Hallo Du! Bevor du loslegst den Talk zu transkribieren, sieh dir bitte noch einmal unseren Style Guide an: https://wiki.c3subtitles.de/de:styleguide. Solltest du Fragen haben, dann kannst du uns gerne direkt fragen oder unter https://webirc.hackint.org/#irc://hackint.org/#subtitles oder https://rocket.events.ccc.de/channel/subtitles erreichen. Bitte vergiss nicht deinen Fortschritt im Fortschrittsbalken auf der Seite des Talks einzutragen. Vielen Dank für dein Engagement! Hey you! Prior to transcribing, please look at your style guide: https://wiki.c3subtitles.de/en:styleguide. If you have some questions you can either ask us personally or write us at https://webirc.hackint.org/#irc://hackint.org/#subtitles or https://rocket.events.ccc.de/channel/subtitles . Please don't forget to mark your progress in the progress bar at the talk's website. Thank you very much for your commitment! ====================================================================== hello and welcome to the lightning talks on day three it's cool that you're here so my name is teresa i'm going to be the moderator for today and yeah so unfortunately as you can see nick pharr is not here today but he wished he was so he really like yeah he wished that he could also attend congress but um he will be watching the streams live from times square and look he's looking he's wearing a hoodie just for you awesome all right so for those of you who haven't attended a lightning talk session before lightning talks are basically five minutes per speaker you can talk about whatever you want you can present your crazy idea your projects your whatever you're interested in and for the for keeping the five minutes we have our time keeper which we are going to so which we already sort of demonstrated before the talk so the bar fills up with with green for the first four minutes and now we are fast forwarding it a little bit so you can get an idea so this is four minutes of your five minutes okay and then when it's full you have one minute left and then the yellow starts so yellow is also filling up the bar until you have 30 seconds left and with the last 30 seconds there's this thread coming up and yeah so for the last five seconds it's it's blinking like that and do you know what to do can we well okay that was a little bit quiet so look nick far is going a little bit like that right now so can we try again that's more like it all right so for the speakers yeah it's awesome that you're presenting please sit somewhere at the front if possible so you can quickly walk up to the stage and i have this clicker tool so you don't have to say slide but you can just advance the slide yourself please talk into the microphone so here's the speaker's microphone and sometimes you you know these microphones tend to do these weird things where actually nobody can hear you if you move away from the mic or if it's like that or like that so please think about adjusting the microphone and yeah so you don't actually have to like look back on your slides because they're right here in front of you so just a reminder yeah so have fun oh yeah translations are available so most talks are going to be in english and all the talks are going to be translated so the english talks into german obviously i'm repeating this in german okay for the mention um yeah so now everything that's left for me is just to wish you a great session and invite my first speaker about the ripe atlas hackathon just a sec hi everyone i'm wesner and i'm here to invite you to database hackathon based on the ripe atlas open data i'm community builder for the measurements tools at ripe ncc and i'm also part of the hackerspace in amsterdam called technology incognita this is my fourth congress i never managed to get the proper speaking slot so i have to do lightning talks instead so the summary is there will be a hackathon in amsterdam end of march you are invited if you are interested in programming design visualizations analysis of data open data and combining your skills with the skills of other people it's going to be quite intensive but not 24 7. so you'll also have time to see amsterdam and enjoy yourself it's going to happen in the offices of the ripe ncc and in another location that we still didn't really agree on but maybe it's going to be a hackerspace and we also have prices we got a sponsor who is going to provide for the partially covered travel expenses and accommodation so there will be several people selected who cannot afford to come to amsterdam by themselves so we will cover some of their expenses from the money of our sponsor and there will be prices there will be money for the three most successful teams this uh sponsor is comcast who is using reipotl's data but they don't have time to actually like uh uh make the the uh source uh or the code themselves so they want to pay somebody else to do it and release it back to the community so this is the link for application now this was for the people who actually know what tripatlas is and now i'm going to do an introduction into what tripatla says i have another 15 slides and i will talk very fast so ripe atlas is the active internet measurements network which contains which consists of seven and a half thousand hardware probes hosted by volunteers around the world this is the hardware there are small probes currently we are distributing tp links which are not wireless routers anymore because we have installed something else on them and then there are bigger boxes which are anchors what can you do you can do ping trace route and dns measurements with them this is one of the visualizations this is another one these are many more wikimedia used it open ipmaps are based on this data but it's actually like crowdsourced traceroute geolocation of the infrastructure so take part in this too some other researchers used it to show the interference detection and a lot of hacker spaces actually have a ripe atlas probe and on the hackerspaces.org you can mark your hackerspace with this and that you have a probe and it will show on this map this is the documentation so all the data is open there is api to access it there is a lot of code published on github this is our repository is there and this is how to get in touch i will be here in still tomorrow doing the workshop on ipv4 hijacks and ipv6 deployment tomorrow morning at 11 which is totally too early i know but that was the only available slot and if you're interested in internet governance or any of the other services of ripe ncc or anything to do with the ripe community talk to me there is a lot of other people from the right community here so you are probably one of them also so if you want to discuss any of the policy development process governance any of the other things like k root uh or more about tripatlas please come talk to me and if you want to go to the hackathon going back is this link thank you please just wait for the next speaker to hand over the clicker any questions see me later okay i hate podiums but whatever so my name is yuval and i'm going