If that faith gets attacked and broken then the likes of the NSA win, because it provides excuses for inaction by managment and developers. That is rather than heed a warning to replace or update algorithms, they have the “yeah well they got it wrong with XXX lets just wait, they’ve probably got it wrong this time”. Thus things get delayed or worse left in as “backwards compatability” just in case…

There are a good deal of inventive minds still working on GS-pay they will always be looking not just for new attacks, but variations on old ones, or worse still waiting for us to forget.

One of the most shocking things about the ICT industry is just how quickly we forget things, thus attacks from a few years ago are in effect “as new”…

As has been noted, the price of freedom is eternal vigilance, and you can be sure that we the citizens are most definitely the new enemy in some peoples view.

[1] Have a look at the work of Adam Young and Moti Yung into hiding things in the redundancy of keys used in mathmatical ciphers.

Clive Robinson • June 16, 2019 1:33 AM

@ Lurker,

Lucky I’ve still got a roll of copper wire in my cave. Now, is there anything left to connect it to…?

Well yes, the antenna socket(s) of a portable amateur all band HF/VHF/UHF transceiver like a Yeasu FT817-ND…

A number of people are working on new networking and mesh communications systems for Amateur (Ham) Radio, that work in the HF through microwave bands at various speeds. Things have come along quite a bit since the Phil Kahn (KA9Q) NOS AX.25 software[1] for 286-486 MS-Dos 4 and above PC’s. Whilst it would not be too difficult to get it up and running on pre 1995 hardware if you still have any (no Intel ME 😉 there is still a lot you can do with it. Just for fun years ago I got it running over SLIP using some modem chips that I connected up to a couple of X-Band Gunn Doppler radio units it worked quite well over a 10Km path.

It’s also well within an Amateur or Maker’s ability to find copies of the C source and do the same again. This time using ~1USD microcontroler chips from the likes of MicroChip and those ultra cheap Baoufung VHF/UHF hand sets. But your data rate would be down between 2100 and 9600 bits/sec and your range just a few miles.

But… Why build your own hardware these days when you can by stuff of the shelf very cheaply and get high bandwidth or intercontinental range?

Due to WiFi and OpenWRT some Have developed the “Amateur Radio Emergency Digital Network” AREDN which alows up to 54MB/s data transfer rates over 13cm radio systems to alow VoIP / Video / Data on what is the equivalent of a private LAN or mini internet…

https://m.youtube.com/watch?v=fkl5Nbnz24Y

Whilst I do get some amusement from the more outlandish “preper sites” (think a new version of “Reality TV”) a few have done some interesting work using pre-made bits you can get hold of. One Ham operator who calls himself the Commspreper has done some practical stuff with AREDN and you might be surprised at what he has done with it. For instance this little mountain top experiment,

https://m.youtube.com/watch?v=4r4tM5llImU

Which is a bit more refined than his earlier experiments,

https://m.youtube.com/watch?v=rJmfpPdsD98

https://m.youtube.com/watch?v=ur0MxzUyvrU

You can search for “AREDN mesh networking” and come up with some interesting stuff. Basically anything you can do with a home Local Area Network(LAN), but then some more such as have a high bandwidth gateway to the UHF/microwave RF mesh Wide Area Network (WAN) that will “line of sight” upto 30KM using easily available kit that can then route traffic through a mesh network the length of continental America.

It will also “telnet” connection to a low bandwidth HF WinLink style Email mesh network that works across continents around the world,

https://m.youtube.com/watch?v=WRv9DbqnnDg

[1] https://en.m.wikipedia.org/wiki/KA9Q