Knocking Down the Nest
This is a modal window.
The media could not be loaded, either because the server or network failed or because the format is not supported.
Formal Metadata
Title |
| |
Subtitle |
| |
Title of Series | ||
Number of Parts | 490 | |
Author | ||
License | CC Attribution 2.0 Belgium: You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor. | |
Identifiers | 10.5446/47311 (DOI) | |
Publisher | ||
Release Date | ||
Language |
Content Metadata
Subject Area | ||
Genre | ||
Abstract |
|
FOSDEM 2020394 / 490
4
7
9
10
14
15
16
25
26
29
31
33
34
35
37
40
41
42
43
45
46
47
50
51
52
53
54
58
60
64
65
66
67
70
71
72
74
75
76
77
78
82
83
84
86
89
90
93
94
95
96
98
100
101
105
106
109
110
116
118
123
124
130
135
137
141
142
144
146
151
154
157
159
164
166
167
169
172
174
178
182
184
185
186
187
189
190
191
192
193
194
195
200
202
203
204
205
206
207
208
211
212
214
218
222
225
228
230
232
233
235
236
240
242
244
249
250
251
253
254
258
261
262
266
267
268
271
273
274
275
278
280
281
282
283
284
285
286
288
289
290
291
293
295
296
297
298
301
302
303
305
306
307
310
311
315
317
318
319
328
333
350
353
354
356
359
360
361
370
372
373
374
375
379
380
381
383
385
386
387
388
391
393
394
395
397
398
399
401
409
410
411
414
420
421
422
423
424
425
427
429
430
434
438
439
444
449
450
454
457
458
459
460
461
464
465
466
468
469
470
471
472
480
484
486
487
489
490
00:00
Internet der DingePoint cloudZugriffskontrolleMassendatenControl flowInternet service providerPeer-to-peerUsabilityInternetworkingCartesian coordinate systemSoftwareCommunications protocolPhysical systemGateway (telecommunications)MicrocontrollerBitWireless LANMobile appCASE <Informatik>MathematicsServer (computing)Series (mathematics)Type theoryRoutingLocal ringAuthenticationGame controllerInternet der DingeComputer animation
04:12
System programmingType theoryAuthenticationProjective plane1 (number)Physical systemExtension (kinesiology)Dynamical systemIntegrated development environmentGraph coloringPersonal digital assistantComputer animation
06:42
Software frameworkInformation privacyComputer networkPeer-to-peerPhysical systemGoodness of fitInformation privacyComputer animation
07:16
InternetworkingTransport Layer SecurityScalabilityDistribution (mathematics)UDP <Protokoll>Dynamic Host Configuration ProtocolRoutingCore dumpBitEndliche ModelltheorieShift operatorInternetworkingLevel (video gaming)Programming paradigmComputer configurationProjective planePerspective (visual)Cartesian coordinate systemComputer animation
08:07
InternetworkingTransport Layer SecurityScalabilityDistribution (mathematics)UDP <Protokoll>Dynamic Host Configuration ProtocolRoutingCore dumpCartesian coordinate systemSchlüsselverteilungSoftware frameworkCore dumpAuthenticationSoftwareRoutingPublic-key cryptographyLevel (video gaming)Primitive (album)Computer animation
08:49
AbstractionLevel (video gaming)ScalabilityLevel (video gaming)AbstractionRouter (computing)Physical systemPeer-to-peerCodeProjective planeMicrocontrollerAxiom of choiceInformation securityFormal languageComputer animation
10:26
Endliche ModelltheorieCore dumpScalabilityEndliche ModelltheorieDistribution (mathematics)Group actionProjective planeInteractive televisionAuthorizationPoint (geometry)BitImplementationComputer animation
11:30
Component-based software engineeringEndliche ModelltheorieConnectivity (graph theory)Internet der DingeGame controllerType theoryCategory of beingInformationDistribution (mathematics)Right angleDatabaseComputer animation
12:59
Common Language InfrastructureRight angleDirect numerical simulationAliasingPublic-key cryptographyMereologyWeightDatabaseWrapper (data mining)Graph (mathematics)BitArithmetic progressionWeb 2.0Internet der DingeGame controllerService (economics)Common Language InfrastructureMessage passingGraph (mathematics)AuthenticationConnectivity (graph theory)Computer animation
