![Page 1: DÉCENTRALISÉ NOW! - NSA broke the Internet Now we have …seminaire-dga.gforge.inria.fr/2014/20141121_ChristianGrothoff.pdfO ensive Cyber E ect Operations (OCEO) can o er unique](https://reader033.vdocuments.us/reader033/viewer/2022042219/5ec5d8b2a22b2a4c9112bf0e/html5/thumbnails/1.jpg)
DÉCENTRALISÉ NOW!NSA broke the Internet � Now we have to build a GNU one!
Christian Grotho�
Inria Rennes - Bretagne Atlantique
27.11.2014
�Never doubt your ability to change the world.� �Glenn Greenwald
![Page 2: DÉCENTRALISÉ NOW! - NSA broke the Internet Now we have …seminaire-dga.gforge.inria.fr/2014/20141121_ChristianGrothoff.pdfO ensive Cyber E ect Operations (OCEO) can o er unique](https://reader033.vdocuments.us/reader033/viewer/2022042219/5ec5d8b2a22b2a4c9112bf0e/html5/thumbnails/2.jpg)
Doctor's Warning
This presentation is a wild mixture ofI Journalistic workI Political analysisI Technological solutions
If you experience trauma, this may be unrelated to the style of the presentation.
![Page 3: DÉCENTRALISÉ NOW! - NSA broke the Internet Now we have …seminaire-dga.gforge.inria.fr/2014/20141121_ChristianGrothoff.pdfO ensive Cyber E ect Operations (OCEO) can o er unique](https://reader033.vdocuments.us/reader033/viewer/2022042219/5ec5d8b2a22b2a4c9112bf0e/html5/thumbnails/3.jpg)
Disclaimer: This is NOT about the Five Eyes
�In February, the UK based research publication Statewatch reported that the EU hadsecretely agreed to set up an international telephone tapping network via a secretnetwork of committees established under the �third pillar� of the Mastricht Treaty coveringco-operation on law and order. (...) EU countries (...) should agree on internationalinterception standards (...) to co-operate closely with the FBI (...). Network andservice providers in the EU will be obliged to install tappable systems and to place undersurveillance any person or group when served an interception order. These plans havenever been referred to any European government for scrutiny (...) despite the clear civilliberties issues raised by such an unaccountable system. (...) The German governmentestimates that the mobile phone part of the package alone will cost 4 billion D-marks.�
Scienti�c and Technological Options Assessment (STOA), �An Appraisal of Technologies of Political Control�, European Parliament, PE
166499, 6 January 1998.
![Page 4: DÉCENTRALISÉ NOW! - NSA broke the Internet Now we have …seminaire-dga.gforge.inria.fr/2014/20141121_ChristianGrothoff.pdfO ensive Cyber E ect Operations (OCEO) can o er unique](https://reader033.vdocuments.us/reader033/viewer/2022042219/5ec5d8b2a22b2a4c9112bf0e/html5/thumbnails/4.jpg)
Debate in the US
US discussion focuses on spying on US citizens and legality under US law.
Frank Church (D-Idaho):
�The NSA's capability at any time could be turned around on the American people, andno American would have any privacy left, such is the capability to monitor everything:telephone conversations, telegrams, it doesn't matter.�
![Page 5: DÉCENTRALISÉ NOW! - NSA broke the Internet Now we have …seminaire-dga.gforge.inria.fr/2014/20141121_ChristianGrothoff.pdfO ensive Cyber E ect Operations (OCEO) can o er unique](https://reader033.vdocuments.us/reader033/viewer/2022042219/5ec5d8b2a22b2a4c9112bf0e/html5/thumbnails/5.jpg)
Cyberwar
Presidential Policy Directive 20, issued October 2012 and released by Edward Snowden,outlines U.S. cyberwar policy:
�O�ensive Cyber E�ect Operations (OCEO) can o�er unique and unconventional capabilities toadvance U.S. national objectives around the world with little or no warning to the adversaryor target and with potential e�ects ranging from subtle to severely damaging. (...)The United States Government shall identify potential targets of national importance whereOCEO can o�er a favorable balance of e�ectiveness and risk as compared with other instru-ments of national power, establish and maintain OCEO capabilities integrated as appropriatewith other U.S. o�ensive capabilities, and execute those capabilities in a manner consistent withthe provisions of this directive.�
![Page 6: DÉCENTRALISÉ NOW! - NSA broke the Internet Now we have …seminaire-dga.gforge.inria.fr/2014/20141121_ChristianGrothoff.pdfO ensive Cyber E ect Operations (OCEO) can o er unique](https://reader033.vdocuments.us/reader033/viewer/2022042219/5ec5d8b2a22b2a4c9112bf0e/html5/thumbnails/6.jpg)
X-KEYSCORE
�Google for global tcpdump� �Jacob Appelbaum
![Page 7: DÉCENTRALISÉ NOW! - NSA broke the Internet Now we have …seminaire-dga.gforge.inria.fr/2014/20141121_ChristianGrothoff.pdfO ensive Cyber E ect Operations (OCEO) can o er unique](https://reader033.vdocuments.us/reader033/viewer/2022042219/5ec5d8b2a22b2a4c9112bf0e/html5/thumbnails/7.jpg)
Treasuremap
If X-KEYSCORE is NSA's Google, Treasuremap is their Google Maps.
![Page 8: DÉCENTRALISÉ NOW! - NSA broke the Internet Now we have …seminaire-dga.gforge.inria.fr/2014/20141121_ChristianGrothoff.pdfO ensive Cyber E ect Operations (OCEO) can o er unique](https://reader033.vdocuments.us/reader033/viewer/2022042219/5ec5d8b2a22b2a4c9112bf0e/html5/thumbnails/8.jpg)
![Page 9: DÉCENTRALISÉ NOW! - NSA broke the Internet Now we have …seminaire-dga.gforge.inria.fr/2014/20141121_ChristianGrothoff.pdfO ensive Cyber E ect Operations (OCEO) can o er unique](https://reader033.vdocuments.us/reader033/viewer/2022042219/5ec5d8b2a22b2a4c9112bf0e/html5/thumbnails/9.jpg)
![Page 10: DÉCENTRALISÉ NOW! - NSA broke the Internet Now we have …seminaire-dga.gforge.inria.fr/2014/20141121_ChristianGrothoff.pdfO ensive Cyber E ect Operations (OCEO) can o er unique](https://reader033.vdocuments.us/reader033/viewer/2022042219/5ec5d8b2a22b2a4c9112bf0e/html5/thumbnails/10.jpg)
The GCHQ's HACIENDA
I HACIENDA is one of the programs feeding the TREASUREMAPI There are many others.
