-
Notifications
You must be signed in to change notification settings - Fork 4
/
index.html
219 lines (159 loc) · 6.52 KB
/
index.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>reveal.js - The HTML Presentation Framework</title>
<meta name="description" content="A framework for easily creating beautiful presentations using HTML">
<meta name="author" content="Hakim El Hattab">
<meta name="apple-mobile-web-app-capable" content="yes" />
<meta name="apple-mobile-web-app-status-bar-style" content="black-translucent" />
<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no">
<link rel="stylesheet" href="css/reveal.min.css">
<link rel="stylesheet" href="css/theme/default.css" id="theme">
<!.. For syntax highlighting ..>
<link rel="stylesheet" href="lib/css/zenburn.css">
<!.. If the query includes 'print-pdf', use the PDF print sheet ..>
<script>
document.write( '<link rel="stylesheet" href="css/print/' + ( window.location.search.match( /print-pdf/gi ) ? 'pdf' : 'paper' ) + '.css" type="text/css" media="print">' );
</script>
<!..[if lt IE 9]>
<script src="lib/js/html5shiv.js"></script>
<![endif]..>
</head>
<body>
<div class="reveal">
<!.. Any section element inside of this container is displayed as a slide ..>
<div class="slides">
<section data-markdown data-separator="^\n\.\.\.\n$" data-vertical="^\n\.\.\n$">
<script type="text/template">
P2P DNS and Signature Authority
----
- Brendan Benshoof
- Andrew Rosen
...
## What?
- Distributed Domain Name Service
- Transparent to the user
- Fast
- Reliable
- Requires distributed signing service for:
- Authentication
- Thrwarting man-in-the-middle attacks
...
## Why?
- Recent events have demonstrated that centralized authorities are not as secure a previously hoped.
- There is little cryptographic protection against the subpoena.
- Poorly constructed laws targeting DNS.
- A distributed approach for authentication is much less vulnerable.
...
## How?
- Use a Distributed Hash Table (DHT) to organize a P2P network
- We'll be using Chord
- Use a variant of NameCoin's blockchain to secure shared list of keys and domains.
- Use the DHT to load balance and distribute responsibility for hosting DNS
and keys.
...
## Distributed Hash Table
- Means of organizing communication and responsibility in a P2P network
- Each peer is responsible for a verifiable span of hash values
- Facilitates one-to-one communication and one-to-many communication
..
![Chord Ring](chordreal.png)
...
## Namecoin Variant
- Allows for a shared, immutable and secure public records
- Based on the block chain verification of Bitcoin
- One block can include the validation of a new server's public key
- One block can include a DNS record or change
- Blocks require a proof of work to authenticate, causing records to be produced at a semi-fixed rate.
..
## What a block looks like
![Block Diagram](bitcoin-diagram-490.png)
...
## Man in the Middle In a DHT
- Need to have a distributed, reliable way to authenticate
- Given: an existing network where nodes have exchanged keys securely
- Given: a new peer who wishes to join the network and share their public key
..
## Man in the Middle Prevention
- At least 2 members of the network interrogate the new peer for its public key
- Those interrogators compare their results
- If those results match
- The new peer creates an authentication record
- The interrogators sign that record
- The new record is distributed across the network
- If the results do not match
- An attack is detected and reported to the new peer by all authenticating servers.
- A member of the network may make a ban of the compromised peer
- Otherwise the joining process can be repeated.
...
## Distribution of DNS
- Responsibility for serving DNS records is distributed across the network.
- Each node acts as a DNS server reverse compatible with traditional DNS
- Any user who wishes to use this DNS network sets any node as their DNS server
- ideally this node is nearby to the client
- Send DNS requests to that node.
- Transparent to end user.
..
## Retrieval
- Each node has records of
- Addresses it's responsible for based on their hash value
- Chached recent and frequent result lookups
- If a node does not have the DNS record for a request locally or stored in the cache, it may either:
- Retrieve the value for the requester, getting its own copy
- Return its best peer for that record
- Choice depends on the recursive bit of the DNS request.
- Optionally, if a DNS request is for a domain the P2P DNS is not configured to manage, ask conventional DNS server
...
## Project Components
- Research related work
- Formalize protocol and architecture
- Implement protocol with real servers
..
## Research
- Review existing previous work to build off.
- Distributed DNS
- Implementations of Chord
- Examinations of the Bitcoin blockchain
- Identify related work
..
## Formalization
- Need to design an architecture and protocol before programming can begin.
- Identify security holes and address them
..
## Final Product
- First draft of conference paper.
- Implementation of protocol on top of Chord
- Experimental results
- Nodes outside network can perform lookup on the distributed DNS.
- Latency data.
- Scalability data.
</script>
</section>
</div>
</div>
<script src="lib/js/head.min.js"></script>
<script src="js/reveal.min.js"></script>
<script>
// Full list of configuration options available here:
// https://github.com/hakimel/reveal.js#configuration
Reveal.initialize({
controls: true,
progress: true,
history: true,
center: true,
theme: Reveal.getQueryHash().theme || 'moon', // available themes are in /css/theme
transition: Reveal.getQueryHash().transition || 'default', // default/cube/page/concave/zoom/linear/fade/none
// Optional libraries used to extend on reveal.js
dependencies: [
{ src: 'lib/js/classList.js', condition: function() { return !document.body.classList; } },
{ src: 'plugin/markdown/marked.js', condition: function() { return !!document.querySelector( '[data-markdown]' ); } },
{ src: 'plugin/markdown/markdown.js', condition: function() { return !!document.querySelector( '[data-markdown]' ); } },
{ src: 'plugin/highlight/highlight.js', async: true, callback: function() { hljs.initHighlightingOnLoad(); } },
{ src: 'plugin/zoom-js/zoom.js', async: true, condition: function() { return !!document.body.classList; } },
{ src: 'plugin/notes/notes.js', async: true, condition: function() { return !!document.body.classList; } }
]
});
</script>
</body>
</html>