15:58
Time domainServer (computing)Key (cryptography)Execution unitMenu (computing)UsabilityElectronic mailing listService (economics)Core dumpSystem administratorWeb 2.0Connectivity (graph theory)Server (computing)Operator (mathematics)Key (cryptography)Type theoryAuthorizationGraph coloringHash functionGoodness of fitDifferent (Kate Ryan album)Table (information)Computer animationProgram flowchart
17:59
Physical systemCommon Language InfrastructureArithmetic meanBasis <Mathematik>Local ringInformationPhysical systemAuthorizationRight angleLaptopState of matterComputer animation
18:39
Peer-to-peerUniform resource locatorMechanism designPhysical systemGroup actionEndliche ModelltheorieImplementationInheritance (object-oriented programming)Computer virusMultiplicationMedical imagingMereologyNormal (geometry)Information securityQR codeRoutingMicrocontrollerLink (knot theory)Connectivity (graph theory)Software testingSoftwareEncryptionComputer animation
22:50
Open sourcePoint cloudFacebook
Transcript: English(auto-generated)
00:05
Okay. Hello, everyone. I'm Devin. I've been a peer-to-peer insecurity researcher for the past five to six years. And I've also done a lot of DevOps and SysAmin work as my day job. So, this talk is about IoT,
00:28
this nice amazing name that everybody agrees on and likes, the Internet of Things, which describes a series of devices that are networked.
00:47
Oftentimes, they're sensors, but really, it's turning into the Internet of Things kind of encompasses anything that somebody can plug in to the network. So, what I see IoT actually as today are these devices that people are putting
01:06
in their houses. So, my father, for instance, has replaced almost all the light bulbs in his house with light bulbs that are LEDs and they have ESP microcontrollers on them that connect to his WLAN. And they expose an API,
01:22
which he can talk to to control his lights, change the colors, this type of thing. Though, even though they're connected to the local network, it's typically the way that you access and control these devices is through a cloud-based access. So, a third-party authentication system.
01:42
And this also allows for nice features like being able to control and access your devices from outside the house, which I can't think of too many use cases for controlling your light bulbs when you're not at the house. But things like cameras or maybe remotely unlocking your front door to let somebody in the house, that could be a useful thing. And what IoT, I think,
02:04
has become, even with all of these interesting features, is kind of an inefficient system, which obviously is designed in a way that makes data surveillance very palpable and useful for the third parties which are
02:22
controlling these systems, basically being gateways for these devices which are in our house. So, this is a...I see it as a data sovereignty problem, but it also has further social implications, which I'm going to get into a bit. First of all, it's a user experience problem in the sense that if
02:44
you want to access a device that's right next to you and you have to go through a third-party app on your phone, which goes to servers probably in California or who knows where, if there's anything in the route towards these servers or a problem with the servers themselves, then you're not going
03:01
to be able to turn on and off your lights or unlock your front door or something like this, which is kind of a terrible usability experience compared to non-IoT devices. We also have the kind of the more obvious one, lock-in. You end up in these scenarios where you have multiple devices that
03:24
span multiple generations and they're incompatible with each other and the applications in which to access them are completely incompatible due to vendor lock-in and as well as completely different protocols that they're running.
