Commit f7477b5a authored by Clark's avatar Clark
Browse files

Initial commit

parents
This diff is collapsed.
<?xml version="1.0" encoding="UTF-8" standalone="no"?><svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" contentScriptType="application/ecmascript" contentStyleType="text/css" height="836px" preserveAspectRatio="none" style="width:1513px;height:836px;" version="1.1" viewBox="0 0 1513 836" width="1513px" zoomAndPan="magnify"><defs/><g><!--entity Primitives--><path d="M597,18.5 C597,8.5 707.5,8.5 707.5,8.5 C707.5,8.5 818,8.5 818,18.5 L818,92.6875 C818,102.6875 707.5,102.6875 707.5,102.6875 C707.5,102.6875 597,102.6875 597,92.6875 L597,18.5 " fill="#FEFECE" style="stroke: #000000; stroke-width: 1.5;"/><path d="M597,18.5 C597,28.5 707.5,28.5 707.5,28.5 C707.5,28.5 818,28.5 818,18.5 " fill="none" style="stroke: #000000; stroke-width: 1.5;"/><text fill="#404040" font-family="sans-serif" font-size="28" lengthAdjust="spacingAndGlyphs" textLength="201" x="607" y="58.4902">Cryptographic</text><text fill="#404040" font-family="sans-serif" font-size="28" lengthAdjust="spacingAndGlyphs" textLength="140" x="607" y="91.084">Primitives</text><!--entity Unkeyed--><polygon fill="#FEFECE" points="957.5,18,967.5,8,1137.5,8,1137.5,93.1875,1127.5,103.1875,957.5,103.1875,957.5,18" style="stroke: #53485C; stroke-width: 1.5;"/><line style="stroke: #53485C; stroke-width: 1.5;" x1="1127.5" x2="1136.5" y1="18" y2="9"/><line style="stroke: #53485C; stroke-width: 1.5;" x1="957.5" x2="1127.5" y1="18" y2="18"/><line style="stroke: #53485C; stroke-width: 1.5;" x1="1127.5" x2="1127.5" y1="18" y2="103.1875"/><text fill="#404040" font-family="sans-serif" font-size="28" lengthAdjust="spacingAndGlyphs" textLength="124" x="972.5" y="53.9902">Unkeyed</text><text fill="#404040" font-family="sans-serif" font-size="28" lengthAdjust="spacingAndGlyphs" textLength="140" x="972.5" y="86.584">Primitives</text><!--entity PRGs--><rect fill="#FEFECE" height="155.7188" style="stroke: #53485C; stroke-width: 1.5;" width="267" x="761" y="163"/><path d="M850,164 L850,168 L843,175 L761,175 " fill="none" style="stroke: #53485C; stroke-width: 1.5;"/><a target="_top" xlink:actuate="onRequest" xlink:href="https://blog.bytecache.io/Cryptanalysis/Pseudo_Random_Generators.html" xlink:show="new" xlink:title="https://blog.bytecache.io/Cryptanalysis/Pseudo_Random_Generators.html" xlink:type="simple"><text fill="#0000FF" font-family="sans-serif" font-size="36" font-weight="bold" lengthAdjust="spacingAndGlyphs" text-decoration="underline" textLength="148" x="776" y="216.416">Pseudo</text><line style="stroke: #0000FF; stroke-width: 1.0;" x1="776" x2="924" y1="218.416" y2="218.416"/></a><a target="_top" xlink:actuate="onRequest" xlink:href="https://blog.bytecache.io/Cryptanalysis/Pseudo_Random_Generators.html" xlink:show="new" xlink:title="https://blog.bytecache.io/Cryptanalysis/Pseudo_Random_Generators.html" xlink:type="simple"><text fill="#0000FF" font-family="sans-serif" font-size="36" font-weight="bold" lengthAdjust="spacingAndGlyphs" text-decoration="underline" textLength="167" x="776" y="258.3223">Random</text><line style="stroke: #0000FF; stroke-width: 1.0;" x1="776" x2="943" y1="260.3223" y2="260.3223"/></a><a target="_top" xlink:actuate="onRequest" xlink:href="https://blog.bytecache.io/Cryptanalysis/Pseudo_Random_Generators.html" xlink:show="new" xlink:title="https://blog.bytecache.io/Cryptanalysis/Pseudo_Random_Generators.html" xlink:type="simple"><text fill="#0000FF" font-family="sans-serif" font-size="36" font-weight="bold" lengthAdjust="spacingAndGlyphs" text-decoration="underline" textLength="227" x="776" y="300.2285">Generators</text><line style="stroke: #0000FF; stroke-width: 1.0;" x1="776" x2="1003" y1="302.2285" y2="302.2285"/></a><!