If you can't read please download the document

ChaosVPN 5mof

  • Upload
    openfly

  • View
    1.356

  • Download
    0

Embed Size (px)

DESCRIPTION

This was from a talk I gave at 5 minutes of fame in San Francisco. The event was hosted at Noisebridge hackspace. This was kind of a last minute presentation to help fill a gap in presenters. Could have been better.

Citation preview

  • 1.
    • ChaosVPN
    • openfly

2.

  • The Mission
  • Establish a free and open communications network for any hackerspace or lab to collaborate over. 3. Ensure the network is reliable. 4. The network must be fully open source, and well documented. 5. All nodes on the network must be excellent to each other. 6. Endeavor to do no harm.

Governments and citizens must have confidence that the networks at the core of their national security and economic prosperity are safe and resilient. Now this is about more than petty hackers who deface websites. - Hillary Secretary of State Clinton 7.

  • Tech
  • ChaosVPN VPN mesh agent deployed to nodes to manage connections and certificates TINC Many to Many VPN software.Free and open source.Developers working with us to meet our needs
  • Fonera OpenWRT based wifi units.Embedded device ChaosVPN support .

8.

  • ChaosVPN Application
  • I once killed a man with a belt sander. Hannah Montana
  • ChaosVPN originally CCC VPN 9. ChaosVPN 1.0 ( HHH only US H space) 10. ChaosVPN 2.0 planned at HAR 2009 11. ChaosVPN 2.0 released last year 12. Packages for Debian / OpenWRT 13. Images for Fonera 2.0n 14. 60 or so registered nodes 15. NYC Resistor is fully integrated 16. Services are being added daily 17. DNS service was added last year 18. Multiple Servers now in use

19.

  • Key Distribution
  • Key Distribution / Authoritative Node Registry List

20.

  • The VPN to rule them all
  • TINC Network Topology

21.

  • Node Locations
  • Public Access Permanent Locations ( Tied to authoritative data sets and people ) 22. Single Access Permanent Locations ( Tied to one person with some authoritative datasets ) 23. Mobile Access Points ( Tied to a person or group of persons ) 24. MANETS?( Conference / Camp deployments )

25.

  • Node Targets
  • Server / Routing Infrastructure Deployments 26. Embedded Routing Device Deployments 27. Soft Client Deployments 28. Embedded Soft Client Deployments

29.

  • The Warzone
  • Separate logical network from ChaosVPN 30. Isolated network, no direct internet link 31. Opt in network that requires a minimum level of complexity when accessing 32. Hazardous projects expected, but general being excellent to each other rules apply 33. CTF competition field, and infosec training ground

Every gun that is made, every warship launched, every rocket fired signifies in the final sense,a theft from those who hunger and are not fed, those who are cold and are not clothed.This world in arms is not spending money alone.It is spending the sweat of its laborers,the genius of its scientists, the hopes of its children.This is not a way of life at all inany true sense.Under the clouds of war, it is humanity hanging on a cross of iron. - Rainbow Bright 34.

  • Threat Model

35.

  • Trust Models The tactical war hare is a key component in the defense of the British Isles.- RAF Field Manual

36.

  • Function versus Form
  • PKIwith the web of trust
  • Diffie-Hellman P2P Trust Architecture
  • Affiliation-Hiding Key ExchangeAH-AKE / LAH-AKE

37.

  • Social Factors
  • CCC is older, far larger an organization, and originated in a very different environment. 38. Hacker spaces are community organized and managed with little to no commonality. 39. Organizational Models are very different. 40. All organizations, and users have different goals and concerns.

41.

  • Logistical Factors
  • Spaces tend not to have large bandwidth throughput available to them on premises. 42. Compute resources are usually hand me down systems, or embedded systems. 43. On site human resources are ever changing and of diverse skill sets. 44. Environmental factors are diverse. 45. Nodes are dispersed globally.

46.

  • PKI Topology

47.

