veiled
play

Veiled A Browser Darknet Matt Wood & Billy Hoffman - PowerPoint PPT Presentation

Sep 07, 2022 •311 likes •742 views

Veiled A Browser Darknet Matt Wood & Billy Hoffman matt.wood@hp.com billy.hoffman@hp.com Web Security Research Group -- HP Software What is a Darknet? A private network where users can freely exchange ideas and content.

  1. Veiled A Browser Darknet Matt Wood & Billy Hoffman matt.wood@hp.com billy.hoffman@hp.com Web Security Research Group -- HP Software

  2. What is a Darknet? A private network where users can freely exchange ideas and content. Darknets typically have additional features like strong encryption, digital identities, or storage systems 2

  3. Innovation and Turmoil Abound! New Set of Browser Wars Desktop App <-> Web App Server/Client <-> Peer-2-Peer Browser Platform + Traditional Darknet + ??? = Profit 3

  4. Original Darknets • Sneaknets − Yokel with floppy • Freenet (1999) − Strong Crypto − Shared Storage • WASTE (2000) − Private/sharing • Gnutella(~2000) − P2P qualities • Clones (2001-) 4

  5. Tor is *not* a Darknet! 5

  6. Barriers to Darknet Adoption • Technical Barriers − Installing/Configuring • Firewall • NAT − Not for Joe the Plumber • Social Barriers − People are unaware they exist − Freenet/Gnutella/Kazaa are basically open networks • Difficult to set-up your own • Creating your own “scene” 6

  7. Web Ecosystem • HTML 5 Features − Browser Storage − CORS/XDomainRequest • JavaScript Advances − V8/TraceMonkey • Lots of high quality JS libraries − UI/DOM − AES/RSA • Ubiquitousnesslyosity − Everyone has it − Everyone can use it 7

  8. A Browser Based Darknet • Properties we want − Distributed Redundant File Storage − Some anonymity − Web in the Web − Communication entirely over HTTP • Differentiating Properties − Zero-footprint Install − Web Clients are the new Web Server • P2P on top of HTTP − Simple to create/destroy/join − Focused on small to medium sized network/mesh 8

  9. WHY? • Barriers are Bad! • Removing Barriers is Good! • Fewer Barriers allows more Participation! • More participation allows Innovation! 9

  10. Veiled : Agenda • Architecture • Demo − Tech Overview • Features − Private Chat − Redundant Distributed File Storage − Web in the Web − Distributed JS Computation − Server Failover • Threat Analysis • Next Steps/New Tech 10

  11. High Level Architecture • Router is single server script file − Routers can peer • Client is Pure JS and HTML − Clients connect to Routers • Messages can traverse whole network 11

  12. Veiled Demo 12

  13. Veiled Router • Single Dynamic Page • Provides COMET connection to Client • Provides Ajax Targets for Client • Provides Peering hooks for other Routers • Provides transient storage (server memory) 13

  14. Veiled Client • Pure JS/HTML • Content served by a Router • Provide callbacks for COMET data pipe • Contains API to use browser storage − Whatwg_db/LocalStorage/Cookies/GlobalStorage • Contains JS Encryption Routines • UI 14

  15. COMET? • Traditional HTTP “pulls” data • COMET is a hack to make HTTP push possible − faster than long polling for lots of messages 15

  16. Messaging in Veiled • Client-Client Communication • Client-Router Communication • Router-Router Communication 16

  17. Client-Client Messaging • Two Types of Messages − Multicast − Routed • Occurs above HTTP Layer • Message Format − Type − Action − Origin ID − Target ID − Data − Distance − Unique ID 17

  18. Router-Client Communication • Client initiates COMET connection − Hidden iframe • Easy • Messages streamed to client via individual <script> tag function calls • Higher bandwidth than long-polling − Times out after 2-5 minutes, refreshes • Client uses AJAX to forward local messages/events to Router • Can Use HTTP Auth • Can Use SSL 18

  19. Router-Router Peering • HTTP/S Connection − Comet-y − No need for JS Tricks − Uses JSON for interop − PHP’s fsockopen • First connection contains connect back information • Both Servers need to be mutually accessible • Performs Routing • Can be setup with HTTP Auth − to prevent vagabonds 19