![Page 11: DÉCENTRALISÉ NOW! - NSA broke the Internet Now we have …seminaire-dga.gforge.inria.fr/2014/20141121_ChristianGrothoff.pdfO ensive Cyber E ect Operations (OCEO) can o er unique](https://reader033.vdocuments.us/reader033/viewer/2022042219/5ec5d8b2a22b2a4c9112bf0e/html5/thumbnails/11.jpg)
![Page 12: DÉCENTRALISÉ NOW! - NSA broke the Internet Now we have …seminaire-dga.gforge.inria.fr/2014/20141121_ChristianGrothoff.pdfO ensive Cyber E ect Operations (OCEO) can o er unique](https://reader033.vdocuments.us/reader033/viewer/2022042219/5ec5d8b2a22b2a4c9112bf0e/html5/thumbnails/12.jpg)
![Page 13: DÉCENTRALISÉ NOW! - NSA broke the Internet Now we have …seminaire-dga.gforge.inria.fr/2014/20141121_ChristianGrothoff.pdfO ensive Cyber E ect Operations (OCEO) can o er unique](https://reader033.vdocuments.us/reader033/viewer/2022042219/5ec5d8b2a22b2a4c9112bf0e/html5/thumbnails/13.jpg)
![Page 14: DÉCENTRALISÉ NOW! - NSA broke the Internet Now we have …seminaire-dga.gforge.inria.fr/2014/20141121_ChristianGrothoff.pdfO ensive Cyber E ect Operations (OCEO) can o er unique](https://reader033.vdocuments.us/reader033/viewer/2022042219/5ec5d8b2a22b2a4c9112bf0e/html5/thumbnails/14.jpg)
![Page 15: DÉCENTRALISÉ NOW! - NSA broke the Internet Now we have …seminaire-dga.gforge.inria.fr/2014/20141121_ChristianGrothoff.pdfO ensive Cyber E ect Operations (OCEO) can o er unique](https://reader033.vdocuments.us/reader033/viewer/2022042219/5ec5d8b2a22b2a4c9112bf0e/html5/thumbnails/15.jpg)
![Page 16: DÉCENTRALISÉ NOW! - NSA broke the Internet Now we have …seminaire-dga.gforge.inria.fr/2014/20141121_ChristianGrothoff.pdfO ensive Cyber E ect Operations (OCEO) can o er unique](https://reader033.vdocuments.us/reader033/viewer/2022042219/5ec5d8b2a22b2a4c9112bf0e/html5/thumbnails/16.jpg)
![Page 17: DÉCENTRALISÉ NOW! - NSA broke the Internet Now we have …seminaire-dga.gforge.inria.fr/2014/20141121_ChristianGrothoff.pdfO ensive Cyber E ect Operations (OCEO) can o er unique](https://reader033.vdocuments.us/reader033/viewer/2022042219/5ec5d8b2a22b2a4c9112bf0e/html5/thumbnails/17.jpg)
![Page 18: DÉCENTRALISÉ NOW! - NSA broke the Internet Now we have …seminaire-dga.gforge.inria.fr/2014/20141121_ChristianGrothoff.pdfO ensive Cyber E ect Operations (OCEO) can o er unique](https://reader033.vdocuments.us/reader033/viewer/2022042219/5ec5d8b2a22b2a4c9112bf0e/html5/thumbnails/18.jpg)
![Page 19: DÉCENTRALISÉ NOW! - NSA broke the Internet Now we have …seminaire-dga.gforge.inria.fr/2014/20141121_ChristianGrothoff.pdfO ensive Cyber E ect Operations (OCEO) can o er unique](https://reader033.vdocuments.us/reader033/viewer/2022042219/5ec5d8b2a22b2a4c9112bf0e/html5/thumbnails/19.jpg)
![Page 20: DÉCENTRALISÉ NOW! - NSA broke the Internet Now we have …seminaire-dga.gforge.inria.fr/2014/20141121_ChristianGrothoff.pdfO ensive Cyber E ect Operations (OCEO) can o er unique](https://reader033.vdocuments.us/reader033/viewer/2022042219/5ec5d8b2a22b2a4c9112bf0e/html5/thumbnails/20.jpg)
![Page 21: DÉCENTRALISÉ NOW! - NSA broke the Internet Now we have …seminaire-dga.gforge.inria.fr/2014/20141121_ChristianGrothoff.pdfO ensive Cyber E ect Operations (OCEO) can o er unique](https://reader033.vdocuments.us/reader033/viewer/2022042219/5ec5d8b2a22b2a4c9112bf0e/html5/thumbnails/21.jpg)
![Page 22: DÉCENTRALISÉ NOW! - NSA broke the Internet Now we have …seminaire-dga.gforge.inria.fr/2014/20141121_ChristianGrothoff.pdfO ensive Cyber E ect Operations (OCEO) can o er unique](https://reader033.vdocuments.us/reader033/viewer/2022042219/5ec5d8b2a22b2a4c9112bf0e/html5/thumbnails/22.jpg)
![Page 23: DÉCENTRALISÉ NOW! - NSA broke the Internet Now we have …seminaire-dga.gforge.inria.fr/2014/20141121_ChristianGrothoff.pdfO ensive Cyber E ect Operations (OCEO) can o er unique](https://reader033.vdocuments.us/reader033/viewer/2022042219/5ec5d8b2a22b2a4c9112bf0e/html5/thumbnails/23.jpg)
![Page 24: DÉCENTRALISÉ NOW! - NSA broke the Internet Now we have …seminaire-dga.gforge.inria.fr/2014/20141121_ChristianGrothoff.pdfO ensive Cyber E ect Operations (OCEO) can o er unique](https://reader033.vdocuments.us/reader033/viewer/2022042219/5ec5d8b2a22b2a4c9112bf0e/html5/thumbnails/24.jpg)
![Page 25: DÉCENTRALISÉ NOW! - NSA broke the Internet Now we have …seminaire-dga.gforge.inria.fr/2014/20141121_ChristianGrothoff.pdfO ensive Cyber E ect Operations (OCEO) can o er unique](https://reader033.vdocuments.us/reader033/viewer/2022042219/5ec5d8b2a22b2a4c9112bf0e/html5/thumbnails/25.jpg)
![Page 26: DÉCENTRALISÉ NOW! - NSA broke the Internet Now we have …seminaire-dga.gforge.inria.fr/2014/20141121_ChristianGrothoff.pdfO ensive Cyber E ect Operations (OCEO) can o er unique](https://reader033.vdocuments.us/reader033/viewer/2022042219/5ec5d8b2a22b2a4c9112bf0e/html5/thumbnails/26.jpg)
Cat break
