Order of Presentations Team Topic 203 Scanning DNS and DNSSec and mapping results to ASN/Geolocations 205 DNS delegations to other zones & querying DNS with GO 206 DNSSec with Linux Tools and GO 201 RPKI Validation 207 go-tlsscanner, BGPStream, and AS dynamics 208 MassDNS 209 DANE-TLSA 204 CAA 202 Certificate Transparency and OCSP revocation
create your own exercise Shen Hu and Andreas Wehe (208) Who has the DNS? 1
Outline Lecture • DNS mechanism at scale • Who is the DNS authority, slight trust issues • DNS outsourcing & censorship • Teaser: measurement to plot to paper 2
Outline PreLab • DNS components in detail • DNS basics: authority, cache, resolver • “Manual crawl” with dig • Man massDNS • Ipynb simple plot 3
Outline Lab • Warm up: Dig, probe one website • Analyse the DNS response: What do we get? • Setup Massdns & explore Alexa top 1M • Ipynb: graphical impression of DNS sources • Focus on outsourcing DNS 4
What Will Your Students Learn? The Following Learning Goals are Covered in the Lecture PreLab Lab X X X Understand DNS participants: authority, cache, resolver X X Understand challenge of probing the internet at scale X X Learn to use tools: dig, massDNS/Zmap X X Employ IpyNB for number crunching for visualization X X X Reflect roles of DNS providers in the infrastructure 5
Teaser Practical Part This is your playground: The Internet 6
Order of Presentations Team Topic 203 Scanning DNS and DNSSec and mapping results to ASN/Geolocations 205 DNS delegations to other zones & querying DNS with GO 206 DNSSec with Linux Tools and GO 201 RPKI Validation 207 go-tlsscanner, BGPStream, and AS dynamics 208 MassDNS 209 DANE-TLSA 204 CAA 202 Certificate Transparency and OCSP revocation
Sebastian Borchers, Mihailo Rajacic, Team 209 Trust me, I am a DANE-TLSA 1
Outline Lecture ➢ Problems with CA we are facing currently ➢ If CA is hacked/breached, attackers can issue certificates and fake for example to be your bank's website. Knowing that lots of CA’s exist, it can bring a lot of potential attacks ➢ Solution: DANE-TLSA ➢ We explain what it is and how it can solve the problem ➢ Why is it not yet mass deployed? ➢ What is so interesting? ➢ DNS is one of the key components of the Internet, but it is also vulnerable -> you enhance this and make it more secure ➢ Imagine you want to do your online banking, but somebody fakes the certificate of your bank's website and scams you. With Dane-TLS it would not have happened 2
Outline PreLab In prelab we are planning to show: ➢ Brief reminder of how basic DNS works Introduce NSLookUp/Dig/... ➢ Why DANE-TLSA is necessary (Security, independence of CAs) ➢ TLSA-Record: Usage and Structure ➢ How DNS is more secure with DANE ➢ Highlighting the necessity of DNSSEC, in order for DANE to be trustworthy 3
Outline Lab In Lab part our goal is to: ➢ Setup Lab system script ➢ Write Go code template to retrieve certificates with TLS ➢ Write Go code template to retrieve DANE-TLSA records and parse them according to the 2x3 different storage options defined by the IETF ➢ Write Go code template to determine whether a certificate retrieved via TLS is correctly specified in DANE-TLSA ➢ Perform Man In the Middle attack ➢ Make efficient hints for students to complete Go code templates and make them work 4
What Will Your Students Learn? The Following Learning Goals are Covered in the Lecture PreLab Lab Understand theoretical aspect of DANE-TLSA X X Learn why DANE-TLSA is important, but not yet in mass use X X Understand and use TLS certificates X X X Learn importance of DNS security X X X Complete Go code exercises on DANE-TLSA X 5
Teaser Practical Part PC5: DNS Server PC3: Attacker PC4: Web server PC1: Client 6
Literature Your Students Learn? [1.] https://tools.ietf.org/html/rfc6698 [2.]https://docs.google.com/document/d/1UFdNEBR65OPrLNlvfWIyyolSF0U2WrnateKl7o s5yaE/edit?usp=sharing [3.] https://datatracker.ietf.org/meeting/87/materials/slides-87-dane-2
