308 lines
11 KiB
TeX
308 lines
11 KiB
TeX
\documentclass[a4paper]{article} % Switch to report for front page
|
|
\renewcommand{\refname}{References}
|
|
\usepackage{amsmath,amsfonts,amsthm,amssymb}
|
|
\usepackage[utf8]{inputenc}
|
|
%\usepackage[icelandic]{babel}
|
|
\usepackage[T1]{fontenc}
|
|
\usepackage{setspace} % Allows more fine-grained control over line spacing
|
|
\usepackage{fancyhdr} % Headers and footers
|
|
\usepackage{lastpage} % Allows references to the last page of the document
|
|
\usepackage{chngpage} % Change format mid-page ?
|
|
\usepackage{soul} % Highlights text, with \hl{}
|
|
\usepackage[usenames,dvipsnames]{color} % Add color to text
|
|
\usepackage{graphicx,float,wrapfig}
|
|
\usepackage{ifthen} % \ifthenelse{}
|
|
\usepackage{listings}
|
|
\usepackage{courier} % Write in a monospace font
|
|
%\usepackage{geometry} % Because 'fullpage' is outdated
|
|
\usepackage{hyperref}
|
|
\usepackage[usenames,dvipsnames]{color}
|
|
\usepackage{subfig}
|
|
\usepackage{placeins}
|
|
|
|
\newtheorem{mydef}{Definition}
|
|
\newcommand{\Title}{A proof-of-concept implementation}
|
|
\newcommand{\SubTitle}{A distributed peer-to-peer ledger for trust in HTTPS}
|
|
\newcommand{\DueDate}{\today} % Or \today
|
|
\newcommand{\Class}{NameChain}
|
|
\newcommand{\AuthorClearSpace}{3in} % How far below the title the author name shoudl appear
|
|
\newcommand{\ClassInstructor}{}
|
|
\newcommand{\AuthorName}{Benedikt Kristinsson}
|
|
\newcommand{\DueLang}{} % Icelandic (perhaps some ifelse on language pack)
|
|
%\newcommand{\DueLang}{Due on} % English
|
|
|
|
|
|
%\topmargin=-0.45in
|
|
%\evensidemargin=0in
|
|
%\oddsidemargin=0in
|
|
%\textwidth=6.5in
|
|
%\textheight=9.0in
|
|
%\headsep=0.25in
|
|
|
|
% This is the color used for comments below
|
|
\definecolor{MyDarkGreen}{rgb}{0.0,0.4,0.0}
|
|
\definecolor{MyDarkRed}{rgb}{0.4,0.0,0.0}
|
|
|
|
|
|
\lstloadlanguages{Python}
|
|
\lstset{language=Python,
|
|
%frame=single, % Single frame around code
|
|
%basicstyle=\small\ttfamily, % Use small true type font
|
|
basicstyle=\small, % Don't use ttf
|
|
keywordstyle=[1]\color{Blue}, %\bf % functions green (bold commented out)
|
|
keywordstyle=[2]\color{Green}, % function arguments purple
|
|
keywordstyle=[3]\color{Red}\underbar, % User functions underlined and blue
|
|
identifierstyle=,
|
|
commentstyle=\usefont{T1}{pcr}{m}{sl}\color{MyDarkRed}\small,
|
|
stringstyle=\color{MyDarkGreen}, % Strings
|
|
showstringspaces=false, % Don't put marks in string spaces
|
|
tabsize=4,
|
|
% To add more keywords
|
|
%morekeywords={},
|
|
% Function parameters
|
|
%morekeywords=[2]{on, off, interp},
|
|
%%% Put user defined functions here
|
|
%morekeywords=[3]{FindESS, homework_example},
|
|
%
|
|
%morecomment=[l][\color{Grey}]{...}, % Line continuation (...) like blue comment
|
|
%numbers=left, % Line numbers on left
|
|
%firstnumber=1, % Line numbers start with line 1
|
|
%numberstyle=\tiny\color{Grey}, % Line numbers are blue
|
|
%stepnumber=1 % Line numbers go in steps of 1
|
|
}
|
|
|
|
% Setup the header and footer
|
|
%\pagestyle{fancy} % Pagestyle allows for header/foother
|
|
\pagestyle{plain} % No header/footerer
|
|
\lhead{\AuthorName}
|
|
\chead{\SubTitle}
|
|
\rhead{\Class}
|
|
%\cfoot{\thepage}
|
|
% \rfoot{Page\ \thepage\ of\ \protect\pageref{LastPage}}
|
|
\renewcommand\headrulewidth{0.4pt}
|
|
%\renewcommand\footrulewidth{0.4pt}
|
|
% This is used to trace down (pin point) problems in latexing a document:
|
|
%\tracingall
|
|
|
|
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
|
% Some tools
|
|
|
|
% Includes a figure
|
|
% The first parameter is the label, which is also the name of the figure
|
|
% with or without the extension (e.g., .eps, .fig, .png, .gif, etc.)
