Initial commit

content/index.org

+# -*- org-confirm-babel-evaluate: nil -*-
+#+TITLE: Byte Cache
+#+DATE: 11/29/2019
+#+TAGS: :blog:
+#+DESCRIPTION:
+#+PROPERTY: header-args :cache yes
+
+#+BEGIN_VERSE
+Welcome!
+
+This computing and security blog is intended to:
+- serve as documentation for my own reference.
+- help others that may be looking for such information.
+- gain valuable feedback from the community for my own edification.
+#+END_VERSE
+
+* Bare-Metal Environment
+:PROPERTIES:
+:CUSTOM_ID: Bare-Metal_Environment
+:END:
+
+Because there is no cloud, I choose to document my bare-metal environment. Of course, it includes distributed components, such as Docker containers in Kubernetes workers. Following is a UML diagram describing my environment. Bare-metal configurations are included for components with @@html:<font size="5">@@larger font@@html:</font>@@. Very much a work in progress.
+
+#+begin_src plantuml :file img/Bare-Metal_Environment.svg
+' Specifying aesthetics
+
+skinparam backgroundColor #FFF
+skinparam shadowing false
+skinparam defaultFontColor #404040
+skinparam defaultFontSize 24
+skinparam linetype polyline
+
+skinparam frame {
+backgroundColor #FEFECE
+borderColor #53485C
+}
+
+skinparam node {
+backgroundColor #FEFECE
+borderColor #53485C
+}
+
+skinparam rectangle {
+backgroundColor<< Public Zone >> #FFE5E5
+borderColor<< Public Zone >> #FF4C4C
+backgroundColor<< DMZ >> #FFF6E5
+borderColor<< DMZ >> #FFC04C
+backgroundColor<< Private Zone >> #E5F2E5
+borderColor<< Private Zone >> #46A64C
+borderColor<< OpenNet >> #FF7F7F
+backgroundColor<< OpenNet >> #FFF
+borderThickness<< OpenNet >> 8
+borderColor<< FastNet >> #FFD27F
+borderThickness<< FastNet >> 8
+borderColor<< FreeNet >> #7FBF7F
+borderThickness<< FreeNet >> 8
+
+}
+
+skinparam control {
+borderColor #53485C
+}
+
+skinparam component {
+borderColor #53485C
+}
+
+skinparam cloud {
+borderColor #53485C
+}
+
+skinparam package {
+backgroundColor AliceBlue
+borderColor #53485C
+}
+
+
+' Define the network components
+
+rectangle << OpenNet >> {
+
+rectangle << Public Zone >> {
+
+cloud Internet {
+
+component "<font size="36"><b>[[https://blog.bytecache.io/Bare-Metal/Public_Server.html Public Server]]</font>\n\
+Blog, Nextcloud,\n\
+Gitlab + Runner\n\n\
+OS: [[https://www.debian.org Debian]]" as Public_Facing
+
+control "0.0.0.0/0" as 0.0.0.0
+
+}
+
+database "<b>Modem\n\n\
+[[https://www.arris.com/surfboard/products/cable-modems/sb8200/ Arris SB8200]]" as Modem
+
+}
+
+node "<b>Bastion Host</b>\n\
+Router & Firewall\n\n\
+OS: [[https://opnsense.org/ OPNsense]]\n\
+[[https://www.pcengines.ch/apu2e4.htm PC Engines APU.2E4]]" as Bastion
+
+rectangle << DMZ >> {
+
+database "<b>Switch\n\n\
+OS: [[https://openwrt.org OpenWRT]]\n\
+[[http://www.banana-pi.org/r2.html Banana Pi R2]]" as Switch
+
+control "172.22.132.0/29" as 172.22.132.0_29
+
+component "<b>SSH Jumpbox\n\
+<b>& VPN Server\n\n\
+OS: [[https://www.centos.org CentOS]]" as Jump_Box
+
+component "<b>DNS Server\n\
+Pi-hole\n\n\
+OS: [[https://www.raspberrypi.org/downloads/raspbian/ Raspian]]\n\
+[[https://www.raspberrypi.org/products/raspberry-pi-3-model-b-plus/ Raspberry Pi 3 B+]]" as DNS_Server
+
+}
+
+}
+
+rectangle << Private Zone >> {
+
