The Architecture of the GNUnet: 45 Subsystems in 45 Minutes
|
|
- Jeffery Nichols
- 6 years ago
- Views:
Transcription
1 The Architecture of the GNUnet: 45 Subsystems in 45 Minutes Christian Grothoff Inria Rennes Bretagne Atlantique Never doubt your ability to change the world. Glenn Greenwald
2 The Internet is Broken Network generally learns too much Insecure defaults and high system complexity Centralized Internet infrastructure requires administation: Number resources (IANA) Domain Name System (Root zone) X.509 CAs (HTTPS certificates) Administrators have power, and power attracts attackers Self-organizing systems aka P2P systems offer a way forward!
3 Our Vision (Simplified) Internet Google DNS/X.509 TCP/UDP IP/BGP Ethernet Phys. Layer
4 Our Vision (Simplified) Internet Google DNS/X.509 TCP/UDP IP/BGP Ethernet Phys. Layer HTTPS/TCP/WLAN/...
5 Our Vision (Simplified) Internet Google DNS/X.509 TCP/UDP IP/BGP Ethernet Phys. Layer CORE (OTR) HTTPS/TCP/WLAN/...
6 Our Vision (Simplified) Internet Google DNS/X.509 TCP/UDP IP/BGP Ethernet Phys. Layer R 5 N DHT CORE (OTR) HTTPS/TCP/WLAN/...
7 Our Vision (Simplified) Internet Google DNS/X.509 TCP/UDP IP/BGP Ethernet Phys. Layer CADET (Axolotl+SCTP) R 5 N DHT CORE (OTR) HTTPS/TCP/WLAN/...
8 Our Vision (Simplified) Internet Google DNS/X.509 TCP/UDP IP/BGP Ethernet Phys. Layer GNU Name System CADET (Axolotl+SCTP) R 5 N DHT CORE (OTR) HTTPS/TCP/WLAN/...
9 Our Vision (Simplified) Internet Google DNS/X.509 TCP/UDP IP/BGP Ethernet Phys. Layer Applications GNU Name System CADET (Axolotl+SCTP) R 5 N DHT CORE (OTR) HTTPS/TCP/WLAN/...
10 Our Vision (Simplified) Internet Google DNS/X.509 TCP/UDP IP/BGP Ethernet Phys. Layer GNUnet Applications GNU Name System CADET (Axolotl+SCTP) R 5 N DHT CORE (OTR) HTTPS/TCP/WLAN/...
11 Today: 45 things to do with GNUnet A fast tour-de-force through GNUnet s features Features for users, developers and researchers What you can do, not how it is done
12 C library Safer C: GNUNET malloc(), GNUNET asprintf(),... Containers: multi hash map, Bloom filter, heap,... Networking: event loop, socket abstraction (client, server) Initialization: find paths, parse configuration, parse options Disk: buffered and unbuffered IO, endianess conversion, logging
13 Cryptographic primitives RNG, permutation AES, Twofish SHA-512, SHA-256, SCRYPT, HKDF, CRC32, CRC16 Curve25519 point addition, Curve25519 point multiplication, small-scalar Curve25519-DLOG EdDSA, ECDHE Paillier (homomorphic addition) RSA blind signatures
14 The Automated Restart Manager (ARM) Starts services on-demand (like systemd) Automatically restarts crashed services (like ARM on OS/360) Can provide performance data per service gnunet-arm -e only terminates after peer is fully down Simple API: GNUNET ARM request service start(), GNUNET ARM request service stop(), etc.
15 Transport Unreliable, out-of-order packet delivery semantics Over TCP, UDP, IPv4/IPv6, HTTP/HTTPS, WLAN or BT (pluggable) Enforces bandwidth quotas Enforces connection restrictions (F2F) Supports NAT traversal Supports bootstrap via broadcast/multicast Measures network latency UDP/WLAN/BT: Fragments large messages (including ACKs and selective retransmission)
16 Distance-Vector Routing (WiP) Transport plugin Bounded (i.e. 3 hops) distance-vector routing Provides illusion of direct connections
17 Automated Transport Selection (ATS) Decides which connections to establish Selects best transport plugin to use Allocates bandwidth to peers by network technology (LO, LAN, WAN, WLAN) Allows other subsystems to specify preferences: Which peers? Minimize latency? Maximize bandwidth?