|
|
% IF NO EXTENSION IS GIVEN, LaTeX will look for the most appropriate one.
|
|
% The second parameter is the width of the figure normalized to column width
|
|
% (e.g. 0.5 for half a column, 0.75 for 75% of the column)
|
|
% The third parameter is the caption.
|
|
\newcommand{\scalefig}[3]{
|
|
\begin{figure}[ht!]
|
|
% Requires \usepackage{graphicx}
|
|
\centering
|
|
\includegraphics[width=#2\columnwidth]{#1}
|
|
%%% I think \captionwidth (see above) can go away as long as
|
|
%%% \centering is above
|
|
%\captionwidth{#2\columnwidth}%
|
|
\caption{#3}
|
|
\label{#1}
|
|
\end{figure}}
|
|
|
|
% Includes code
|
|
% The first parameter is the label, which also is the name of the script
|
|
% with the file extension the '#1' in the command belove
|
|
% The second parameter is the optional caption.
|
|
\newcommand{\code}[2]
|
|
{\begin{itemize}\item[]\lstinputlisting[caption=#2,label=#1]{#1}\end{itemize}}
|
|
|
|
|
|
%\setcounter{secnumdepth}{0}
|
|
\newcommand{\problem}[2]
|
|
{
|
|
\subsubsection*{\sc{#1}}
|
|
#2
|
|
}
|
|
\newcommand{\tmpsection}[1]{}
|
|
\let\tmpsection=\section
|
|
|
|
\renewcommand{\section}[2]{
|
|
|
|
\ifthenelse{
|
|
\equal{#2}{*} % I have to be oddly specific here
|
|
}
|
|
{
|
|
\tmpsection{References}
|
|
\tmpsection{\sc{#2} }
|
|
}
|
|
{\tmpsection{\sc{#1} } }
|
|
|
|
|
|
}
|
|
|
|
|
|
\title{
|
|
\Class:\ \Title
|
|
%\ifthenelse{\equal{\SubTitle}{}}{}{\\{\SubTitle}}
|
|
}
|
|
\date{\small{\DueLang\ \DueDate}}
|
|
\author{\AuthorName\\Advisor: \ClassInstructor\\}
|
|
|
|
|
|
\begin{document}
|
|
\maketitle
|
|
|
|
|
|
% Uncomment the \tableofcontents and \newpage lines to get a Contents page
|
|
% Uncomment the \setcounter line as well if you do NOT want subsections
|
|
% listed in Contents
|
|
% Remeber to compile twice
|
|
%\setcounter{tocdepth}{1}
|
|
%\tableofcontents
|
|
%\newpage
|
|
|
|
%\clearpage
|
|
%x\section{Lausn verkefnis og útfærsla}
|
|
|
|
\begin{abstract}
|
|
|
|
Traditionally we have come to rely on Certificate Authroities (CA)
|
|
to verify that the servers we connect to are the ones we are relly
|
|
trying to connect to. The CA system is very centralized and more
|
|
based on beurocracy than technology.
|
|
|
|
In this essay we propose a distributed and peer-to-peer techonology
|
|
that is builds a distributed consent of what encryption keys a
|
|
client should expect a remote server to use. Rather than having to
|
|
trust one central authority to tell the truth, the network forms a
|
|
majority that is trusted.
|
|
|
|
\end{abstract}
|
|
|
|
\section{Introduction}
|
|
% Motivation
|
|
|
|
% Example of how to write code in this template
|
|
|
|
The current CA model is broken. \\
|
|
|
|
Operating systems and browsers come pre-loaded with CA certificates
|
|
and will blindly trust their signatures. One rouge CA being
|
|
distributed in such a way would make dragnet attacks almost trivial,
|
|
and begs the question of wether they have been used for targetted
|
|
attacks. In a post-Snowden world, we have to consider these to be
|
|
facts, rather than mere speculations. \\
|
|
|
|
|
|
\subsection{Contributions}
|
|
|
|
The contributions of this work are the following:
|
|
|
|
\begin{itemize}
|
|
|
|
\item An implementation of a peer-to-peer network with Python and Twisted
|
|
|
|
\end{itemize}
|
|
|
|
\section{Vendor-shipped CA certificates}
|
|
|
|
The CA model instills trusts by having Certificates Authorities sign
|
|
certificates. For the operating system or browser to be able to verify
|
|
this signature, they need to maintain a list of known CA certificates,
|
|
called \textit{root certificates}. These lists come pre-shipped with
|
|
the software and are thus hard to maintain and keep up-to-date. \\
|
|
|
|
If any of these root certificates have signed a certificate for any
|
|
given domain, the software will accept the signature as valid and,
|
|
more importantly - that the remote server is who it claims to be. If a
|
|
state-level actor has control over just one of the root certificates
|
|