+control "172.27.0.0/30" as 172.27.0.0_30
+
+node "<b>Internal Firewall \n\n\
+OS: [[https://www.ipfire.org IPFire]]\n\
+[[https://www.pcengines.ch/apu2e4.htm PC Engines APU.2E4]]" as Firewall
+
+rectangle << FreeNet >> {
+
+control "172.22.133.128/25" as 172.22.133.128_25
+
+
+database "<b>Tor Bridge\n\n\
+OS: [[https://openwrt.org OpenWRT]]\n\
+[[https://www.pcengines.ch/apu2e4.htm PC Engines APU.2E4]]" as Tor_Bridge
+
+cloud TorNet {
+
+component "<font size="36"><b>[[https://blog.bytecache.io/Bare-Metal/Workstation.html Workstation]]</font>\n\
+OS: [[https://www.debian.org Debian]]" as Workstation
+
+}
+
+component "<font size="36"><b>[[https://blog.bytecache.io/Bare-Metal/App_Server.html App Server]]</font>\n\
+Private apps, Gitlab,\n\
+Nextcloud, Redmine\n\n\
+OS: [[https://www.debian.org Debian]]" as App_Server
+
+component "<font size="36"><b>[[https://blog.bytecache.io/Bare-Metal/Security_Server.html Security Server]]</font>\n\
+OpenVAS, Arachnia,\n\
+Wazuh HIDS\n\n\
+OS: [[https://www.debian.org Debian]]" as Security_Server
+
+component "<b>File Server\n\
+Data, Media, Syslogs,\n\
+TCPDumps, LiME Dumps\n\n\
+OS: [[https://www.freenas.org FreeNAS]]" as File_Server
+
+}
+
+rectangle << FastNet >> {
+
+control "172.22.133.0/25" as 172.22.133.0_25
+
+database "<b>Orbi WiFi Bridge\n\n\
+[[https://www.netgear.com/Orbi/RBK40.aspx Netgear Orbi RBK40]] + \n\
+2x [[https://www.netgear.com/Orbi/RBW30.aspx Netgear Orbi RBW30]]" as Orbi_Bridge
+
+component "<b>Gaming PC\n\
+Windoze with RDP" as Gaming_PC
+
+cloud MainNet {
+component "Streaming\ndevices" as streamers
+component "Home\nEUCs" as eucs
+}
+
+cloud GuestNet {
+component "Guest\ndevices" as guests
+component "Untrusted\nIoT" as iot
+}
+
+}
+
+}
+
+' Define the network connections
+'left to right direction
+
+0.0.0.0 -[dashed,thickness=3,#53485C]right- Public_Facing
+0.0.0.0 -[dashed,thickness=3,#53485C] Modem
+Bastion -[dashed,thickness=3,#53485C]- Modem : DHCP
+
+Bastion -[thickness=3,#53485C]- 172.27.0.0_30 : 172.27.0.1
+172.27.0.0_30 -[thickness=3,#53485C]left- Firewall : 172.27.0.2
+Firewall -[thickness=3,#53485C]up- 172.22.133.128_25 : 172.22.133.254
+172.22.133.128_25 -[thickness=3,#53485C]up- Tor_Bridge
+Firewall -[thickness=3,#53485C]- 172.22.133.0_25 : 172.22.133.2
+172.22.133.0_25 -[thickness=3,#53485C] Orbi_Bridge
+Orbi_Bridge -[dashed,thickness=4,#53485C]- GuestNet : DHCP
+Orbi_Bridge -[dashed,thickness=4,#53485C]- MainNet : DHCP
+Orbi_Bridge -[thickness=3,#53485C]right- Gaming_PC
+Tor_Bridge -[thickness=3,#53485C]left- Security_Server
+Tor_Bridge -[thickness=3,#53485C]right- File_Server
+Tor_Bridge -[thickness=3,#53485C]- App_Server
+Tor_Bridge -[dashed,thickness=4,#53485C]- TorNet : DHCP
+
+
+Bastion -[thickness=3,#53485C]right- 172.22.132.0_29 : 172.22.132.1
+172.22.132.0_29 -[thickness=3,#53485C] Switch
+Switch -[thickness=3,#53485C]up- Jump_Box
+Switch -[thickness=3,#53485C]up- DNS_Server
+#+end_src
+
+#+RESULTS[c0ff058f6cdeecc0e759a6670d0de744192afdaa]:
+[[file:img/Bare-Metal_Environment.svg]]
+
+** Labs
+:PROPERTIES:
+:CUSTOM_ID: Labs
+:END:
+
+[[file:Labs/Virtual_Lab_Microcosm.org][Layered network lab specification]] suitable for performing security research using VMware Workstation Pro on a Debian workstation.
