project byzantium

33
Project Byzantium Networking for the Zombie Apocalypse

Upload: mort

Post on 23-Jan-2016

28 views

Category:

Documents


0 download

DESCRIPTION

Networking for the Zombie Apocalypse. Project Byzantium. Who we are. Ben the Pyrate Linux sysadmin and developer Experienced with live and embedded distros Concerned about disaster relief and network neutrality haxwithaxe Linux sysadmin and programmer - PowerPoint PPT Presentation

TRANSCRIPT

Page 1: Project Byzantium

Project Byzantium

Networking for the Zombie Apocalypse

Page 2: Project Byzantium

Who we areBen the Pyrate• Linux sysadmin and developer• Experienced with live and embedded distros• Concerned about disaster relief and network neutrality

haxwithaxe• Linux sysadmin and programmer• Experience developing live distros and OpenWRT based firmware• Net neutrality, freedom of speech, emergency communications

 The Doctor• BOFH/system architect/security consultant/social activist• Experience with alternative and creative communications methods• Concerned about censorship, emergency communications, freedom

of speech

Page 3: Project Byzantium

Our Cyber Warrior Profile   

Level of Skill

Patriotism Nationalism Antagonism toward other groups

Belief in Equality of groups

Level of Piracy

Homeland

Ben the Pyrate High High Medium Low High Should go without saying.

USA

Haxwithaxe High High It's complicated

Low High Depends who's asking <_<

USA

The Doctor High Medium Low Low High They're all just shiny rocks.

Not your planet.

Page 4: Project Byzantium

Basic Assumptions• You know what the Internet is• You're familiar with the OSI model• You know what routing does (layer 3)• You know how to use 802.11 (layers

1 & 2)• You like being connected• You need to communicate with people

Page 5: Project Byzantium

The Internet is BROKEN.

It fails on many levels, but let's start from the bottom.

Page 6: Project Byzantium

Use Case #1: The Egypt Problem• Deliberate compromise of network infrastructure• ISPs taken offline• Need to collaborate with other people securely• Need to contact the outside world• Active adversary working against you!

Page 7: Project Byzantium

Use Case #2: The Katrina Problem• Massive infrastructure failure• Natural disaster• Power grid failure• Connectivity is patchy at best, likely unavailable • What still works barely works • Need to communicate (organize relief, call for help)

Page 8: Project Byzantium

Our Approach

Image credits: Their respective creators.

Mobile, ad-hoc wireless mesh network

Page 9: Project Byzantium

But wait! Isn't the Internet a decentralized network?

Image credit: wiki.digitalmethods.net

Doesn't the Internet interpret censorship as damage and route around it?

Page 10: Project Byzantium

Not really.

Page 11: Project Byzantium

The Internet is a partial mesh. It's mostly hierarchical.  Lots of networks have routers which are single points of failure.

 Many networks don't have redundant links.

Just ask /San [Jose,Carlos]/ in March 2009.  Also, ask any backhoe operator.

Page 12: Project Byzantium

IP Routing 101

Page 13: Project Byzantium

What we need is a true mesh network with multiple redundant routes between endpoints.

Page 14: Project Byzantium

Ad-hoc wireless + mesh routing ==Mobile ad-hoc mesh network

We can already do this, but we need to make it easy.

Image credit: freshpaint.deviantart.comLicense: CC BY-NC-SA v3.0 Unported

Page 15: Project Byzantium

Design Goals

• Cheap, readily available equipment (after SHTF)• Rapidly deployable • Extensible• Robust and reliable• Secure• Low maintenance

Page 16: Project Byzantium

Design Constraints• Solve Katrina first, Egypt second• A small group of minimally skilled individuals should

be required to deploy the solution• Needs to support a larger community of users• Sufficient tools available to accomplish arbitrary tasks • Minimal collusion required• Not all devices on a network are running mesh routing

software

Page 17: Project Byzantium

Ad-Hoc Networking• Takes place at OSI layers 1 and 2• Built into 802.11 standard• Almost any wi-fi enabled device can do it • Requires minimal configuration to bootstrap a network• No central AP required• Clients communicate with one another in a peer-to-

peer like fashion• Does not do multi-hop - no routing

Page 18: Project Byzantium

Mesh Routing• Takes place at OSI layer 3• Some nodes forward traffic to destination• Paths through network are chosen using some criteria • A number of protocols exist

o By 'a number' we mean around 70o http://urlw.us/list_O_mesh_protocols

• Not all protocolso ...have the same featureso ...solve the same problems,o ...are equally efficient

