Using tc to simulate low bandwidth, latency and jitter.
Sometimes you'ld like to get a better idea how your application will perform or user experience will alter when the network connection is slow or poor.
For example, you have a remote site and would like to know what CIFS file shares will perform like, or work out how many remote desktop sessions you can handle etc..
Linux comes with tc
from the iproute package. This offers a huge array of options for traffic shaping.
I've recently done some work on an application that provides a way of sharing text data. The data is encrypted on server, but the server operator cannot decrypt or modify the data.
Here is some notes on the cryptographic scheme. It's an implementation of Authenticated Encryption and Associated Data.
The application has 2 modes of working, one with user defined passphrase to the data, and one without. Both are very similar.
The encryption function used is AES256-CTR, with a random initial value, the HMAC is HMAC-SHA512, with pbkdf2 for key derivation function.
Initial configuration
We generate 3 salts that we use later for key generation
$ salt_{enc} \overset{R}{\leftarrow} \{ 0,1 \} ^{128} $
$ salt_{hmac} \overset{R}{\leftarrow} \{ 0,1 \} ^{128} $
$ salt_{filename} \overset{R}{\leftarrow} \{ 0,1 \} ^{128} $
These salts remain constant for the application, and if changed we cannot retrieve any data from the application.
Encryption without user defined passphrase
For each use of the application
We generate a random 128 bit nonce to seed some key derivation functions.
$ nonce \overset{R}{\leftarrow} \{ 0,1 \} ^{128} $
We generate a random 96 bit initial value for a 128 bit counter, this gives ability to encode up to 2^{32} blocks
$ iv \overset{R}{\leftarrow} \{ 0,1 \} ^{96} $
We use the nonce and a key derivation function to generate keys for encryption, a hmac, and a random filename
$ KDF(salt_{enc}, nonce) = K_{enc} $
$ KDF(salt_{hmac}, nonce) = K_{hmac} $
$ base64.encode(KDF(salt_{filename}, nonce)) = filename $
We encrypt the plaintext and calculate an HMAC tag for the counter initial value concatenated with the encrypted data
$ t_{hmac} = HMAC(K_{hmac},salt_{hmac}, iv || E(K_{enc},iv,plaintext)) $
We encode the filename random with base64, and use that as the filename to store the tag, iv and encrypted data
$ t_{hmac} || iv || E(K_{enc},iv,plaintext) {\rightarrow} {filename} $
and return the nonce as the to the client encoded in the url
$ base64.encode(nonce) {\rightarrow} url $
To decrypt and return the message
We take the url that is requested and base64 decode it to get the nonce
$ nonce {\leftarrow} base64.decode(url) $
This is used to generate the stored filename, encryption and hmac keys
$ KDF(salt_{enc}, nonce) = K_{enc} $
$ KDF(salt_{hmac}, nonce) = K_{hmac} $
$ base64.encode(KDF(salt_{filename}, nonce)) = filename $
Read the data stored in filename, parsing the first 64 bytes as a HMAC tag, the next 12 bytes as a counter initial value, and the remaining as the cipher text
$ data {\leftarrow} filename $
$ t_{hmac} = data[:64] $
$ iv = data[64:76] $
$ ciphertext = data[76:] $
We decrypt the ciphertext, and recalculate the HMAC tag to compare
$ plaintext = D(K_{enc}, iv, ciphertext ) $
$ {t'}_{hmac} = HMAC(K_{hmac},salt_{hmac}, iv || ciphertext) $
if $ {t'}_{hmac} == t_{hmac} $ we return the $ plaintext $ otherwise we return a file not found
Encryption with a user defined passphrase
This is very similar, but we use a user defined passphrase to generate the keying material.
For each use of the application
We generate a random 128 bit nonce to seed some key derivation functions.
