Posts on tag: networking

Materail needed: Paper (I suggest  photo paper which is thicker), scissors. Build instructions: trim the paper and fold it appropreately. Done. Now you can plase the token on your desk an read the numbers without taking your hands off the keyboard. Relief!

2017-05-13 - The token holder:

This is how "security professionals" sound these days:

[..] modifying the hosts file isn’t super easy. It’s a multistep process that varies depending upon which operating system you are using. Here’s a good overview of how to edit the hosts file on different Mac and Windows systems.

And their "howto" is even wrong.

So sad... 

• Telefonnummer unverschlüsselt übertragen: Die Telefonnummer wird unverschlüsselt auf einen Server in den USA übertragen. Immer.
• Das komplette Telefonbuch wird auf den Whatapp Server übertragen: Bei der Erstanmeldung (und auch später) wird das vollständige Telefonbuch des Handys zum Whatsapp Server übertragen. Enthalten sind die Telefonnummern und Namen aller Kontakte. Als Antwort erhält die App vom Server eine Liste aller Kontakte, die bei Whatsapp teilnehmen. Die Kontakte wiederum werden von ihrer App über den neuen Teilnehmer informiert.
• Authentisierung ist hochgradig unsicher: Als Benutzername wird die Telefonnummer verwendet. Als Passwort auf dem iPhone die MAC-Adresse des WLAN-Interfaces und auf Android die IMEI (Hardware-ID). Jeder, der diese Daten hat, kann Nachrichten fälschen.
• Die Verschlüsselung von Nachrichten ist unsicher: Erst im August 2012 hat Whatsapp angefangen, übertragene Nachrichten zu verschlüsseln. Die implementierte Methode ist unsicher, funktioniert nicht und ist mit zumutbarem Aufwand knackbar.
• Bezahlsystem unsicher: Bei der Abobezahlung wird HTTPS nicht erzwungen. Ein Angreifer kann einen Benutzer umleiten und so an seine Bankdaten (Kreditkarte) gelangen. Die Angriffsmethode ist seit etwa 10 Jahren bekannt.
• Datenbankverschlüsselung ist unsicher: Es handelt sich nicht um Verschlüsselung im eigentlichen Sinne, sondern eher um eine Art Verbergen. Gelangt ein Angreifer in den Besitz eines Telefons mit installiertem Whatsapp, kann er ohne viel Aufwand die Datenbank öffnen und auslesen.
• Inkompetente Entwickler: Die Whatsappentwickler sind bekanntermaßen inkompetent was Themen wie Kryptographie, Netzsicherheit oder Privatsphäre anbelangt. Die oben aufgelisteten Probleme sind zum Teil seit Jahren bekannt und wurden bisher noch nicht erfolgreich behoben. Entweder weil die Entwickler die Sache noch schlimmer gemacht haben oder weil sie die Problematik ignoriert haben. Das Unternehmen verklagt regelmäßig Sicherheitsexperten, die Fehler in der App bekannt machen.

Quellen:

• Gryphn Blog: Whatsapp Unsafe.
• Wikipedia: Sicherheitsprobleme.
• Kryptoanalythiker: Whatsapp is broken. Really broken.
• Heise Security: Erneut Account-Klau bei WhatsApp möglich.
• Heise Security: WhatsApp-Zahlungen manipulierbar.
• Anonym: Reverse Engineering: How WhatsApp (not) securing your data.

Woah, da kommt ja eine Menge Gülle hoch auf einmal.

Perlentaucher hat eine gute Zusammenfassung des aktuellen Kenntnisstands zum PRISM Skandal veröffentlicht. Dort finden sich diverse interessante Dinge, wie zum Beispiel ein Verweis auf die Software Accumulo. Es handelt sich dabei um eine NoSQL Datenbank (ein Column-DBMS um genau zu sein), das die NSA verwendet um unser aller Daten auszuwerten und zu speichern. Die Software wurde auch von der NSA entwickelt.

Neben der NSA haben da aber auch noch diverse andere Firmen mitgemacht. sqrrl zum Beispiel, dessen Gründer vorher 10 Jahre bei der NSA gearbeitet hat, wie man in diesem Vortrag hier erfährt. Auch Booz Allen Hamilton gehört zu den Contributors von Accumulo. Wir erinnern uns: das ist die Firma, bei der Edward Snowden zuletzt tätig war. Ich hab den ganzen anderen Firmen jetzt nicht hinterher gegoogelt aber ich denke, das wird bei denen auch nicht anders sein.