![Page 27: DÉCENTRALISÉ NOW! - NSA broke the Internet Now we have …seminaire-dga.gforge.inria.fr/2014/20141121_ChristianGrothoff.pdfO ensive Cyber E ect Operations (OCEO) can o er unique](https://reader033.vdocuments.us/reader033/viewer/2022042219/5ec5d8b2a22b2a4c9112bf0e/html5/thumbnails/27.jpg)
Knocking down the HACIENDA1
Idea: protect administrative services via port knocking
I Use stealthy knock ⇒ SilentKnockI Need to protect against MitM attacks ⇒ integrity protectionI Need to work with NAT ⇒ avoid source IP/port, use TSval for entropyI Implement: https://gnunet.org/knockI Standardize: TCP Stealth (IETF draft)
1Joint work with Julian Kirsch
![Page 28: DÉCENTRALISÉ NOW! - NSA broke the Internet Now we have …seminaire-dga.gforge.inria.fr/2014/20141121_ChristianGrothoff.pdfO ensive Cyber E ect Operations (OCEO) can o er unique](https://reader033.vdocuments.us/reader033/viewer/2022042219/5ec5d8b2a22b2a4c9112bf0e/html5/thumbnails/28.jpg)
Knocking down the HACIENDA1
Idea: protect administrative services via port knockingI Use stealthy knock ⇒ SilentKnock
I Need to protect against MitM attacks ⇒ integrity protectionI Need to work with NAT ⇒ avoid source IP/port, use TSval for entropyI Implement: https://gnunet.org/knockI Standardize: TCP Stealth (IETF draft)
1Joint work with Julian Kirsch
![Page 29: DÉCENTRALISÉ NOW! - NSA broke the Internet Now we have …seminaire-dga.gforge.inria.fr/2014/20141121_ChristianGrothoff.pdfO ensive Cyber E ect Operations (OCEO) can o er unique](https://reader033.vdocuments.us/reader033/viewer/2022042219/5ec5d8b2a22b2a4c9112bf0e/html5/thumbnails/29.jpg)
Knocking down the HACIENDA1
Idea: protect administrative services via port knockingI Use stealthy knock ⇒ SilentKnockI Need to protect against MitM attacks ⇒ integrity protection
I Need to work with NAT ⇒ avoid source IP/port, use TSval for entropyI Implement: https://gnunet.org/knockI Standardize: TCP Stealth (IETF draft)
1Joint work with Julian Kirsch
![Page 30: DÉCENTRALISÉ NOW! - NSA broke the Internet Now we have …seminaire-dga.gforge.inria.fr/2014/20141121_ChristianGrothoff.pdfO ensive Cyber E ect Operations (OCEO) can o er unique](https://reader033.vdocuments.us/reader033/viewer/2022042219/5ec5d8b2a22b2a4c9112bf0e/html5/thumbnails/30.jpg)
Knocking down the HACIENDA1
Idea: protect administrative services via port knockingI Use stealthy knock ⇒ SilentKnockI Need to protect against MitM attacks ⇒ integrity protectionI Need to work with NAT ⇒ avoid source IP/port, use TSval for entropy
I Implement: https://gnunet.org/knockI Standardize: TCP Stealth (IETF draft)
1Joint work with Julian Kirsch
![Page 31: DÉCENTRALISÉ NOW! - NSA broke the Internet Now we have …seminaire-dga.gforge.inria.fr/2014/20141121_ChristianGrothoff.pdfO ensive Cyber E ect Operations (OCEO) can o er unique](https://reader033.vdocuments.us/reader033/viewer/2022042219/5ec5d8b2a22b2a4c9112bf0e/html5/thumbnails/31.jpg)
Knocking down the HACIENDA1
Idea: protect administrative services via port knockingI Use stealthy knock ⇒ SilentKnockI Need to protect against MitM attacks ⇒ integrity protectionI Need to work with NAT ⇒ avoid source IP/port, use TSval for entropyI Implement: https://gnunet.org/knockI Standardize: TCP Stealth (IETF draft)
1Joint work with Julian Kirsch
![Page 32: DÉCENTRALISÉ NOW! - NSA broke the Internet Now we have …seminaire-dga.gforge.inria.fr/2014/20141121_ChristianGrothoff.pdfO ensive Cyber E ect Operations (OCEO) can o er unique](https://reader033.vdocuments.us/reader033/viewer/2022042219/5ec5d8b2a22b2a4c9112bf0e/html5/thumbnails/32.jpg)
ISN Calculation
I Destination IP address IPd
I Destination port Pd
I TCP timestamp T
I Pre-Shared Key S
I Hash functions h, h′
I Payload p
TCP Payload Integrity Protector IH
IH := h′(S ◦ p)
Authentication Security Token AV
AV := h((IPd ,Pd ,T , IH), S)
I ISN := AV ◦ IH
![Page 33: DÉCENTRALISÉ NOW! - NSA broke the Internet Now we have …seminaire-dga.gforge.inria.fr/2014/20141121_ChristianGrothoff.pdfO ensive Cyber E ect Operations (OCEO) can o er unique](https://reader033.vdocuments.us/reader033/viewer/2022042219/5ec5d8b2a22b2a4c9112bf0e/html5/thumbnails/33.jpg)
Host 1 Host 2
Time
SYN (SEQ = x = (AV ◦ IH))
RST (SEQ = y, ACK = x + 1)
ACK (SEQ = y, ACK = x + 1)
(SEQ = x + 1, ACK = y + 1)Payload
RST (SEQ = y + 1, ACK = x + 2)
. . .
no
yes
AV correct?
no
yes
IH correct?
![Page 34: DÉCENTRALISÉ NOW! - NSA broke the Internet Now we have …seminaire-dga.gforge.inria.fr/2014/20141121_ChristianGrothoff.pdfO ensive Cyber E ect Operations (OCEO) can o er unique](https://reader033.vdocuments.us/reader033/viewer/2022042219/5ec5d8b2a22b2a4c9112bf0e/html5/thumbnails/34.jpg)
Oh, but wait!
�Why should I care?�
�We'll all be terrorists for the last 15 minutes of our lives.� �JA
![Page 35: DÉCENTRALISÉ NOW! - NSA broke the Internet Now we have …seminaire-dga.gforge.inria.fr/2014/20141121_ChristianGrothoff.pdfO ensive Cyber E ect Operations (OCEO) can o er unique](https://reader033.vdocuments.us/reader033/viewer/2022042219/5ec5d8b2a22b2a4c9112bf0e/html5/thumbnails/35.jpg)
Oh, but wait!
