Commit f7477b5a authored by Clark's avatar Clark

Initial commit

parents
This diff is collapsed.
This diff is collapsed.
# -*- org-confirm-babel-evaluate: nil -*-
#+TITLE: Byte Cache
#+DATE: 11/29/2019
#+TAGS: :blog:
#+DESCRIPTION:
#+PROPERTY: header-args :cache yes
#+BEGIN_VERSE
Welcome!
This computing and security blog is intended to:
- serve as documentation for my own reference.
- help others that may be looking for such information.
- gain valuable feedback from the community for my own edification.
#+END_VERSE
* Bare-Metal Environment
:PROPERTIES:
:CUSTOM_ID: Bare-Metal_Environment
:END:
Because there is no cloud, I choose to document my bare-metal environment. Of course, it includes distributed components, such as Docker containers in Kubernetes workers. Following is a UML diagram describing my environment. Bare-metal configurations are included for components with @@html:<font size="5">@@larger font@@html:</font>@@. Very much a work in progress.
#+begin_src plantuml :file img/Bare-Metal_Environment.svg
' Specifying aesthetics
skinparam backgroundColor #FFF
skinparam shadowing false
skinparam defaultFontColor #404040
skinparam defaultFontSize 24
skinparam linetype polyline
skinparam frame {
backgroundColor #FEFECE
borderColor #53485C
}
skinparam node {
backgroundColor #FEFECE
borderColor #53485C
}
skinparam rectangle {
backgroundColor<< Public Zone >> #FFE5E5
borderColor<< Public Zone >> #FF4C4C
backgroundColor<< DMZ >> #FFF6E5
borderColor<< DMZ >> #FFC04C
backgroundColor<< Private Zone >> #E5F2E5
borderColor<< Private Zone >> #46A64C
borderColor<< OpenNet >> #FF7F7F
backgroundColor<< OpenNet >> #FFF
borderThickness<< OpenNet >> 8
borderColor<< FastNet >> #FFD27F
borderThickness<< FastNet >> 8
borderColor<< FreeNet >> #7FBF7F
borderThickness<< FreeNet >> 8
}
skinparam control {
borderColor #53485C
}
skinparam component {
borderColor #53485C
}
skinparam cloud {
borderColor #53485C
}
skinparam package {
backgroundColor AliceBlue
borderColor #53485C
}
' Define the network components
rectangle << OpenNet >> {
rectangle << Public Zone >> {
cloud Internet {
component "<font size="36"><b>[[https://blog.bytecache.io/Bare-Metal/Public_Server.html Public Server]]</font>\n\
Blog, Nextcloud,\n\
Gitlab + Runner\n\n\
OS: [[https://www.debian.org Debian]]" as Public_Facing
control "0.0.0.0/0" as 0.0.0.0
}
database "<b>Modem\n\n\
[[https://www.arris.com/surfboard/products/cable-modems/sb8200/ Arris SB8200]]" as Modem
}
node "<b>Bastion Host</b>\n\
Router & Firewall\n\n\
OS: [[https://opnsense.org/ OPNsense]]\n\
[[https://www.pcengines.ch/apu2e4.htm PC Engines APU.2E4]]" as Bastion
rectangle << DMZ >> {
database "<b>Switch\n\n\
OS: [[https://openwrt.org OpenWRT]]\n\
[[http://www.banana-pi.org/r2.html Banana Pi R2]]" as Switch
control "172.22.132.0/29" as 172.22.132.0_29
component "<b>SSH Jumpbox\n\
<b>& VPN Server\n\n\
OS: [[https://www.centos.org CentOS]]" as Jump_Box
component "<b>DNS Server\n\
Pi-hole\n\n\
OS: [[https://www.raspberrypi.org/downloads/raspbian/ Raspian]]\n\
[[https://www.raspberrypi.org/products/raspberry-pi-3-model-b-plus/ Raspberry Pi 3 B+]]" as DNS_Server
}
}
rectangle << Private Zone >> {
control "172.27.0.0/30" as 172.27.0.0_30
node "<b>Internal Firewall \n\n\
OS: [[https://www.ipfire.org IPFire]]\n\
[[https://www.pcengines.ch/apu2e4.htm PC Engines APU.2E4]]" as Firewall
rectangle << FreeNet >> {
control "172.22.133.128/25" as 172.22.133.128_25
database "<b>Tor Bridge\n\n\
OS: [[https://openwrt.org OpenWRT]]\n\
[[https://www.pcengines.ch/apu2e4.htm PC Engines APU.2E4]]" as Tor_Bridge