18 CORE Off-the-record link encryption between peers Multiplexes inbound messages by type to higher-level subsystems Hides connections from/to peers that do not speak same higher-level protocol
19 HOSTLIST Allows download of known peer addresses for bootstrapping HTTP client and HTTP server provided URLs from configuration or learned via gossip among peers
20 The Network Size Estimate (NSE) Gives estimate of log n where n is number of active peers (with reasonable lifetime) All peers converge to the same network size estimate Extremely cheap (bandwidth, storage & amortized CPU cost) Byzantine fault-tolerant Malicious attacker can only slightly increase size estimate Trivial API: GNUNET NSE connect()
21 Distributed Hash Table (DHT) Store key-value pairs in overlay network Replication in the network Multiple values per key possible Duplicate/known replies not transmitted repeatedly Tolerates small-world underlay topology Can optionally track path key-values took in the network O( n log n) lookup complexity, O(log n) hops Plugins provide custom logic to verify integrity of key-value pairs in DHT Simple API: GNUNET DHT get(), GNUNET DHT put(), GNUNET DHT monitor start()
22 Confidential Ad-Hoc Decentralised End-to-End Transport AXOLOTL-encrypted end-to-end communication Reliable or unreliable In-order or out-of-order Low-latency or buffered Multiple streams duplexed over one authenticated encrypted channel Encrypted channel multiplexed over multiple, redundant paths Easy API: GNUNET CADET connect(), GNUNET CADET channel create(), GNUNET CADET notify transmit ready()
23 Identity (management) Public key pairs as egos to identify users Each user can have many alter-egos (or pseudonyms) Separate from peer identities (network addresses)
24 The GNU Name System (GNS) Decentralized name system with secure memorable names Delegation used to achieve transitivity Also supports globally unique, secure identifiers Achieves query and response privacy Provides alternative public key infrastructure Interoperable with DNS Trivial API: GNUNET GNS connect(), GNUNET GNS lookup()
25 (Key) revocation Instant revocation at all peers that the network allowed to receive it Highly efficient protocol Revocation messages can be prepared and stored off-line if desired Trivial API: GNUNET REVOCATION revoke(), GNUNET REVOCATION query()
26 Set Compute set union or set intersection Surprisingly low bandwidth required Few round trips, but non-deterministic
27 Scalarproduct (SMC) Given private maps a : A Z and b : B Z, calculates scalar product a(e)b(e) (1) e A B Bandwidth-efficient at 100 bytes/element CPU-efficient with runtime in milliseconds/element Only leaks information derivable from final result and prior knowledge Result only disclosed to one party Assumes honest-but-curious adversary model Trivial API: GNUNET SCALARPRODUCT start computation(), GNUNET SCALARPRODUCT accept computation()
28 Random Peer Sampling (WiP) Selects a random peer, or sequence of random peers Fully decentralised Byzantine fault-tolerant
29 Multicast (WiP) Source controls membership in multicast group End-to-end encrypted Source does not have to KX with each group member Members that left really can no longer read messages
30 PSYC2 Extensible messaging format: syntax and semantics Stateful protocol with state updates using deltas Efficient encoding and decoding (in bandwidth and CPU) Runs on top of Multicast
31 Social (Network Applications) Combines PSYC2 and GNS to build social networking applications Key concepts: nym pseudonym of another user in the network place where social interactions happen host owner of a place guest visitor of a place API then offers vocabulary: enter, leave, host eject, host entry decision, host announce, guest talk, place history replay, place look at
32 SecuShare (WiP) Social networking application using SOCIAL API GUI written with Qt
33 Statistics Collects numeric run-time information from a peer Used for primarily for diagnostic monitoring and performance evaluation Trivial API: GNUNET STATISTICS set(), GNUNET STATISTICS update(), GNUNET STATISTICS get()
34 The Testbed Run controlled experiments Detect available ports, generate configurations Share services across peers for higher efficiency (i.e. DNS resolver) Connect peers into custom network topologies Run peers with non-uniform configurations Run multiple peers on one host Run testbed across multiple hosts Control large-scale execution with hierarchy of testbed controllers Launch thousands of peers per second
35 Conversation GNU Name System PKI: Address book GNS zone make calls to phone.alice.bob.gnu OPUS-encoded voice streams CADET end-to-end encryption Clean API, command-line and GTK user interfaces put calls on hold, etc. still lacks ringtones!
36 File- Sharing Anonymous, pseudonymous and non-anonymous publishing Files broken up into blocks (Merkle tree) Peers caching blocks cannot view contents (encrypted queries and replies) Multi-source download Contributing peers rewarded with better performance Keyword search File meta-data available as part of search result Can share directories, can mount shared directories via FUSE API, command-line and GTK GUIs
37 Search by REgular EXpression Service publisher advertises regular expression (!) Client searches using string Services where the RegEx matches string are returned Fully decentralised, uses R 5 N DHT Trivial API: GNUNET REGEX announce(), GNUNET REGEX search() Warning: non-trivial theory. Read up about RegEx prefixes before using.
38 DNS Integration Intercept DNS queries using iptables to: Observe DNS activity Drop DNS queries Supply alternative DNS replies Can be used to support GNS instead of NSS, proxies or GNS-specific resolution APIs
39 IP-over-GNUnet Open TUN interface to receive inbound IP traffic ( VPN ) Open TUN interface to forward IP traffic to Internet ( EXIT ) Translate between IPv4 and IPv6 as needed and implement NAT-PT for DNS ( PT ) Also allows routing IP traffic to a particular GNUnet peer Integrates with the GNU Name System
40 Byzantine Fault-tolerant Consensus Given a set of n peers with at most k malicious participants And a deadline (synchronous protocol!) and enough bandwidth for honest participants Compute the global union over a set of initial elements distributed across the n k honest participants Malicious participants may add additional (well-formed) elements All honest participants end up with exactl the same set Final set is super-set of union of initial elements at honest peers