�Why should I care?�
�We'll all be terrorists for the last 15 minutes of our lives.� �JA
![Page 36: DÉCENTRALISÉ NOW! - NSA broke the Internet Now we have …seminaire-dga.gforge.inria.fr/2014/20141121_ChristianGrothoff.pdfO ensive Cyber E ect Operations (OCEO) can o er unique](https://reader033.vdocuments.us/reader033/viewer/2022042219/5ec5d8b2a22b2a4c9112bf0e/html5/thumbnails/36.jpg)
A Matter of Life and Death: History Lesson � Irak War
Katharine Gun leaked memo from NSA agent Frank Koza in 2003 about an Americane�ort to monitor the communications of six delegations to the United Nations who wereundecided on authorizing the Iraq War and who were being �ercely courted by both sides:
�As you've likely heard by now, the Agency is mounting a surge particularly directed at the UNSecurity Council (UNSC) members (minus US and GBR of course) for insights as to how tomembership is reacting to the on-going debate RE: Iraq, plans to vote on any related resolutions,what related policies/negotiating positions they may be considering, alliances/dependencies, etc� the whole gamut of information that could give US policymakers an edge in obtainingresults favorable to US goals or to head o� surprises. In RT, that means a QRC surge e�ortto revive/create e�orts against UNSC members Angola, Cameroon, Chile, Bulgaria and Guinea,as well as extra focus on Pakistan UN matters.�
![Page 37: DÉCENTRALISÉ NOW! - NSA broke the Internet Now we have …seminaire-dga.gforge.inria.fr/2014/20141121_ChristianGrothoff.pdfO ensive Cyber E ect Operations (OCEO) can o er unique](https://reader033.vdocuments.us/reader033/viewer/2022042219/5ec5d8b2a22b2a4c9112bf0e/html5/thumbnails/37.jpg)
A Matter of Life and Death: History Lesson � Copenhagen
(TS//SI//REL) Analysts here at NSA, as well as our Second Party partners, will continueto provide policymakers with unique, timely, and valuable insights into key countries'preparations and goals for the conference, as well as deliberations within countries onclimate change policies and negotiating strategies. A late November report detailedChina's e�orts (...). Another report provided advance details of the Danish proposal andtheir e�orts to launch a �rescue plan� to save COP-15.(TS//SI//REL) Given such large participation (...), leaders and negotiating teams fromaround the world will undoubtedly be engaging in intense lastminute policy formulating;(...) � details of which are of great interest to our policymakers. (...), signals intelligencewill undoubtedly play a signi�cant role in keeping our negotiators as well informed aspossible throughout the 2-week event.
Deputy SINIO for Economics and Global Issues (S17): �UN Climate Change Conference in Copenhagen � Will the Developed and
Developing World Agree on Climate Change?�, 7.12.2009.
![Page 38: DÉCENTRALISÉ NOW! - NSA broke the Internet Now we have …seminaire-dga.gforge.inria.fr/2014/20141121_ChristianGrothoff.pdfO ensive Cyber E ect Operations (OCEO) can o er unique](https://reader033.vdocuments.us/reader033/viewer/2022042219/5ec5d8b2a22b2a4c9112bf0e/html5/thumbnails/38.jpg)
A Matter of Life and Death: History Lesson � Copenhagen
Low targets, goals dropped: Copenhagen ends in failure.
The Guardian, 19.12.2009
�They simply sat back, just as we had feared they would if they knew about our docu-ment,� one source said. �They made no constructive statements. Obviously, if theyhad known about our plans since the fall of 2009, it was in their interest to simply waitfor our draft proposal to be brought to the table at the summit... I was often completelytaken aback by what they knew.�
Russia Times: �NSA spied on Copenhagen UN climate summit � Snowden leak�, 30.1.2014
![Page 39: DÉCENTRALISÉ NOW! - NSA broke the Internet Now we have …seminaire-dga.gforge.inria.fr/2014/20141121_ChristianGrothoff.pdfO ensive Cyber E ect Operations (OCEO) can o er unique](https://reader033.vdocuments.us/reader033/viewer/2022042219/5ec5d8b2a22b2a4c9112bf0e/html5/thumbnails/39.jpg)
A success?
![Page 40: DÉCENTRALISÉ NOW! - NSA broke the Internet Now we have …seminaire-dga.gforge.inria.fr/2014/20141121_ChristianGrothoff.pdfO ensive Cyber E ect Operations (OCEO) can o er unique](https://reader033.vdocuments.us/reader033/viewer/2022042219/5ec5d8b2a22b2a4c9112bf0e/html5/thumbnails/40.jpg)
Technical Cooperation
Bloomberg reports:I US companies provide internal information to US secret servicesI Companies from software, banking, communications hardware providers, network
security �rmsI Including technical speci�cations and unpatched software vulnerabilities
I In return, these US companies are given access to intelligence information
I Partners include: Microsoft, Intel, McAfee
We cannot trust any infrastructure provider.
![Page 41: DÉCENTRALISÉ NOW! - NSA broke the Internet Now we have …seminaire-dga.gforge.inria.fr/2014/20141121_ChristianGrothoff.pdfO ensive Cyber E ect Operations (OCEO) can o er unique](https://reader033.vdocuments.us/reader033/viewer/2022042219/5ec5d8b2a22b2a4c9112bf0e/html5/thumbnails/41.jpg)
Not Just Mass Surveillance
I ORBing is untargeted active attackI Compromising standards and institutions also documentedI Full extent yet unknown
I What might spy agencies do if they are not from �friendly�, �democratic� and�liberal� allied states?
I How can research help secure networks to avoid totalitarianism?⇒ DÉCENTRALISÉ
I How can we even just stop mass surveillance?
![Page 42: DÉCENTRALISÉ NOW! - NSA broke the Internet Now we have …seminaire-dga.gforge.inria.fr/2014/20141121_ChristianGrothoff.pdfO ensive Cyber E ect Operations (OCEO) can o er unique](https://reader033.vdocuments.us/reader033/viewer/2022042219/5ec5d8b2a22b2a4c9112bf0e/html5/thumbnails/42.jpg)
Not Just Mass Surveillance
I ORBing is untargeted active attackI Compromising standards and institutions also documentedI Full extent yet unknown
I What might spy agencies do if they are not from �friendly�, �democratic� and�liberal� allied states?
I How can research help secure networks to avoid totalitarianism?⇒ DÉCENTRALISÉ
I How can we even just stop mass surveillance?