--entity Hash_Functions--><rect fill="#FEFECE" height="95.1875" style="stroke: #53485C; stroke-width: 1.5;" width="176" x="1063.5" y="193.5"/><path d="M1122.1667,194.5 L1122.1667,198.5 L1115.1667,205.5 L1063.5,205.5 " fill="none" style="stroke: #53485C; stroke-width: 1.5;"/><text fill="#404040" font-family="sans-serif" font-size="28" lengthAdjust="spacingAndGlyphs" textLength="71" x="1078.5" y="239.4902">Hash</text><text fill="#404040" font-family="sans-serif" font-size="28" lengthAdjust="spacingAndGlyphs" textLength="136" x="1078.5" y="272.084">Functions</text><!--entity One_Way_Perms--><rect fill="#FEFECE" height="95.1875" style="stroke: #53485C; stroke-width: 1.5;" width="228" x="1274.5" y="193.5"/><path d="M1350.5,194.5 L1350.5,198.5 L1343.5,205.5 L1274.5,205.5 " fill="none" style="stroke: #53485C; stroke-width: 1.5;"/><text fill="#404040" font-family="sans-serif" font-size="28" lengthAdjust="spacingAndGlyphs" textLength="124" x="1289.5" y="239.4902">One-way</text><text fill="#404040" font-family="sans-serif" font-size="28" lengthAdjust="spacingAndGlyphs" textLength="188" x="1289.5" y="272.084">Permutations</text><!--entity Symmetric_Primitives--><polygon fill="#FEFECE" points="342.5,389,352.5,379,594.5,379,594.5,464.1875,584.5,474.1875,342.5,474.1875,342.5,389" style="stroke: #53485C; stroke-width: 1.5;"/><line style="stroke: #53485C; stroke-width: 1.5;" x1="584.5" x2="593.5" y1="389" y2="380"/><line style="stroke: #53485C; stroke-width: 1.5;" x1="342.5" x2="584.5" y1="389" y2="389"/><line style="stroke: #53485C; stroke-width: 1.5;" x1="584.5" x2="584.5" y1="389" y2="474.1875"/><text fill="#404040" font-family="sans-serif" font-size="28" lengthAdjust="spacingAndGlyphs" textLength="212" x="357.5" y="424.9902">Symmetric-key</text><text fill="#404040" font-family="sans-serif" font-size="28" lengthAdjust="spacingAndGlyphs" textLength="140" x="357.5" y="457.584">Primitives</text><!--entity Symmetric_Ciphers--><rect fill="#FEFECE" height="95.1875" style="stroke: #53485C; stroke-width: 1.5;" width="252" x="59.5" y="550.5"/><path d="M143.5,551.5 L143.5,555.5 L136.5,562.5 L59.5,562.5 " fill="none" style="stroke: #53485C; stroke-width: 1.5;"/><text fill="#404040" font-family="sans-serif" font-size="28" lengthAdjust="spacingAndGlyphs" textLength="212" x="74.5" y="596.4902">Symmetric-key</text><text fill="#404040" font-family="sans-serif" font-size="28" lengthAdjust="spacingAndGlyphs" textLength="108" x="74.5" y="629.084">Ciphers</text><!--entity MACs--><rect fill="#FEFECE" height="127.7813" style="stroke: #53485C; stroke-width: 1.5;" width="246" x="346.5" y="534"/><path d="M428.5,535 L428.5,539 L421.5,546 L346.5,546 " fill="none" style="stroke: #53485C; stroke-width: 1.5;"/><text fill="#404040" font-family="sans-serif" font-size="28" lengthAdjust="spacingAndGlyphs" textLength="123" x="361.5" y="579.9902">Message</text><text fill="#404040" font-family="sans-serif" font-size="28" lengthAdjust="spacingAndGlyphs" textLength="206" x="361.5" y="612.584">Authentication</text><text fill="#404040" font-family="sans-serif" font-size="28" lengthAdjust="spacingAndGlyphs" textLength="87" x="361.5" y="645.1777">Codes</text><!