41 Electronic Voting (SMC) 1 Implements Cramer 97-style electronic voting: correctness votes are counted correctly, one vote per voter secrecy voter s votes remain secret indi. verif. each voter can verify univ. verfi. third parties can verify fairness will not leak partial outcomes robustness a threshold faction of officials may be corrupt coercion res. Not offered! Adversary could verify that voter complied with his demands Three types of participants: supervisor affirms list of eligible voters, selects authorities authorities collect & verify ballots, tally results, provide audit data voter registers to vote, votes, submits ballot 1 Implemented in gnunet-java
42 RESTful APIs (WiP) Access GNUnet services via HTTP Plugin architecture Data encoded using JSON Used to buile Web service with JS for identity management
43 Taxable Anonymous Libre Electronic Reserves Payment system, not a new currency Client-server architecture, not peer-to-peer HTTP RESTful protocol (JSON over HTTP/HTTPS) Supposed to be used initially over Tor for anonymity Payer remains anonymous Payee easily identifiable by the government ( taxable ) Affero GPL server, GPL wallet, LGPL merchant logic Cheap transactions, can give change, supports refunds
44 secushare social voting conversation psyc secretsharing gns fs dv consensus revocation scalarproduct pt identity multicast exit set dns vpn rps cadet regex dht nse testbed hostlist topology core transport ats arm statistics rest taler util
45 GNUnet dependencies (generated by GNU Guix) Compile time: gnunet pkg-config-0.28 python glpk-4.56 gnurl gnutls libextractor-1.3 libgcrypt libidn-1.32 libmicrohttpd libltdl libunistring openssl-1.0.2d opus-1.1 pulseaudio-6.0 sqlite zlib bzip gdbm-1.11 libffi-3.1 readline-6.3 tcl tk gmp-6.0.0a perl groff texinfo-6.0 which-2.21 guile libtasn1-4.5 nettle libtiff libjpeg-9a exiv flac ffmpeg-2.8 file-5.22 glib gstreamer gst-plugins-base libogg libvorbis libgpg-error-1.19 curl m speex-1.2rc1 dbus libcap-2.24 eudev alsa-lib json-c-0.12 libsndfile libsamplerate intltool fftwf avahi check ncurses-6.0 libxft fontconfig libx libxext xproto libxrender freetype-2.6 gs-fonts-8.11 expat inputproto xextproto xtrans kbproto libxcb-1.11 libxau util-macros renderproto python-wrapper xcb-proto-1.11 libxslt libpthread-stubs-0.3 libxdmcp python-minimal libxml bison psutils-17 ghostscript netpbm flex procps xz python-wrapper lcms-2.6 libjpeg-8d libpng libpaper bison indent python bash libgc libatomic-ops bc-1.06 yasm ladspa-1.13 lame libass libbluray libcaca-0.99.beta19 libcdio-paranoia libquvi libtheora libvpx libx openal soxr twolame xvid gettext coreutils-8.24 tzdata-2015c gobject-introspection pango libxv cdparanoia-10.2 orc xmlto fribidi harfbuzz enca-1.16 doxygen texlive-2015 freeglut ftgl rc5 mesa libcdio-0.93 cyrus-sasl libquvi-scripts lua util-linux-2.27 net-base-5.3 tar-1.28 cairo graphite icu4c-55.1 recode libspectre poppler pixman python2-fonttools-2.5 acl attr openjpeg cairo python2-setuptools graphviz texlive-bin-2015 texlive-texmf-2015 gts gd libxaw libxmu libxpm libxt libice libsm fontforge b mpfr potrace-1.11 ruby tcsh teckit zziplib lua giflib libxi libspiro libuninameslist autoconf-2.69 automake-1.15 libtool zip-3.0 libxfixes fixesproto-5.0 autoconf-wrapper-2.69 autoconf-wrapper-2.69 libxrandr libxxf86vm xinput glu dri2proto-2.8 dri3proto-1.0 presentproto-1.0 libva-without-mesa libxvmc makedepend s2tc-1.0 glproto libdrm libxdamage libxshmfence-1.1 randrproto xf86vidmodeproto libxinerama gperf kmod-17 mesa-headers libpciaccess damageproto videoproto xineramaproto help2man libcddb gss libssh openldap mit-krb shishi bdb linux-pam libgcrypt fftw perl-xml-parser-2.44 libdaemon-0.14 Runtime: gnunet libltdl libidn-1.32 bash nettle libmicrohttpd zlib libgcrypt gnutls gnurl libunistring glpk-4.56 glibc-2.22 python gmp-6.0.0a libgpg-error-1.19 libtasn1-4.5 sqlite libextractor-1.3 gcc lib ncurses-6.0 readline-6.3 guile libgc libatomic-ops libffi-3.1 bash-static readline-6.3 ncurses-6.0 libxdmcp libxau xproto tk kbproto libxcb-1.11 xz coreutils-8.24 libx tcl gdbm-1.11 libpthread-stubs-0.3 xextproto util-macros libxext openssl-1.0.2d expat exiv libvorbis libtiff gst-plugins-base flac libjpeg-9a libogg glib orc file-5.22 ffmpeg-2.8 gstreamer pkg-config-0.28 fontconfig libxft acl libcap-2.24 gmp-6.0.0a gs-fonts-8.11 freetype-2.6 libxrender attr libxv pixman pango cairo libpng alsa-lib graphite libtheora cdparanoia-10.2 harfbuzz bash pulseaudio-6.0 libcdio-0.93 libcaca-0.99.beta19 lame openal libx libcdio-paranoia libbluray xvid twolame speex-1.2rc1 opus-1.1 soxr libass libvpx libquvi icu4c-55.1 avahi dbus libcap-2.24 json-c-0.12 libsndfile fftwf eudev libcddb libxxf86vm ftgl rc5 libxfixes libdrm glu libxshmfence-1.1 mesa libxdamage freeglut libxml enca-1.16 fribidi gss shishi libquvi-scripts curl libssh lua cyrus-sasl openldap libgcrypt libdaemon-0.14 attr kmod-17 libpciaccess libxvmc s2tc-1.0 libxi libxrandr recode curl doc mit-krb bdb Close inspection shows: Guix didn t build all of it.
46 Future Work Improve all of the above, in particular the WiPs Onion routing Asynchronous messaging Secure auctions News distribution / timeline construction Collaborative editing Multiparty linear programming
47 Conclusion GNUnet provides foundations for an alternative network stack More work needs to be done: SMTP 2.0, Web 3.0, Tor 2.0,... If what you need is not there, help us add it!
48 Do you have any questions? References: Nathan Evans and Christian Grothoff. R 5 N. Randomized Recursive Routing for Restricted-Route Networks. 5th International Conference on Network and System Security, M. Schanzenbach Design and Implementation of a Censorship Resistant and Fully Decentralized Name System. Master s Thesis (TUM), Christian Grothoff, Bart Polot and Carlo von Loesch. The Internet is broken: Idealistic Ideas for Building a GNU Network. W3C/IAB Workshop on Strengthening the Internet Against Pervasive Monitoring (STRINT), Matthias Wachs, Martin Schanzenbach and Christian Grothoff. A Censorship-Resistant, Privacy-Enhancing and Fully Decentralized Name System. 13th International Conference on Cryptology and Network Security, 2014.