![Page 43: DÉCENTRALISÉ NOW! - NSA broke the Internet Now we have …seminaire-dga.gforge.inria.fr/2014/20141121_ChristianGrothoff.pdfO ensive Cyber E ect Operations (OCEO) can o er unique](https://reader033.vdocuments.us/reader033/viewer/2022042219/5ec5d8b2a22b2a4c9112bf0e/html5/thumbnails/43.jpg)
Not Just Mass Surveillance
I ORBing is untargeted active attackI Compromising standards and institutions also documentedI Full extent yet unknown
I What might spy agencies do if they are not from �friendly�, �democratic� and�liberal� allied states?
I How can research help secure networks to avoid totalitarianism?⇒ DÉCENTRALISÉ
I How can we even just stop mass surveillance?
![Page 44: DÉCENTRALISÉ NOW! - NSA broke the Internet Now we have …seminaire-dga.gforge.inria.fr/2014/20141121_ChristianGrothoff.pdfO ensive Cyber E ect Operations (OCEO) can o er unique](https://reader033.vdocuments.us/reader033/viewer/2022042219/5ec5d8b2a22b2a4c9112bf0e/html5/thumbnails/44.jpg)
Encryption to the Rescue?
Centralised Internet infrastructure is easily controlled:I Number resources (IANA)I Domain Name System (Root zone)I DNSSEC root certi�cateI X.509 CAs (HTTPS certi�cates)I Major browser vendors (CA root stores!)
Encryption will not help if PKI is compromised!
![Page 45: DÉCENTRALISÉ NOW! - NSA broke the Internet Now we have …seminaire-dga.gforge.inria.fr/2014/20141121_ChristianGrothoff.pdfO ensive Cyber E ect Operations (OCEO) can o er unique](https://reader033.vdocuments.us/reader033/viewer/2022042219/5ec5d8b2a22b2a4c9112bf0e/html5/thumbnails/45.jpg)
Encryption to the Rescue?
Centralised Internet infrastructure is easily controlled:I Number resources (IANA)I Domain Name System (Root zone)I DNSSEC root certi�cateI X.509 CAs (HTTPS certi�cates)I Major browser vendors (CA root stores!)
Encryption will not help if PKI is compromised!
![Page 46: DÉCENTRALISÉ NOW! - NSA broke the Internet Now we have …seminaire-dga.gforge.inria.fr/2014/20141121_ChristianGrothoff.pdfO ensive Cyber E ect Operations (OCEO) can o er unique](https://reader033.vdocuments.us/reader033/viewer/2022042219/5ec5d8b2a22b2a4c9112bf0e/html5/thumbnails/46.jpg)
The GNU Name System2
Properties of GNS
I Decentralised name system with secure memorable namesI Delegation used to achieve transitivityI Also supports globally unique, secure identi�ersI Achieves query and response privacyI Provides alternative public key infrastructureI Interoperable with DNS
New applications enabled by GNS
I Name services hosted in P2P networksI Name users in decentralised social networking applications
2Joint work with Martin Schanzenbach and Matthias Wachs
![Page 47: DÉCENTRALISÉ NOW! - NSA broke the Internet Now we have …seminaire-dga.gforge.inria.fr/2014/20141121_ChristianGrothoff.pdfO ensive Cyber E ect Operations (OCEO) can o er unique](https://reader033.vdocuments.us/reader033/viewer/2022042219/5ec5d8b2a22b2a4c9112bf0e/html5/thumbnails/47.jpg)
Zone management: like in DNS
![Page 48: DÉCENTRALISÉ NOW! - NSA broke the Internet Now we have …seminaire-dga.gforge.inria.fr/2014/20141121_ChristianGrothoff.pdfO ensive Cyber E ect Operations (OCEO) can o er unique](https://reader033.vdocuments.us/reader033/viewer/2022042219/5ec5d8b2a22b2a4c9112bf0e/html5/thumbnails/48.jpg)
Name resolution in GNS
Local Zone:
www A 5.6.7.8
Bob Bob's webserver
KBobpub
KBobpriv
I Bob can locally reach his webserver via www.gnu
![Page 49: DÉCENTRALISÉ NOW! - NSA broke the Internet Now we have …seminaire-dga.gforge.inria.fr/2014/20141121_ChristianGrothoff.pdfO ensive Cyber E ect Operations (OCEO) can o er unique](https://reader033.vdocuments.us/reader033/viewer/2022042219/5ec5d8b2a22b2a4c9112bf0e/html5/thumbnails/49.jpg)
Secure introduction
Bob Builder, Ph.D.
Address: Country, Street Name 23Phone: 555-12345 Mobile: 666-54321Mail: [email protected]
I Bob gives his public key to his friends, possibly via QR code
![Page 50: DÉCENTRALISÉ NOW! - NSA broke the Internet Now we have …seminaire-dga.gforge.inria.fr/2014/20141121_ChristianGrothoff.pdfO ensive Cyber E ect Operations (OCEO) can o er unique](https://reader033.vdocuments.us/reader033/viewer/2022042219/5ec5d8b2a22b2a4c9112bf0e/html5/thumbnails/50.jpg)
Delegation
I Alice learns Bob's public keyI Alice creates delegation to zone KBob
pub under label bobI Alice can reach Bob's webserver via www.bob.gnu
![Page 51: DÉCENTRALISÉ NOW! - NSA broke the Internet Now we have …seminaire-dga.gforge.inria.fr/2014/20141121_ChristianGrothoff.pdfO ensive Cyber E ect Operations (OCEO) can o er unique](https://reader033.vdocuments.us/reader033/viewer/2022042219/5ec5d8b2a22b2a4c9112bf0e/html5/thumbnails/51.jpg)
Name resolution
BobAlice
DHT
...
...
www A 5.6.7.8
8FS7
BobA47G
...
...
bob PKEY 8FS7
Alice
![Page 52: DÉCENTRALISÉ NOW! - NSA broke the Internet Now we have …seminaire-dga.gforge.inria.fr/2014/20141121_ChristianGrothoff.pdfO ensive Cyber E ect Operations (OCEO) can o er unique](https://reader033.vdocuments.us/reader033/viewer/2022042219/5ec5d8b2a22b2a4c9112bf0e/html5/thumbnails/52.jpg)
Name resolution
BobAlice
DHTPUT 8FS7-www: 5.6.7.8
0
...
...
www A 5.6.7.8
8FS7
BobA47G
...