$ nonce \overset{R}{\leftarrow} \{ 0,1 \} ^{128} $
We generate a random 96 bit initial value for a 128 bit counter, this gives ability to encode up to 2^{32} blocks
$ iv \overset{R}{\leftarrow} \{ 0,1 \} ^{96} $
We use the user passphrase, nonce and a key derivation function to generate keys for encryption, a hmac, and a random filename
$ KDF(salt_{enc}, passphrase) = K_{enc} $
$ KDF(salt_{hmac}, passphrase) = K_{hmac} $
$ base64.encode(KDF(salt_{filename}, nonce)) = filename $
We encrypt the plaintext and calculate an HMAC tag for the counter initial value concatenated with the encrypted data
$ t_{hmac} = HMAC(K_{hmac},salt_{hmac}, iv || E(K_{enc},iv,plaintext)) $
We encode the filename random with base64, and use that as the filename to store the tag, iv and encrypted data
$ t_{hmac} || iv || E(K_{enc},iv,plaintext) {\rightarrow} {filename} $
and return the nonce as the to the client encoded in the url
$ base64.encode(nonce) {\rightarrow} url $
To decrypt and return the message
We take the url that is requested and base64 decode it to get the nonce, additionally we recieve the passphrase
$ nonce {\leftarrow} base64.decode(url) $
This is used to generate the stored filename, encryption and hmac keys
$ KDF(salt_{enc},passphrase) = K_{enc} $
$ KDF(salt_{hmac}, passphrase) = K_{hmac} $
$ base64.encode(KDF(salt_{filename}, nonce)) = filename $
Read the data stored in filename, parsing the first 64 bytes as a HMAC tag, the next 12 bytes as a counter initial value, and the remaining as the cipher text
$ data {\leftarrow} filename $
$ t_{hmac} = data[:64] $
$ iv = data[64:76] $
$ ciphertext = data[76:] $
We decrypt the ciphertext, and recalculate the HMAC tag to compare
$ plaintext = D(K_{enc}, iv, ciphertext ) $
$ {t'}_{hmac} = HMAC(K_{hmac},salt_{hmac}, iv || ciphertext) $
if $ {t'}_{hmac} == t_{hmac} $ we return the $ plaintext $ otherwise we return a file not found
High Performance Samba Server on Freebsd
Problem
A midsize educational organisation has a requirement to upgrade the operating system on several hundred desktop computer from Windows XP to Windows 7. The timescale to complete the reinstallation is the summer recess. A master disk image has been prepared and tested. The installation process involves PXE booting the the machines into a Windows PE environment, then mounting a cifs file share where a Windows Imaging Format disk image is accessed. The WIM images and associated files are greater then 20 gigabytes in size, and will be accessed simultaneously by all client's being reimaged.
Solution
Legacy hardware was reinstalled with FreeBSD, using the ZFS filesystem, and Samba to provide a file sharing solution where constraining factors became the edge network and client PC's rather than the disk access on the image file server.
Saw this on the tails website.
Infrastructure as code
We want to treat system administration like a (free) software
development project:
We want to enable people to participate without needing an account on the Tails servers.
We want to review the changes that are applied to our systems.
We want to be able to easily reproduce our systems via automatic deployment.
We want to share knowledge with other people.
This is why we try to publish as much as possible of our systems configuration, and to manage
our whole infrastructure with configuration management tools. That is, without needing to log into hosts.
Padding Oracle attacks
In network protocols it's generally good practice to send an meaningful error message to clients. Examples from SMTP where one might see messages like "Unable to deliver because no such mailbox exists" help the sender realise that they have misaddressed an email, or an HTTP server might give a 404 error "Page not found" or a 401 error "Access Denied".
It turns out in cryptography that this is not such a good idea, and that leaking information about whether a block of cipher text is correctly padded or not can allows us to decrypt the whole of the text. There is a good wikipedia article here http://en.wikipedia.org/wiki/Padding_oracle
Stanford Crypto 1 course
Perils of the Many Time Pad
I've been doing the entry level crypto MOOC from Stanford/Coursera by Dan Boneh.
This is my solution to the first of the optional programming questions, but using some different data. The question provides several ciphertexts that have been encrypted with the same key.
The encryption is simple XOR with a random key, but the same key is used each time. The question shows the error of using a one time pad more than once.
There is a hint provided,
"Hint: XOR the ciphertexts together, and consider what happens when a space is XORed with a character in [a-zA-Z]. "
My solution involved two parts.
The Exim4 Cheat Sheet
Taken from http://bradthemad.org/tech/notes/exim_cheatsheet.php
Here are some useful things to know for managing an Exim 4 server. This assumes a prior working knowledge of SMTP, MTAs, and a UNIX shell prompt.
Monitoring Juniper SRX240 with MRTG
Quick MRTG config to get number of current sessions on a Juniper SRX Cluster
WorkDir: /var/www/mrtg-srx-sessions
EnableIPv6: no
WorkDir: /var/www/mrtg-srx-sessions
Options[_]: gauge,growright,nopercent,avgpeak
PageTop[_]: SRX240Sessions
YLegend[_]: SRX240 Sessions in Use
ShortLegend[_]: Sessions
LegendI[_]: node0
LegendO[_]: node1
MaxBytes[_]: 1000000000
AbsMax[_]: 1000000000
Title[srx240-sessions]: SRX240 Cluster active sessions
Target[srx240-sessions]: .1.3.6.1.4.1.2636.3.39.1.12.1.1.1.6.0&.1.3.6.1.4.1.2636.3.39.1.12.1.1.1.6.10:public@192.168.1.1
Mathjax and Ikiwiki
Following the instructions http://wiki.math.cmu.edu/iki/wiki/tips/20130930-ikiwiki/010-setup.html#index1h2 repeated here
Using a plugin to load MathJAX
So far this seems to be the safest and simplest option.
Installing Debian on HP DL360e Gen 8
Recently purchased an HP DL360e Gen 8 1U server. I was expecting the installation to be pretty simple, but it was a bit of a struggle because of the lack of a free software driver for the embedded RAID controller, an HP B320i
This blog is powered by ikiwiki.