to present a project i've been working on uh it's a poc project right now um i hope it can expand further it's called amentis and the kind of the the clickbait title is eyes only document viewing so the scenario um that that we kind of have in mind is is the one that most of us are familiar with um it's snowden and and uh glenn greenwald uh basically snowden handing over documents uh stash of lots of documents to guangding world and and i was thinking you know how they did this and how this could happen in other scenarios when whistleblowers need to deliver um documents uh to journalists and most of us are familiar with um with all the all the leaking platforms the online leaking platforms that we all know and i'm more interested in in kind of the offline world about how this is actually done so amenthes is is basically three things wrapped in one it's a live usb it's a hardened desktop that runs on off of that live usb that you can boot and it's an encrypted partition uh so basically um what um what what this what memphis will allow us is allows a technical user this isn't for uh for um for non-technical users just yet so um the sending party would be running arch linux uh because this is uh what it's currently implemented on um that user will collect a stash of files that that he or she would like to deliver to a trusted party and then that that party would uh would run uh the amenities build scripts which are built on the awesome make archizo scripts which allow you to build a live usb system um and then the result is that is an iso file that you can just transfer over to a usb and then you have a live usb system this basically just simplifies most of the work that that the competent system administrator assistant administrator such as snowden would be doing by himself uh just typing in some commands this kind of just wraps it all in one nice nice little package the delivery is done via sneakernet so we're talking about offline delivery not online so this means someone in the vicinity of a journalist would be handing this over or sending it by mail and again the usb is is all the files are encrypted so that means that delivery of the passphrase needed to open the encrypted partition needs to be delivered separately so you wouldn't be sending the same passphrase inside the the envelope or the mail you'd have to either call by phone or some other trusted way to deliver the passphrase the the journalist or the the end user would then um boot the mnthis live usb um we'll receive a very lightweight desktop built on lxde there's a small script that would run initially that decrypts and mounts the the encrypted payload and um and all the necessary document and media viewers that you need to view the actual files the payload the desktop is hardened against accidental leakage so that means that networks and mounts are disabled so that the files can't accidentally uh leak out of this system so they're kind of enclosed in in a single on the single system this isn't hardened against um basically i meant this kind of assumes that the the party that we're delivering uh the files to is a trusted party and that he or she won't actively try to extract the files from from the system because that is possible if you kind of understand how this works um so that that's the whole idea the code is on github uh that's the uh address um there are many different ways that that this project can expand um and i'm really interested in feedback from people who are in for interested in in this um basically i would like to see this expand um into a possible platform for non-technical people to actually enclose a delivery of a payload of files that are supposed to be leaked or are pertaining to a whistleblowing situation and uh and i think the um the the the usb the live usb platform that is delivered on um gives pretty good assurances uh that as long as you trust the party that is receiving these files um they can't easily be extracted from the system again not including um you know firmware attacks or or bad bios attacks or stuff like that so as long as the system is running um then it should be good um that's it um please talk to me if this interests you and if you want to work on this and check out the code um there are some test builds you can just download if you don't have arch linux you can just download there's an iso file created on um there's a link there on the github as well so you can just just download it and try it out yourself on a vm and see how it looks that's it thanks a lot please for the next speaker always uh when you see uh the end of the talk coming near please come to the front come to the podium so you are here thank you okay let's start all right uh my name it's there um i want to vote a tool i want to share i'd like to share with you um it's called cut note it's short for academia note and it's a peer-to-peer dns like system it's not really dns um what it does it's uh it finds ip addresses uh by some identifier but the main task is is that it's decentralized and has a low footprint you can install it on routers but there are also packages for windows mac os x whatever and um well it's not really a don't it doesn't have a domain registry so it's not really dns um how it works it's a distributed hash table it uses a hash table by transfer transmission bitron client and it intercepts for example is a dot p to appear domain top level domain and uh uses local dns server something like some sort of a system interface to um use the distributed hash table to get um ip addresses so it's like um uh the setup you say okay my server my laptop should have my name dot uh peer-to-peer and you enter it in a browser and then it resolves to the ip address of your server you can also use a hexadecimal string so it's uh 20 bytes like in a bitrand client and uh you can use uh for example the debian uh bitrate tracker for bootstrapping or local peer discovery so it's basically like something like that this you enter your your name my name dot peer to peer in your browser or on the console and well it will work but it takes it might take a few seconds it's not that fast yet so typical issues okay everybody can announce an identifier it doesn't have really authentication i tried something but it's not that secure so i won't advertise it and well it's a bit hard because the browser gets a few rp addresses um for example if many people are announcing myname.php they want this this domain and okay the browser okay i think it would be a good idea if the browser decides by https um which ip address is right but it doesn't the browser doesn't really support something like that it doesn't try multiple ip addres ses and say okay it doesn't work it doesn't work oh this this one is all all right and uh there's also no dns back channel to say hey cat note uh please ban that in poster something like that uh features yeah it's a dual stack written c small local peer discovery and it's available for open wt debian arch linux osx windows freebsd their packages yeah and that's it thanks you can find