Advogato blog for argp

11 May 2008

Sun, 11 May 2008 19:21:34 GMT

διαγραμματική παράσταση του ελληνικού ιστού εμπιστοσύνης

Μετά τη συνάντηση της 23 Απριλίου στη Θεσσαλονίκη αποφάσισα να δημιουργήσω (και να συντηρώ) τη διαγραμματική παράσταση του ελληνικού ιστού εμπιστοσύνης. Προφανώς το εγχείρημα αυτό απαιτεί μεγάλο όγκο αρχικών δεδομένων και αυτοματοποίηση της διαδικασίας δημιουργίας του γράφου. Τη δεύτερη απαίτηση την ικανοποίησα με ένα απλό Perl πρόγραμμα μεγέθους μερικών δεκάδων γραμμών το οποίο κάνει χρήση του προγράμματος sig2dot.pl ως βιβλιοθήκη.

Για την ικανοποίηση της πρώτης απαίτησης μπορείτε να συνεισφέρετε στέλνοντάς μου στη διεύθυνση argp at domain cs.tcd.ie το αποτέλεσμα της εντολής gpg --list-sigs > $USER.txt.

Κάποια πρώτα αποτελέσματα υπάρχουν παρακάτω. Η πρόσφατη συνάντηση στη Θεσσαλονίκη είναι εμφανής στο πάνω δεξιά μέρος του γράφου.

12 Apr 2008

Sat, 12 Apr 2008 08:37:10 GMT

συνάντηση για συλλογή/ανταλλαγή υπογραφών σε pgp/gpg κλειδιά

Την Τετάρτη 23 Απριλίου του 2008 στη Θεσσαλονίκη θα διεξαχθεί συνάντηση για συλλογή/ανταλλαγή υπογραφών σε pgp/gpg κλειδιά. Για τη συμμετοχή σας θα χρειαστείτε κάποιο επίσημο έγγραφο που να πιστοποιεί την ταυτότητα που αντιστοιχεί στο κλειδί σας, και αρκετά αντίγραφα από το ψηφιακό δακτυλικό αποτύπωμα του κλειδιού σας και του ονόματός σας γραμμένα σε χαρτί.

Περισσότερες πληροφορίες για τη διαδικασία που θα ακολουθηθεί υπάρχουν εδώ.

Το ακριβές μέρος και η ώρα θα ανακοινωθούν μέσα τις επόμενες μέρες.

30 Mar 2008

Sun, 30 Mar 2008 07:20:55 GMT

ελληνικός ορθογράφος για το vim

Δυστυχώς η τελευταία έκδοση του vim δεν συμπεριλαμβάνει ελληνικό λεξικό για τον ενσωματωμένο ορθογράφο του. Ευτυχώς μπορούμε πολύ εύκολα να δημιουργήσουμε ένα χρησιμοποιώντας το ελληνικό λεξικό που παρέχει το OpenOffice:

$ cd ~/
$ wget http://ftp.services.openoffice.org/pub/OpenOffice.org/contrib/dictionaries/el_GR.zip
$ unzip el_GR.zip

Στη συνέχεια κάνουμε εκκίνηση του vim, και δίνουμε την παρακάτω εντολή:

:mkspell el ~/el_GR

Αφού έχουμε κλείσει το vim βλέπουμε ότι έχει δημιουργηθεί το αρχείο ~/el.utf-8.spl, το οποίο πρέπει να μεταφερθεί στον κατάλληλο κατάλογο:

$ mkdir -p ~/.vim/spell
$ mv ~/el.utf-8.spl ~/.vim/spell
$ rm -f el_GR.aff el_GR.dic el_GR.zip README_el_GR.txt

Από εδώ και πέρα τα πράγματα είναι απλά. Ο τρόπος με τον οποίο θα χρησιμοποιηθεί ο ελληνικός ορθογράφος κατά τη χρήση του vim είναι θέμα προσωπικής προτίμησης. Για λόγους πληρότητας παραθέτω παρακάτω τις συναφείς σειρές του ~/.vimrc αρχείου μου (τα λεξικά en_us και en_gb συμπεριλαμβάνονται στο vim):

map <F8> <Esc>:setlocal spell! spelllang=el<CR>
map <F7> <Esc>:setlocal spell! spelllang=en_us<CR>
map <F6> <Esc>:setlocal spell! spelllang=en_gb<CR>

13 Mar 2008

Thu, 13 Mar 2008 14:58:45 GMT

usenix proceedings

All USENIX-sponsored conference proceedings were in the past freely available, except those of conferences held in the last twelve months. Those were only available to USENIX members. Today, USENIX announced that they are making all their conference proceedings freely available to everyone.

