You are here

Video: Data Protection Day: "After Snowden: using law and technology to counter snooping"

On the occasion of Data Protection Day, Pieter Omtzigt invited Jacob Appelbaum, Douwe Korff and Christian Grothoff to testify on "using law and technology to counter snooping" at the Counsil of Europe (CoE). Peter Omtzigt is rapporteur for a report on "Massive eavesdropping in Europe".

Read more Friday, January 31, 2014 - 11:31 Christian Grothoff

Video: 30c3 talk on "The GNU Name System"

Here is the video of my talk (with help from Florian Dold) at 30c3 on "The GNU Name System". Sadly, the "Secure Name Systems" panel at the same venue was not recorded.

Read more Thursday, January 2, 2014 - 12:45 Christian Grothoff

Typo-Protected Public Keys

When users type in public keys (such as the 53-characters of a GNS zone), they might make typos. The usual way to fix typos is to add a checksum, further increasing the length of the sequence that has to be typed in.

We can fix this by including the checksum of the public key in the public key itself, simply by trying new private keys until the corresponding public key happens to have a checksum (over the other bits) in the bits designated for the checksum. If a checksum is 16 bits, we would only need to try 216 keys. The basic idea of brute-forcing keys to match a particular pattern was proposed before for creating "vanity" public keys, but this might be another practical variant.

Acknowledgements

The idea popped up in a discussion on the need for short public keys for GNS with Dan Bernstein and Tanja Lange at 30c3.

Read more Saturday, December 28, 2013 - 12:38 Christian Grothoff

Join GNS Key Exchange Party at 30C3 Hamburg

The GNU Name System (aka GNS) is a fully decentralized, censorship resistant naming system based on the idea of a pet name system not relying on centralized organizations. Every user manages his own namespace. To access names and records of other user's you have to exchange some specific information which can be done in a convinient way using a business card with a QR code containing your GNS information.

The Key Exchange Party

A congress like the 30C3 is the ideal place to exchange these information with your buddies in person. Therefore we provide you with all requirements for a convienent start using GNS.

After you installed and configured GNS with the records for your services, you can create your own business cards containing your personal information (or at least as much as you intend to give to other people) and even get a hard copy to exchange it with other persons! Other users can use your business card to automatically add your GNS records by just scanning the QR record on the business card using a standard webcam.

How to Participate ..

So basically you can meet the GNS developers at 30C3 at the HACAS assembly (https://events.ccc.de/congress/2013/wiki/Assembly:HACAS) and the YBTI Workshop (https://events.ccc.de/congress/2013/wiki/Assembly:Youbroketheinternet) ... You are cordially invited to join and come over for a discussion or a chat...
So the basic required steps are:

  • Install GNUnet and GNS
  • Setup your names and records
  • Create your business cards
  • Get a print out at Wau Holland Foundation, 30C3
  • Give them to other people
  • Add other people's information to your namespace

Installing GNUnet and GNS

GNS is contained in the GNUnet P2P framework. So the first required step is to install GNUnet in the latest stable version 0.10.0.

The required steps are explained here:
https://gnunet.org/generic-installation

Please be aware that only the latest stable will work, older version are not compatible! (No hoax: 0.9.5a will not work!)

To use GNS, you will also have to setup your installation for GNS, so you should follow the following steps:
https://gnunet.org/gns-namestore-editing

Setup your names and records (optional)

If you are hosting any services you want to make accessible for other users, you should setup the respective records in your zone. The most convenient way is to use the gnunet-namestore-gtk tool, a GUI to manage your namespace. If you prefer to use the command line tool to manage your records, check the link in the last section about setting up GNS.

Create your business cards and give them to other people

Now you are ready to exchange your information with your buddies.
The most convenient way is to create a set of business cards containing your information. We provide the GNUnet business card manager to create these business cards. To use the GNUnet business card manager, you need to have texlive-full on your system!

Just run gnunet-bcd and open the website http://localhost:8888

For your GNS information you need to extract the public key of your GNS namespace by running. You can copy it from the gnunet-namestore-gtk GUI or by running:

$ gnunet-identity -d $options | grep master-zone | awk '{print $3}'

For example, the output might be something like
DC3SEECJORPHQNVRH965A6N74B1M37S721IG4RBQ15PJLLPJKUE0.

The nickname field should be the proposed name other users would use to add your information to their namespace. This name is just a proposal and every can modifiy this name using the gnunet-namestore-gtk GUI.