  • PKI Web of Trust
  • Benefits
  • Web of Trust relies on existing sociological factors that form the basis for cooperative development 48. Cheap in terms of CPU costs, faster throughputs on embedded devices. 49. Simple architecture, simple diagnostics and support for a small operations team 50. All communications are point A to B.
  • Costs
  • Single Point / Few Points of Failure 51. Keys are more vulnerable to interception 52. Privacy is non existent

53.

  • Diffie-Hellman P2P Topology

54.

  • Affiliated-Hiding Key Exchange Topology

55.

  • Affiliation-Hiding Key Exchange
  • Benefits
  • Protection of keys at an affiliated organization level 56. Reduced reliance on higher risk keys in core routing infrastructure 57. Privacy can be guaranteed within groups
  • Costs
  • Costly in CPU, and in transmission 58. Requires multiple group controllers 59. Resiliency is now dependent on reliability of authorities

60.

  • Special Notes
  • Robust methodology of the LAH-AKE model by Stanis law Jarecki, Jihye Kim, and Gene Tsudikhttp://www.ics.uci.edu/~gts/paps/jkt08.pdf 61. Upcoming Geekend in Hamburg

https://wiki.hamburg.ccc.de/index.php/ChaosVPN::geekend1


How to Set Google Analytics Goals and Funnels

How to Set Google Analytics Goals and Funnels

Technology
Automotive20

Automotive20

Technology
Design Principles: The Philosophy of UX

Design Principles: The Philosophy of UX

Technology
App optimization for ios 7

App optimization for ios 7

Technology
ROI in the age of keyword not provided [Mozinar]

ROI in the age of keyword not provided [Mozinar]

Technology
Lean Prototyping - A Practical Guide

Lean Prototyping - A Practical Guide

Technology
trendwatching.com's INTERNET OF CARING THINGS

trendwatching.com's INTERNET OF CARING THINGS

Technology
Leaving Positive Impression

Leaving Positive Impression

Technology
Advertising Psychology

Advertising Psychology

Technology
Foursquare Wallet presentation

Foursquare Wallet presentation

Technology
Designing for an Augmented Reality world

Designing for an Augmented Reality world

Technology
Big Data - The 5 Vs Everyone Must Know

Big Data - The 5 Vs Everyone Must Know

Technology
Expert Positioning Using LinkedIn

Expert Positioning Using LinkedIn

Technology
PickupPal Eco-Rideshare Program

PickupPal Eco-Rideshare Program

Technology
Personal Branding Presentation for HCC

Personal Branding Presentation for HCC

Technology
Using Social Networks as Job Searching Tools

Using Social Networks as Job Searching Tools

Technology
The Value of User Experience (from Web 2.0 Expo Berlin 2008)

The Value of User Experience (from Web 2.0 Expo Berlin 2008)

Technology
Ogilvy PR 360 DI Twitter Webinar

Ogilvy PR 360 DI Twitter Webinar

Technology
Best Practice For UX Deliverables - Eventhandler, London, 05 March 2014

Best Practice For UX Deliverables - Eventhandler, London, 05 March 2014

Technology
Stop Buying Tech

Stop Buying Tech

Technology
Campaign Tracking and Adwords Integration

Campaign Tracking and Adwords Integration

Technology
Wireframes for the Wicked

Wireframes for the Wicked

Technology
Profile & Resume Buzzkill - Words to avoid

Profile & Resume Buzzkill - Words to avoid

Technology
trendwatching.com's INNOVATION CELEBRATION

trendwatching.com's INNOVATION CELEBRATION

Technology
Crafting a UX Strategy for Wearables and the Mobile Mainframe

Crafting a UX Strategy for Wearables and the Mobile Mainframe

Technology
From Paths to Sandboxes

From Paths to Sandboxes

Technology
Simple Steps to UX/UI Web Design

Simple Steps to UX/UI Web Design

Technology
Apple 03 - Management Mistakes

Apple 03 - Management Mistakes

Technology
Google Analytics New Feature

Google Analytics New Feature

Technology
The Art & Science of Seductive Interactions

The Art & Science of Seductive Interactions

Technology