File Sharing Without Consequences

Similar documents
Bit Chat: A Peer-to-Peer Instant Messenger

The Challenges of Stopping Illegal Peer-to-Peer File Sharing

Chapter 7 Transport-Level Security

Network Security Essentials Chapter 5

Communication Security for Applications

Security Protocols HTTPS/ DNSSEC TLS. Internet (IPSEC) Network (802.1x) Application (HTTP,DNS) Transport (TCP/UDP) Transport (TCP/UDP) Internet (IP)

Secure Sockets Layer

Internet Privacy Options

Secure Socket Layer/ Transport Layer Security (SSL/TLS)

Cornerstones of Security

Why SSL is better than IPsec for Fully Transparent Mobile Network Access

Tel: Toll-Free: Fax: Oct Website: CAIL Security Facility

SOOKASA WHITEPAPER SECURITY SOOKASA.COM

Network Security Fundamentals

Torrage: A Secure BitTorrent based Peer-to-Peer Distributed Storage System

Real-Time Communication Security: SSL/TLS. Guevara Noubir CSU610

APNIC elearning: Network Security Fundamentals. 20 March :30 pm Brisbane Time (GMT+10)

TLS/SSL in distributed systems. Eugen Babinciuc

B6: GET /started/with/ HTTP Analysis

Implementing 2-Legged OAuth in Javascript (and CloudTest)

Using Foundstone CookieDigger to Analyze Web Session Management

Transport Layer Security Protocols

BUY ONLINE AT:

Chapter 10. Network Security

Cryptography and network security CNET4523

CS 665: Computer System Security. Network Security. Usage environment. Sources of vulnerabilities. Information Assurance Module

Three short case studies

T Cryptography and Data Security

Network Security. Vorlesung Kommunikation und Netze SS 10 E. Nett

Layered protocol (service) architecture

CSCI 362 Computer and Network Security

Connected from everywhere. Cryptelo completely protects your data. Data transmitted to the server. Data sharing (both files and directory structure)

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

CS5008: Internet Computing

Contents. Part 1 SSH Basics 1. Acknowledgments About the Author Introduction

INF3510 Information Security University of Oslo Spring Lecture 9 Communication Security. Audun Jøsang

Spirent Abacus. SIP over TLS Test 编 号 版 本 修 改 时 间 说 明

Network Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide

Sync Security and Privacy Brief

Network Access Security. Lesson 10

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

SENSE Security overview 2014

Transport Level Security

Firewalls. Outlines: By: Arash Habibi Lashkari July Network Security 06

About Network Data Collector

Understanding TCP/IP. Introduction. What is an Architectural Model? APPENDIX

I2P - The Invisible Internet Project

From Centralization to Distribution: A Comparison of File Sharing Protocols

CS 3251: Computer Networking 1 Security Protocols I

Web Security (SSL) Tecniche di Sicurezza dei Sistemi 1

Frequently Asked Questions

Answer: Can be used on smart phones/ipad/tablets OR can be used anywhere that has an internet connection. Do not mention anything to do with cost

Beyond files forensic OWADE cloud based forensic

Secure Socket Layer. Carlo U. Nicola, SGI FHNW With extracts from publications of : William Stallings.

SIF 3: A NEW BEGINNING

Resilient Botnet Command and Control with Tor

Usable Crypto: Introducing minilock. Nadim Kobeissi HOPE X, NYC, 2014

How to Send Stealth Text From Your Cell Phone

OS/390 Firewall Technology Overview

Deploying iphone and ipad Security Overview

Virtual Private Networks

Overview of CSS SSL. SSL Cryptography Overview CHAPTER

Chapter 5. Data Communication And Internet Technology

FileCloud Security FAQ

Is Your SSL Website and Mobile App Really Secure?

ERserver. iseries. Secure Sockets Layer (SSL)

Security Overview Introduction Application Firewall Compatibility

Secure Sockets Layer (SSL ) / Transport Layer Security (TLS) Network Security Products S31213

Network Security - Secure upper layer protocols - Background. Security. Question from last lecture: What s a birthday attack? Dr.