03:43
Yeah, there have been some interesting cases where you spend several hundred or thousands of dollars putting automation in your home and then the company goes under or they completely change their system for whatever reason and you have to either buy new stuff or best case scenario, at least upgrade all of your
04:04
software before you can use it again. So that's another terrible user experience, especially for the non-technically minded. And yeah, so the social implications are the...I think all the stuff that I was just mentioning is kind of obvious, you know, data surveillance,
04:23
surveillance capitalism driving this. These aren't good things. I think most people here probably agree with that. They're also pretty obvious and that's probably why a lot of people here opt not to have a Google assistant device in their house, that type of thing. But I think almost,
04:41
to me, a more serious problem are these subtle ethical implications on the social dynamics, which is that most people aren't even aware that they're not talking directly to these devices in their house or to the extent in which they're
05:02
controlled from third parties. And I think that creates like an environment where you have like an unwanted guest in your house and you don't even know that those are there. And then another aspect of that is people, because of the way that we design these systems to be cloud-based,
05:24
it doesn't allow for a very humanistic and social collaboration between people. Like if my father, for instance, with all the lights in his house, when I go to visit him, I can obviously use the switch to turn off and on the lights, but if I want it to dim or change the color of anything,
05:43
I can't do it. There's no way to add authentication to another person. It's not thinking about the social aspects. So it's not... I think anytime we're designing systems that people are using heavily, especially for people who are not technical users first, we need to think about how we're affecting them socially
06:04
and then how their social dynamics are going to affect the system designed back. So I'm working on this project to alleviate some of these concerns, and I think we can use peer-to-peer systems to do that. I think it's the best
06:22
way moving forward instead of... I really appreciate these projects like OpenHAB and some other ones where you're running a server inside of your house that controls all of these devices. And I think these are a few of those peer-to-peer key-based authenticated systems is the way to go forward.
06:44
So Martin did a good job, if anybody was in here for the previous talk about Gnunet, explaining that. I'm not going to go into it in nearly as much detail as he did. Decided to use this system because it highlighted
07:01
general purpose, because the privacy preserving and peer-to-peer networking, that's kind of implicit. There's a lot of systems that do this, but what I like about Gnunet is that it's very general purpose and it's modular, and you can pick and choose pieces. Here's something that Martin didn't have. He had kind of an OSI model on the left, and then where Gnunet matches in.
07:27
But this was created by Carlo von Linckx from the SecuShare and you broke the internet project. And this is a little bit of a different modeling. It's coming from more of a perspective of not an exact one-to-one, how we replaced the OSI model, but looking at more of a paradigm shift
07:44
on how we can think about designing applications in a different way. So you'll see that Gnunet, Cadet, and R5n are both options to replace BGP. And you have some things that go up the stack. They're low level on the Gnunet
08:00
side, but they actually end up matching up the stack on the traditional model. So what's useful, particularly for our project, is that Gnunet provides a low level framework for authentication. It has cryptographic primitives built
08:23
into the routing and core networking layers. So if you're building an application on top, you can kind of take that stuff for granted. So it becomes easier. You don't have to think about doing key exchanges yourself. Built into your routing, if you can route to another device,
08:42
then you can be sure that that device is the one that you're trying to access based off of the public key. Yeah, so some of the aspects about Gnunet that I think are important for this project are its portability, because obviously with IoT, we're going to be targeting embedded devices or even
09:02
microcontrollers. For this project, we're using OpenWrt. And the work of Daniel Golay, an OpenWrt maintainer, he ported Gnunet to OpenWrt. And you can run it even on commodity routers. It's a C code base.
09:23
It's very portable. It's modular, so you don't have to run everything. You don't have to run the more CPU-intensive peer-to-peer protocols. And nobody's ported it to a microcontroller yet, but it seems like it could be possible for something like the ESP32. Also, with the researchers on Gnunet,
09:42
they focus on scalability. And just as an aside, I think abstraction level is an important thing to look at when you're talking about peer-to-peer systems. Some of the most popular peer-to-peer systems right now are web-based, like Secure Scuttlebutt, DAT, IPFS, these things that probably a lot of people
10:04
have heard of. I think these are great projects. I have friends in all three of those projects and more. But they kind of start on a much higher abstraction level, in my opinion, partially in the language choice on a lot of these, but then also in what they're targeting. And I think for IoT, we have to keep the abstraction level low.