Und heute kommt von Snowden ein weiterer Leak (via): Es gibt eine geheime Presidential Order, mit der Obama die Bildung einer Cyberkriegsabteilung angeordnet hat. Wie schon vorher nichts, das wir nicht ohnehin eigentlich längst gewusst haben. Nur das meiste davon waren bislang eher Verschwörungstheorien. Über Schneiers ursprünglichen Beitrag bin ich auf diesen einen Artikel im Wired gestossen, in dem der jetzige NSA Chef Alexander näher betrachtet wird. Und worauf stosse ich da? Auf die Firma Endgame Systems, die auch auf der Accumuloliste als Contributor steht!

Und wenn man die Contributors mal durchgeht, stellt sich raus, dass die alle da drin stecken: die arbeiten mit der "Intelligence Community" zusammen, sind "DoD contrator" und so weiter: Basistech, TexelTek, Objectice Solutions, SW Complete, SRA, Peterson Technologies, Data Tactics und Tetra Concepts. Und das sind natürlich nur die Unternehmen, von denen man auf öffentlichem Wege erfahren kann.

Das ist alles ein einziger riesiger faschistischer Sumpf. Mir ist schlecht.

When looking at current available social networks, we'll find two aproaches to address the problem of how to enable people to communicate with each other and stay in contact: centralized systems such as Facebook or Google+ and de-centralized systems such as Diaspora. It is obvious that both approaches have its flaws. Here's an mostly incomplete list:

Flaws of today centralized social network systems:

• all personal data is under control of 1 entity, a company in most cases.
• such a company is vulnerable to dotgov attacks, which I'll describe later.
• beside personal data all content is under the control of that same entity as well.
• users don't have control and are bound to obscure terms-of-service rulesets. Companies act based on those terms as if it were legitimate laws, which it clearly isn't. And courts tend to accept those terms as substitutes for laws more and more, which can be considered as undemocratic and illegal as well.
• such systems are not reflecting real human social behavior, the way how to find new contacts is artificial (more on this later).
• in order for users to be findable by others they have to reveal lots of their real personality like the real name, where they live and so on.

Flaws of today de-centralized social network systems:

• due to the disconnected nature of the design it is not possible or difficult to find new contacts
• personal data as well as content is still hosted on a platform not under control of the user. While the data is at least not under control of 1 entity, it is indeed under control of just a couple of entities, therefore the same vulnerability to dotgov attacks applies as well.
• also it does't reflect real human social behavior.

So, there are two major flaws to pinpoint: vulnerability to dotgov attacks and implemenations which are not reflecting human social behavior. The first one is easy to describe: a dotgov attack, as I call it, can be regarded as everything a government or a company could do to cause harm to a citizen. There are lots of dotgov attacks on citizen, here's a short excerpt:

• invade the privacy of a citizen, either lawful or unlawful.
• sell or "lose" personal data of a citizen.
• limit or restrict freedoms and citizen rights of people.

It doesn't matter under what juristdiction you look at those problems. They occur everywhere, on the whole planet. Wether be it in china, iran or russia or be it in the united states, germany or sweden - governments are constantly spying on its people and they are constantly trying to get ever more data about people and companies like facebook or google have to cooperate. The most important thing to note here, is that in all but a very few cases the target of such attempts are innocent citizen. Of course some fundamental human rights are not granted to people in all countries. For example you do not have the right of freedom of speech in china. Therefore it is unlawful in china to do so. But making unjust laws doesn't make those laws right. But even in countries where citizen do have those rights granted, governments and big data are ignoring it.

So, how to cope with this? Obviously a system like Diaspora isn't a proper solution and beside Facebook and Google+ there are only alternatives available which impose the very same dangers to its users. A completely new approach must be taken to address this.

As I already noted, today social networks have got another flaw: they are incompatible with real world human social behavior. What does this mean, exactly? Let's take a look how to get in touch with complete strangers on facebook: Create a new profile, enter some bogus into the searchbar, since facebook users are in the millions, something will be shown always, whatever you enter. Click the "add as friend" button and there you go. In addition, most users will accept such friend requests by strangers. After some time you can have hundreds of "friends" there. Is this the way, people get to know other people in the real world? I don't think so. One might object to this observation and argue, that Facebook introduced just another, new way to find people. Well that's valid. But by looking at the differences to the real world we will find a solution out of the dotgov attack vector. Therefore it is required to understand those differences.