--entity Stream_Ciphers--><rect fill="#FEFECE" height="103.8125" style="stroke: #53485C; stroke-width: 1.5;" width="173" x="6" y="722"/><rect fill="#FEFECE" height="5" style="stroke: #53485C; stroke-width: 1.5;" width="10" x="1" y="727"/><rect fill="#FEFECE" height="5" style="stroke: #53485C; stroke-width: 1.5;" width="10" x="1" y="815.8125"/><a target="_top" xlink:actuate="onRequest" xlink:href="https://blog.bytecache.io/Cryptanalysis/Stream_Ciphers.html" xlink:show="new" xlink:title="https://blog.bytecache.io/Cryptanalysis/Stream_Ciphers.html" xlink:type="simple"><text fill="#0000FF" font-family="sans-serif" font-size="36" font-weight="bold" lengthAdjust="spacingAndGlyphs" text-decoration="underline" textLength="147" x="16" y="765.416">Stream</text><line style="stroke: #0000FF; stroke-width: 1.0;" x1="16" x2="163" y1="767.416" y2="767.416"/></a><a target="_top" xlink:actuate="onRequest" xlink:href="https://blog.bytecache.io/Cryptanalysis/Stream_Ciphers.html" xlink:show="new" xlink:title="https://blog.bytecache.io/Cryptanalysis/Stream_Ciphers.html" xlink:type="simple"><text fill="#0000FF" font-family="sans-serif" font-size="36" font-weight="bold" lengthAdjust="spacingAndGlyphs" text-decoration="underline" textLength="153" x="16" y="807.3223">Ciphers</text><line style="stroke: #0000FF; stroke-width: 1.0;" x1="16" x2="169" y1="809.3223" y2="809.3223"/></a><!--entity Block_Ciphers--><rect fill="#FEFECE" height="85.1875" style="stroke: #53485C; stroke-width: 1.5;" width="128" x="214.5" y="731.5"/><rect fill="#FEFECE" height="5" style="stroke: #53485C; stroke-width: 1.5;" width="10" x="209.5" y="736.5"/><rect fill="#FEFECE" height="5" style="stroke: #53485C; stroke-width: 1.5;" width="10" x="209.5" y="806.6875"/><text fill="#404040" font-family="sans-serif" font-size="28" lengthAdjust="spacingAndGlyphs" textLength="75" x="224.5" y="767.4902">Block</text><text fill="#404040" font-family="sans-serif" font-size="28" lengthAdjust="spacingAndGlyphs" textLength="108" x="224.5" y="800.084">Ciphers</text><!--entity Asymmetric_Primitives--><polygon fill="#FEFECE" points="629.5,389,639.5,379,897.5,379,897.5,464.1875,887.5,474.1875,629.5,474.1875,629.5,389" style="stroke: #53485C; stroke-width: 1.5;"/><line style="stroke: #53485C; stroke-width: 1.5;" x1="887.5" x2="896.5" y1="389" y2="380"/><line style="stroke: #53485C; stroke-width: 1.5;" x1="629.5" x2="887.5" y1="389" y2="389"/><line style="stroke: #53485C; stroke-width: 1.5;" x1="887.5" x2="887.5" y1="389" y2="474.1875"/><text fill="#404040" font-family="sans-serif" font-size="28" lengthAdjust="spacingAndGlyphs" textLength="228" x="644.5" y="424.9902">Asymmetric-key</text><text fill="#404040" font-family="sans-serif" font-size="28" lengthAdjust="spacingAndGlyphs" textLength="140" x="644.5" y="457.584">Primitives</text><!--entity Asymmetric_Ciphers--><rect fill="#FEFECE" height="95.1875" style="stroke: #53485C; stroke-width: 1.5;" width="268" x="628.5" y="550.5"/><path d="M717.8333,551.5 L717.8333,555.5 L710.8333,562.5 L628.5,562.5 " fill="none" style="stroke: #53485C; stroke-width: 1.5;"/><text fill="#404040" font-family="sans-serif" font-size="28" lengthAdjust="spacingAndGlyphs" textLength="228" x="643.5" y="596.4902">Asymmetric-key</text><text fill="#404040" font-family="sans-serif" font-size="28" lengthAdjust="spacingAndGlyphs" textLength="108" x="643.5" y="629.084">Ciphers</text><!