...
bob PKEY 8FS7
Alice
![Page 53: DÉCENTRALISÉ NOW! - NSA broke the Internet Now we have …seminaire-dga.gforge.inria.fr/2014/20141121_ChristianGrothoff.pdfO ensive Cyber E ect Operations (OCEO) can o er unique](https://reader033.vdocuments.us/reader033/viewer/2022042219/5ec5d8b2a22b2a4c9112bf0e/html5/thumbnails/53.jpg)
Name resolution
www.bob.gnu ?1
BobAlice
DHTPUT 8FS7-www: 5.6.7.8
0
...
...
www A 5.6.7.8
8FS7
BobA47G
...
...
bob PKEY 8FS7
Alice
![Page 54: DÉCENTRALISÉ NOW! - NSA broke the Internet Now we have …seminaire-dga.gforge.inria.fr/2014/20141121_ChristianGrothoff.pdfO ensive Cyber E ect Operations (OCEO) can o er unique](https://reader033.vdocuments.us/reader033/viewer/2022042219/5ec5d8b2a22b2a4c9112bf0e/html5/thumbnails/54.jpg)
Name resolution
www.bob.gnu ?1
BobAlice
DHT
'bob'?2
PUT 8FS7-www: 5.6.7.8
0
...
...
www A 5.6.7.8
8FS7
BobA47G
...
...
bob PKEY 8FS7
Alice
![Page 55: DÉCENTRALISÉ NOW! - NSA broke the Internet Now we have …seminaire-dga.gforge.inria.fr/2014/20141121_ChristianGrothoff.pdfO ensive Cyber E ect Operations (OCEO) can o er unique](https://reader033.vdocuments.us/reader033/viewer/2022042219/5ec5d8b2a22b2a4c9112bf0e/html5/thumbnails/55.jpg)
Name resolution
www.bob.gnu ?1
BobAlice
DHT
'bob'?23 PKEY 8FS7!
PUT 8FS7-www: 5.6.7.8
0
...
...
www A 5.6.7.8
8FS7
BobA47G
...
...
bob PKEY 8FS7
Alice
![Page 56: DÉCENTRALISÉ NOW! - NSA broke the Internet Now we have …seminaire-dga.gforge.inria.fr/2014/20141121_ChristianGrothoff.pdfO ensive Cyber E ect Operations (OCEO) can o er unique](https://reader033.vdocuments.us/reader033/viewer/2022042219/5ec5d8b2a22b2a4c9112bf0e/html5/thumbnails/56.jpg)
Name resolution
www.bob.gnu ?1
BobAlice
DHT
'bob'?23 PKEY 8FS7!
8FS7-www?4PUT 8FS7-www: 5.6.7.8
0
...
...
www A 5.6.7.8
8FS7
BobA47G
...
...
bob PKEY 8FS7
Alice
![Page 57: DÉCENTRALISÉ NOW! - NSA broke the Internet Now we have …seminaire-dga.gforge.inria.fr/2014/20141121_ChristianGrothoff.pdfO ensive Cyber E ect Operations (OCEO) can o er unique](https://reader033.vdocuments.us/reader033/viewer/2022042219/5ec5d8b2a22b2a4c9112bf0e/html5/thumbnails/57.jpg)
Name resolution
www.bob.gnu ?1
BobAlice
DHT
'bob'?23 PKEY 8FS7!
8FS7-www?4
A 5.6.7.8!5
PUT 8FS7-www: 5.6.7.8
0
...
...
www A 5.6.7.8
8FS7
BobA47G
...
...
bob PKEY 8FS7
Alice
![Page 58: DÉCENTRALISÉ NOW! - NSA broke the Internet Now we have …seminaire-dga.gforge.inria.fr/2014/20141121_ChristianGrothoff.pdfO ensive Cyber E ect Operations (OCEO) can o er unique](https://reader033.vdocuments.us/reader033/viewer/2022042219/5ec5d8b2a22b2a4c9112bf0e/html5/thumbnails/58.jpg)
Query privacy: terminology
G generator in ECC curve, a point
n size of ECC group, n := |G |, n prime
x private ECC key of zone (x ∈ Zn)
P public key of zone, a point P := xG
l label for record in a zone (l ∈ Zn)
RP,l set of records for label l in zone P
qP,l query hash (hash code for DHT lookup)
BP,l block with encrypted information for label lin zone P published in the DHT under qP,l
![Page 59: DÉCENTRALISÉ NOW! - NSA broke the Internet Now we have …seminaire-dga.gforge.inria.fr/2014/20141121_ChristianGrothoff.pdfO ensive Cyber E ect Operations (OCEO) can o er unique](https://reader033.vdocuments.us/reader033/viewer/2022042219/5ec5d8b2a22b2a4c9112bf0e/html5/thumbnails/59.jpg)
Query privacy: cryptography
Publishing records RP,l as BP,l under key qP,l
h : = H(l ,P) (1)
d : = h · x mod n (2)
BP,l : = Sd(EHKDF (l ,P)(RP,l)), dG (3)
qP,l : = H(dG ) (4)
Searching for records under label l in zone P
h : = H(l ,P) (5)
qP,l : = H(hP) = H(hxG ) = H(dG )⇒ obtain BP,l (6)
RP,l = DHKDF (l ,P)(BP,l) (7)
![Page 60: DÉCENTRALISÉ NOW! - NSA broke the Internet Now we have …seminaire-dga.gforge.inria.fr/2014/20141121_ChristianGrothoff.pdfO ensive Cyber E ect Operations (OCEO) can o er unique](https://reader033.vdocuments.us/reader033/viewer/2022042219/5ec5d8b2a22b2a4c9112bf0e/html5/thumbnails/60.jpg)
Query privacy: cryptography
Publishing records RP,l as BP,l under key qP,l
h : = H(l ,P) (1)
d : = h · x mod n (2)
BP,l : = Sd(EHKDF (l ,P)(RP,l)), dG (3)
qP,l : = H(dG ) (4)
Searching for records under label l in zone P
h : = H(l ,P) (5)
qP,l : = H(hP) = H(hxG ) = H(dG )⇒ obtain BP,l (6)
RP,l = DHKDF (l ,P)(BP,l) (7)
![Page 61: DÉCENTRALISÉ NOW! - NSA broke the Internet Now we have …seminaire-dga.gforge.inria.fr/2014/20141121_ChristianGrothoff.pdfO ensive Cyber E ect Operations (OCEO) can o er unique](https://reader033.vdocuments.us/reader033/viewer/2022042219/5ec5d8b2a22b2a4c9112bf0e/html5/thumbnails/61.jpg)
Oh, but wait!
So now we have a decentralised PKI, we can encrypt...
Didn't we forget something?