How To Pass The Information And Network Security Certificate

Virtual Private Network Using Peer-to-Peer Techniques

Securing Distribution Automation

Internet Security. Internet Security Voice over IP. Introduction. ETSF10 Internet Protocols ETSF10 Internet Protocols 2011

Security vulnerabilities in the Internet and possible solutions

The Power Loader GUI

Quickstream Connectivity Options

Web Security Considerations

The Role and uses of Peer-to-Peer in file-sharing. Computer Communication & Distributed Systems EDA 390

Apigee Gateway Specifications

How To Secure Your Data Center From Hackers

Fundamentals of the Internet 2009/ Explain meaning the following networking terminologies:

Sophos UTM. Remote Access via SSL. Configuring UTM and Client

WebRTC: Why You Should Care and How Avaya Can Help You. Joel Ezell Lead Architect, Collaboration Environment R&D

, ) I Transport Layer Security

Computer System Management: Hosting Servers, Miscellaneous

EXAM questions for the course TTM Information Security May Part 1

Chapter 17. Transport-Level Security

Question: 3 When using Application Intelligence, Server Time may be defined as.

Easily Connect, Control, Manage, and Monitor All of Your Devices with Nivis Cloud NOC

RELEASE NOTES. Table of Contents. Scope of the Document. [Latest Official] ADYTON Release corrections. ADYTON Release 2.12.

Outline. INF3510 Information Security. Lecture 10: Communications Security. Communication Security Analogy. Network Security Concepts

Security Engineering Part III Network Security. Security Protocols (I): SSL/TLS

COSC 472 Network Security

Transcription:

File Sharing Without Consequences Eijah v1.02 May 16 th, 2015

Who Am I? Eijah Voodoo Vision AA856A1BA814AB99FFDEBA6AEFBE1C04 demonsaw 3

The State of File Sharing "Know thy self, know thy enemy. A thousand battles, a thousand victories. Sun Tzu, general and author of The Art of War 4

A History of File Sharing Internet founded on core principles of file sharing Endpoint connectivity Message/data exchange Abstract underlying protocols (TCP/IP Stack) Protocols FTP, HTTP NTFS, Samba, NFS, DLNA, TOR Applications IRC, IM, Rsync, Chromecast, XBMC (Kodi) Cloud Computing, Dropbox, Streaming Services, YouTube, Usenet, Mega, RapidShare, Pastebin, Demonsaw, Napster, BitTorrent, UV 5

File Sharing Under Siege Technology enables people to do amazing things Standard model for doing business has changed It s human nature to fear what we do not understand Over time companies become afraid Fear leads to panic, misjudgment, and mistakes The file sharing wars We ve suffered many casualties Napster, Aaron Swartz, Julian Assange Rapidshare, Grooveshark, Mega(share), Demonoid TPB, torrent trackers Led by MPAA, RIAA, and other evil groups :) 6

A Difficult Journey Secure data/message exchange More important now than ever before Illegal eavesdropping programs Governments are denouncing encryption The ignorance of cryptography The voice of the people One of the few remaining technologies that doesn't require a middle-man Corporation-free and threatening to their business models Fair Use is pro-privacy Technology will set us free The file sharing singularity 7

The Insecurity of Security Encryption is the defense against the dark arts. Edward Snowden 8

The Modern Internet Four States Trust Convenience Control Change The Truth What they don t want us to know Convenience doesn t require trust No need to give up control There s a safer way Convenience Why is it so difficult to make file sharing secure? Trust Change Control 9

The Problem with Security Security is like water We need it to survive It should be free Governments regulate it Companies bottle it up and sell it back to us at a premium We can do better ourselves for free Standard models of security require trust Trust is for those who cannot self regulate Trust is not an option for file sharing Standard methods of security are complex Asymmetric crypto is unnecessary Revocation lists are tedious to maintain 10

The Problem with File Sharing Historically insecure No need for security Hosted sites means we rely on 3rd parties Direct P2P means our identity is revealed Neither are good Founded on antiquated and dated technology Historically insecure because design/architecture trade offs For security to work, it cannot be a feature. It must be core. Not much has changed in 10+ years Evolution or Complacency? Inadequacy Breeds Innovation VPN s, proxies, Darknet, PeerBlock, Tor 11

The Solution How do we make file sharing secure? We need Secure message/data exchange Anonymity without trust Access to private/public content Leverage our personal Internet access Scalability and customization No P2P, no centralization We need to reinvent file sharing A modern approach for a modern generation The future of file sharing 12

demonsaw 1.5 Sometimes it takes a revolutionary idea to start a revolution. I believe that information should be free. I believe in the Right to Share. 13

Overview Secure, Anonymous, Free, Everywhere Designed to protect our identity and hide our actions Terminology Client Router Server (deprecated in v1.5) Versions 1.12 1.5 2.0 (DefCon 23) 14