+
+* Cryptanalysis
+:PROPERTIES:
+:CUSTOM_ID: Cryptanalysis
+:END:
+
+Rigorous analysis on cryptographic systems typically requires reviewing each primitive in isolation. When assessing these cryptographic primitives, generally the scientific method is as follows:
+
+- Specify the thread model: What can an attacker do to attack the cryptographic primitive?
+- Propose secure construction for primitive.
+- Prove an attack which compromises the construction under the threat model also solves a difficult underlying problem (e.g., factoring primes from a large product).
+  
+Such analysis provides a statistical proof of security.
+ 
+The following UML describes classes of cryptographic primitives, and provides links to my analyses where there is @@html:<font size="5">@@larger font@@html:</font>@@.
+
+#+begin_src plantuml :file img/Cryptographic_Primitives.svg
+' Specifying aesthetics
+
+skinparam backgroundColor #FFF
+skinparam shadowing false
+skinparam defaultFontColor #404040
+skinparam defaultFontSize 28
+skinparam linetype polyline
+
+skinparam frame {
+backgroundColor #FEFECE
+borderColor #53485C
+}
+
+skinparam node {
+backgroundColor #FEFECE
+borderColor #53485C
+}
+
+skinparam rectangle {
+backgroundColor<< Public Zone >> #FFE5E5
+borderColor<< Public Zone >> #FF4C4C
+backgroundColor<< DMZ >> #FFF6E5
+borderColor<< DMZ >> #FFC04C
+backgroundColor<< Private Zone >> #E5F2E5
+borderColor<< Private Zone >> #46A64C
+borderColor<< OpenNet >> #FF7F7F
+backgroundColor<< OpenNet >> #FFF
+borderThickness<< OpenNet >> 8
+borderColor<< FastNet >> #FFD27F
+borderThickness<< FastNet >> 8
+borderColor<< FreeNet >> #7FBF7F
+borderThickness<< FreeNet >> 8
+
+}
+
+skinparam control {
+borderColor #53485C
+}
+
+skinparam component {
+borderColor #53485C
+}
+
+skinparam cloud {
+borderColor #53485C
+}
+
+skinparam package {
+backgroundColor AliceBlue
+borderColor #53485C
+}
+
+
+' Define components
+
+database "Cryptographic\nPrimitives" as Primitives
+
+
+node "Unkeyed\nPrimitives" as Unkeyed
+frame "<font size="36"><b>[[https://blog.bytecache.io/Cryptanalysis/Pseudo_Random_Generators.html Pseudo\nRandom\nGenerators]]</font>" as PRGs
+frame "Hash\nFunctions" as Hash_Functions
+frame "One-way\nPermutations" as One_Way_Perms
+
+
+node "Symmetric-key\nPrimitives" as Symmetric_Primitives
+frame "Symmetric-key\nCiphers" as Symmetric_Ciphers
+frame "Message\nAuthentication\nCodes" as MACs
+component "<font size="36"><b>[[https://blog.bytecache.io/Cryptanalysis/Stream_Ciphers.html Stream\nCiphers]]</font>" as Stream_Ciphers
+'component "<font size="36"><b>[[https://blog.bytecache.io/Cryptanalysis/Block_Ciphers.html Block\nCiphers]]</font>" as Block_Ciphers
+component "Block\nCiphers" as Block_Ciphers
+
+
+node "Asymmetric-key\nPrimitives" as Asymmetric_Primitives
+frame "Asymmetric-key\nCiphers" as Asymmetric_Ciphers
+frame "Digital\nSignatures" as Signatures
+
+
+' Define connections
+'left to right direction
+
+Primitives --- Symmetric_Primitives
+Symmetric_Primitives -- MACs
+Symmetric_Primitives -- Symmetric_Ciphers
+Symmetric_Ciphers -- Stream_Ciphers
+Symmetric_Ciphers -- Block_Ciphers
+
+Primitives --- Asymmetric_Primitives
+Asymmetric_Primitives -- Asymmetric_Ciphers
+Asymmetric_Primitives -- Signatures
+
+Primitives - Unkeyed
+Unkeyed -- One_Way_Perms
+Unkeyed -- Hash_Functions
+Unkeyed -- PRGs
+
+#+end_src
+
+#+RESULTS[6157fbb54b24644c07e79ef079b516dda54aaa15]:
+[[file:img/Cryptographic_Primitives.svg]]

site/copy-to-clipboard.js

+function copyTextToClipboard(text) {
+  var textArea = document.createElement("textarea");
+
+  //
+  // *** This styling is an extra step which is likely not required. ***
+  //
+  // Why is it here? To ensure:
+  // 1. the element is able to have focus and selection.