cloud TorNet {
component "<font size="36"><b>[[https://blog.bytecache.io/Bare-Metal/Workstation.html Workstation]]</font>\n\
OS: [[https://www.debian.org Debian]]" as Workstation
}
component "<font size="36"><b>[[https://blog.bytecache.io/Bare-Metal/App_Server.html App Server]]</font>\n\
Private apps, Gitlab,\n\
Nextcloud, Redmine\n\n\
OS: [[https://www.debian.org Debian]]" as App_Server
component "<font size="36"><b>[[https://blog.bytecache.io/Bare-Metal/Security_Server.html Security Server]]</font>\n\
OpenVAS, Arachnia,\n\
Wazuh HIDS\n\n\
OS: [[https://www.debian.org Debian]]" as Security_Server
component "<b>File Server\n\
Data, Media, Syslogs,\n\
TCPDumps, LiME Dumps\n\n\
OS: [[https://www.freenas.org FreeNAS]]" as File_Server
}
rectangle << FastNet >> {
control "172.22.133.0/25" as 172.22.133.0_25
database "<b>Orbi WiFi Bridge\n\n\
[[https://www.netgear.com/Orbi/RBK40.aspx Netgear Orbi RBK40]] + \n\
2x [[https://www.netgear.com/Orbi/RBW30.aspx Netgear Orbi RBW30]]" as Orbi_Bridge
component "<b>Gaming PC\n\
Windoze with RDP" as Gaming_PC
cloud MainNet {
component "Streaming\ndevices" as streamers
component "Home\nEUCs" as eucs
}
cloud GuestNet {
component "Guest\ndevices" as guests
component "Untrusted\nIoT" as iot
}
}
}
' Define the network connections
'left to right direction
0.0.0.0 -[dashed,thickness=3,#53485C]right- Public_Facing
0.0.0.0 -[dashed,thickness=3,#53485C] Modem
Bastion -[dashed,thickness=3,#53485C]- Modem : DHCP
Bastion -[thickness=3,#53485C]- 172.27.0.0_30 : 172.27.0.1
172.27.0.0_30 -[thickness=3,#53485C]left- Firewall : 172.27.0.2
Firewall -[thickness=3,#53485C]up- 172.22.133.128_25 : 172.22.133.254
172.22.133.128_25 -[thickness=3,#53485C]up- Tor_Bridge
Firewall -[thickness=3,#53485C]- 172.22.133.0_25 : 172.22.133.2
172.22.133.0_25 -[thickness=3,#53485C] Orbi_Bridge
Orbi_Bridge -[dashed,thickness=4,#53485C]- GuestNet : DHCP
Orbi_Bridge -[dashed,thickness=4,#53485C]- MainNet : DHCP
Orbi_Bridge -[thickness=3,#53485C]right- Gaming_PC
Tor_Bridge -[thickness=3,#53485C]left- Security_Server
Tor_Bridge -[thickness=3,#53485C]right- File_Server
Tor_Bridge -[thickness=3,#53485C]- App_Server
Tor_Bridge -[dashed,thickness=4,#53485C]- TorNet : DHCP
Bastion -[thickness=3,#53485C]right- 172.22.132.0_29 : 172.22.132.1
172.22.132.0_29 -[thickness=3,#53485C] Switch
Switch -[thickness=3,#53485C]up- Jump_Box
Switch -[thickness=3,#53485C]up- DNS_Server
#+end_src
#+RESULTS[c0ff058f6cdeecc0e759a6670d0de744192afdaa]:
[[file:img/Bare-Metal_Environment.svg]]
** Labs
:PROPERTIES:
:CUSTOM_ID: Labs
:END:
[[file:Labs/Virtual_Lab_Microcosm.org][Layered network lab specification]] suitable for performing security research using VMware Workstation Pro on a Debian workstation.
* Cryptanalysis
:PROPERTIES:
:CUSTOM_ID: Cryptanalysis
:END:
Rigorous analysis on cryptographic systems typically requires reviewing each primitive in isolation. When assessing these cryptographic primitives, generally the scientific method is as follows:
- Specify the thread model: What can an attacker do to attack the cryptographic primitive?
- Propose secure construction for primitive.
- Prove an attack which compromises the construction under the threat model also solves a difficult underlying problem (e.g., factoring primes from a large product).
Such analysis provides a statistical proof of security.
The following UML describes classes of cryptographic primitives, and provides links to my analyses where there is @@html:<font size="5">@@larger font@@html:</font>@@.