10:27
So then, in comes SecuShare, which Martin also mentioned in the previous talk. That's been a research group for some years in scalable social interaction models.
10:42
SecuShare.org, you can look into that more. There's been a little bit of implementation, but it's mostly been a lot of research and documentation. It actually started out as a meta-project, and then eventually, about five years ago, it kind of decided to focus on modeling on top
11:06
of Gnunet. So, it's kind of a general social interaction model based around the concepts of a social graph, a distributed pub-subsystem, and multicast distribution. And there's not really any implementation of this.
11:23
Like I said, it's mostly a research project at this point, at least. And, yeah, core point is no central authority in that design. So, with SecuShare Box, that's the name of the IoT project, as a sub-project of SecuShare, taking some of these research models and trying
11:41
to apply it to IoT, we kind of ended up with two components where one is the IoT device side, which runs Gnunet and a daemon, which listens to messaging through a pub-subsystem. So, it can create pub-subchannels,
12:02
which you can subscribe to, and then it sends messages, which could be sensor data or control messages, this type of thing, and vice versa. And then the second component is a command line. Right now, it's a command line interface for the people interacting with it,
12:22
but it's...sorry, interacting with these IoT devices. And the properties that are important that we found are making it offline first, which sounds kind of strange for IoT, but the idea that you can interact with your database of known devices and your latest information about these devices,
12:43
even if you're offline. You could even send control messages, like, I want to turn on this light at 6 p.m., but I'm offline right now. And then when you get online, it syncs via a pub-sub distribution system. And so, the CLI, it's called Boxon, kind of looks like this.
13:08
It's a work in progress right now, and some of the stuff is being refactored, so not all of these commands work as of right now if you were to clone the Git. But the concept here is that everything you're seeing is effectively local and kept
13:26
into a database modeled with social graphing. So, you're thinking about your relationships to the devices and the services on the devices. So, you see here at the top, you're listing your devices that you know about.
13:42
And these might not all be your devices. These could be devices of other people. And then you list your services on a specific device, which is called Toaster. And then you see here, web server, and then in the parentheses, it's web.toaster. So, I'm going to get into this a little bit further on the next slides,
14:02
but the concept is to have pet names that are hyper-local to you, which then are aliases for GNS names. So, the GNU name system, which is a part of GNU Net, which is a key-based distributed naming system.
14:22
So, we can have human-readable names without DNS that are directly correlated with the public keys of devices. So, you have kind of like an X.509 authentication built into that system as well. And then a big component of it is at the
14:43
bottom, is this idea of giving access control to other people, because that's one thing that I really saw missing, not from all IoT implementations, but I think it really should be a core aspect. And this CLI ends up just being kind of a wrapper to the existing GNU Net modules, in the sense that your friend,
15:07
Alice, is represented by a cryptographic key, which we call an ego in GNU Net.
15:20
And you're saying, I'm going to allow access via this public key to this device, which is also represented by a public key. And what happens there is you push out a message containing Alice's public key to the kitchen light bulb device. And since you're already authenticated with it, it accepts that as saying,
15:43
okay, this is a public key. I'm going to now allow access to this service control panel. And then when Alice tries to connect, it kind of works automagically. So, here's a little bit of a graph to go a bit further into it.
16:02
It looks pretty complicated, because it kind of is. But if you start down here in the left corner with user ID 2, they're friends with user ID 0. And all entities on here, the lighter gray color, are represented by keys.