Reproducible Software Deployment with GNU Guix
Reproducible Software Deployment with GNU Guix Ludovic Courtès Inria Rennes Bretagne Atlantique, November 2015 The difficulty of keeping software environments under control. #1. Upgrades are hard. #2.
More informationGNU Guix is 4 years old!
GNU Guix is 4 years old! Ludovic Courtès GNU Hackers Meeting, Rennes, August 2016 The rise and fall of distros. Debian and other distributions are going to be that thing you run docker on, little more.
More informationControlling Software Environments with GNU Guix
Controlling Software Environments with GNU Guix Ludovic Courtès Inria Bordeaux Sud-Ouest November 2016 The difficulty of keeping software environments under control. #1. Upgrades are hard. #2. Stateful
More informationThe GNU Name System and the Future of Social Networking with GNUnet
The GNU Name System and the Future of Social Networking with GNUnet Christian Grothoff Technische Universität München 24.08.2013 Never doubt your ability to change the world. Glenn Greenwald Cyberwar Presidential
More informationComponents for Building Secure Decentralized Networks
Components for Building Secure Decentralized Networks Christian Grothoff Technische Universität München 26.11.2013 Never doubt your ability to change the world. Glenn Greenwald Where We Are Where We Are
More informationThe Hydra/Nix Approach to Continuous Integration
1 / 21 The Hydra/Nix Approach to Continuous Integration Ludovic Courtès INRIA SED Cépage Team-Project devexp.bor@inria.fr 5 November 2009 2 / 21 Outline 1 Build & Deployment with Nix 2 Continuous Integration
More informationPeer-to-Peer Systems and Security
Peer-to-Peer Systems and Security The GNUnet Architecture Christian Grothoff Technische Universität München April 10, 2014 The architects who benefit us most maybe those generous enough to lay aside their
More informationNavigating the Guix Subsystems
Navigating the Guix Subsystems Ludovic Courtès GNU Hackers Meeting, Rennes, August 2016 The Emacs of distros When large numbers of nontechnical workers are using a programmable editor, they will be tempted
More informationreproducible and user-controlled software management in HPC
reproducible and user-controlled software management in HPC with GNU Guix Ricardo Wurmus + Pjotr Prins + Ben Woodcroft + Altuna Akalin BOSC 2017, Prague System Admins prefer mature software, no variants,
More informationThe GNUnet. Decentralizing Privacy-Preserving Network Applications. Christian Grothoff, PhD (UCLA) November 17, 2017 BFH
The GNUnet Decentralizing Privacy-Preserving Network Applications Christian Grothoff, PhD (UCLA) BFH November 17, 2017 Part I: Goals Never doubt your ability to change the world. Glenn Greenwald Decentralizing
More informationCisco WAE Release System Requirements
System Requirements Cisco WAE Release 6.3 6.3.11 System Requirements Modification Date: 11/06/2017 WAN Automation Engine (WAE) requirements vary, depending on the product it is paired with and whether
More informationMobile DLP agent using cluster solutions
Mobile DLP agent using cluster solutions Topic 40038 / Updated: 17-Jan-2012 Applies To: Websense Data Security 7.6.3 Overview The mobile data loss prevention (DLP) agent is a solution that lets you secure
More informationRED HAT ENTERPRISE LINUX 7: APPLICATION COMPATIBILITY GUIDE
RED HAT ENTERPRISE LINUX 7: APPLICATION COMPATIBILITY GUIDE June 2014 Version 7.0.100 Copyright 2014 Red Hat, Inc. Red Hat, Red Hat Enterprise Linux, the Shadowman logo, and GlusterFS are trademarks of
More informationThe GNU name system. Christian Grothoff Inria Rennes Bretagne Atlantique
The GNU name system Christian Grothoff Inria Rennes Bretagne Atlantique 11.7.2016 The Domain Name System is the Achilles heel of the Web. Tim Berners-Lee Trouble at the root ICANN asserts cctlds are not
More informationGNUnet Distributed Data Storage
GNUnet Distributed Data Storage DHT and Distance Vector Transport Nathan S. Evans 1 1 Technische Universität München Department of Computer Science Network Architectures and Services July, 24 2010 Overview
More informationPeer-to-Peer Systems and Security
Peer-to-Peer Systems and Security Introduction to GNUnet 0.9.x for Developers Christian Grothoff Lehrstuhl für Netzarchitekturen und Netzdienste Institut für Informatik Technische Universität München April
More informationCisco Prime Central 2.0 Quick Start Guide 2
Cisco Prime Central 2.0 Quick Start Guide Cisco Prime Central 2.0 Quick Start Guide 2 Preface 2 Installation Requirements 3 Prime Central 2.0 Image (Electronic Copy) Signature Verification 23 Extracting
More informationThe GNU Name System: A Public Key Infrastructure for Social Movements in the Age of Universal Surveillance
The GNU Name System: A Public Key Infrastructure for Social Movements in the Age of Universal Surveillance Christian Grothoff The GNUnet Project 28.04.2017 Never doubt your ability to change the world.