![Page 62: DÉCENTRALISÉ NOW! - NSA broke the Internet Now we have …seminaire-dga.gforge.inria.fr/2014/20141121_ChristianGrothoff.pdfO ensive Cyber E ect Operations (OCEO) can o er unique](https://reader033.vdocuments.us/reader033/viewer/2022042219/5ec5d8b2a22b2a4c9112bf0e/html5/thumbnails/62.jpg)
I Guardian: �The PRISM program allows the intelligence services direct access tothe companies' servers.�
I Cooperating providers: Microsoft, Yahoo, Google, Facebook, PalTalk, YouTube,Skype, AOL, Apple
I PRISM enables real-time surveillance and access to stored contentI Data collected: E-mails, instant messages, videos, photos, stored data (likely �les),
voice chats, �le transfers, video conferences, log-in times, and social networkpro�les
I Tiny part of NSA: $20 M budget
![Page 63: DÉCENTRALISÉ NOW! - NSA broke the Internet Now we have …seminaire-dga.gforge.inria.fr/2014/20141121_ChristianGrothoff.pdfO ensive Cyber E ect Operations (OCEO) can o er unique](https://reader033.vdocuments.us/reader033/viewer/2022042219/5ec5d8b2a22b2a4c9112bf0e/html5/thumbnails/63.jpg)
I Guardian: �The PRISM program allows the intelligence services direct access tothe companies' servers.�
I Cooperating providers: Microsoft, Yahoo, Google, Facebook, PalTalk, YouTube,Skype, AOL, Apple
I PRISM enables real-time surveillance and access to stored contentI Data collected: E-mails, instant messages, videos, photos, stored data (likely �les),
voice chats, �le transfers, video conferences, log-in times, and social networkpro�les
I Tiny part of NSA: $20 M budget
![Page 64: DÉCENTRALISÉ NOW! - NSA broke the Internet Now we have …seminaire-dga.gforge.inria.fr/2014/20141121_ChristianGrothoff.pdfO ensive Cyber E ect Operations (OCEO) can o er unique](https://reader033.vdocuments.us/reader033/viewer/2022042219/5ec5d8b2a22b2a4c9112bf0e/html5/thumbnails/64.jpg)
Context: The Vision
Internet
Google/FacebookDNS/X.509TCP/UDPIP/BGPEthernet
Phys. Layer
GNUnet
ApplicationsGNU Name System
CADETR5N DHT
CORE (OTR)HTTPS/TCP/WLAN/...
![Page 65: DÉCENTRALISÉ NOW! - NSA broke the Internet Now we have …seminaire-dga.gforge.inria.fr/2014/20141121_ChristianGrothoff.pdfO ensive Cyber E ect Operations (OCEO) can o er unique](https://reader033.vdocuments.us/reader033/viewer/2022042219/5ec5d8b2a22b2a4c9112bf0e/html5/thumbnails/65.jpg)
Context: The Vision
Internet
Google/FacebookDNS/X.509TCP/UDPIP/BGPEthernet
Phys. Layer
GNUnet
ApplicationsGNU Name System
CADETR5N DHT
CORE (OTR)
HTTPS/TCP/WLAN/...
![Page 66: DÉCENTRALISÉ NOW! - NSA broke the Internet Now we have …seminaire-dga.gforge.inria.fr/2014/20141121_ChristianGrothoff.pdfO ensive Cyber E ect Operations (OCEO) can o er unique](https://reader033.vdocuments.us/reader033/viewer/2022042219/5ec5d8b2a22b2a4c9112bf0e/html5/thumbnails/66.jpg)
Context: The Vision
Internet
Google/FacebookDNS/X.509TCP/UDPIP/BGPEthernet
Phys. Layer
GNUnet
ApplicationsGNU Name System
CADETR5N DHT
CORE (OTR)HTTPS/TCP/WLAN/...
![Page 67: DÉCENTRALISÉ NOW! - NSA broke the Internet Now we have …seminaire-dga.gforge.inria.fr/2014/20141121_ChristianGrothoff.pdfO ensive Cyber E ect Operations (OCEO) can o er unique](https://reader033.vdocuments.us/reader033/viewer/2022042219/5ec5d8b2a22b2a4c9112bf0e/html5/thumbnails/67.jpg)
Context: The Vision
Internet
Google/FacebookDNS/X.509TCP/UDPIP/BGPEthernet
Phys. Layer
GNUnet
ApplicationsGNU Name System
CADET
R5N DHTCORE (OTR)
HTTPS/TCP/WLAN/...
![Page 68: DÉCENTRALISÉ NOW! - NSA broke the Internet Now we have …seminaire-dga.gforge.inria.fr/2014/20141121_ChristianGrothoff.pdfO ensive Cyber E ect Operations (OCEO) can o er unique](https://reader033.vdocuments.us/reader033/viewer/2022042219/5ec5d8b2a22b2a4c9112bf0e/html5/thumbnails/68.jpg)
Context: The Vision
Internet
Google/FacebookDNS/X.509TCP/UDPIP/BGPEthernet
Phys. Layer
GNUnet
ApplicationsGNU Name System
CADETR5N DHT
CORE (OTR)HTTPS/TCP/WLAN/...
![Page 69: DÉCENTRALISÉ NOW! - NSA broke the Internet Now we have …seminaire-dga.gforge.inria.fr/2014/20141121_ChristianGrothoff.pdfO ensive Cyber E ect Operations (OCEO) can o er unique](https://reader033.vdocuments.us/reader033/viewer/2022042219/5ec5d8b2a22b2a4c9112bf0e/html5/thumbnails/69.jpg)
Context: The Vision
Internet
Google/FacebookDNS/X.509TCP/UDPIP/BGPEthernet
Phys. Layer
GNUnet
Applications
GNU Name System
CADETR5N DHT
CORE (OTR)HTTPS/TCP/WLAN/...
![Page 70: DÉCENTRALISÉ NOW! - NSA broke the Internet Now we have …seminaire-dga.gforge.inria.fr/2014/20141121_ChristianGrothoff.pdfO ensive Cyber E ect Operations (OCEO) can o er unique](https://reader033.vdocuments.us/reader033/viewer/2022042219/5ec5d8b2a22b2a4c9112bf0e/html5/thumbnails/70.jpg)
Context: The Vision
Internet
Google/FacebookDNS/X.509TCP/UDPIP/BGPEthernet
Phys. Layer
GNUnet
ApplicationsGNU Name System
CADETR5N DHT
CORE (OTR)HTTPS/TCP/WLAN/...