--entity Signatures--><rect fill="#FEFECE" height="95.1875" style="stroke: #53485C; stroke-width: 1.5;" width="192" x="931.5" y="550.5"/><path d="M995.5,551.5 L995.5,555.5 L988.5,562.5 L931.5,562.5 " fill="none" style="stroke: #53485C; stroke-width: 1.5;"/><text fill="#404040" font-family="sans-serif" font-size="28" lengthAdjust="spacingAndGlyphs" textLength="92" x="946.5" y="596.4902">Digital</text><text fill="#404040" font-family="sans-serif" font-size="28" lengthAdjust="spacingAndGlyphs" textLength="152" x="946.5" y="629.084">Signatures</text><!--link Primitives to Symmetric_Primitives--><path d="M676.9877,102.8642 C631.181,173.9701 545.1293,307.5482 499.2082,378.8317 " fill="none" id="Primitives-Symmetric_Primitives" style="stroke: #A80036; stroke-width: 1.0;"/><!--link Symmetric_Primitives to MACs--><path d="M468.7786,474.2723 C468.886,492.7072 469.0107,514.0767 469.1257,533.8158 " fill="none" id="Symmetric_Primitives-MACs" style="stroke: #A80036; stroke-width: 1.0;"/><!--link Symmetric_Primitives to Symmetric_Ciphers--><path d="M390.0445,474.0446 C350.7856,497.8357 303.3881,526.559 264.1081,550.363 " fill="none" id="Symmetric_Primitives-Symmetric_Ciphers" style="stroke: #A80036; stroke-width: 1.0;"/><!--link Symmetric_Ciphers to Stream_Ciphers--><path d="M160.3329,645.6281 C147.9065,669.1446 132.8852,697.572 120.14,721.6921 " fill="none" id="Symmetric_Ciphers-Stream_Ciphers" style="stroke: #A80036; stroke-width: 1.0;"/><!--link Symmetric_Ciphers to Block_Ciphers--><path d="M210.6671,645.6281 C224.8149,672.4023 242.3263,705.5423 256.0128,731.4435 " fill="none" id="Symmetric_Ciphers-Block_Ciphers" style="stroke: #A80036; stroke-width: 1.0;"/><!--link Primitives to Asymmetric_Primitives--><path d="M713.9361,102.6085 C724.291,178.4005 743.5,319 743.5,319 C743.5,319 749.2697,350.0123 754.6112,378.7229 " fill="none" id="Primitives-Asymmetric_Primitives" style="stroke: #A80036; stroke-width: 1.0;"/><!--link Asymmetric_Primitives to Asymmetric_Ciphers--><path d="M763.2214,474.2723 C763.0827,498.0592 762.9156,526.7322 762.7771,550.4839 " fill="none" id="Asymmetric_Primitives-Asymmetric_Ciphers" style="stroke: #A80036; stroke-width: 1.0;"/><!--link Asymmetric_Primitives to Signatures--><path d="M836.6881,474.0446 C873.3113,497.8357 917.5267,526.559 954.1695,550.363 " fill="none" id="Asymmetric_Primitives-Signatures" style="stroke: #A80036; stroke-width: 1.0;"/><!--link Primitives to Unkeyed--><path d="M818.0318,55.5 C819.8372,55.5 820.8333,55.5 820.8333,55.5 C820.8333,55.5 934.1667,55.5 934.1667,55.5 C934.1667,55.5 943.7649,55.5 957.3748,55.5 " fill="none" id="Primitives-Unkeyed" style="stroke: #A80036; stroke-width: 1.0;"/><!--link Unkeyed to One_Way_Perms--><path d="M1137.7776,101.7136 C1194.6948,130.8497 1257.5,163 1257.5,163 C1257.5,163 1281.2489,177.1406 1308.5231,193.3802 " fill="none" id="Unkeyed-One_Way_Perms" style="stroke: #A80036; stroke-width: 1.0;"/><!--link Unkeyed to Hash_Functions--><path d="M1074.2826,103.2709 C1089.8102,130.9667 1109.296,165.7227 1124.8082,193.391 " fill="none" id="Unkeyed-Hash_Functions" style="stroke: #A80036; stroke-width: 1.0;"/><!--link Unkeyed to PRGs--><path d="M1008.0987,103.2709 C993.1353,121.4127 975.6734,142.5839 958.9926,162.8081 " fill="none" id="Unkeyed-PRGs" style="stroke: #A80036; stroke-width: 1.0;"/><!--