This is going to be very helpful for all researchers, although I don't think that there are many people interested in any area of systems research that are not USENIX members already. In any case, I hope that ACM, IEEE and Springer/LNCS proceedings become freely available as well (but somehow I doubt it).

15 Feb 2008

Fri, 15 Feb 2008 11:41:38 GMT

huskarl

Huskarl is the product of a final year B.Sc. project that I have co-supervised. Dragomir Penev has investigated the past and present attacks against Bluetooth's authentication and key exchange mechanisms, and has developed an alternative solution based on public key cryptography.

The new protocol utilizes symmetric and asymmetric cryptography to authenticate two Bluetooth devices, in a way similar to the very popular Secure Shell (SSH) protocol. There is no dependency on any kind of shared secrets (e.g. PINs), or other data exchanged between the devices in plaintext. Symmetric encryption is used to reduce the load that a purely asymmetric protocol would have.

The detailed message exchanges and a performance analysis of Huskarl can be found in the published paper. In this post I will discuss the choice behind Huskarl's underlying security model, as this was my major contribution to the project.

As in the case of the SSH security model, Huskarl avoids reliance on any kind of infrastructure in order to introduce previously unknown Bluetooth entities by weakening the traditional threat model that assumes a universal omnipresent adversary. In Huskarl the bindings between digital identities and public keys are established by

assuming that the first time a connection happens no attacker substitutes a legitimate participant's key with his own, or
via an out of band channel.

The first approach makes the protocol vulnerable to man-in-the-middle attacks on the first channel establishment between two communicating Bluetooth entities. Although initial exchanges constitute a very small percentage of a network's total traffic, there are no guarantees that they will not be compromised. However, in the case that an attacker manages to perform a man-in-the-middle attack in an initial exchange between a pair of Bluetooth devices, he then needs to be present in every subsequent channel establishment between the specific pair. Otherwise, the devices will notice that the public key of the other party has changed and therefore know that either the initial or the current exchange has been compromised. The devices can then abort the communication and remove the offending public key from their key database, or act according to some other locally defined policy.

The second approach, i.e. the existence of an out of band channel, may not be as far fetched as it initially appears. Near Field Communication (NFC) is a new very short range wireless connectivity protocol that evolved from a combination of existing contactless identification technologies. There are mobile phones currently available on the market that have NFC capabilities, for example see the Nokia 6131 NFC. As this, and other similar technologies, become widely adopted, security protocols operating along the design choices of Huskarl will be the preferred choice to other costly and centralized approaches.

Huskarl's prototype implementation was developed on Linux using the BlueZ Bluetooth protocol stack and OpenSSL. It is published under GPLv2 and is hosted on SourceForge.

7 Feb 2008

Thu, 7 Feb 2008 17:56:52 GMT

debugging the FreeBSD kernel on VMware with remote GDB

Recently I got the urgent need to refresh my FreeBSD kernel programming knowledge. To satisfy it I simply picked up a project that seemed interesting (more on this in a following post), and I installed FreeBSD 6.3 as a guest on VMware Workstation 6.0 running on my main Linux development machine. The installation and configuration were straightforward and out of the scope of this post.

Naturally, soon after I begun experimenting kernel panics started hitting me. Hitting me hard. I needed a good debugger and DDB just wasn't much fun to work with. I needed good old GDB. The FreeBSD developer's handbook has a section on kernel debugging using remote GDB, but it is not directly applicable to virtual machine based installations. The solution is to use VMware's feature of creating virtual serial ports as named pipes to emulate a serial connection between two FreeBSD virtual machines.

The first FreeBSD virtual machine, let's call it the target host to follow the handbook's terminology, is the machine that the experimental kernel code runs on. The second, the debugging host, is the one that will run GDB and connect over the virtual serial connection to the target host. The target host's kernel needs to be compiled with the following options:


makeoptions DEBUG=-g
options GDB
options DDB
options KDB

Furthermore, the serial port needs to be defined in the device flags in the /boot/device.hints file of the target host by setting the 0x80 bit, and the 0x10 bit for specifying that the kernel GDB backend is to be accessed via remote debugging over this port:


hint.sio.0.flags="0x90"

Also, edit the target host's /etc/sysctl.conf file to include the following self-explanatory kernel parameters:


debug.kdb.current=ddb
debug.debugger_on_panic=1

After the compilation and installation of the new kernel on the target host, the /usr/obj/usr/src/sys/TARGET_HOST directory (assuming you have named the new kernel TARGET_HOST) needs to be copied to the debugging host (I used scp -r).