  20. Routing with Modified AODV • AODV − Ad-hoc On-demand Distance Vector − Used for mesh networks • Modified specifically to take advantage of protocol between clients • Why? − Reduces Traffic − Minimizes clients receiving traffic not meant for them 20

  21. Veiled Features • Global Chat − More of a debugging mechanism • Private Chat • Redundant Distributed File Storage • Web in the Web • Distributed JavaScript Jobs • Server Failover 21

  22. Private Chat • RSA Key Exchange − Keys generated by OpenSSL − Uses PidCrypt JS Library − Exchange AES 256 Key using RSA • AES + CBC − AES Key generated from • Hash(RSA Priv Key/Time/Domain) • Completely Encrypted on the Client • Possible MITM − Verify public keys 22

  23. Private Chat Protocol • Request Peers from Darknet − Can opt-out • Receive Client Aliases and Public Keys on Darknet • Start Chat Session with Client − Initiator generates AES Key − Encrypt with Remote Client’s public key − Send • AES Key Exchanged • Begin chat encrypting with AES 23

  24. Redundant Distributed File Storage • Goals − Survive Clients leaving the network − Secure Upload/Download of content − Utilize browser storage • Why • How • Challenges − JS has no access to local files − Two Options • Trust Router to distribute slices • Use Flash/Java to read local file and provide to JS 24

  25. RDFS Protocol • Upload − Select file and Submit HTML form − Router slices into 1k chunks − Multicast request for storage on darknet − Wait for slices to be “registered” − Send registered clients routed data packed • Download − Multicast file identifier for retrieval − Client’s check if their data store contains file identifier − Send routed data packet if found 25

  26. Web in the Web • Builds on top of File Distribution • Retrieve Files from Magnet Hashes • JavaScript API to Support − Embedded Images − Embedded (i)Frames − Rewriting Links to Magnet Hash 26

  27. Distributed JS Computation • Distribute JavaScript Jobs to Clients • Inspired by JavaScript • Provide Client API for: − Receiving jobs − Reporting results • Challenges − Dangerous JavaScript/XSS − Threading/Blocking the UI • Worker threads (HTML5/Gears) − Execute jobs in sandbox • Gareth Hayes: JSReg? • Google’s caja too much 27

  28. Server Failover • Router Peering − Publicize connect-back details to local clients − Inform clients if peer goes down • If Client COMET connection goes down − Retry − Connect to router peer 28

  29. Challenges • Debugging a “hidden” php connection blows! − COMET, distributes PHP files, “threading,” multiple clients − Pretty much left with printf() style debugging! • Shared Memory Locking/Threading • Over Reliance on Router − “Untrusted” Router • Local Storage vs Global Storage − Domain restrictions 29

  30. Threading in PHP • Each connection is a “thread” • Use flock(windows) or semaphore (sys-v) for locking • Shared Memory message queue − In transient Memory − PHP’s shmop 30

  31. Veiled Threat Analysis 31

  32. Veiled External Threats • Malicious Client − Disrupt/Inject faulty communications • HTTPS and HTTP Auth can defuse this mostly • Autodestruct network – new one needed • Malicious Router Process − Rogue PHP script (since all are run by apache) − Modify Shared Memory • Alter Message Queue • Remove Messages − Not sure if there is a better was to secure shared mem… • MITM − Mitigated with use of HTTPS 32

  33. Veiled Internal Threats • Malicious Client − Advertise false routes by sending spoofed packets − Saturate Network with Multicast Traffic − Send Bogus File slices during retrieval • Malicious Router − Can MITM Private Chat RSA Key Exchange − Compromise Clients IP’s connected to it 33

  34. Advances/Next Steps • NAT Busting • File Storage with Browser Cache • Using Clients as Routers • Persistent-XSS as Com Port − Very low bandwidth • Multiple Client-Router connections with CORS/ XDomainRequest • Using Completely Untrusted/Public Routers • Cloud Based Routers 34