16:24
The darker grayish beige color is the relationship between the entities. So, user 2 is friends with user 0, and vice versa, user 0 is friends with user 2. If you look over in the kind of the middle top left,
16:44
you have a device called toaster, represented by a public key ego. And the relationship between user 0 and the device is that they have access to the administration and they are the owner. And because of this,
17:01
they can provide authorization to other entities. And there are some entities that know about devices, but they don't have authorization, this type of thing. So, it ends up kind of being like a distributed key value store. GNS uses a distributed hash table. And so, we're really just bootstrapping on top of all of that stuff. And what's interesting is what I
17:22
found after designing some of this and implementing it, is that really none of this is super particular to IoT. It's definitely useful for that and you have to think about some of the resource implications. But this is also a really good sysadmin tool, and that's what I've been using it for a lot. So, I have like a list of my servers that I connect to for like web servers,
17:42
different things, and I've added them as devices and they have different services. And then I can connect to them and send operations to them. And then you don't even need things like SSH necessarily. Yeah, so some core components are that
18:03
it keeps the state local with meaning of your information about devices, services, who owns what, who your friends are, what authorization they have. That all remains local and it pushes it out opportunistically to the devices that need to know. So, it's a need-to-know basis system. And some future
18:25
advancements on that would be syncing between your devices. So, let's say you have a laptop and a phone. Right now, there's no concept of syncing the state between them, but that would be something I'd like to implement. And as a key-based system, I think I've already covered that.
18:42
That's about it. You can look more into it on the website, but QR code goes to the top URL. And yeah, so there we have it.
19:05
Do you allow for multiple ownership of devices? Like, some things are inherently shared, but not like a one-to-one. Because there's a risk with things like this that you end up doing the thing you said at the beginning, you end up coding new social norms into this world. So, are you thinking about those at all? Yes. Yes, there are scenarios where there is dual ownership, and I think that
19:24
that's a reasonable thing to model socially. And yeah, so I am thinking about implications like this. And one, for example, maybe this kind of answers it. Like, one thing that I'm specifically avoiding is a trustless system. Because I know that some projects, peer-to-peer projects,
19:42
are trying to create systems that are completely trustless. And I don't think that that models very well, and I don't think that's how humans interact. So, you can have a...with this scenario, you could have a device that's owned by two people, and one person kicks the other person off, even if it's in their own home. Of course, you could then unplug the device or something
20:00
like this. But I think that becomes a social matter, and we don't need to solve that in the technology. Hi. Where? Thanks for your presentation. When using Gnunet on IoT devices like sensors and such, which are quite low power, have you looked into the implications
20:24
for performance and whether those little devices can run Gnunet? Yes. So, like I said, I would love to see Gnunet ported to...tried to be... At least, see if we could port it to a microcontroller. On OpenWRT is where we've done the most testing. There are some components
20:46
that you can run with Gnunet, like network size estimation, which is useful for having, like, very random routes to, like, avoid censorship and stuff like this. But they're very resource intensive. So, we disabled those things in the images that we have produced,
21:02
like the OpenWRT images that we have produced. And what we've seen is that just running Gnunet for link layer encryption and the GNS system with DHT, that's reasonable for systems the size of commodity routers, it seems. We haven't done extensive testing. And then definitely things like
21:21
Raspberry Pi, is there anything in that area? It seems like it's totally fine. It's not super resource intensive. Yeah. Hi. Thanks for your talk. I can't hear you. Hello. Ah, okay. Hey. Thanks for your talk. Just to clarify, the publish-subscribe that you talked about, that is part of...
21:43
Sorry, it's still too hard. Can you just speak up a little? Okay. The publish-subscribe that you mentioned, that is part of secure share, not a Gnunet subsystem part. Is it... Are you asking if it's a part of Gnunet already? Okay. Yeah, the publish-subscribe system is not a part of Gnunet,
22:01
and it's not even fully implemented in our system yet. So, yeah, I don't know if I was totally clear about that. Everything that I talked about is not fully implemented yet, basically just the base stuff, and we don't have a publish-subscribe messaging mechanism. I'm working with a group called P2P Colab. You can see them at p2pcolab.net.
22:21
I forgot to put their URL up here. TG is actually giving a talk about that, I think, next. And he's implemented, and some other researchers have implemented, a distributed privacy-preserving pubsub implementation called Poldercast, which I'm hoping to plug into this, yeah.
22:41
Any further questions? Then thank you for your talk. Thank you. Thanks, everyone.