+  // 2. if element was to flash render it has minimal visual impact.
+  // 3. less flakyness with selection and copying which **might** occur if
+  //    the textarea element is not visible.
+  //
+  // The likelihood is the element won't even render, not even a
+  // flash, so some of these are just precautions. However in
+  // Internet Explorer the element is visible whilst the popup
+  // box asking the user for permission for the web page to
+  // copy to the clipboard.
+  //
+
+  // Place in top-left corner of screen regardless of scroll position.
+  textArea.style.position = 'fixed';
+  textArea.style.top = 0;
+  textArea.style.left = 0;
+
+  // Ensure it has a small width and height. Setting to 1px / 1em
+  // doesn't work as this gives a negative w/h on some browsers.
+  textArea.style.width = '2em';
+  textArea.style.height = '2em';
+
+  // We don't need padding, reducing the size if it does flash render.
+  textArea.style.padding = 0;
+
+  // Clean up any borders.
+  textArea.style.border = 'none';
+  textArea.style.outline = 'none';
+  textArea.style.boxShadow = 'none';
+
+  // Avoid flash of white box if rendered for any reason.
+  textArea.style.background = 'transparent';
+
+
+  textArea.value = text;
+
+  document.body.appendChild(textArea);
+  textArea.focus();
+  textArea.select();
+
+  try {
+    var successful = document.execCommand('copy');
+    var msg = successful ? 'successful' : 'unsuccessful';
+    console.log('Copying text command was ' + msg);
+  } catch (err) {
+    console.log('Oops, unable to copy');
+  }
+
+  document.body.removeChild(textArea);
+}
+

site/htmlize.css

+@charset "utf-8";
+body {
+	font-family: Arial, sans-serif;
+	margin-top: 2rem;
+	margin-bottom: 3rem;
+	box-sizing: border-box;
+}
+
+*,
+*:before,
+*:after {
+	box-sizing: inherit;
+}
+
+dl {
+	border: solid thin silver;
+	padding: 0.5rem;
+}
+
+dt {
+	border-top: solid thin silver;
+}
+
+dd {
+	margin-bottom: 1rem;
+	line-height: 1.5;
+}
+
+li {
+	margin-bottom: .7rem;
+	line-height: 1.5;
+}
+
+p {
+	line-height: 1.5;
+}
+
+img {
+	max-width: 100%;
+	height: auto;
+	margin: 1px
+}
+
+audio {
+	width: 100%;
+}
+
+video {
+	max-width: 100%;
+	max-height: 95vh;
+}
+
+figure {
+	margin: .5rem
+}
+
+/*
+blockquote {
+	color: navy;
+}
+*/
+
+section {
+	border: solid thin silver;
+	padding: .3rem;
+	margin: .3rem;
+	border-radius: 1rem;
+}
+
+cite {
+	color: red;
+}
+
+caption {
+	background-color: lightgrey;
+	border: solid thin black
+}
+
+footer {
+	text-align: center
+}
+
+span.xsignet {
+	font-family: "Times New Roman", serif;
+	font-size: 3rem;
+	color: red
+}
+
+footer>div.cpr {
+	font-size: 80%
+}
+
+figure>img,
+figure>div {
+	box-shadow: 3px 3px 4px 3px silver
+}
+
+kbd {
+	font-family: Arial, sans-serif;
+	font-size: 1rem;
+	padding: 0 .25rem 0 .25rem;
+	border: solid 1px grey;
+	border-radius: 4px;
+	background-color: #f0f0f0;