@startuml
skinparam backgroundColor #FFF
skinparam shadowing false
skinparam defaultFontColor #404040
skinparam defaultFontSize 28
skinparam linetype polyline
skinparam frame {
backgroundColor #FEFECE
borderColor #53485C
}
skinparam node {
backgroundColor #FEFECE
borderColor #53485C
}
skinparam rectangle {
backgroundColor<< Public Zone >> #FFE5E5
borderColor<< Public Zone >> #FF4C4C
backgroundColor<< DMZ >> #FFF6E5
borderColor<< DMZ >> #FFC04C
backgroundColor<< Private Zone >> #E5F2E5
borderColor<< Private Zone >> #46A64C
borderColor<< OpenNet >> #FF7F7F
backgroundColor<< OpenNet >> #FFF
borderThickness<< OpenNet >> 8
borderColor<< FastNet >> #FFD27F
borderThickness<< FastNet >> 8
borderColor<< FreeNet >> #7FBF7F
borderThickness<< FreeNet >> 8
}
skinparam control {
borderColor #53485C
}
skinparam component {
borderColor #53485C
}
skinparam cloud {
borderColor #53485C
}
skinparam package {
backgroundColor AliceBlue
borderColor #53485C
}
database "Cryptographic\nPrimitives" as Primitives
node "Unkeyed\nPrimitives" as Unkeyed
frame "<font size="36"><b>[[https://blog.bytecache.io/Cryptanalysis/Pseudo_Random_Generators.html Pseudo\nRandom\nGenerators]]</font>" as PRGs
frame "Hash\nFunctions" as Hash_Functions
frame "One-way\nPermutations" as One_Way_Perms
node "Symmetric-key\nPrimitives" as Symmetric_Primitives
frame "Symmetric-key\nCiphers" as Symmetric_Ciphers
frame "Message\nAuthentication\nCodes" as MACs
component "<font size="36"><b>[[https://blog.bytecache.io/Cryptanalysis/Stream_Ciphers.html Stream\nCiphers]]</font>" as Stream_Ciphers
component "Block\nCiphers" as Block_Ciphers
node "Asymmetric-key\nPrimitives" as Asymmetric_Primitives
frame "Asymmetric-key\nCiphers" as Asymmetric_Ciphers
frame "Digital\nSignatures" as Signatures
Primitives - - - Symmetric_Primitives
Symmetric_Primitives - - MACs
Symmetric_Primitives - - Symmetric_Ciphers
Symmetric_Ciphers - - Stream_Ciphers
Symmetric_Ciphers - - Block_Ciphers
Primitives - - - Asymmetric_Primitives
Asymmetric_Primitives - - Asymmetric_Ciphers
Asymmetric_Primitives - - Signatures
Primitives - Unkeyed
Unkeyed - - One_Way_Perms
Unkeyed - - Hash_Functions
Unkeyed - - PRGs
@enduml
PlantUML version 1.2018.11(Sat Sep 22 09:43:53 PDT 2018)
(GPL source distribution)
Java Runtime: OpenJDK Runtime Environment
JVM: OpenJDK 64-Bit Server VM
Java Version: 11.0.5+10-post-Debian-1deb10u1
Operating System: Linux
OS Version: 4.19.0-6-amd64
Default Encoding: UTF-8
Language: en
Country: US
--></g></svg>
\ No newline at end of file
# -*- org-confirm-babel-evaluate: nil -*-
#+TITLE: Byte Cache
#+DATE: 11/29/2019
#+TAGS: :blog:
#+DESCRIPTION:
#+PROPERTY: header-args :cache yes
#+BEGIN_VERSE
Welcome!
This computing and security blog is intended to:
- serve as documentation for my own reference.
- help others that may be looking for such information.
- gain valuable feedback from the community for my own edification.
#+END_VERSE
* Bare-Metal Environment
:PROPERTIES:
:CUSTOM_ID: Bare-Metal_Environment
:END:
Because there is no cloud, I choose to document my bare-metal environment. Of course, it includes distributed components, such as Docker containers in Kubernetes workers. Following is a UML diagram describing my environment. Bare-metal configurations are included for components with @@html:<font size="5">@@larger font@@html:</font>@@. Very much a work in progress.