Usually it works like this: in the first place you know your family members. The next circle (I am NOT referring to the google+ term here!) of people you get to know are your neighbours, then the busdriver, the waitress, the baker, your collegues. Notice something? There's a false assumption here: in fact you don't really "get to know" those kind of people. You don't know their names in most cases, you don't know where or how or with whom they live, what hobbies they have, even after years. You talk every morning some words with the newspaper man on the street, for twenty years, but the only thing you know about him is that he's a male and he calls himself Bobby.

On the other side, the more contact you have with people the more you learn about them. There's a significant difference between Bobby the newspaper man and Lenny the system administrator sitting at the desk in front of you every day, isn't it? Of course you do indeed know much more personal details about Lenny, stories about him and his wife, his motorcycle hobby, the crash he had last month, the pets he owns, his special kind of humor and what annoys him most.

However - you still don't call a person like Lenny a friend. He doesn't tell you everything. He might tell you some funny story about his wife while they were shopping at the general store, but he will never ever tell you stories about his sexlife. He won't probably tell you about his father, or his brother who's sitting in jail or about the fact that he's got an affair. And of course that's bi-directional: you won't do the same. So, you know him to some extent but in a limited form and in a shape he draws. You might think he's a very gentle young man, but perhaps he's not even married? Perhaps he's the Bay Harbour Butcher? You don't know and probably will never know.

In reality, humans maintain a bunch of different personalities. In most cases there are only sublte differences between those personalities. Most people just leave out the nasty or embarrassing details. Others just invent things up to people who choose outrage lies. Maybe you, the reader of this text, are just one of them? The Butcher at home and 007 at work? It is a matter of fact, that this is the way humans are acting upon each other. There's a lot of show, mimicry and acting happening on the stage which our social life is. The question is, why do we do that? Although this is a complicated matter and a whole science in itself, there's one aspect which interests us most: to protect the self.

If you get in touch with a stranger and reveal all your weaknesses to him you are exposed to all kinds of threats the stranger might pose to you. He could blackmail you! Or use the information against you for some yet unknown reasons, perhaps sometime later when you already forgot him. The fear that this might happen, is deeply hard coded into our minds. Therefore it takes some time until we open us for strangers. It needs some degree of trust. And the higher the trust the more we tell. One of the highest levels of trust is the one you have for your real friends. And even higher ist the level of trust for the people you love. In most cases, that is.

By realizing how this works we realize how current social networks are flawed: you only have one identity on Facebook. You might be able to hide some details to a group of people but you can't ever show different details to different people. To do so, you must create a couple of fake accounts or something weird like this. Even with Google+'s circles, which aim to address this problem, it's not possible to fine tune your relationships as you would do in the real world.

By designing a new social network protocol we have to mimic - or better: implement - our real world behavior in order to deflect attacks of any kind. But there's another flaw I already mentioned above: centralization. If we look at the real world again, we'll see, that personal data about ourselfes is restricted to the only point we've got absolutely control of: ourselfes! Only I myself know for sure everything about the inner core of my personality. The solution therefore to centralization is peer to peer networking. Of course, I am not not the first to come up with that idea. However, I've not yet seen a solution or even a proposal which efficiently addresses one of the problems outlined so far.

We have to introduce something new. But as we all know: new things are - in most cases - just re-combined old things. That's what I'm going to do here as well: I want to incorporate routing protocols into a social P2P network, especially BGP, the border gateway protocol.

In order to fully understand, what I'm thinking about, I need to explain a little bit, what BGP is and how it works. BGP is a protocol used by internet routers worldwide. It's almost fool- and even nuclear - proof. In fact, even an asteroid hit may not be able to completely bring the internet to an halt. That's not because there are so many websites, people or companies online. That's because we use BGP to connect networks with each other. Basically it works like this: an organisation maintains a network, called an "autonomous system" in BGP terms. Those automomous systems - AS - are having distinct numbers. So, say an autonomous system with the number 10 - AS10 for short - is connected to 5 other autonomous systems: 1,2,3,4,5. By using BGP AS10 tells them, what networks it maintains (that is, which ip networks terminate within AS10). And say AS3 is connected to AS100, which is connected to AS433 and so forth. Every network is known in BGP by its path from AS to AS. If you happen to be located in New York and want to reach a website in Europe, your traffic travels across a couple of autonomous systems. The first router in your provider's network just knows: "I am AS433 and to reach Europe I have to hand it over to my neighbor AS100". And the next AS, then knows: "I am AS100 and to reach Europe I have to hand it over to my neighbor AS3" and so forth. That's the way the internet works and it works pretty good.