  35. NAT Busting with HTTP Request • Server Behind NAT − Connection #1 • Initiate connection to Remote • Send HTTP Request • Parse Response as it Arrives for Data − Connection #2 • Initiate connection to Remote • Send “long” HTTP Request • Remote parses Request as it Arrives • Vanilla PHP can’t inspect incomplete requests − Perl has this built in 35

  36. File Storage with Browser Cache • Use Browser Caching to Store File Slices • Storage − Make hash from file hash and slice # − Router serves up page, client caches it • Retrieval − Make hash from file hash − Ajax Request to router • Cached Response • Server Response 36

  37. Using Clients as Routers • Listen for messages on two routers • Mediate Requests/Responses between them • Benefits − Link inaccessible routers with a client • Cons − Requires constant browser session/tab − Easier to MITM a network 37

  38. Persistent-XSS as Shared Storage/Queue • Use Persistent XSS’s on the internet as storage. − Hundreds of online notepads, lots are vulnerable to pxss • Decentralizes Network Further • How? − Create JavaScript API to abstract PXSS as storage device − Use iframe communication from pxss to local window − JSONP if possible 38

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

HEALTH &amp; WELLBEING RETREAT Veiled in untouched tropical jungle, Bagus Jati offers arousing

HEALTH &amp; WELLBEING RETREAT Veiled in untouched tropical jungle, Bagus Jati offers arousing

HEALTH &amp; WELLBEING RETREAT Veiled in untouched tropical jungle, Bagus Jati offers arousing views of one of Balis most breathtaking valleys and an architecturally unique retreat dedicated to one thing - your well-being. Eight circular deluxe

507 views • 22 slides
Euripides Euripides Euripides Life and Career in the Theatre The Hippolytus Myth

Euripides Euripides Euripides Life and Career in the Theatre The Hippolytus Myth

Euripides Euripides Euripides Life and Career in the Theatre The Hippolytus Myth Hippolytus and Phaedra on Stage Euripides Hippolytus Veiled Sophocles Phaedra Euripides Hippolytus Garlanded The Structure of

403 views • 18 slides
Incremental construction and maintenance of morphological analysers based on augmented letter

Incremental construction and maintenance of morphological analysers based on augmented letter

Incremental construction and maintenance of morphological analysers based on augmented letter transducers Alicia Garrido-Alenda, Mikel L. Forcada and Rafael C. Carrasco www. interNOSTRUM .com Departament de Llenguatges i Sistemes Inform`

426 views • 30 slides
There are no Accidents !!!! 17 th September is a very important date for Indian Solar Industry

There are no Accidents !!!! 17 th September is a very important date for Indian Solar Industry

There are no Accidents !!!! 17 th September is a very important date for Indian Solar Industry Autonic / UNSW 2019 1 Kungfu Panda, copywrite: Dreamworks for educational purpose Birthday of our Hon. Prime Minister Shri Narandra Modi Principle

940 views • 54 slides
Basic housekeeping Plugging obvious security holes in web sites. Chris9an Heilmann, Paris Web,

Basic housekeeping Plugging obvious security holes in web sites. Chris9an Heilmann, Paris Web,

Basic housekeeping Plugging obvious security holes in web sites. Chris9an Heilmann, Paris Web, Paris, October 2009 A few things to remember about basic web security. A bit of pimping... Grer la scurit de vos applica9ons web (Salle 1)

1.08k views • 89 slides
A3: Cross-site Scripting (XSS) (JavaScript injection) Prevalence Stock et.al. How the Web

A3: Cross-site Scripting (XSS) (JavaScript injection) Prevalence Stock et.al. How the Web

A3: Cross-site Scripting (XSS) (JavaScript injection) Prevalence Stock et.al. How the Web Tangled Itself: Uncovering the History of Client- Side Web (In)Security, USENIX Security 2017 But first..JavaScript security Pages now loaded

482 views • 46 slides
Mondragon 2013 a personal perspective William Franklin Partner Pett, Franklin &amp; Co. LLP 17

Mondragon 2013 a personal perspective William Franklin Partner Pett, Franklin &amp; Co. LLP 17

Mondragon 2013 a personal perspective William Franklin Partner Pett, Franklin &amp; Co. LLP 17 September 2013 www.pettfranklin.com Mondragon Town in Gipuzkoa region of Basque country An hours drive from Bilbao Mountainous area