Demo v1.50 v1.12 v1.50 15

File Sharing Networks Client-Server P2P demonsaw C 0 C 5 C 0 C 5 C 0 C 3 C 1 S 1 C 4 C 1 C 4 R 0 R 1 R 2 C 2 C 3 C 2 C 3 C 1 C 2 16

Architecture Tenants of Secure File Sharing Authoritative Source Stateless Authentication Layered & Modular Security Distributed Endpoints Standard Protocols Protocols HTTP, JSON, XML Application messages 2 required 11 optional 17

Architecture Tenants of Secure File Sharing Authoritative Source Stateless Authentication Layered & Modular Security Distributed Endpoints Standard Protocols Protocols HTTP, JSON, XML Application messages 2 required 11 optional C 0 0x0FF C 2 C 1 0xEFF 18

Architecture Tenants of Secure File Sharing Authoritative Source Stateless Authentication Layered & Modular Security Distributed Endpoints Standard Protocols Protocols HTTP, JSON, XML Application messages 2 required 11 optional C 0 R 0 R 1 1 2 3 4 5 6 1 2 3 4 5 6 1 2 3 4 5 6 1 2 3 4 5 6 C 1 19

Architecture Tenants of Secure File Sharing Authoritative Source Stateless Authentication Layered & Modular Security Distributed Endpoints Standard Protocols Protocols HTTP, JSON, XML Application messages 2 required 11 optional HTTP XML TCP/IP JSON 20

Architecture Tenants of Secure File Sharing Authoritative Source Stateless Authentication Layered & Modular Security Distributed Endpoints Standard Protocols Protocols HTTP, JSON, XML Application messages 2 required 11 optional HTTP XML TCP/IP JSON 21

Architecture Tenants of Secure File Sharing Authoritative Source Stateless Authentication Layered & Modular Security Distributed Endpoints Standard Protocols Protocols HTTP, JSON, XML Application messages 2 required 11 optional 22

Basic Messages Handshake Everything starts with a handshake Diffie-Hellman shared key Session Id Join Group clients Encrypted token Tunnel Socket connection Real-time callback mechanism Quit Ungroup clients C 0 R 0 C 3 C 1 C 2 23

Advanced Messages Search Keywords, filters Group, Browse File/Folder hierarchy navigation Transfer Request file(s) Download, Upload Send/receive raw data Ping, Info Keep alive, router info Chat New in v2.0 C 2 C 0 R 1 R 0 R 2 C 3 C 1 24

Network 0xEFF 0x0FF C 0 C 1 C 6 C 7 R 2 R 9 Session Propagation R 6 R 3 R 0 R 1 R 7 R 4 R 8 R 5 C 2 C 3 C 4 C 5 0xEFF 25

Security Algorithms AES Diffie-Hellman (key derivation) SHA-384 PBKDF 1/2 Multiple layers of encryption Passphrase Key (c2r, r2r) Session Key (c2r, r2r) Group Key (c2c) Transfer Key (c2r) Social Encryption New security model 26

Content Isolation HTTP Session Method ( POST ) Version ( HTTP/1.1 ) Resource ( / ) Header Parameters Message Security Passphrase/Session Key JSON Header Message Data JSON Header Version Nonce Session JSON Message Id Type Action Delay JSON Data Encrypted Blob (Group Key) Security Group Key JSON Objects Raw Data e.g. Search Keyword Filter(s) Data e.g. Transfer Request Id Size Chunk 27

Search Request 28

Search Response 29

demonsaw 2.0 Throughout the course of history technology has been the deciding factor between survival and extinction. Technology will save file sharing too. 30

Version 2.0 Everywhere Windows, Linux, OSX, Raspberry Pi, Android GUI, command-line, web server Faster 100% C++11 re-write Stream-lined API Compression Increased Security New crypto algorithms User-defined file/folder HMAC salts Choice of algorithms, key sizes 31

Version 2.0 New Features Streaming Session Propagation Auto-sync files/folders Instantaneous downloads, multi-threaded transfers Chat Simplification Single interface (client & router co-exist) No more servers Social Encryption The art of hiding our secrets within the fabric of social interaction Leverage the entropy of the Internet to secure our transmissions 32

Summary Digital Self Expression is the process of exercising of our Right to Share. It's evidence of freedom in the Modern Age. 33

Next Steps The best is yet to come I need your continued support Suggestions, bug fixes, beta testing One person can make a difference Email, Twitter demonsaw 2.0 DefCon 23 34

Thank you www.demonsaw.com eijah@demonsaw.com @demon_saw Eijah 35

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information