#+begin_src plantuml :file img/Cryptographic_Primitives.svg
' Specifying aesthetics
skinparam backgroundColor #FFF
skinparam shadowing false
skinparam defaultFontColor #404040
skinparam defaultFontSize 28
skinparam linetype polyline
skinparam frame {
backgroundColor #FEFECE
borderColor #53485C
}
skinparam node {
backgroundColor #FEFECE
borderColor #53485C
}
skinparam rectangle {
backgroundColor<< Public Zone >> #FFE5E5
borderColor<< Public Zone >> #FF4C4C
backgroundColor<< DMZ >> #FFF6E5
borderColor<< DMZ >> #FFC04C
backgroundColor<< Private Zone >> #E5F2E5
borderColor<< Private Zone >> #46A64C
borderColor<< OpenNet >> #FF7F7F
backgroundColor<< OpenNet >> #FFF
borderThickness<< OpenNet >> 8
borderColor<< FastNet >> #FFD27F
borderThickness<< FastNet >> 8
borderColor<< FreeNet >> #7FBF7F
borderThickness<< FreeNet >> 8
}
skinparam control {
borderColor #53485C
}
skinparam component {
borderColor #53485C
}
skinparam cloud {
borderColor #53485C
}
skinparam package {
backgroundColor AliceBlue
borderColor #53485C
}
' Define components
database "Cryptographic\nPrimitives" as Primitives
node "Unkeyed\nPrimitives" as Unkeyed
frame "<font size="36"><b>[[https://blog.bytecache.io/Cryptanalysis/Pseudo_Random_Generators.html Pseudo\nRandom\nGenerators]]</font>" as PRGs
frame "Hash\nFunctions" as Hash_Functions
frame "One-way\nPermutations" as One_Way_Perms
node "Symmetric-key\nPrimitives" as Symmetric_Primitives
frame "Symmetric-key\nCiphers" as Symmetric_Ciphers
frame "Message\nAuthentication\nCodes" as MACs
component "<font size="36"><b>[[https://blog.bytecache.io/Cryptanalysis/Stream_Ciphers.html Stream\nCiphers]]</font>" as Stream_Ciphers
'component "<font size="36"><b>[[https://blog.bytecache.io/Cryptanalysis/Block_Ciphers.html Block\nCiphers]]</font>" as Block_Ciphers
component "Block\nCiphers" as Block_Ciphers
node "Asymmetric-key\nPrimitives" as Asymmetric_Primitives
frame "Asymmetric-key\nCiphers" as Asymmetric_Ciphers
frame "Digital\nSignatures" as Signatures
' Define connections
'left to right direction
Primitives --- Symmetric_Primitives
Symmetric_Primitives -- MACs
Symmetric_Primitives -- Symmetric_Ciphers
Symmetric_Ciphers -- Stream_Ciphers
Symmetric_Ciphers -- Block_Ciphers
Primitives --- Asymmetric_Primitives
Asymmetric_Primitives -- Asymmetric_Ciphers
Asymmetric_Primitives -- Signatures
Primitives - Unkeyed
Unkeyed -- One_Way_Perms
Unkeyed -- Hash_Functions
Unkeyed -- PRGs
#+end_src
#+RESULTS[6157fbb54b24644c07e79ef079b516dda54aaa15]:
[[file:img/Cryptographic_Primitives.svg]]
function copyTextToClipboard(text) {
var textArea = document.createElement("textarea");
//
// *** This styling is an extra step which is likely not required. ***
//
// Why is it here? To ensure:
// 1. the element is able to have focus and selection.
// 2. if element was to flash render it has minimal visual impact.
// 3. less flakyness with selection and copying which **might** occur if
// the textarea element is not visible.
//
// The likelihood is the element won't even render, not even a
// flash, so some of these are just precautions. However in
// Internet Explorer the element is visible whilst the popup
// box asking the user for permission for the web page to
// copy to the clipboard.
//
// Place in top-left corner of screen regardless of scroll position.
textArea.style.position = 'fixed';
textArea.style.top = 0;
textArea.style.left = 0;
// Ensure it has a small width and height. Setting to 1px / 1em
// doesn't work as this gives a negative w/h on some browsers.
textArea.style.width = '2em';
textArea.style.height = '2em';
// We don't need padding, reducing the size if it does flash render.
textArea.style.padding = 0;
// Clean up any borders.
textArea.style.border = 'none';
textArea.style.outline = 'none';
textArea.style.boxShadow = 'none';
// Avoid flash of white box if rendered for any reason.