#+begin_src plantuml :file img/Bare-Metal_Environment.svg
' Specifying aesthetics
skinparam backgroundColor #FFF
skinparam shadowing false
skinparam defaultFontColor #404040
skinparam defaultFontSize 24
skinparam linetype polyline
skinparam frame {
backgroundColor #FEFECE
borderColor #53485C
}
skinparam node {
backgroundColor #FEFECE
borderColor #53485C
}
skinparam rectangle {
backgroundColor<< Public Zone >> #FFE5E5
borderColor<< Public Zone >> #FF4C4C
backgroundColor<< DMZ >> #FFF6E5
borderColor<< DMZ >> #FFC04C
backgroundColor<< Private Zone >> #E5F2E5
borderColor<< Private Zone >> #46A64C
borderColor<< OpenNet >> #FF7F7F
backgroundColor<< OpenNet >> #FFF
borderThickness<< OpenNet >> 8
borderColor<< FastNet >> #FFD27F
borderThickness<< FastNet >> 8
borderColor<< FreeNet >> #7FBF7F
borderThickness<< FreeNet >> 8
}
skinparam control {
borderColor #53485C
}
skinparam component {
borderColor #53485C
}
skinparam cloud {
borderColor #53485C
}
skinparam package {
backgroundColor AliceBlue
borderColor #53485C
}
' Define the network components
rectangle << OpenNet >> {
rectangle << Public Zone >> {
cloud Internet {
component "<font size="36"><b>[[https://blog.bytecache.io/Bare-Metal/Public_Server.html Public Server]]</font>\n\
Blog, Nextcloud,\n\
Gitlab + Runner\n\n\
OS: [[https://www.debian.org Debian]]" as Public_Facing
control "0.0.0.0/0" as 0.0.0.0
}
database "<b>Modem\n\n\
[[https://www.arris.com/surfboard/products/cable-modems/sb8200/ Arris SB8200]]" as Modem
}
node "<b>Bastion Host</b>\n\
Router & Firewall\n\n\
OS: [[https://opnsense.org/ OPNsense]]\n\
[[https://www.pcengines.ch/apu2e4.htm PC Engines APU.2E4]]" as Bastion
rectangle << DMZ >> {
database "<b>Switch\n\n\
OS: [[https://openwrt.org OpenWRT]]\n\
[[http://www.banana-pi.org/r2.html Banana Pi R2]]" as Switch
control "172.22.132.0/29" as 172.22.132.0_29
component "<b>SSH Jumpbox\n\
<b>& VPN Server\n\n\
OS: [[https://www.centos.org CentOS]]" as Jump_Box
component "<b>DNS Server\n\
Pi-hole\n\n\
OS: [[https://www.raspberrypi.org/downloads/raspbian/ Raspian]]\n\
[[https://www.raspberrypi.org/products/raspberry-pi-3-model-b-plus/ Raspberry Pi 3 B+]]" as DNS_Server
}
}
rectangle << Private Zone >> {
control "172.27.0.0/30" as 172.27.0.0_30
node "<b>Internal Firewall \n\n\
OS: [[https://www.ipfire.org IPFire]]\n\
[[https://www.pcengines.ch/apu2e4.htm PC Engines APU.2E4]]" as Firewall
rectangle << FreeNet >> {
control "172.22.133.128/25" as 172.22.133.128_25
database "<b>Tor Bridge\n\n\
OS: [[https://openwrt.org OpenWRT]]\n\
[[https://www.pcengines.ch/apu2e4.htm PC Engines APU.2E4]]" as Tor_Bridge
cloud TorNet {
component "<font size="36"><b>[[https://blog.bytecache.io/Bare-Metal/Workstation.html Workstation]]</font>\n\
OS: [[https://www.debian.org Debian]]" as Workstation
}
component "<font size="36"><b>[[https://blog.bytecache.io/Bare-Metal/App_Server.html App Server]]</font>\n\
Private apps, Gitlab,\n\
Nextcloud, Redmine\n\n\
OS: [[https://www.debian.org Debian]]" as App_Server
component "<font size="36"><b>[[https://blog.bytecache.io/Bare-Metal/Security_Server.html Security Server]]</font>\n\
OpenVAS, Arachnia,\n\
Wazuh HIDS\n\n\
OS: [[https://www.debian.org Debian]]" as Security_Server
component "<b>File Server\n\
Data, Media, Syslogs,\n\
TCPDumps, LiME Dumps\n\n\
OS: [[https://www.freenas.org FreeNAS]]" as File_Server
}
rectangle << FastNet >> {
control "172.22.133.0/25" as 172.22.133.0_25
database "<b>Orbi WiFi Bridge\n\n\
[[https://www.netgear.com/Orbi/RBK40.aspx Netgear Orbi RBK40]] + \n\
2x [[https://www.netgear.com/Orbi/RBW30.aspx Netgear Orbi RBW30]]" as Orbi_Bridge
component "<b>Gaming PC\n\
Windoze with RDP" as Gaming_PC
cloud MainNet {
component "Streaming\ndevices" as streamers
component "Home\nEUCs" as eucs
}
cloud GuestNet {
component "Guest\ndevices" as guests