• Some have killer flaws

Page 19: Project Byzantium

Open 802.11s

• Software implementation of the IEEE mesh routing standard• Built into the Linux, BSD kernels• Ideally implemented in wireless chipsets' firmware• Does not require exotic userspace tools to configure• Immature• Not all implementations support all of the protocol as defined

o Interoperability betwen soft- and hard- versions can be dodgy

• Not well known

Page 20: Project Byzantium

OLSR (Optimized Link State Routing)• OSPF routing algorithm • Layer 2 agnostic• Not explicitly optimized for wireless

o Predates 802.11 o No link-quality awareness by default

Some implementations have it• Routing loops are possible

o Loop detection is just now being implemented • Tries to propagate the full routing table to every node• Computing optimal routes can be CPU intensive• Not ideal for embedded or battery-powered devices

Page 21: Project Byzantium

BATMAN-adv• Better Approach To Mobile Ad-hoc Networking • Has link-quality awareness, loop avoidance• Implemented as a kernel module

o Included in kernel since v2.6.38o A result of the isolation of Egypt in February of 2011

• Provides a virtual layer 2 interface• Very active community• Challenging to troubleshoot

o batctl utility has a steep learning curveo Doesn't lend itself to rapid deployment

• batctl not packaged by many distros

Page 22: Project Byzantium

Babel• Distance vector routing protocol• Uses link quality to help determine optimal routes• Traffic density aware • Converges rapidly • Proactive loop avoidance (formally proven)• Runs in userspace• Manages the OS routing table• Minimal configuration - config files are generally four lines

at most

Page 23: Project Byzantium

Why don't you use...• Tor?• CJDNS?• I2P?• TINC?• Retroshare?• Freenet?

Page 24: Project Byzantium

They aren't low-level enough.

Page 25: Project Byzantium

• All of those applications operate at the Transport Layer or above (OSI Layer 4).

• If you don't have the Network Layer (OSI Layer 3 and below) you're still dead in the water.

• They can fail if your ISP...o Uses DPI to filter traffico Port filteringo Stops routingo Shuts off their infrastructure

• Ad-hoc mesh networks set up an entirely separate system at the Network layer and below.

• If your local ISP shuts down the mesh won't really be impacted because the ISP doesn't control the infrastructure.

Page 26: Project Byzantium

Introducing Byzantium Linux• LiveCD/LiveUSB distribution• Based on Porteus Linux (http://porteus.org/) 

o Binary compatible with Slackware-currento Utilities for live replication in the field

• Mesh routing softwareo Babelo OLSRo BATMAN-adv

• Software development/debugging tools• Network troubleshooting/monitoring tools• Resource hosting software

o LAMP stack• Web control panel for administering the node

Page 27: Project Byzantium

Resources provided by Byzantium Linux• Microblog*• Collaborative online word processor• Realtime web chat

o Self-organizing IRC server networko Web client

• Voice Over IP• File dump*• Streaming audio server*• Whatever else you can dream up.

 All of these are possible using existing software. We're working on finding best apps for this type of distro/network.

*We're still working on these!

Page 28: Project Byzantium

Network configuration• Node configuration

o Pseudo-random RFC-1918 address (192.168/16)o arping used to detect duplicateso Assigns to mesh interface as a /32

• Client configurationo All clients placed in a 10/24o DHCP, DNS with dnsmasqo Config files generated by control panelo Only one wi-fi interface?  No problem!

IP alias interacts with clients – wlan0:1

Page 29: Project Byzantium

Handling non-mesh client nodes

Page 30: Project Byzantium

Zen of Inter-mesh Links• Why?

o Connecting meshes farther than 802.11 range o Can't assume consistent coverage of mesh nodes

• How?o Improvised parabolic or wave guide antennao Tunnel through another networko Packet radioo Sneakernet or IP over avian carriero Combinations of any or all of the above

• Notes on implementationo Solutions are likely specific to use caseo GIGO applies (laser pointer+soundmodem != Ronja)

Page 31: Project Byzantium

Other (incidental) use cases• Classrooms/Conventions/Seminars

o Captive portalo Host local contento Extend coverage

• Extending the range of a home networko Use a spare laptop instead of buying a second router

• Community/municipal wireless networkso Extend coverage at minimal costo Host local content and serviceso No expensive, special equipment or WISPs needed

• Occupy campso Quick to setup or take downo Dynamically expandableo No central point of failure

Page 32: Project Byzantium

What we need• More developers• People testing Byzantium

o Stress and otherwiseo Use studies o Bug reports

• Suggestions• Translators/Translation Editors

o User interfaceo Documentation

• Documentation o Systemo Post-Emergency Lit.

Page 33: Project Byzantium

Comments?  Questions?  Suggestions?

http://project-byzantium.org/

How to contact us:

Mailing list: [email protected] IRC network: #byzantiumTwitter: #projectbyzantium