distributed (hereby referred to be as a \textit{rouge certificate})
|
|
then they can man-in-the-middle the connection
|
|
trivially. Occasionally, there have been doubts about the legitimacy
|
|
of some of these certificates\footnote{dig up examples} and the
|
|
Chinese government has at least one broadly distributed
|
|
certificate. \\
|
|
|
|
Mozilla Project publishes their CA Certificate
|
|
Policy~\cite{mozillacapolicy} which details the application process,
|
|
as well as how Mozilla maintains trust in the root certificates. More
|
|
detailed discussion is mainted on the Mozilla
|
|
Wiki~\cite{mozillacawiki}, including lists of current CA certificates
|
|
as well as a list of all removed CA certificates (although it does not
|
|
detail the reasons for the removal).\\
|
|
|
|
%Microsoft Trusted Root Certificate, published program requirements\footnote{https://technet.microsoft.com/en-us/library/cc751157.aspx} and there are some Membership Lists\footnote{http://download.microsoft.com/download/1/5/7/157B29AB-F890-464A-995A-C87945B28E5A/Windows\%20Root\%20Certificate\%20Program\%20Members\%20-\%20Sept\%202014.pdf} as PDFs on Microsoft Download.\\
|
|
|
|
|
|
\section{Protocol description}
|
|
|
|
NameChain is a peer-to-peer network to validate certificates with a
|
|
majority consensus protocol. It is heavily influenced by the structure
|
|
of Bitcoin~\cite{bitcoin2008}. As the proof-of-concept implemenation
|
|
is not stable software and might be worked on after the finalization
|
|
this essay, the protocol might change. Readers are directed towards
|
|
the project on GitHub~\cite{ncpocgithub} for an up-to-date protocol
|
|
description. Best effors are made to keep the \texttt{README.md} file
|
|
for the project accuarte, but ultimately the protocol is specified by
|
|
the sorce code. \\
|
|
|
|
\section{Proof-of-concept implementation}
|
|
|
|
|
|
The proof-of-concept implemenation is written in Python and uses
|
|
Twisted\footnote{\url{https://twistedmatrix.com/}} to implement the
|
|
protocol and peer-to-peer network. The code is hosted and maintained
|
|
on GitHub~\cite{ncpocgithub}. Messages are serialized to JSON-strings
|
|
before being sent over the network, wrapped in an JSON envelope with a
|
|
HMAC signature. \\
|
|
|
|
\begin{lstlisting}[caption=JSON envelope structure]
|
|
def make_envelope(msgtype, msg, nodeid):
|
|
msg['nodeid'] = nodeid
|
|
msg['nonce'] = nonce()
|
|
sign = hmac.new(nodeid, json.dumps(msg))
|
|
envelope = {'data': msg,
|
|
'sign': sign.hexdigest(),
|
|
'msgtype': msgtype}
|
|
return json.dumps(envelope)
|
|
\end{lstlisting}
|
|
|
|
Seeing as this is a personal research PoC implementation, broad public
|
|
use is not anticipated. The author currently maintains bootstrapping
|
|
nodes at \texttt{freespace.sudo.is} and \texttt{ncnode.sudo.is}, with
|
|
no guarantee of uptime.
|
|
|
|
|
|
%\section{Case study: pre-loaded CA certificates}
|
|
%
|
|
%\subsection{Firefox nightly}
|
|
%
|
|
%\subsection{Windows 7}
|
|
%
|
|
%\subsection{Debian}
|
|
%
|
|
%\subsection{Ubuntu}
|
|
|
|
|
|
|
|
\bibliographystyle{plain}
|
|
\bibliography{ncpoc}
|
|
|
|
|
|
\end{document}
|
|
|
|
% Stuff to mention
|
|
% Switching from 9600 baudrate to the new one resulting in leastsignrand passing poker test
|
|
% Also resulted in SerialException
|
|
% How closely the algs miss the FIPS test
|
|
% Bitrates in 9600 vs new one
|
|
% Check other baudrates?
|
|
|
|
% Eftir að gera
|
|
%% Sýna graf frá einum Arduino þar sem lesið er frá öllum pinnum
|
|
%% Athgua hvort að ard3 sýni drop á skógarbraut. Taka gröf úr ard2 líka. Skoða ard1
|
|
%% Sýna munin á gildum í mismuandi herbergjum (fossahvarf vs skógarbraut)
|
|
|
|
% Athugasemdir til Ýmis:
|
|
%% Mig vantar að orða tengsl við Tsense einhversstaðar
|
|
%%% Tsense notaði einmitt aðferðina að lesa analogRead til að búa seed, koma því að
|
|
%% Eiga öll NIST security levels erindi í skýrsluna?
|
|
%% Ég set footnote á randomSeed referencið í introduction en myndi líka að þurfa að vitna í það í seinni kafla. Hvernig geri ég það snyrtilegast?
|