More informationCisco WAE System Requirements
Cisco WAE 6.4-6.4.7 System Requirements First Published: July 2016 Last Modified: November 2017 Cisco Systems, Inc. www.cisco.com Cisco has more than 200 offices worldwide. Addresses, phone numbers, and
More informationThe Yocto GENIVI Baseline Overview. Automotive Linux Summit, Fall 2013 Holger Behrens, Wind River Automotive Solutions
The Yocto GENIVI Baseline Overview Automotive Linux Summit, Fall 2013 Holger Behrens, Wind River Automotive Solutions Abstract The Yocto GENIVI Baseline, a public project of the GENIVI Alliance, based
More informationLightweight virtualization with GoboLinux Runner
Lightweight virtualization with GoboLinux Runner Lucas C. Villa Real IBM Research - Brazil lucasvr@gobolinux.org About GoboLinux Alternative distribution born in 2002 Explores novel ideas in the Linux
More informationTowards Secure Name Resolution on the Internet
Towards Secure Name Resolution on the Internet C. Grothoff M. Wachs M. Ermert J. Appelbaum 26.2.2017 The Domain Name System is the Achilles heel of the Web. Tim Berners-Lee Security Goals for Name Systems
More informationContinuous Integration and Release Management with Nix
Continuous Integration and Release Management with Nix Institute of Information & Computing Sciences Utrecht University, The Netherlands July 14, 2004 Outline 1 Continuous Integration 2 Release Management
More informationTraCE: Transparent Configuration Environments
TraCE: Transparent Configuration Environments Martin Bravenboer Eelco Dolstra Eelco Visser Institute of Information & Computing Sciences Utrecht University, The Netherlands February 4, 2005 Project Overview
More informationThe Tor Network. Cryptography 2, Part 2, Lecture 6. Ruben Niederhagen. June 16th, / department of mathematics and computer science
The Tor Network Cryptography 2, Part 2, Lecture 6 Ruben Niederhagen June 16th, 2014 Tor Network Introduction 2/33 Classic goals of cryptography: confidentiality, data integrity, authentication, and non-repudiation.
More informationAnonymity C S A D VA N C E D S E C U R I T Y TO P I C S P R E S E N TAT I O N BY: PA N AY I OTO U M A R KO S 4 T H O F A P R I L
Anonymity C S 6 8 2 A D VA N C E D S E C U R I T Y TO P I C S P R E S E N TAT I O N BY: PA N AY I OTO U M A R KO S 4 T H O F A P R I L 2 0 1 9 Tor: The Second- Generation Onion Router R. DINGLEDINE N.
More informationJXTA TM Technology for XML Messaging
JXTA TM Technology for XML Messaging OASIS Symposium New Orleans, LA 27-April-2004 Richard Manning Senior Software Architect Advanced Technology & Edge Computing Center Sun Microsystems Inc. www.jxta.org
More informationNetwork Security. Thierry Sans
Network Security Thierry Sans HTTP SMTP DNS BGP The Protocol Stack Application TCP UDP Transport IPv4 IPv6 ICMP Network ARP Link Ethernet WiFi The attacker is capable of confidentiality integrity availability
More informationBuildroot: what s new?
Embedded Linux Conference 2014 Buildroot: what s new? Thomas Petazzoni Free Electrons thomas.petazzoni@free-electrons.com Free Electrons. Kernel, drivers and embedded Linux development, consulting, training
More informationCS 470 Spring Distributed Web and File Systems. Mike Lam, Professor. Content taken from the following:
CS 470 Spring 2017 Mike Lam, Professor Distributed Web and File Systems Content taken from the following: "Distributed Systems: Principles and Paradigms" by Andrew S. Tanenbaum and Maarten Van Steen (Chapters
More informationA SIMPLE INTRODUCTION TO TOR
A SIMPLE INTRODUCTION TO TOR The Onion Router Fabrizio d'amore May 2015 Tor 2 Privacy on Public Networks Internet is designed as a public network Wi-Fi access points, network routers see all traffic that
More informationCS 470 Spring Distributed Web and File Systems. Mike Lam, Professor. Content taken from the following:
CS 470 Spring 2018 Mike Lam, Professor Distributed Web and File Systems Content taken from the following: "Distributed Systems: Principles and Paradigms" by Andrew S. Tanenbaum and Maarten Van Steen (Chapters
More informationInternet Technology. 06. Exam 1 Review Paul Krzyzanowski. Rutgers University. Spring 2016
Internet Technology 06. Exam 1 Review Paul Krzyzanowski Rutgers University Spring 2016 March 2, 2016 2016 Paul Krzyzanowski 1 Question 1 Defend or contradict this statement: for maximum efficiency, at
More informationFUJITSU Software Systemwalker Software Configuration Manager Express. User's Guide. Windows/Linux
FUJITSU Software Systemwalker Software Configuration Manager Express User's Guide Windows/Linux B1X1-0320-02ENZ0(00) November 2015 Preface Purpose of This Document This document explains the overview,
More informationInternet Technology 3/2/2016
Question 1 Defend or contradict this statement: for maximum efficiency, at the expense of reliability, an application should bypass TCP or UDP and use IP directly for communication. Internet Technology
More informationCS November 2017
Distributed Systems 21. Delivery Networks () Paul Krzyzanowski Rutgers University Fall 2017 1 2 Motivation Serving web content from one location presents problems Scalability Reliability Performance Flash
More informationThe Internet is Broken: Idealistic Ideas for Building a NEWGNU Network. Christian Grothoff Bartlomiej Polot Carlo von Loesch. The GNUnet Project
The Internet is Broken: Idealistic Ideas for Building a NEWGNU Network Christian Grothoff Bartlomiej Polot Carlo von Loesch 1 Introduction The GNUnet Project The Internet is broken, by design. Recent revelations
More informationDistributed Systems. 21. Content Delivery Networks (CDN) Paul Krzyzanowski. Rutgers University. Fall 2018
Distributed Systems 21. Content Delivery Networks (CDN) Paul Krzyzanowski Rutgers University Fall 2018 1 2 Motivation Serving web content from one location presents problems Scalability Reliability Performance
More informationCS November 2018
Distributed Systems 21. Delivery Networks (CDN) Paul Krzyzanowski Rutgers University Fall 2018 1 2 Motivation Serving web content from one location presents problems Scalability Reliability Performance
More informationCA SiteMinder Web Services Security
CA SiteMinder Web Services Security Upgrade Guide 12.52 SP1 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation
More informationUniform Resource Locators (URL)
The World Wide Web Web Web site consists of simply of pages of text and images A web pages are render by a web browser Retrieving a webpage online: Client open a web browser on the local machine The web
More informationSIEMENS. Teamcenter 11.5 lifecycle visualization. Installation
SIEMENS Teamcenter 11.5 lifecycle visualization Installation 02022143 Contents Introduction......................................................... 1-1 System requirements..................................................