textArea.style.background = 'transparent';
textArea.value = text;
document.body.appendChild(textArea);
textArea.focus();
textArea.select();
try {
var successful = document.execCommand('copy');
var msg = successful ? 'successful' : 'unsuccessful';
console.log('Copying text command was ' + msg);
} catch (err) {
console.log('Oops, unable to copy');
}
document.body.removeChild(textArea);
}
@charset "utf-8";
body {
font-family: Arial, sans-serif;
margin-top: 2rem;
margin-bottom: 3rem;
box-sizing: border-box;
}
*,
*:before,
*:after {
box-sizing: inherit;
}
dl {
border: solid thin silver;
padding: 0.5rem;
}
dt {
border-top: solid thin silver;
}
dd {
margin-bottom: 1rem;
line-height: 1.5;
}
li {
margin-bottom: .7rem;
line-height: 1.5;
}
p {
line-height: 1.5;
}
img {
max-width: 100%;
height: auto;
margin: 1px
}
audio {
width: 100%;
}
video {
max-width: 100%;
max-height: 95vh;
}
figure {
margin: .5rem
}
/*
blockquote {
color: navy;
}
*/
section {
border: solid thin silver;
padding: .3rem;
margin: .3rem;
border-radius: 1rem;
}
cite {
color: red;
}
caption {
background-color: lightgrey;
border: solid thin black
}
footer {
text-align: center
}
span.xsignet {
font-family: "Times New Roman", serif;
font-size: 3rem;
color: red
}
footer>div.cpr {
font-size: 80%
}
figure>img,
figure>div {
box-shadow: 3px 3px 4px 3px silver
}
kbd {
font-family: Arial, sans-serif;
font-size: 1rem;
padding: 0 .25rem 0 .25rem;
border: solid 1px grey;
border-radius: 4px;
background-color: #f0f0f0;
box-shadow: 2px 2px 2px 2px silver;
}
a:visited,
a:link {
text-decoration: none
}
a:hover {
background-color: pink
}
/*
nav.page {
display: table;
font-size: 1.5rem;
word-spacing: .3rem;
margin:.5rem;
padding: .5rem;
background-color: yellow;
border-radius: 1rem;
border: thin solid #b42222
}
nav.page:before {
content: "Goto Page "
}
nav.page a {
text-decoration: underline;
padding: .2rem;
margin: .2rem;
outline: solid thin grey;
}
*/
div.date-xl {
background-color: silver;
display: table;
margin: 0.5rem;
}
div.topic_xl {
display: table;
margin: .5rem;
padding: .2rem;
max-width: 20rem;
border-radius: 1rem;
border: solid thin silver;
}
div.topic_xl>h4 {
margin: 0.5rem
}
div.rltd {
display: table;
margin: .5rem;
padding: .5rem;
border-radius: .5rem;
border: solid thin grey;
}
div.rltd>ul {
margin: 0
}
div.rltd:before {
content: "See also ";
position: relative;
top: -0.2rem;
left: 0;
}
table.nrm {
border-collapse: collapse;
margin: 1rem;
}
table.nrm th,
table.nrm td {
padding: .25rem;
border: solid thin grey;
line-height: 1.5;
}
table.nrm th {
background-color: silver
}
section.qna_xl {
border: solid thin grey;
}
section.qna_xl h3.q {
margin: .5rem
}
mark.b {
background-color: hsl(190, 60%, 78%)
}
mark.unicode {
font-size: 2rem;
background-color: transparent;
font-family: "Segoe UI Emoji", "Apple Color Emoji", "Noto Color Emoji";
}
div>a {
display: inline-block
}
code {
font-family: "Courier", monospace;
white-space: pre-wrap;
color: red;
}
var {
font-family: "Courier", monospace;
}
code.path_xl {
white-space: nowrap;
color: green;
}
code.elisp_f_3d841 {
white-space: nowrap;
font-weight: bold;
color: #b22222;
background-color: transparent;
}
var.elisp {
white-space: nowrap;
font-weight: bold;
color: #a0522d;
}
var.d {
color: teal;
}
.elisp-prefix-command,
.elisp-command,
.elisp-macro,
.elisp-special-form,
.elisp-function {
white-space: nowrap;
font-weight: bold;
color: #b22222;
background-color: transparent;
}
.elisp-constant,
.elisp-user-option,
.elisp-variable {
white-space: nowrap;
font-weight: bold;
color: #a0522d;
}
span.ref {
background-color: #e8ffff;
}
span.ref:before {
content: "REF ";
font-weight: bold;
}
pre {
font-family: "Courier", monospace;
tab-size: 2;
padding: .5rem;
margin: .5rem;
white-space: pre-wrap;
border: solid thin grey;
border-radius: 1rem;
background-color: #eeeeee;
}
pre:before {
content: "";
position: relative;
top: -0.5rem;
right: 0;
float: right;
color: black;
text-shadow: .1rem .1rem .1rem white;
}
pre .bold {
font-weight: bold
}
pre .builtin {
color: #483d8b
}
pre .comment {
color: #b22222
}