After pressing the submit button, you can download a PDF containing your business cards with QR information. You can now give this business cards to your friends and colleagues...

Add other people's information to your namespace

When you received a business card with a GNS QR card you can easily add the GNS information by just scanning the code using the gnunet-qr tool. if your computer has a webcam you should see a window containing the video stream. Hold the card in front of the webcam and the code should be automatically recognized. You should see a message like:

Added URI gnunet://gns/Q821UVI8H4HD9TE8LID7QOB6P27SNJHPA3JM913B7IDSTJP9BLUG/docmalloc

If your computer does not have a webcam you can also import the link using

gnunet-uri gnunet://gns/Q821UVI8H4HD9TE8LID7QOB6P27SNJHPA3JM913B7IDSTJP9BLUG/docmalloc

You can double check the result in the gnunet-namestore-gtk tool. Now you are abled to resolve the user's names

How to Use it

One thing you can use GNS for, besides having name to IP address mappings, is to publish your GnuPG key to make it resolvable by your buddies.

To create a record for your GnuPG key, you just have to create a new CERT record containing your GnuPG key:
$ gnunet-namestore -t CERT -n "+" ...

Other users now can resolve your GnuPG key using
$ gnunet-gns -t CERT buddy.gnu

Read more Wednesday, December 25, 2013 - 11:25 Matthias Wachs

GNUnet at the 30th Chaos Communication Congress (30c3)

We're happy to participate in various ways at this year's 30c3:

You should be able to find at least seven GNUnet developers at the conference. Our base will be at the YBTI assembly.

Read more Tuesday, December 24, 2013 - 15:14 Christian Grothoff

Knock: Practical and Secure Stealthy Servers

Knock is a kernel patch that implements a new NAT-compatible TCP option for stealthy port knocking with a few new twists for improved security which is referred to as TCP Stealth.

Background

Today, port scanners can scan all IPv4 addresses in less than one hour. Port knocking is a method for making TCP servers less visible on the Internet. The basic idea is to make a TCP server not respond (positively) to a TCP SYN request unless a particular "knock" packet has been sent first. This can be helpful for security, as an attacker that cannot establish a TCP connection also cannot really attack the TCP server. There are a bunch of existing user-space tools, such as Knock Knock and knockd. Most of these implementations send some other traffic (such as a UDP packet) to the target host to have it (briefly) open the server port. A particularly noteworthy recent idea in this domain is the SilentKnock, which adds the idea of integrating the knock secret in the initial TCP SYN packet in the SQN field, which is a technique borrowed from network steganography.

Features of Knock

  • Knocking is stealthy: as in SilentKnock, the secret to open the port is part of the TCP SYN packet's SQN, so there is not a single extra packet on the wire (one Knock instead of KnockKnock). Thus, using Knock is indistinguishable on the network from a standard TCP handshake. Furthermore, as there is only one packet, there is no window of opportunity for an attacker to use, as would be the case if a first packet enables the server.
  • Knocking is done in the Linux kernel. Applications can activate Knock with a single additional setsockopt call (in both client and server). Thus, once Linux has been patched, deployment will be much simpler compared to other implementations. Also, as Knock operates in the Kernel, timing attacks should be much harder to do.
  • Our Knock optionally does not merely enable opening the connection, but also can be used to protect the first N bytes of the TCP payload. Thus, given a sane protocol being run above TCP (one begins with a key exchange), an active attacker cannot simply take over the TCP connection after the handshake without also being locked into sending the same TCP payload. Thus, if the client begins by sending his public key and then continues to send data that must be authenticated with that key, even an active man-in-the-middle adversary cannot hijack the connection.
  • Knock is designed to work with clients behind NAT. Only NAT implementations that change the SQN or the optional TCP timestamp are not supported. Note that Linux can perform SQN rewrites in netfilter. Furthermore, as David Miller writes, Linux does this for load balancing (DNAT) and SIP/FTP tracking. However, for most protocols and configurations we still believe SQN rewrites should be rare according to our measurements. After all, the fact that a NAT implementation can do it does not necessarily mean that it is configured to do so. Still, we have no hard data on this, except that it worked fine with the NAT implementations we tested. Note that SilentKnock, a previous implementation of single-packet port knocking, does not work with any kind of NAT.
  • The main disadvantage is that the SQN only has 32 bits, so a brute-force attack can succeed against Knock. However, an attack involving (on average) billions of packets is at least more likely to be noticed. Not to mention that the adversary would still need to know about the existence of the stealthy TCP server in the first place.
  • Knock is free software and provided as a simple Kernel modification (which should be easy to audit)

Further reading

Julian Kirsch's Master Thesis with the full details on TCP Stealth can be found here. The the Kernel patch (against Linux 3.16 and 3.18), libknockify and toy example programs are attached to this page.