component "Untrusted\nIoT" as iot
}
}
}
' Define the network connections
'left to right direction
0.0.0.0 -[dashed,thickness=3,#53485C]right- Public_Facing
0.0.0.0 -[dashed,thickness=3,#53485C] Modem
Bastion -[dashed,thickness=3,#53485C]- Modem : DHCP
Bastion -[thickness=3,#53485C]- 172.27.0.0_30 : 172.27.0.1
172.27.0.0_30 -[thickness=3,#53485C]left- Firewall : 172.27.0.2
Firewall -[thickness=3,#53485C]up- 172.22.133.128_25 : 172.22.133.254
172.22.133.128_25 -[thickness=3,#53485C]up- Tor_Bridge
Firewall -[thickness=3,#53485C]- 172.22.133.0_25 : 172.22.133.2
172.22.133.0_25 -[thickness=3,#53485C] Orbi_Bridge
Orbi_Bridge -[dashed,thickness=4,#53485C]- GuestNet : DHCP
Orbi_Bridge -[dashed,thickness=4,#53485C]- MainNet : DHCP
Orbi_Bridge -[thickness=3,#53485C]right- Gaming_PC
Tor_Bridge -[thickness=3,#53485C]left- Security_Server
Tor_Bridge -[thickness=3,#53485C]right- File_Server
Tor_Bridge -[thickness=3,#53485C]- App_Server
Tor_Bridge -[dashed,thickness=4,#53485C]- TorNet : DHCP
Bastion -[thickness=3,#53485C]right- 172.22.132.0_29 : 172.22.132.1
172.22.132.0_29 -[thickness=3,#53485C] Switch
Switch -[thickness=3,#53485C]up- Jump_Box
Switch -[thickness=3,#53485C]up- DNS_Server
#+end_src
#+RESULTS[c0ff058f6cdeecc0e759a6670d0de744192afdaa]:
[[file:img/Bare-Metal_Environment.svg]]
** Labs
:PROPERTIES:
:CUSTOM_ID: Labs
:END:
[[file:Labs/Virtual_Lab_Microcosm.org][Layered network lab specification]] suitable for performing security research using VMware Workstation Pro on a Debian workstation.
* Cryptanalysis
:PROPERTIES:
:CUSTOM_ID: Cryptanalysis
:END:
Rigorous analysis on cryptographic systems typically requires reviewing each primitive in isolation. When assessing these cryptographic primitives, generally the scientific method is as follows:
- Specify the thread model: What can an attacker do to attack the cryptographic primitive?
- Propose secure construction for primitive.
- Prove an attack which compromises the construction under the threat model also solves a difficult underlying problem (e.g., factoring primes from a large product).
Such analysis provides a statistical proof of security.
The following UML describes classes of cryptographic primitives, and provides links to my analyses where there is @@html:<font size="5">@@larger font@@html:</font>@@.
#+begin_src plantuml :file img/Cryptographic_Primitives.svg
' Specifying aesthetics
skinparam backgroundColor #FFF
skinparam shadowing false
skinparam defaultFontColor #404040
skinparam defaultFontSize 28
skinparam linetype polyline
skinparam frame {
backgroundColor #FEFECE
borderColor #53485C
}
skinparam node {
backgroundColor #FEFECE
borderColor #53485C
}
skinparam rectangle {
backgroundColor<< Public Zone >> #FFE5E5
borderColor<< Public Zone >> #FF4C4C
backgroundColor<< DMZ >> #FFF6E5
borderColor<< DMZ >> #FFC04C
backgroundColor<< Private Zone >> #E5F2E5
borderColor<< Private Zone >> #46A64C
borderColor<< OpenNet >> #FF7F7F
backgroundColor<< OpenNet >> #FFF
borderThickness<< OpenNet >> 8
borderColor<< FastNet >> #FFD27F
borderThickness<< FastNet >> 8
borderColor<< FreeNet >> #7FBF7F
borderThickness<< FreeNet >> 8
}
skinparam control {
borderColor #53485C
}
skinparam component {
borderColor #53485C
}
skinparam cloud {
borderColor #53485C
}
skinparam package {
backgroundColor AliceBlue
borderColor #53485C
}
' Define components
database "Cryptographic\nPrimitives" as Primitives
node "Unkeyed\nPrimitives" as Unkeyed
frame "<font size="36"><b>[[https://blog.bytecache.io/Cryptanalysis/Pseudo_Random_Generators.html Pseudo\nRandom\nGenerators]]</font>" as PRGs
frame "Hash\nFunctions" as Hash_Functions
frame "One-way\nPermutations" as One_Way_Perms
node "Symmetric-key\nPrimitives" as Symmetric_Primitives
frame "Symmetric-key\nCiphers" as Symmetric_Ciphers