Order of Presentations Team Topic 203 Scanning DNS and DNSSec and mapping results to ASN/Geolocations 205 DNS delegations to other zones & querying DNS with GO 206 DNSSec with Linux Tools and GO 201 RPKI Validation 207 go-tlsscanner, BGPStream, and AS dynamics 208 MassDNS 209 DANE-TLSA 204 CAA 202 Certificate Transparency and OCSP revocation
create your own exercise Caroline Gergen | Juan Jaramillo | 204 Certification Authority Authorization (CAA) 1
Outline Lecture • Theoretical background of CAA • Importance of CAA • Structure and how to obtain CAA records • Pros and contras of CAA 2
Outline PreLab • Introduction to the CAA format and records • Vulnerabilities and alternatives to CAA • Error potential of CAA 3
Outline Lab • Usage of the „dnscaa“ tool • Retrieve, parse and evaluate CAA records • Handle revoked CAA Records 4
What Will The Students Learn? The Following Learning Goals are Covered in the Lecture PreLab Lab X Theoretical background of CAA Pros and contras of CAA X Understand the CAA format X X Retrieve and parse CAA Records X X Usage of the „dnscaa“ tool X Handle revoked CAA Records X 5
Teaser Practical Part This is your playground: 3x Quad Core fast PC with 3-4 usable LAN interfaces per machine. 2x Ethernet switch 2x Work Place with KVM DNS Server Webserver (Domain) PC for retrieving CAA records, etc. 6
Order of Presentations Team Topic 203 Scanning DNS and DNSSec and mapping results to ASN/Geolocations 205 DNS delegations to other zones & querying DNS with GO 206 DNSSec with Linux Tools and GO 201 RPKI Validation 207 go-tlsscanner, BGPStream, and AS dynamics 208 MassDNS 209 DANE-TLSA 204 CAA 202 Certificate Transparency and OCSP revocation
Berkay Kozan, Jan Krol create your own exercise Group 202 Guess the correct log – CT insights 1
Outline Lecture • What do you plan to teach in the lecture? • The vulnerabilites of SSL. • How CT operation works. • How log proofs work. • Why is your topic interesting? • It shows modern and future technology in web security. • Every secure website has to use CT nowadays. • What cool stuff do you want to communicate to those doing your planned lab? • This lab will be in the style of a TV game-show for IT experts (nerds) 2
Outline PreLab • What do you plan to do in the PreLab? • Deepen the SSL handshake and vulnerabilities • Show the technology behind CT like Auditors, Monitors and Log Proofs • What is the required Background for the lab? • The students should know SSL handshake • Understand how log proofs work • What are relevant tools you present? • Chrome Developer Tools & openSSL 3
Outline Lab • What do you plan to do in the Lab? • In the theme of a nerdy TV game show, the participants have to fetch data from CT log and establish a TLS connection to the game show safe • What is the general setup? • There will be 2 computers needed: a web server and a client. • In which parts do you structure the lab? • Setting up and establishing SSL connection • Fetch data from CT log • Compare SCT in TLS connection with logged SCT • Students write a small auditor which fetches SCTs regularly in order to win the big prize in the game 4
What Will Your Students Learn? The Following Learning Goals are Covered in the Lecture PreLab Lab Students understand CT operation X X X Students understand the vulnerabilities of SSL. X X Students understand how log proof works X X Students write code to fetch data from CT log X X Students write code to compare SCT in TLS connection X X with logged SCT X Students write a small Auditor for CT that fetches SCTs regularly and compares with what it sees in the TLS connection 5 Adapted from Your Exercise: Topic Presentation
Teaser Practical Part 6
ds2os.org/ DIY - Hardware Creation Distributed Smart 2pace Orchestration System
System Smart Space Orchestration Orchestration Physical World Computer 2pace } Distributed Smart Virtual World Computer Physical World Image Source: http://blogs.imediaconnection.com/blog/2013/05/30/the-true-impact-of-an-app-economy/
Three parts • DIY HW • Build an actual hardware device • Work with a microcontroller • DIY SW • Learn about semantic modeling, middleware, blackboard coupling, autonomous management, … • P2P Measurements • Learn about doing and evaluating measurements in a distributed system.