Support by userspace applications

We provide patches for several applications to make use of the functionality introduced by the kernel patch.

General notice concerning all user space applications

In order to activate Knock's user space functionality in our programs, you have to make sure that the following four preprocessor constants are defined:

TCP_STEALTH
TCP_STEALTH_INTEGRITY
TCP_STEALTH_INTEGRITY_LEN
TCP_STEALTH_SECRET_SIZE

There are several possibilities: Either your libc implementation exports the constants in <netinet/tcp.h> (none do at the time of writing). Alternatively, you can use the headers_install target of your patched linux kernel source to install the kernel headers which export the constants to user space. In this case, <linux/tcp.h> is the file that needs to be included in the source. As a third way, grep for the names of the four constants in the respective patch you applied to your kernel and define them manually. (Be warned that the values of the constants differ not only across operating systems, but also as linux kernel versions grow.)

OpenSSH

In the download section, a patch can be found which enables OpenSSH 6.7p1 (and very likely other versions) to use the authentication mechanism of Knock. Several steps need to be taken to customize OpenSSH (assuming the running kernel already was patched with the Knock patches):

  • Download the OpenSSH source from the project website and get the OpenSSH patch from the download list below.
  • Unpack OpenSSH, cd into the resulting directory and patch the code:
    openssh-6.7p1 $ patch -p1 < path/to/the/downloaded/openssh/openssh-knock-patch.diff
    
  • Make sure that the four TCP Stealth constants are defined (see above) and configure the source of OpenSSH.
    openssh-6.7p1 $ ./configure
    
  • That's it! Compile OpenSSH by simply typing make into your prompt.

To specify a secret on both sides use the newly introduced SSH configuration option

TCPStealthSecret

or (not recommended) the -z command line argument. The patch also extends the man pages of ssh, ssh_config, sshd and sshd_config which give more information. Notice: Due to the limitations of the SSH protocol TCP Stealth can not offer integrity protection of for example the exchanged key material used by OpenSSH. As only authentication is used it is especially critical that TCP timestamps are activated to provide effective protection against port scanners.

Systemd

A patch for systemd can be found in the download section which enables Knock's authentication and integrity protection for applications using systemd for their socket I/O. Several steps need to be taken to customize systemd (assuming the running kernel already was patched with the Knock patches):

  • When configuring systemd, make sure you pass in the --enable-tcp-stealth flag by supplying it as a command line argument to the ./configure command.
  • Make sure that the four TCP Stealth constants are defined in your system (see above) and type make to build systemd.

In order to enable the functionality at runtime, the new configuration options TCPStealthSecret and TCPStealthIntegrityLen are available for use in .socket unit files. TCPStealthSecret specifies the TCP Stealth secret whereas TCPStealthIntegrityLen is an unsigned integer indicating the number of bytes that should be integrity protected (0 means disabled).

Future plans

In the future, we plan to integrate Knock with GNUnet to enable running peers in "stealth" mode, which would be useful for users that do not want to make it obvious that they are operating a GNUnet peer at a particular IP address. We hope to convince the kernel community to adopt this patch. Once this happens, we hope that projects that care about privacy and security (for example, Tor and OpenSSH) will add support for this option.

Acknowledgements

Knock was designed and implemented by Julian Kirsch, Maurice Leclaire and Christian Grothoff. We thank Jacob Appelbaum for constructive discussions on an earlier version of the design.

Read more Tuesday, December 10, 2013 - 18:12 kirschju

Developer Documentation of the Week: The GNU Name System

I've just finished an update of the developer handbook chapter on the GNU Name System (GNS). GNS is used as the public key infrastructure (PKI) for GNUnet (and hopefully other applications). GNS names are structured like DNS names and GNS can be used as an alternative to DNS, as common record types from DNS are supported in DNS.

While applications can access GNS using DNS, using the libgnunetdns API or the GNS access protocol gives access to GNS-specific record types and allows applications to specify the user's master zone explicitly. The handbook now also explains how to define new GNS record types.

Read more Sunday, December 8, 2013 - 20:13 Christian Grothoff

Pages

Subscribe to Front page feed