frame "Message\nAuthentication\nCodes" as MACs
component "<font size="36"><b>[[https://blog.bytecache.io/Cryptanalysis/Stream_Ciphers.html Stream\nCiphers]]</font>" as Stream_Ciphers
'component "<font size="36"><b>[[https://blog.bytecache.io/Cryptanalysis/Block_Ciphers.html Block\nCiphers]]</font>" as Block_Ciphers
component "Block\nCiphers" as Block_Ciphers
node "Asymmetric-key\nPrimitives" as Asymmetric_Primitives
frame "Asymmetric-key\nCiphers" as Asymmetric_Ciphers
frame "Digital\nSignatures" as Signatures
' Define connections
'left to right direction
Primitives --- Symmetric_Primitives
Symmetric_Primitives -- MACs
Symmetric_Primitives -- Symmetric_Ciphers
Symmetric_Ciphers -- Stream_Ciphers
Symmetric_Ciphers -- Block_Ciphers
Primitives --- Asymmetric_Primitives
Asymmetric_Primitives -- Asymmetric_Ciphers
Asymmetric_Primitives -- Signatures
Primitives - Unkeyed
Unkeyed -- One_Way_Perms
Unkeyed -- Hash_Functions
Unkeyed -- PRGs
#+end_src
#+RESULTS[6157fbb54b24644c07e79ef079b516dda54aaa15]:
[[file:img/Cryptographic_Primitives.svg]]
function copyTextToClipboard(text) {
var textArea = document.createElement("textarea");
//
// *** This styling is an extra step which is likely not required. ***
//
// Why is it here? To ensure:
// 1. the element is able to have focus and selection.
// 2. if element was to flash render it has minimal visual impact.
// 3. less flakyness with selection and copying which **might** occur if
// the textarea element is not visible.
//
// The likelihood is the element won't even render, not even a
// flash, so some of these are just precautions. However in
// Internet Explorer the element is visible whilst the popup
// box asking the user for permission for the web page to
// copy to the clipboard.
//
// Place in top-left corner of screen regardless of scroll position.
textArea.style.position = 'fixed';
textArea.style.top = 0;
textArea.style.left = 0;
// Ensure it has a small width and height. Setting to 1px / 1em
// doesn't work as this gives a negative w/h on some browsers.
textArea.style.width = '2em';
textArea.style.height = '2em';
// We don't need padding, reducing the size if it does flash render.
textArea.style.padding = 0;
// Clean up any borders.
textArea.style.border = 'none';
textArea.style.outline = 'none';
textArea.style.boxShadow = 'none';
// Avoid flash of white box if rendered for any reason.
textArea.style.background = 'transparent';
textArea.value = text;
document.body.appendChild(textArea);
textArea.focus();
textArea.select();
try {
var successful = document.execCommand('copy');
var msg = successful ? 'successful' : 'unsuccessful';
console.log('Copying text command was ' + msg);
} catch (err) {
console.log('Oops, unable to copy');
}
document.body.removeChild(textArea);
}
@charset "utf-8";
body {
font-family: Arial, sans-serif;
margin-top: 2rem;
margin-bottom: 3rem;
box-sizing: border-box;
}
*,
*:before,
*:after {
box-sizing: inherit;
}
dl {
border: solid thin silver;
padding: 0.5rem;
}
dt {
border-top: solid thin silver;
}
dd {
margin-bottom: 1rem;
line-height: 1.5;
}
li {
margin-bottom: .7rem;
line-height: 1.5;
}
p {
line-height: 1.5;
}
img {
max-width: 100%;
height: auto;
margin: 1px
}
audio {
width: 100%;
}
video {
max-width: 100%;
max-height: 95vh;
}
figure {
margin: .5rem
}
/*
blockquote {
color: navy;
}
*/
section {
border: solid thin silver;
padding: .3rem;
margin: .3rem;
border-radius: 1rem;
}
cite {
color: red;
}
caption {
background-color: lightgrey;
border: solid thin black
}
footer {
text-align: center
}
span.xsignet {
font-family: "Times New Roman", serif;
font-size: 3rem;
color: red
}
footer>div.cpr {
font-size: 80%
}
figure>img,
figure>div {
box-shadow: 3px 3px 4px 3px silver
}
kbd {
font-family: Arial, sans-serif;
font-size: 1rem;
padding: 0 .25rem 0 .25rem;
border: solid 1px grey;