605 views • 39 slides
CMU 15-896 Fair division 1: Cake cutting Teacher: Ariel Procaccia Single heterogeneous

CMU 15-896 Fair division 1: Cake cutting Teacher: Ariel Procaccia Single heterogeneous

CMU 15-896 Fair division 1: Cake cutting Teacher: Ariel Procaccia Single heterogeneous good, represented as Set of players Piece of cake finite union of disjoint intervals 15896 Spring 2016: Lecture 6 2 Each player has a

790 views • 28 slides
CAKE CUTTING How to fairly divide a heterogeneous divisible good between players with different

CAKE CUTTING How to fairly divide a heterogeneous divisible good between players with different

T RUTH J USTICE A LGOS Fair Division I: Cake Cutting Basics Teachers: Ariel Procaccia (this time) and Alex Psomas CAKE CUTTING How to fairly divide a heterogeneous divisible good between players with different preferences? THE PROBLEM

417 views • 24 slides
Tutorial on Fair Division Ulle Endriss Institute for Logic, Language and Computation University

Tutorial on Fair Division Ulle Endriss Institute for Logic, Language and Computation University

Fair Division COST-ADT School 2010 Tutorial on Fair Division Ulle Endriss Institute for Logic, Language and Computation University of Amsterdam &quot; # COST-ADT Doctoral School on Computational Social Choice Estoril, Portugal, 914 April

867 views • 69 slides
Cake: a tool for adaptation of object code Stephen Kell Stephen.Kell@cl.cam.ac.uk Computer

Cake: a tool for adaptation of object code Stephen Kell Stephen.Kell@cl.cam.ac.uk Computer

Cake: a tool for adaptation of object code Stephen Kell Stephen.Kell@cl.cam.ac.uk Computer Laboratory University of Cambridge Cake. . . p.1/32 Some familiar problems Software is expensive to develop expensive to maintain

384 views • 36 slides
Cup N Cake CNC Baked Goods Decorator Michelle Burroughs, Dan Fourie, Karen Hart,

Cup N Cake CNC Baked Goods Decorator Michelle Burroughs, Dan Fourie, Karen Hart,

Cup N Cake CNC Baked Goods Decorator Michelle Burroughs, Dan Fourie, Karen Hart, Amber Houghstow, Travis Tucker Sketch Model Demo Sketch Model Demo Cont. 2-axis head controlled by stepper

321 views • 7 slides
Cut a cake fairly: not so easy... 7 juin 2007 Cut a cake fairly: not so easy... Plan

Cut a cake fairly: not so easy... 7 juin 2007 Cut a cake fairly: not so easy... Plan

Plan Introduction Various ways for obtaining fair cuts Envy-free cuts Conclusions Cut a cake fairly: not so easy... 7 juin 2007 Cut a cake fairly: not so easy... Plan Introduction Various ways for obtaining fair cuts Envy-free cuts

957 views • 64 slides
CS133 Computational Geometry Intersection Problems 1 Riddle: Fair Cake-cutting Using only one

CS133 Computational Geometry Intersection Problems 1 Riddle: Fair Cake-cutting Using only one

CS133 Computational Geometry Intersection Problems 1 Riddle: Fair Cake-cutting Using only one straight-line cut, how to split the cake into two equal pieces (by area)? Cake 2 Riddle: Fair cake-cutting Mixed cake! Still one cut Cake Cake

1.19k views • 87 slides
Having Your Cake and Eating it too! Reconstructing Direction in a Liquid Scintillator Detector

Having Your Cake and Eating it too! Reconstructing Direction in a Liquid Scintillator Detector

Having Your Cake and Eating it too! Reconstructing Direction in a Liquid Scintillator Detector Lindley Winslow University of California Los Angeles Scintillation Cherenkov Light Light Energy Directionality Resolution I am particularly

476 views • 47 slides
EQUITABLE CAKE CUTTING Katarna Cechlrov, UPJ Koice, Slovakia common work with J.

EQUITABLE CAKE CUTTING Katarna Cechlrov, UPJ Koice, Slovakia common work with J.