+	box-shadow: 2px 2px 2px 2px silver;
+}
+
+a:visited,
+a:link {
+	text-decoration: none
+}
+
+a:hover {
+	background-color: pink
+}
+
+/*
+nav.page {
+	display: table;
+	font-size: 1.5rem;
+	word-spacing: .3rem;
+	margin:.5rem;
+	padding: .5rem;
+	background-color: yellow;
+	border-radius: 1rem;
+	border: thin solid #b42222
+}
+
+nav.page:before {
+	content: "Goto Page "
+}
+
+nav.page a {
+	text-decoration: underline;
+	padding: .2rem;
+	margin: .2rem;
+	outline: solid thin grey;
+}
+*/
+
+div.date-xl {
+	background-color: silver;
+	display: table;
+	margin: 0.5rem;
+}
+
+div.topic_xl {
+	display: table;
+	margin: .5rem;
+	padding: .2rem;
+	max-width: 20rem;
+	border-radius: 1rem;
+	border: solid thin silver;
+}
+
+div.topic_xl>h4 {
+	margin: 0.5rem
+}
+
+div.rltd {
+	display: table;
+	margin: .5rem;
+	padding: .5rem;
+	border-radius: .5rem;
+	border: solid thin grey;
+}
+
+div.rltd>ul {
+	margin: 0
+}
+
+div.rltd:before {
+	content: "See also ";
+	position: relative;
+	top: -0.2rem;
+	left: 0;
+}
+
+table.nrm {
+	border-collapse: collapse;
+	margin: 1rem;
+}
+
+table.nrm th,
+table.nrm td {
+	padding: .25rem;
+	border: solid thin grey;
+	line-height: 1.5;
+}
+
+table.nrm th {
+	background-color: silver
+}
+
+section.qna_xl {
+	border: solid thin grey;
+}
+
+section.qna_xl h3.q {
+	margin: .5rem
+}
+
+mark.b {
+	background-color: hsl(190, 60%, 78%)
+}
+
+mark.unicode {
+	font-size: 2rem;
+	background-color: transparent;
+	font-family: "Segoe UI Emoji", "Apple Color Emoji", "Noto Color Emoji";
+}
+
+div>a {
+	display: inline-block
+}
+
+code {
+	font-family: "Courier", monospace;
+	white-space: pre-wrap;
+	color: red;
+}
+
+var {
+	font-family: "Courier", monospace;
+}
+
+code.path_xl {
+	white-space: nowrap;
+	color: green;
+}
+
+code.elisp_f_3d841 {
+	white-space: nowrap;
+	font-weight: bold;
+	color: #b22222;
+	background-color: transparent;
+}
+
+var.elisp {
+	white-space: nowrap;
+	font-weight: bold;
+	color: #a0522d;
+}
+
+var.d {
+	color: teal;
+}
+
+.elisp-prefix-command,
+.elisp-command,
+.elisp-macro,
+.elisp-special-form,
+.elisp-function {
+	white-space: nowrap;
+	font-weight: bold;
+	color: #b22222;
+	background-color: transparent;
+}
+
+.elisp-constant,
+.elisp-user-option,
+.elisp-variable {
+	white-space: nowrap;
+	font-weight: bold;
+	color: #a0522d;
+}
+
+span.ref {
+	background-color: #e8ffff;
+}
+
+span.ref:before {
+	content: "REF ";
+	font-weight: bold;
+}
+
+pre {
+	font-family: "Courier", monospace;
+	tab-size: 2;
+	padding: .5rem;
+	margin: .5rem;
+	white-space: pre-wrap;
+	border: solid thin grey;
+	border-radius: 1rem;
+	background-color: #eeeeee;
+}
+
+pre:before {
+	content: "";
+	position: relative;
+	top: -0.5rem;
+	right: 0;
+	float: right;
+	color: black;
+	text-shadow: .1rem .1rem .1rem white;
+}
+
+pre .bold {
+	font-weight: bold
+}
+
+pre .builtin {
+	color: #483d8b
+}
+
+pre .comment {
+	color: #b22222
+}
+