Of course, there's two drawbacks. Most importantly: every router on the internet has knows all networks. Just to be curious take a look at how much networks that are: 444.025 as of the time I'm writing this (IPv4 only). The other problem is, that while it works almost automatically, it must be setup manually by network administrators like me (so now you know what I'm doing for a living *g*). It is not very difficult to assume how a government might be able to use those drawbacks to use them against the network. Therefore a routed P2P social network has to behave as BGP, but it has to configure itself automatically without human intervention as well.

But there's a third criteria we have to take into account: availability. This is something Facebook or Google+ are addressing by maintaining lots of datacenters distributed worldwide. Of course this is not the road to go when we talk about P2P networks. Therefore we have to re-think a little about availability. Which part of the network must be available? For this to understand we have to recap the nature of P2P networks: an independent network of nodes loosely connected to each other by some - yet undefined - means. In the case of a future social network we are talking most of the time of mobile devices, which are available to large quantities of the population worldwide. So, a P2P node is a mobile device. Does it matter if it goes offline? Certainly not! To maintain availability of a P2P social network we only have to make sure, that at least some nodes stay online. And with online I do not mean "connected to the internet", but "connected to the P2P network".

So we've got finally three critical requirements for such a social P2P network:

• availability of the network under all imaginable circumstances
• implement real world human behavior as network protocol
• setup the actual network automatically

Since such a network has to do lots of stuff automatically it has to operate independently of its users. That's the most important thing to understand. Once a user starts the program/app/software whatever, the device it is running on turns into a node of the social P2P network and from this time on, works independent of user actions. Unless the user kills the software, that is. Such a semi-automatic or "living" system has to have a goal, something to reach. This goal is the already mentioned availability:

I am a node of the social P2P network and I have to do whatever I can, to keep it running.

From the point of view of such a node the human who uses the social network is not more than "The Carrier". The human has control of the device and it's the human's duty to maintain internet connectivity and provision of electricity. Not more and not less. Anything else the human is actually doing on the social network must be completely transparent for the network node itself. In fact from the network point of view there is no such thing as human beings. There is the network and there are carriers (that's us). Period. And the whole purpose of the network, as a kind of living being is to survive. Under all imaginable and unimaginable circumstances.

Of course as this writeup is just some kind of "loud thinking", I am completely unsure, how to implement such a network. But I can at least imagine how it has to work. At first it is not limited to one protocol, it can use multiple protocols, HTTPS, SSH, some random TCP Port, UDP Tunnels, even weird ICMP rucksack driving or something else. It must have a huge arsenal of protocols at hand to be able to stay in touch with other nodes. So, here are a few ideas, how it could be implemented:

Implementation ideas:

• First of all, we've to assume that most nodes in the network would be mobile devices. We know how mobile providers deploy their networks these days: each mobile device has an RFC ip address and is in almost all cases not directly reachable from the outside. Either the provider operates NAT gateways or proxies. But for a P2P network to function properly, nodes must be reachable. Therefore volunteers have to setup port proxies on systems which are permanently connected to the internet (this could be the same kind of people who operate diaspora nodes today). All of those port proxies are interconnected to each other and are exchanging information about all autonomous systems they are aware of. Of course communication is encrypted, there is no data storage of any kind, everything is being held in memory. Those port proxies would not have any kind of web interface.
  
  A mobile device then connects via HTTPS to one such port proxy and announces the autonomous systems it belongs to, if any. If it's a new node and its carrier isn't connected to any other people yet, it creates its own new autonomous system and announces that. If HTTPS is not available for whatever reason it would try other protocols, therefore port proxies have to listen on a bunch of different protocols.
  
  Once another node connects to one of those port proxies and requests a connection to some particular autonomous system, the proxy forwards the ip session between the two. In fact this connection would be a tunnel via the port proxy across networks and possibly different protocols.
  
  
• If a node is reachable directly, no port proxy will be used. This would be the primary kind of connectivity between nodes. Where available UPnP will be used if a node runs on a PC or something similar behind a DSL router or the like. There are several successful P2P projects we could borrow code and ideas for stuff like this.
  
  
• Next we assume an "autonomous system" is defined as a group of nodes loosely connected to each other. Each connection exists because the node carrier (once again: a human being) is "in touch" with another person. So, say I am in touch with 150 people. Now my node forms an autonomous system 0xAF04BC74 for example and the nodes of those 150 people are members of this autonomous system. Of course, everyone of them is in touch with people I am not in touch with. So, would there be one autonomous system for every one of them then? No, that would of course be too much of it. Therefore more people than only the 150 ones I am in touch with belong to that autonomous system.
  