More informationTHE SECOND GENERATION ONION ROUTER. Roger Dingledine Nick Mathewson Paul Syverson. -Presented by Arindam Paul
THE SECOND GENERATION ONION ROUTER Roger Dingledine Nick Mathewson Paul Syverson 1 -Presented by Arindam Paul Menu Motivation: Why do we need Onion Routing? Introduction : What is TOR? Basic TOR Design
More informationThèse d habilitation à diriger des recherches Université de Rennes 1 Mention: Informatique. The GNUnet System. Christian Grothoff
1 Thèse d habilitation à diriger des recherches Université de Rennes 1 Mention: Informatique The GNUnet System Christian Grothoff Soutenue le 10 octobre 2017 devant le jury composé de Messieurs les Professeurs:
More informationFUJITSU Software Systemwalker Software Configuration Manager Express. User's Guide. Windows/Linux
FUJITSU Software Systemwalker Software Configuration Manager Express User's Guide Windows/Linux B1X1-0320-01ENZ0(00) August 2014 Preface Purpose of This Document This document explains the overview, setup
More informationAltair Engineering Support Contact Information
HyperWorks is a division of Altair altairhyperworks.com Altair Engineering Support Contact Information Web site www.altairhyperworks.com Location Telephone e-mail Australia 64.9.413.7981 anzsupport@altair.com
More informationSaarland University Faculty of Natural Sciences and Technology I Department of Computer Science. Masters Thesis
Saarland University Faculty of Natural Sciences and Technology I Department of Computer Science Masters Thesis Experimental Comparison of Byzantine Fault Tolerant Distributed Hash Tables submitted by Supriti
More informationLecture 33. Firewalls. Firewall Locations in the Network. Castle and Moat Analogy. Firewall Types. Firewall: Illustration. Security April 15, 2005
Firewalls Lecture 33 Security April 15, 2005 Idea: separate local network from the Internet Trusted hosts and networks Intranet Firewall DMZ Router Demilitarized Zone: publicly accessible servers and networks
More informationCA SiteMinder Web Services Security
CA SiteMinder Web Services Security Upgrade Guide 12.51 2nd Edition This Documentation, which includes embedded help systems and electronically distributed materials (hereinafter referred to as the Documentation
More informationCGM4141COX (XB6) v1.0. Open Source Report. This document aims to describe the Open Source Software which are embedded in product CGM4141COX (XB6)
CGM4141COX (XB6) v1.0 This document aims to describe the Open Source Software which are embedded in product CGM4141COX (XB6) Copyright 2018 Technicolor Group (Connected Home Division of Technicolor Group
More informationChoosing free software graphical libraries for embedded devices
Embedded Linux Conference Europe Choosing free software graphical libraries for embedded devices Thomas Petazzoni Free Electrons http://free electrons.com/ 1 About this document This document is released
More informationHP Instant Support Enterprise Edition (ISEE) Security overview
HP Instant Support Enterprise Edition (ISEE) Security overview Advanced Configuration A.03.50 Mike Brandon Interex 03 / 30, 2004 2003 Hewlett-Packard Development Company, L.P. The information contained
More informationDistributed Systems Final Exam
15-440 Distributed Systems Final Exam Name: Andrew: ID December 12, 2011 Please write your name and Andrew ID above before starting this exam. This exam has 14 pages, including this title page. Please
More informationBlockchain & Distributed Internet Infrastructure
Blockchain & Distributed Internet Infrastructure Dirk Kutscher NEC Laboratories Europe 1 Purpose of this Meeting Discuss blockchain-based and Distributed Internet Infrastructure concepts, state of the
More informationHow Alice and Bob meet if they don t like onions
How Alice and Bob meet if they don t like onions Survey of Network Anonymisation Techniques Erik Sy 34th Chaos Communication Congress, Leipzig Agenda 1. Introduction to Anonymity Networks Anonymity Strategies
More informationOperating Systems. 16. Networking. Paul Krzyzanowski. Rutgers University. Spring /6/ Paul Krzyzanowski
Operating Systems 16. Networking Paul Krzyzanowski Rutgers University Spring 2015 1 Local Area Network (LAN) LAN = communications network Small area (building, set of buildings) Same, sometimes shared,
More informationAPNIC s role in stability and security. Adam Gosling Senior Policy Specialist, APNIC 4th APT Cybersecurity Forum, 3-5 December 2013
APNIC s role in stability and security Adam Gosling Senior Policy Specialist, APNIC 4th APT Cybersecurity Forum, 3-5 December 2013 Overview Introducing APNIC Working with LEAs The APNIC Whois Database
More informationAnonymous communications: Crowds and Tor
Anonymous communications: Crowds and Tor Basic concepts What do we want to hide? sender anonymity attacker cannot determine who the sender of a particular message is receiver anonymity attacker cannot
More informationEnabling Hardware Accelerated Playback for Intel Atom /Intel US15W Platform and IEGD
White Paper Ishu Verma Software Technical Marketing Engineer Intel Corporation Enabling Hardware Accelerated Playback for Intel Atom /Intel US15W Platform and IEGD Case Study Using MPlayer on Moblin March,
More informationCIS 551 / TCOM 401 Computer and Network Security. Spring 2008 Lecture 23
CIS 551 / TCOM 401 Computer and Network Security Spring 2008 Lecture 23 Announcements Project 4 is Due Friday May 2nd at 11:59 PM Final exam: Friday, May 12th. Noon - 2:00pm DRLB A6 Today: Last details