![Page 71: DÉCENTRALISÉ NOW! - NSA broke the Internet Now we have …seminaire-dga.gforge.inria.fr/2014/20141121_ChristianGrothoff.pdfO ensive Cyber E ect Operations (OCEO) can o er unique](https://reader033.vdocuments.us/reader033/viewer/2022042219/5ec5d8b2a22b2a4c9112bf0e/html5/thumbnails/71.jpg)
Context: The Vision
Internet
Google/FacebookDNS/X.509TCP/UDPIP/BGPEthernet
Phys. Layer
GNUnet
ApplicationsGNU Name System
CADETR5N DHT
CORE (OTR)HTTPS/TCP/WLAN/...
![Page 72: DÉCENTRALISÉ NOW! - NSA broke the Internet Now we have …seminaire-dga.gforge.inria.fr/2014/20141121_ChristianGrothoff.pdfO ensive Cyber E ect Operations (OCEO) can o er unique](https://reader033.vdocuments.us/reader033/viewer/2022042219/5ec5d8b2a22b2a4c9112bf0e/html5/thumbnails/72.jpg)
DÉCENTRALISÉ Mission
To Design and Build a Decentralised GNU Networkfor Privacy and Security
... and deploy incremental �xes on the Internet if applicable.
![Page 73: DÉCENTRALISÉ NOW! - NSA broke the Internet Now we have …seminaire-dga.gforge.inria.fr/2014/20141121_ChristianGrothoff.pdfO ensive Cyber E ect Operations (OCEO) can o er unique](https://reader033.vdocuments.us/reader033/viewer/2022042219/5ec5d8b2a22b2a4c9112bf0e/html5/thumbnails/73.jpg)
DÉCENTRALISÉ Mission
To Design and Build a Decentralised GNU Networkfor Privacy and Security
... and deploy incremental �xes on the Internet if applicable.
![Page 74: DÉCENTRALISÉ NOW! - NSA broke the Internet Now we have …seminaire-dga.gforge.inria.fr/2014/20141121_ChristianGrothoff.pdfO ensive Cyber E ect Operations (OCEO) can o er unique](https://reader033.vdocuments.us/reader033/viewer/2022042219/5ec5d8b2a22b2a4c9112bf0e/html5/thumbnails/74.jpg)
DÉCENTRALISÉ Research and Development Agenda
Make decentralised systems:I faster, more scalableI easier to develop, deploy and useI easier to evolve and extendI secure (privacy-preserving, censorship-resistant, available, ...)
by:I designing secure network protocolsI implementing secure software following and evolving best practicesI creating tools to support developersI evaluating the system in the real world
![Page 75: DÉCENTRALISÉ NOW! - NSA broke the Internet Now we have …seminaire-dga.gforge.inria.fr/2014/20141121_ChristianGrothoff.pdfO ensive Cyber E ect Operations (OCEO) can o er unique](https://reader033.vdocuments.us/reader033/viewer/2022042219/5ec5d8b2a22b2a4c9112bf0e/html5/thumbnails/75.jpg)
DÉCENTRALISÉ Plans
Focus: Secure Decentralised Networking
I DISSENT � Social networking for dissenters (or journalists)I PRIVATEER � Anti-PRISM H2020 submission (TUM, UiO, OII, FSFE, CEA, CIJ)I REUTERS � news distribution (related: Anne-Marie Kermarrec & GOSSPLE)I TALER � Taxable Anonymous Libre Electronic ReservesI SMC � voting, resource allocation, constraint solving, optimization
Edge: Defense in Depth
I Secure programmingI System securityI Operational securityI Useable security
![Page 76: DÉCENTRALISÉ NOW! - NSA broke the Internet Now we have …seminaire-dga.gforge.inria.fr/2014/20141121_ChristianGrothoff.pdfO ensive Cyber E ect Operations (OCEO) can o er unique](https://reader033.vdocuments.us/reader033/viewer/2022042219/5ec5d8b2a22b2a4c9112bf0e/html5/thumbnails/76.jpg)
Conclusion
I Decentralization is necessary:I Centralised infrastructure is a juicy target for crackersI Centralised computation enables totalitarian controlI Centralised data storage enables mass surveillance (PRISM)
I Decentralization creates challenges for research:I Privacy-enhancing network protocol designI Secure software implementationsI Software engineering and system architectureI Programming languages and tool supportI Usability and operational security
![Page 77: DÉCENTRALISÉ NOW! - NSA broke the Internet Now we have …seminaire-dga.gforge.inria.fr/2014/20141121_ChristianGrothoff.pdfO ensive Cyber E ect Operations (OCEO) can o er unique](https://reader033.vdocuments.us/reader033/viewer/2022042219/5ec5d8b2a22b2a4c9112bf0e/html5/thumbnails/77.jpg)
Conclusion
I Decentralization is necessary:I Centralised infrastructure is a juicy target for crackersI Centralised computation enables totalitarian controlI Centralised data storage enables mass surveillance (PRISM)
I Decentralization creates challenges for research:I Privacy-enhancing network protocol designI Secure software implementationsI Software engineering and system architectureI Programming languages and tool supportI Usability and operational security
![Page 78: DÉCENTRALISÉ NOW! - NSA broke the Internet Now we have …seminaire-dga.gforge.inria.fr/2014/20141121_ChristianGrothoff.pdfO ensive Cyber E ect Operations (OCEO) can o er unique](https://reader033.vdocuments.us/reader033/viewer/2022042219/5ec5d8b2a22b2a4c9112bf0e/html5/thumbnails/78.jpg)
Do you have any questions?
References:
I Julian Kirsch. Improved Kernel-Based Port-Knocking in Linux. Master's Thesis (TUM),2014.
I Matthias Wachs, Martin Schanzenbach and Christian Grotho�. A Censorship-Resistant,
Privacy-Enhancing and Fully Decentralised Name System. 13th InternationalConference on Cryptology and Network Security (CANS), 2014.
I Matthias Wachs, Martin Schanzenbach and Christian Grotho�. On the Feasibility of a
Censorship Resistant Decentralised Name System. 6th International Symposium onFoundations & Practice of Security, 2013.
I Christian Grotho�, Bart Polot and Carlo von Loesch. The Internet is Broken: IdealisticIdeas for Building a GNU Network. W3C/IAB Workshop on Strengthening theInternet Against Pervasive Monitoring (STRINT), 2014. s
I Bart Polot and Christian Grotho�. CADET: Con�dential Ad-Hoc DecentralisedEnd-to-End Transport. MedHocNet, 2014.
I Gabor Toth. Design of a Social Messaging System Using Stateful Multicast. Master'sThesis (UVA), 2013.
I Nathan Evans and Christian Grotho�. R5N. Randomized Recursive Routing for
Restricted-Route Networks. 5th International Conference on Network and SystemSecurity, 2011.