  The network would employ an algorithm to decide to which autonomous a node would connect to. For example if 40 people of those I am in touch with are also in touch with each other, they would belong to the same autonomous system as well. In fact, a node would opt for that autonomous system with the most interconnections. The number of interconnections forms a metric, a term well known of routing protocols.
  
  Another metric would have to be the network quality of neighbor nodes. The better connectivity a node has got, the higher the metric of the autonomous system it belongs to would be assigned to it. And it would do more routing than other nodes. See routing.
  
  
• Such a system would handle content in a different way as well in contrast to existing social networks. It would feel more like something like jabber. If someone is not online, I will not be able to see what he wrote in the past, because all content is only stored on the node of this person and not elsewere. It could be possible to implement some kind of caching to make it more comfortable. But with 7 billion carriers on this planet, caching all their content would be tedious. So, caching could only reproduce content of very limited short time spans. One or two hours, not much more. Everything beyond will be lost if the node hosting the content goes offline.
  
  Please note, that this behaviour would be a very feature, not a bug. In fact a social networks purpose isn't publishing at all. Look at Facebook today: it's difficult if impossible to search for past content over there. If someone publishes something there, it will be shared among his contacts for some time. Some will read it and then it will be lost in the dark locus that Facebook is. But aside from the outside view, it is already there! It waits on the database systems of Facebook Inc for law enforcements to be read whenever they want.
  
  In contrast, our P2P social network would employ the very same feature: communicate, not publish. But it would be oblivious. That's a very important thing, because you can't give out data, you don't have, can you? To protect the anonymity and privacy of people it is always best to not have much data about them in the first place!
  
  
• One problem of a P2P network is, how to reach an - yet - unknown node. In a hypothetical P2P network a node would ask its next neighbor: "I am X, member of AS1, looking for Y, member of unknown AS". But as I already explained earlier, another node doesn't know anything about foreign nodes, not even speaking about carriers. It only knows foreign autonomous systems (some of them but not all!). Only if the requested node is a member of the autonomous system the node is in, it knows how to reach it. So that aproach would not work.
  
  Instead the protocol would adopt the previously described human social behavior: some nodes operate some kind of groups. Think of Facebook groups or something like that. Each group consists of talks between carriers. If a carrier joins such a talk by answering to someone, he gets in touch with this one. If another one answers to him, the two get in touch with other. And so forth. Since the group is operated primarily by one node, this very node then knows the source autonomous systems of the carriers who got in touch. It connects the two autonomous systems, which in fact forms a new route.
  
  Now if any unknown node knocks on this node and asks for one of those autonomous systems, it would take the request and route it to the other autonomous system(s) and so forth. After some time, a huge mesh of interconnected autonomous systems would emerge. The more people are joining the P2P social network, the larger the mesh would become. There would be more and more redundancies, which would make the network very robust and almost immune to attacks.

And here you'll eventually realizing why I pressed so much on real world human social behavior: we get in touch to each other. The more we touch, the more we are connected. The same will apply to our future social P2P network: network nodes are forming autonomous systems. Each autonomous system consists of a network of nodes, where each node represents one device, which itself then is being maintained by one carrier. The more certain nodes get in touch with each other (which reflects automatically the underlying human behavior!) the stronger the connection gets. Eventually a link between two autonomous systems emerges or a link between two network nodes, that is.

And no single node knows everything about the network. Single nodes are like ants: dump and primitive robots. They only know their neighbors. But if a request arrives from one neighbor which is aimed for another node, it uses it and forwards it, if it knows it. And if it doesn't, it asks the node with the strongest link to take over responsibility for the request. And so the whole traffic gets routed dynamically through the P2P network - independently of the internet, companies or governments. Herein lies the importance of being able to use a multitude of different protocols: "they" can't just block everything.

And they would try. Such a social P2P network would be the ultimate attack on corrupt governments and dictatorships. There would be no company to set under pressure. No law could stop such a network. Even killing carriers would not stop the network. Think Tahir Place in Kairo. And since we're talking about mobile devices: we've got some useful stuff at hand: sensors. A network node is able to sense if its carrier is moving or not. It would be even possible to detect if it lost carrier! I admit that this would require some effort to implement but it doesn't sound impossible.

There are much more things to think about: how to keep the software up to date? Shall the network distribute its updates on its own path? How to maintain security, encryption, handshakes and this kind of stuff?