77 System Orchestration ID card-based Reconfiguration of a Smart Room 2pace Distributed Smart ds2os.org/
78 The ID cards can be used to configure Smart Environments Profile Store Profile b Profile mop Profile Standby
79 The ID cards can be used to configure Smart Environments Profile b Profile mop Profile Standby Profile mop alarm ceiling light ID card Profile Store Profile b … PC shutters Profile Standby
80
81 “So what?”
82 DIY Hardware 40 € 60 € 13 € <200 € 10 €
Dave Mellis Tom Igoe 83 *HW Maker Culture Creating your own hardware is easy . time 2005 Creating your own hardware is difficult . Massimo Banzi Gianluca Martino David Cuartielles
84 TWO DIY Maker Cultures System Orchestration A computing system that is typically embedded, interfaces its environment via sensors and actuators, and can be remotely managed. Smart Space App DIY Hardware Arduino 2pace Smart Device Distributed Smart DIY Software DS2OS Portable easy-to-program applications that manage smart environments. Creating your own IoT Creating your own IoT Software Apps is difficult . Software Apps is easy . 2005 ? time
DIY Hardware System Orchestration Smart Space App DIY Hardware Arduino 2pace Smart Device Distributed Smart DIY Software DS2OS 2016 time
System Orchestration s2o - hardware 2pace Marc-Oliver Pahl Distributed Smart ds2os.org/
What is this about? System Smart Devices Orchestration A hardware device that can sense and interact with its environment via sensors and actuators, and that can be managed remotely using software is called Smart Device . 2pace Smart Spaces Distributed Smart A physical space that contains smart devices is called Smart Space . Smart Space Orchestration Monitoring and controlling (managing) Smart Devices within a Smart Space with software is called Smart Space Orchestration.
Creating Hardware System Orchestration 2pace Creating your own hardware Distributed Smart is easy . time 2005 Creating your own hardware is difficult .
System Orchestration 2pace Distributed Smart Massimo Banzi - one of the creators of Arduino 2012 TED talk
Arduino Video System Orchestration • Arduino • Created 2005 at IVREA for simplifying interaction design class • Industrie 3.0 (create objects on your own) 2pace Distributed Smart • Open Source Hardware => Makers Movement • “you have unlocked” … “I just feel overwhelmed” … “going into every field you could imagine”
Do It Yourself (DIY) Hardware System Orchestration 2pace Distributed Smart You will experience it in this lab…
System Orchestration Introduction to Electronics 2pace The electrical engineering details will not be part of the exam. Distributed Smart Slides by Alexander Güssow
How is a Breadboard cabled? Distributed Smart 2pace Orchestration System
Agenda • Introduction to Electronics – Voltage and current – Units and parameters – Resistance: Ohms Law and Kirchhoff's Laws – (Light Emitting) Diodes • Common Sensor types 2
Voltage in practice • Voltage 𝒗 𝒖 : ℝ → ℝ • Always measured between two points • 𝑣 𝑢 = 𝑑 where 𝑑 ∈ ℝ DC Voltage • 𝑣 𝑢 = û sin 2𝜌𝑔𝑢 AC Voltage • Touching >50V AC or >120V DC can harm you 7
Voltmeters measure static and fluctuating voltages Source: Fluke 80 Series V User Manual, May 2004 Rev.2, 11/08, page 14 8
Oscilloscopes display time-variant voltage curves Source: https://www.adafruit.com/products/2145, 18.11.2015
Current • Voltage sources: Pump analogy • Closing the circuit – Charge Flow? Current is the charge flow rate in a circuit in Coulomb/s. 10
Current in practice • Current 𝒋 𝒖 : ℝ → ℝ • Different charged particles • Actual direction unknown • Closed electric circuit • Stopping large currents quickly is dangerous 11
Recommend
More recommend