More informationCS Paul Krzyzanowski
Computer Security 17. Tor & Anonymous Connectivity Anonymous Connectivity Paul Krzyzanowski Rutgers University Spring 2018 1 2 Anonymity on the Internet Often considered bad Only criminals need to hide
More informationPrivacy defense on the Internet. Csaba Kiraly
Advanced Networking Privacy defense on the Internet Csaba Kiraly 1 Topics Anonymity on the Internet Chaum Mix Mix network & Onion Routing Low-latency anonymous routing 2 Anonymity: Chaum mix David L. Chaum
More informationFoundations of Python
Foundations of Python Network Programming The comprehensive guide to building network applications with Python Second Edition Brandon Rhodes John Goerzen Apress Contents Contents at a Glance About the
More informationFUJITSU Software Systemwalker Software Configuration Manager Express. User's Guide. Windows/Linux
FUJITSU Software Systemwalker Software Configuration Manager Express User's Guide Windows/Linux B1X1-0320-03ENZ0(00) August 2016 Preface Purpose of This Document This document explains the overview, setup
More informationAdvanced Distributed Algorithms and Data Structures. Christian Scheideler Institut für Informatik Universität Paderborn
Advanced Distributed Algorithms and Data Structures Christian Scheideler Institut für Informatik Universität Paderborn Advanced Distributed Algorithms and Data Structures Lecture: Thu 2-4 pm, F2.211 Tutorial:
More informationOperating Systems. Week 13 Recitation: Exam 3 Preview Review of Exam 3, Spring Paul Krzyzanowski. Rutgers University.
Operating Systems Week 13 Recitation: Exam 3 Preview Review of Exam 3, Spring 2014 Paul Krzyzanowski Rutgers University Spring 2015 April 22, 2015 2015 Paul Krzyzanowski 1 Question 1 A weakness of using
More informationCS 416: Operating Systems Design April 22, 2015
Question 1 A weakness of using NAND flash memory for use as a file system is: (a) Stored data wears out over time, requiring periodic refreshing. Operating Systems Week 13 Recitation: Exam 3 Preview Review
More informationDistributed Systems Exam 1 Review Paul Krzyzanowski. Rutgers University. Fall 2016
Distributed Systems 2015 Exam 1 Review Paul Krzyzanowski Rutgers University Fall 2016 1 Question 1 Why did the use of reference counting for remote objects prove to be impractical? Explain. It s not fault
More informationRelease Notes. NCP Secure Enterprise Mac Client. 1. New Features and Enhancements. 2. Improvements / Problems Resolved. 3.
NCP Secure Enterprise Mac Client Service Release 2.05 Rev. 32317 Date: January 2017 Prerequisites Apple OS X Operating System: The following Apple OS X operating system versions are supported with this
More informationVersion: Last Update:
Red Hat Enterprise Linux Version 5 Security Target for CAPP, RBAC and LSPP Compliance Version: 1.12 Last Update: 2007 06 06 atsec is a trademark of atsec GmbH IBM, IBM logo, bladecenter, eserver, iseries,
More informationCisco 5921 Embedded Services Router
Data Sheet Cisco 5921 Embedded Services Router The Cisco 5921 Embedded Services Router (ESR) is a Cisco IOS software router. It is designed to operate on small, low-power, Linux-based platforms to extend
More informationXenApp 5 Security Standards and Deployment Scenarios
XenApp 5 Security Standards and Deployment Scenarios 2015-03-04 20:22:07 UTC 2015 Citrix Systems, Inc. All rights reserved. Terms of Use Trademarks Privacy Statement Contents XenApp 5 Security Standards
More informationConfiguring Virtual Servers
3 CHAPTER This section provides an overview of server load balancing and procedures for configuring virtual servers for load balancing on an ACE appliance. Note When you use the ACE CLI to configure named
More informationIPv6: An Introduction
Outline IPv6: An Introduction Dheeraj Sanghi Department of Computer Science and Engineering Indian Institute of Technology Kanpur dheeraj@iitk.ac.in http://www.cse.iitk.ac.in/users/dheeraj Problems with
More informationCCNx: Content Centric Networking
CCNx: Content Centric Networking Palo Alto Research Center (PARC) Akmal Khan Topics in Internet SNU CSE Spring 2011 2011-03-28 1/31 Agenda Project CCNx Package contents Supported platforms and development
More informationsurveillance & anonymity cs642 computer security adam everspaugh
surveillance & anonymity cs642 computer security adam everspaugh ace@cs.wisc.edu today Internet-wide scanning, zmap Massive surveillance, packet inspection Anonymous browsing, TOR TCP handshake Client
More informationFBI Tor Overview. Andrew Lewman January 17, 2012
FBI Tor Overview Andrew Lewman andrew@torproject.org January 17, 2012 Andrew Lewman andrew@torproject.org () FBI Tor Overview January 17, 2012 1 / 28 What are we talking about? Crash course on anonymous
More informationCisco 5921 Embedded Services Router
Data Sheet Cisco 5921 Embedded Services Router The Cisco 5921 Embedded Services Router (ESR) is a Cisco IOS software router application. It is designed to operate on small, low-power, Linux-based platforms
More informationSome Lessons Learned from Designing the Resource PKI
Some Lessons Learned from Designing the Resource PKI Geoff Huston Chief Scientist, APNIC May 2007 Address and Routing Security The basic security questions that need to be answered are: Is this a valid
More informationRelease Notes. NCP Secure Enterprise Mac Client. 1. New Features and Enhancements. 2. Improvements / Problems Resolved. 3.