For the following steps both virtual machines need to be turned off. In VMware go to the tab of the target host, click Edit virtual machine settings-> Add->Serial Port->Output to named pipe. Enter /tmp/com_1 (or whatever you want) as the named pipe, select This end is the server and The other end is a virtual machine. Then perform the same steps on the debugging host's virtual machine, enter the same named pipe, but select This end is the client in this case. The /tmp/com_1 named pipe on the machine that runs VMware (Linux in my case) will be used as a virtual serial connection between the two FreeBSD guests.

Now power on the target host normally, cause a kernel panic or start the kernel debugger manually, and type gdb and then s:


[root@target_host ~]# sysctl debug.kdb.enter=1
KDB: enter: sysctl debug.kdb.enter
[thread pid 578 tid 100063 ]
Stopped at kdb_enter+0x2b: nop
db> gdb
Step to enter the remote GDB backend.
db> s

On the debugging host you need to find the device that corresponds to the virtual serial port you defined in VMware. On my setup it is /dev/cuad0. Then start a kgdb remote debugging session in the /usr/obj/usr/src/sys/TARGET_HOST directory, passing as arguments the serial port device and the kernel to be debugged:


[root@debugging_host ~]#
cd /usr/obj/usr/src/sys/TARGET_HOST
[root@debugging_host /usr/obj/usr/src/sys/TARGET_HOST]# 
kgdb -r /dev/cuad0 ./kernel.debug
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public 
License, and you are welcome to change it and/or distribute 
copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show 
warranty" for details.
This GDB was configured as "i386-marcel-freebsd".
Switching to remote protocol
kdb_enter (msg=0x23 <Address 0x23 out of bounds>)
at /usr/src/sys/kern/subr_kdb.c:270
270 }
Unread portion of the kernel message buffer:
KDB: enter: sysctl debug.kdb.enter
#0  kdb_enter (msg=0x23 <Address 0x23 out of bounds>)
at /usr/src/sys/kern/subr_kdb.c:270
270 }
(kgdb) bt
#0  kdb_enter (msg=0x23 <Address 0x23 out of bounds>) 
    at /usr/src/sys/kern/subr_kdb.c:270
#1  0xc0657710 in kdb_sysctl_enter (oidp=0xc08d3fa0, 
    arg1=0x0, arg2=0, req=0xcca54c04)
    at /usr/src/sys/kern/subr_kdb.c:175
#2  0xc0646f2b in sysctl_root (oidp=0x0, arg1=0x0, arg2=0,
    req=0xcca54c04) at /usr/src/sys/kern/kern_sysctl.c:1248
#3  0xc0647128 in userland_sysctl (td=0x23,
    name=0xcca54c74, namelen=3, old=0xcca54c04,
    oldlenp=0x0, inkernel=0, new=0xbfbfe428, newlen=35,
    retval=0xcca54c70, flags=35)
    at /usr/src/sys/kern/kern_sysctl.c:1347
#4  0xc0646fcb in __sysctl (td=0xc164d180, uap=0xcca54d04) 
    at /usr/src/sys/kern/kern_sysctl.c:1282
#5  0xc0811dcf in syscall (frame=
       {tf_fs = 59, tf_es = 59, tf_ds = 59, tf_edi = 3,
       tf_esi = 0, tf_ebp = -1077943368,
       tf_isp = -861581980, tf_ebx = 672367844, tf_edx = 0,
       tf_ecx = -1077941184, tf_eax = 202, tf_trapno = 12, 
       tf_err = 2, tf_eip = 671840819, tf_cs = 51, 
       tf_eflags = 658, tf_esp = -1077943428, tf_ss = 59})
       at /usr/src/sys/i386/i386/trap.c:976
#6  0xc08007bf in Xint0x80_syscall ()
    at /usr/src/sys/i386/i386/exception.s:200
#7  0x00000033 in ?? ()
Previous frame inner to this frame (corrupt stack?)
(kgdb)

That's it. Now let's do some debugging.

13 Aug 2007

Mon, 13 Aug 2007 12:01:59 GMT

metakall

For the past three months I have been doing part-time research and development work for Metakall, a research commercialization project that was born at the Centre for Telecommunications Value-Chain Research (CTVR). The main idea behind Metakall is that we provide the technology to allow end users to pay wireless hotspot operators small amounts of cash in real-time for network access. Instead of maintaining subscriptions or buying fixed amounts of access, Metakall users dynamically pay just for the network connectivity service they need for a single VoIP call, or to read their email messages. We are currently conducting an internal to CTVR small scale user trial, with a larger scale user trial with external participants planned to follow shortly.

