Your SlideShare is downloading. ×
0
ChaosVPN 5mof
ChaosVPN 5mof
ChaosVPN 5mof
ChaosVPN 5mof
ChaosVPN 5mof
ChaosVPN 5mof
ChaosVPN 5mof
ChaosVPN 5mof
ChaosVPN 5mof
ChaosVPN 5mof
ChaosVPN 5mof
ChaosVPN 5mof
ChaosVPN 5mof
ChaosVPN 5mof
ChaosVPN 5mof
ChaosVPN 5mof
ChaosVPN 5mof
ChaosVPN 5mof
ChaosVPN 5mof
ChaosVPN 5mof
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

ChaosVPN 5mof

1,362

Published on

This was from a talk I gave at 5 minutes of fame in San Francisco. The event was hosted at Noisebridge hackspace. This was kind of a last minute presentation to help fill a gap in presenters. Could …

This was from a talk I gave at 5 minutes of fame in San Francisco. The event was hosted at Noisebridge hackspace. This was kind of a last minute presentation to help fill a gap in presenters. Could have been better.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,362
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
4
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. <ul>ChaosVPN </ul><ul><li>openfly </li></ul>
  • 2. <ul>The Mission </ul><ul><li>Establish a free and open communications network for any hackerspace or lab to collaborate over.
  • 3. Ensure the network is reliable.
  • 4. The network must be fully open source, and well documented.
  • 5. All nodes on the network must be excellent to each other.
  • 6. Endeavor to do no harm. </li></ul>“ Governments and citizens must have confidence that the networks at the core of their national security and economic prosperity are safe and resilient. Now this is about more than petty hackers who deface websites.” - Hillary “Secretary of State” Clinton
  • 7. <ul>Tech </ul><ul>ChaosVPN – VPN mesh agent deployed to nodes to manage connections and certificates TINC – Many to Many VPN software. Free and open source. Developers working with us to meet our needs <li>Fonera – OpenWRT based wifi units. Embedded device ChaosVPN support . </li></ul>
  • 8. <ul>ChaosVPN Application </ul><ul>“ I once killed a man with a belt sander.” – Hannah Montana </ul><ul><li>ChaosVPN originally CCC VPN
  • 9. ChaosVPN 1.0 ( HHH only US H space)
  • 10. ChaosVPN 2.0 planned at HAR 2009
  • 11. ChaosVPN 2.0 released last year
  • 12. Packages for Debian / OpenWRT
  • 13. Images for Fonera 2.0n
  • 14. 60 or so registered nodes
  • 15. NYC Resistor is fully integrated
  • 16. Services are being added daily
  • 17. DNS service was added last year
  • 18. Multiple Servers now in use </li></ul>
  • 19. <ul>Key Distribution </ul><ul>Key Distribution / Authoritative Node Registry List </ul>
  • 20. <ul>The VPN to rule them all </ul><ul>TINC Network Topology </ul>
  • 21. <ul>Node Locations </ul><ul><li>Public Access Permanent Locations ( Tied to authoritative data sets and people )
  • 22. Single Access Permanent Locations ( Tied to one person with some authoritative datasets )
  • 23. Mobile Access Points ( Tied to a person or group of persons )
  • 24. MANETS? ( Conference / Camp deployments ) </li></ul>
  • 25. <ul>Node Targets </ul><ul><li>Server / Routing Infrastructure Deployments
  • 26. Embedded Routing Device Deployments
  • 27. Soft Client Deployments
  • 28. Embedded Soft Client Deployments </li></ul>
  • 29. <ul>The Warzone </ul><ul><li>Separate logical network from ChaosVPN
  • 30. Isolated network, no direct internet link
  • 31. Opt in network that requires a minimum level of complexity when accessing
  • 32. Hazardous projects expected, but general being excellent to each other rules apply
  • 33. CTF competition field, and infosec training ground </li></ul>“ Every gun that is made, every warship launched, every rocket fired signifies in the final sense, a theft from those who hunger and are not fed, those who are cold and are not clothed. This world in arms is not spending money alone. It is spending the sweat of its laborers, the genius of its scientists, the hopes of its children. This is not a way of life at all in any true sense. Under the clouds of war, it is humanity hanging on a cross of iron.” - Rainbow Bright
  • 34. <ul>Threat Model </ul>
  • 35. <ul>Trust Models “The tactical war hare is a key component in the defense of the British Isles.” - RAF Field Manual </ul>
  • 36. <ul>Function versus Form </ul><ul><li>PKI with the web of trust </li></ul><ul><li>Diffie-Hellman P2P Trust Architecture </li></ul><ul><li>Affiliation-Hiding Key Exchange AH-AKE / LAH-AKE </li></ul>
  • 37. <ul>Social Factors </ul><ul><li>CCC is older, far larger an organization, and originated in a very different environment.
  • 38. Hacker spaces are community organized and managed with little to no commonality.
  • 39. Organizational Models are very different.
  • 40. All organizations, and users have different goals and concerns. </li></ul>
  • 41. <ul>Logistical Factors </ul><ul><li>Spaces tend not to have large bandwidth throughput available to them on premises.
  • 42. Compute resources are usually hand me down systems, or embedded systems.
  • 43. On site human resources are ever changing and of diverse skill sets.
  • 44. Environmental factors are diverse.
  • 45. Nodes are dispersed globally. </li></ul>
  • 46. <ul>PKI Topology </ul>
  • 47. <ul>PKI Web of Trust </ul><ul>Benefits </ul><ul><li>Web of Trust relies on existing sociological factors that form the basis for cooperative development
  • 48. Cheap in terms of CPU costs, faster throughputs on embedded devices.
  • 49. Simple architecture, simple diagnostics and support for a small operations team
  • 50. All communications are point A to B. </li></ul><ul>Costs </ul><ul><li>Single Point / Few Points of Failure
  • 51. Keys are more vulnerable to interception
  • 52. Privacy is non existent </li></ul>
  • 53. <ul>Diffie-Hellman P2P Topology </ul>
  • 54. <ul>Affiliated-Hiding Key Exchange Topology </ul>
  • 55. <ul>Affiliation-Hiding Key Exchange </ul><ul>Benefits </ul><ul><li>Protection of keys at an affiliated organization level
  • 56. Reduced reliance on higher risk keys in core routing infrastructure
  • 57. Privacy can be guaranteed within groups </li></ul><ul>Costs </ul><ul><li>Costly in CPU, and in transmission
  • 58. Requires multiple group controllers
  • 59. Resiliency is now dependent on reliability of authorities </li></ul>
  • 60. <ul>Special Notes </ul><ul><li>Robust methodology of the LAH-AKE model by Stanis law Jarecki, Jihye Kim, and Gene Tsudik http://www.ics.uci.edu/~gts/paps/jkt08.pdf
  • 61. Upcoming Geekend in Hamburg </li></ul>https://wiki.hamburg.ccc.de/index.php/ChaosVPN::geekend1

×