EQUITABLE CAKE CUTTING Katarna Cechlrov, UPJ Koice, Slovakia common work with J. Dobo and E. Pillrov MODEL 2 Katarna Cechlrov, Equitable cake cutting ONLY ONE PIECE TO EVERYBODY 3 Katarna Cechlrov, Equitable cake

491 views • 17 slides
Lecture 12: Planning algorithms Solution Initial state s 0 Planner (= sequence

Lecture 12: Planning algorithms Solution Initial state s 0 Planner (= sequence

Classical Planning CS440/ECE448: Intro to Artificial Intelligence State transition system ! = (S,A, ! ) Lecture 12: Planning algorithms Solution Initial state s 0 Planner (= sequence of actions) (a 1 ,a 2

247 views • 10 slides
Recurrent Neural Networks CS 6956: Deep Learning for NLP Overview 1. Modeling sequences 2.

Recurrent Neural Networks CS 6956: Deep Learning for NLP Overview 1. Modeling sequences 2.

Recurrent Neural Networks CS 6956: Deep Learning for NLP Overview 1. Modeling sequences 2. Recurrent neural networks: An abstraction 3. Usage patterns for RNNs 4. BiDirectional RNNs 5. A concrete example: The Elman RNN 6. The vanishing

964 views • 18 slides
Game Theory Extensive Form Games: Applications Levent Ko ckesen Ko c University Levent

Game Theory Extensive Form Games: Applications Levent Ko ckesen Ko c University Levent

page.1 Game Theory Extensive Form Games: Applications Levent Ko ckesen Ko c University Levent Ko ckesen (Ko c University) Extensive Form Games: Applications 1 / 23 page.2 A Simple Game You have 10 TL to share A makes an offer

384 views • 23 slides
Scala in the JEE world How and why we have used Scala to implement portions of typical Java EE

Scala in the JEE world How and why we have used Scala to implement portions of typical Java EE

Scala in the JEE world How and why we have used Scala to implement portions of typical Java EE Experts at Cake Solutions They thought we wanted They thought we wanted Use Scala Use Scala Maven, baby We actually wanted We actually wanted We

922 views • 49 slides
MOL2NET , 2017 , 3, doi:10.3390/mol2net-03-015339 2 The physical-chemical characterization of

MOL2NET , 2017 , 3, doi:10.3390/mol2net-03-015339 2 The physical-chemical characterization of

MOL2NET , 2017 , 3, doi:10.3390/mol2net-03-015339 1 MOL2NET, International Conference Series on Multidisciplinary Sciences MDPI http://sciforum.net/conference/mol2net-03 THERMOALKALINE PRETREATMENT INFLUENCE ON ANAEROBIC BIODEGRADABILITY OF

648 views • 7 slides
Prac6cal Lessons From Crea6ng the Control-Alt-Hack Card

Prac6cal Lessons From Crea6ng the Control-Alt-Hack Card

Prac6cal Lessons From Crea6ng the Control-Alt-Hack Card Game Research Challenges for Games In Educa6on and Research Tamara Tammy Denning

314 views • 27 slides
Virtualization with Docker Matthias Schnepf Karlsruhe Institute of Technology (KIT), SCC/ETP 0

Virtualization with Docker Matthias Schnepf Karlsruhe Institute of Technology (KIT), SCC/ETP 0

Virtualization with Docker Matthias Schnepf Karlsruhe Institute of Technology (KIT), SCC/ETP 0 2019-11-05 Cake meeting Matthias Schnepf SCC/ETP Virtualization with Docker www.kit.edu KIT The Research University in the Helmholtz

1.26k views • 17 slides
6 Fluency Teaching Slides For or the ful ull slides inc nclud uding ng reasoni oning ng,

6 Fluency Teaching Slides For or the ful ull slides inc nclud uding ng reasoni oning ng,

Num umbe ber: r: Perc rcent ntages 6 Fluency Teaching Slides For or the ful ull slides inc nclud uding ng reasoni oning ng, pl please visit: www.masterthecur urricul ulum um.co. o.uk uk 6 Fluency Teaching Slides Fractions

921 views • 52 slides

More recommend