At the moment I cannot discuss the technical details of our solution due to a pending patent application, but I am happy to report that our prototype implementation is fully portable. We currently support most Windows flavors (including Windows Mobile and Windows CE of course), Linux and Mac OS X. Metakall's focus on portability constantly gives me the opportunity to experiment with various Linux-based devices; from the first generation SIP phone Linksys WIP300 that is based on uClinux, to the Nokia 770 Internet Tablet, to the impressive OpenMoko that I have just started exploring. Strictly from a developer's point of view, the Nokia 770 device is currently my favorite platform. However, the completely open nature and the vision behind OpenMoko is something that greatly appeals to me. I eagerly anticipate the second version of the OpenMoko phone (expected this October) that will add a wireless interface, giving us the means to fully deploy the Metakall software on this exciting platform.

25 Jun 2007

Mon, 25 Jun 2007 15:53:11 GMT

http://www.trustcomp.org/treck/

In direct relation to my previous post; I am involved in the program committee of the ACM SAC 2008 TRECK track - the 4th Trust, Recommendations, Evidence and other Collaboration Know-how (TRECK) track of the 23rd ACM Symposium on Applied Computing. We are interested in original and unpublished research on computational models of trust and online reputation mechanisms. Specifically, the TRECK track's focus is on the set of applications that benefit from the use of such technologies. Therefore, I believe that it is of particular interest to the open source world, both as an application area in itself (trust-enabled distributed SCM systems as alternatives to the strictly centralized models of development would be a very interesting topic of research), and as a highly relevant forum to publish new systems (Konfidi immediately comes to mind as a promising example).

The submission deadline is September 8, 2007, which is more than enough, well, if not more than enough then certainly adequate, and the full information regarding the venue, dates and a suggested list of topics of interest can be found at http://www.trustcomp.org/treck/.

20 Jun 2007

Wed, 20 Jun 2007 21:47:14 GMT

google as a ``trust authority''

I have recently noticed that I am using Google as a way to avoid phishing websites when I am making online purchases or doing online banking. As an example, to find Bank of Ireland's online banking website I avoid to directly type its URL since I can never remember it and a misspelling would most probably lead me to a fake server. Therefore, I simply google the terms ``365 bank of ireland'' and I am certain that the first result would link to the correct website. Basically, I am using Google as a ``trust authority;'' as an entity that I trust to refer me to the authentic provider I am looking for and not another masquerading as the target provider.

In a traditional PKI setting a Certificate Authority (CA) provides a very similar, in a semantic and not strictly technical sense, service; it gives guarantees to a service consumer that the service provider he is about to disclose sensitive information to is indeed the entity it claims to be. The main difference is that a PKI CA follows a manual way to verify the digital identity of a service provider before it issues an identity certificate (and, as I have previously studied, they cannot really be trusted on this due to mainly cost reasons). On the other hand, Google relies on an automated way to map keywords to service providers. PageRank could be modified, or a similar algorithm could be developed, to associate public keys to identities, and rank them in case more than one keys refer to the same identity based on a variety of factors like the time period the key has been associated with the target identity, eigenvector centrality, as well as others.

Actually, Dimitris Glynos and myself have done some joint research work on the subject and have interesting and encouraging results to share - not to mention a full Python implementation of our proposed scheme that we plan to release as an open source project running on Linux. But this is the topic of another post.

I am not saying that Google should be trusted with even more power. What I am saying is that the PKI trust model doesn't work, particularly as a phishing countermeasure, but also in more general application domains as its limited adoption, among other facts, clearly demonstrates, and that we need to study alternatives.

4 Jun 2007

Mon, 4 Jun 2007 11:52:35 GMT

listening to research papers

A friend recently gave me the nice idea of listening to, instead of reading, research papers. We both have ``to-read'' piles that are constantly getting bigger, even while following the one-paper-per-day rule. Shortly after she mentioned this to me, I started experimenting with Festival, the excellent open source speech synthesis system. I just needed to emerge festival on my Gentoo Linux to get the main engine and emerge mbrola to install some extra natural-sounding voices. I then run echo "(set! voice_default 'voice_us1_mbrola)" >> ~/.festivalrc to change the default male voice to a female one, and echo "Pizza, pizza. Pizza, pizza." | festival --tts - as an initial test. The output was played at double speed. After googling a bit I found the solution to this problem in the Festival FAQ.

To save the output of Festival to an MP3 file I added the following to my /usr/share/festival/siteinit.scm file:


(Parameter.set 'Audio_Method 'Audio_Command)
(Parameter.set 'Audio_Required_Rate 11025)
(Parameter.set 'Audio_Required_Format 'riff)
(Parameter.set 'Audio_Command "lame --quiet --preset \
voice $FILE - >> $HOME/tmp/output.mp3")

Next, I simply converted some PDF papers into plain text using pdftotext and fed the output to Festival. Although it is true that not all papers can be fully understood simply by listening to them, this is a way to save significant amounts of time when it comes to not particularly important papers that nonetheless have to be read.