This was from a talk I gave at 5 minutes of fame in San Francisco. The event was hosted at Noisebridge hackspace. This was kind of a last minute presentation to help fill a gap in presenters. Could have been better.
Citation preview
1.
ChaosVPN
openfly
2.
The Mission
Establish a free and open communications network for any
hackerspace or lab to collaborate over. 3. Ensure the network is
reliable. 4. The network must be fully open source, and well
documented. 5. All nodes on the network must be excellent to each
other. 6. Endeavor to do no harm.
Governments and citizens must have confidence that the networks
at the core of their national security and economic prosperity are
safe and resilient. Now this is about more than petty hackers who
deface websites. - Hillary Secretary of State Clinton 7.
Tech
ChaosVPN VPN mesh agent deployed to nodes to manage connections
and certificates TINC Many to Many VPN software.Free and open
source.Developers working with us to meet our needs
Fonera OpenWRT based wifi units.Embedded device ChaosVPN
support .
8.
ChaosVPN Application
I once killed a man with a belt sander. Hannah Montana
ChaosVPN originally CCC VPN 9. ChaosVPN 1.0 ( HHH only US H
space) 10. ChaosVPN 2.0 planned at HAR 2009 11. ChaosVPN 2.0
released last year 12. Packages for Debian / OpenWRT 13. Images for
Fonera 2.0n 14. 60 or so registered nodes 15. NYC Resistor is fully
integrated 16. Services are being added daily 17. DNS service was
added last year 18. Multiple Servers now in use
19.
Key Distribution
Key Distribution / Authoritative Node Registry List
20.
The VPN to rule them all
TINC Network Topology
21.
Node Locations
Public Access Permanent Locations ( Tied to authoritative data
sets and people ) 22. Single Access Permanent Locations ( Tied to
one person with some authoritative datasets ) 23. Mobile Access
Points ( Tied to a person or group of persons ) 24. MANETS?(
Conference / Camp deployments )
Separate logical network from ChaosVPN 30. Isolated network, no
direct internet link 31. Opt in network that requires a minimum
level of complexity when accessing 32. Hazardous projects expected,
but general being excellent to each other rules apply 33. CTF
competition field, and infosec training ground
Every gun that is made, every warship launched, every rocket
fired signifies in the final sense,a theft from those who hunger
and are not fed, those who are cold and are not clothed.This world
in arms is not spending money alone.It is spending the sweat of its
laborers,the genius of its scientists, the hopes of its
children.This is not a way of life at all inany true sense.Under
the clouds of war, it is humanity hanging on a cross of iron. -
Rainbow Bright 34.
Threat Model
35.
Trust Models The tactical war hare is a key component in the
defense of the British Isles.- RAF Field Manual
36.
Function versus Form
PKIwith the web of trust
Diffie-Hellman P2P Trust Architecture
Affiliation-Hiding Key ExchangeAH-AKE / LAH-AKE
37.
Social Factors
CCC is older, far larger an organization, and originated in a
very different environment. 38. Hacker spaces are community
organized and managed with little to no commonality. 39.
Organizational Models are very different. 40. All organizations,
and users have different goals and concerns.
41.
Logistical Factors
Spaces tend not to have large bandwidth throughput available to
them on premises. 42. Compute resources are usually hand me down
systems, or embedded systems. 43. On site human resources are ever
changing and of diverse skill sets. 44. Environmental factors are
diverse. 45. Nodes are dispersed globally.
46.
PKI Topology
47.
PKI Web of Trust
Benefits
Web of Trust relies on existing sociological factors that form
the basis for cooperative development 48. Cheap in terms of CPU
costs, faster throughputs on embedded devices. 49. Simple
architecture, simple diagnostics and support for a small operations
team 50. All communications are point A to B.
Costs
Single Point / Few Points of Failure 51. Keys are more
vulnerable to interception 52. Privacy is non existent
53.
Diffie-Hellman P2P Topology
54.
Affiliated-Hiding Key Exchange Topology
55.
Affiliation-Hiding Key Exchange
Benefits
Protection of keys at an affiliated organization level 56.
Reduced reliance on higher risk keys in core routing infrastructure
57. Privacy can be guaranteed within groups
Costs
Costly in CPU, and in transmission 58. Requires multiple group
controllers 59. Resiliency is now dependent on reliability of
authorities
60.
Special Notes
Robust methodology of the LAH-AKE model by Stanis law Jarecki,
Jihye Kim, and Gene
Tsudikhttp://www.ics.uci.edu/~gts/paps/jkt08.pdf 61. Upcoming
Geekend in Hamburg