NCP Secure Enterprise Mac Client Service Release 2.05 Build 14711 Date: December 2013 Prerequisites Apple OS X Operating System: The following Apple OS X operating system versions are supported with this
More informationQuestion No: 2 Which identifier is used to describe the application or process that submitted a log message?
Volume: 65 Questions Question No: 1 Which definition of a fork in Linux is true? A. daemon to execute scheduled commands B. parent directory name of a file pathname C. macros for manipulating CPU sets
More informationProtocols for Anonymous Communication
18734: Foundations of Privacy Protocols for Anonymous Communication Anupam Datta CMU Fall 2016 Privacy on Public Networks } Internet is designed as a public network } Machines on your LAN may see your
More informationSample excerpt. Virtual Private Networks. Contents
Contents Overview...................................................... 7-3.................................................... 7-5 Overview of...................................... 7-5 IPsec Headers...........................................
More informationTor: Online anonymity, privacy, and security.
Tor: Online anonymity, privacy, and security. Runa A. Sandvik runa@torproject.org 12 September 2011 Runa A. Sandvik runa@torproject.org () Tor: Online anonymity, privacy, and security. 12 September 2011
More informationITEC 350: Introduction To Computer Networking Midterm Exam #2 Key. Fall 2008
ITEC 350: Introduction To Computer Networking Midterm Exam #2 Key Closed book and closed notes. Fall 2008 No electronic devices allowed, e.g., calculator, laptop, PDA. Show your work. No work, no credit.
More informationHIP Host Identity Protocol. October 2007 Patrik Salmela Ericsson
HIP Host Identity Protocol October 2007 Patrik Salmela Ericsson Agenda What is the Host Identity Protocol (HIP) What does HIP try to solve HIP basics Architecture The HIP base exchange HIP basic features
More informationViewing System Status, page 404. Backing Up and Restoring a Configuration, page 416. Managing Certificates for Authentication, page 418
This chapter describes how to maintain the configuration and firmware, reboot or reset the security appliance, manage the security license and digital certificates, and configure other features to help
More informationTCP/IP Networking. Training Details. About Training. About Training. What You'll Learn. Training Time : 9 Hours. Capacity : 12
TCP/IP Networking Training Details Training Time : 9 Hours Capacity : 12 Prerequisites : There are no prerequisites for this course. About Training About Training TCP/IP is the globally accepted group
More informationICS 351: Networking Protocols
ICS 351: Networking Protocols IP packet forwarding application layer: DNS, HTTP transport layer: TCP and UDP network layer: IP, ICMP, ARP data-link layer: Ethernet, WiFi 1 Networking concepts each protocol
More informationSecure Name Resolution
Secure Name Resolution Christian Grothoff Berner Fachhochschule 10.11.2017 The Domain Name System is the Achilles heel of the Web. Tim Berners-Lee Background: Efficient Set Union (based on What s the difference?
More informationOverlay and P2P Networks. Introduction and unstructured networks. Prof. Sasu Tarkoma
Overlay and P2P Networks Introduction and unstructured networks Prof. Sasu Tarkoma 14.1.2013 Contents Overlay networks and intro to networking Unstructured networks Overlay Networks An overlay network
More informationIntroduction to Network. Topics
Introduction to Network Security Chapter 7 Transport Layer Protocols 1 TCP Layer Topics Responsible for reliable end-to-end transfer of application data. TCP vulnerabilities UDP UDP vulnerabilities DNS
More informationChapter 5.6 Network and Multiplayer
Chapter 5.6 Network and Multiplayer Multiplayer Modes: Event Timing Turn-Based Easy to implement Any connection type Real-Time Difficult to implement Latency sensitive 2 Multiplayer Modes: Shared I/O Input
More informationWashington State University CptS 455 Sample Final Exam (corrected 12/11/2011 to say open notes) A B C
Washington State University CptS 455 Sample Final Exam (corrected 12/11/2011 to say open notes) Your name: This exam consists 13 numbered problems on 6 pages printed front and back on 3 sheets. Please
More informationInformation Security CS 526
Information Security CS 526 Topic 14: Key Distribution & Agreement, Secure Communication Topic 14: Secure Communication 1 Readings for This Lecture On Wikipedia Needham-Schroeder protocol (only the symmetric
More informationLinux From Scratch. Version 7.7-systemd. Created by Gerard Beekmans Edited by Matthew Burgess and Armin K.
Linux From Scratch Version 7.7-systemd Created by Gerard Beekmans Edited by Matthew Burgess and Armin K. Linux From Scratch: Version 7.7-systemd by Created by Gerard Beekmans and Edited by Matthew Burgess
More informationCSE543 Computer and Network Security Module: Network Security
CSE543 Computer and Network Security Module: Network Security Professor Trent Jaeger CSE543 - Introduction to Computer and Network Security 1 2 Communication Security Want to establish a secure channel
More informationCRESCENDO GEORGE S. NOMIKOS. Advisor: Dr. George Xylomenos
CRESCENDO Implementation of Hierarchical Chord (Crescendo), according to Canon paradigm and evaluation, via simulation over realistic network topologies, of the Crescendo's advantages in comparison to
More informationJunos Security. Chapter 8: IPsec VPNs Juniper Networks, Inc. All rights reserved. Worldwide Education Services
Junos Security Chapter 8: IPsec VPNs 2012 Juniper Networks, Inc. All rights reserved. www.juniper.net Worldwide Education Services Chapter Objectives After successfully completing this chapter, you will
More informationCGA4131TCH. v1.0. Open Source Report. This document aims to describe the Open Source Software which are embedded in product CGA4131TCH
CGA4131TCH v1.0 This document aims to describe the Open Source Software which are embedded in product CGA4131TCH Copyright 2018 Technicolor Group (Connected Home Division of Technicolor Group Technicolor
More information