me in the fry funk assembly and we can talk about it maybe of ideas how to solve some issues how to make it more usable thank you very much um we have more than one minute left so what do you want okay then we continue and maybe we need the time later okay start um roguelikes and how to build one um roguelikes are games inspired by the 1980 unix game rogue that looked like this um it depicted its game world in a top-down view drawn as ascii characters you were the ad symbol a player walking through a dungeon collecting items killing monsters shown here as letters of the alphabet rogue was turn-based and had to be played very carefully and strategically because there were no earlier safe games to revert to if anything bad happened to you if your player died you had to start a new game in an entirely new random world and that was always generated procedurally at game start rogue spawned an entire tradition of games that copied great parts or all of its features and scenarios here's just some of the most popular ones but in fact there's many many hundreds more since the 1990s there's been a whole community of people who enjoy building roguelikes often as one man or woman projects who mingle on irc usenet and even an annual conference one thing that lures many coders into this is i think that it's easy to quickly jump to the interesting coding tasks without bothering much with graphics or ui design the community still pretty much accepts delivering games with a 1980s ascii terminal style interface so that frees developers to instead focus on playing around with game mechanics or procedural algorithms to generate interesting worlds or monster behaviors now to give you um a sort of an impression of how to start your own roguelike i'll just describe the basic design steps that i started with and i did my own roguelike work in c and n curses but i won't go into any code details here i basically put a movable at symbol on an empty map of dot symbols imagine these as ground to stand or move on i surrounded these with a random sea of tilde symbols um imagine these as c or water that my symbol could not cross and i so i had a sort of an island and i put on that letters imagine these as actors just like the ad symbol but not controlled by the player i gave each actor a set of hit points that once they reached zero would make this actor disappear or die this would happen by for example one actor moving next to another and from there moving into him thereby attacking him and the attackers attacked actors hit points would decrease by one so i could now walk around this island and kill off all these letters which is kind of boring so i had decided they had to move and attack too and i made them on each turn try to move towards the nearest other actor and if they would stand next to it attack it and so i had to give all actors not controlled by the player some basic pathfinding algorithm to make that more interesting i put some more obstacles on the map these crosses and to make these obstacles more interesting i decided they should not just block movement but also view so that from any given point of view on the map um areas behind these crosses would be hidden this would for example allow actors to hide from other actors so i already had a quite a complex setup with some simple design steps and now i also decided to make things more interesting to put items on the map food that one could for example collect to eat and thereby gain hit points and this could be done by the player but also by the other actors who would now each turn have to decide whether to hunt other actors or whether to hunt food and get more healthy as you see i like giving player and other actors some symmetry in what they can do and know um so one thing while the player has an unfair advantage is that that he can make notes about what the map looks like um so for example once he leaves an area and cannot see it anymore he still remembers that this is maybe a path a forward cut to find shorter paths from a to b and to give all the other actors this ability to remember parts of the map i implemented automatic map memory so this is a screenshot of the game as it looks on my x term on the right hand side you see the map as seen from the player and the black background white foreground cells are what is currently in the player's field of view the black background blue foreground cells are what was what was previously in the player's field of view and is remembered by him and the entirely blue ones are well entirely unknown parts of the map um i then split my game into server and client the server contains the game logic and a game state the client is just the interface as you just saw it easily to be replaced by a nicer x client etc server and client communicate by reading and writing text files in a file system that can easily be analyzed and manipulated by external tools to for example manipulate the game state during the game run and thereby cheat or to script and automatize um game player behavior so these are some suggests some chronological steps one may take to go through the game and build one's own roguelike and do yourself on scratch i can only recommend doing it thank you so hi everybody i'm going to talk about the open detects research project so before starting i'd like to give you some reminders about the evolution so basically it involves three actors and even made a poor industrial guy and a heavy encrypted laptop so the laptop is encrypted with some kind of bitlocker or truecrypt and the main idea is that the evil maid comes cleans the room and then installs a malware on the laptop the malware exposes a fake prompter for the passphrase and then the industrial guy type in his passphrase and the passphrase is uh exfiltrated or stored locally so that when the maid comes back she can steals the laptop and the passphrase so she has access to the decrypted content so what is the the problem the problem is that how do you trust your laptop when you come back to your hotel room so during the open dx project we added two objectives the first one was to focus on user trust on his own laptop so this led to one contribution which is a secure boot on linux and the other objective was to focus on isolated execution so that critical code can be executed in a protected environment here i will only focus on the secure boots so secured what it is it's integrity verification at os startup and the idea is to provide some proof of integrity to the user so there is different kind of proofs and we focused on two one the first one is the secret banner it allows them to share a secret such as a text or image between the tcb trusted copying base and the user so that this secret banner is encrypted and it can only be decrypted if the platform integrity is correct and we also work on another use case them which which involves remote attestation through android so let's have a look at the secure boot architecture so during the open text project we we developed different libraries and use cases and we especially developed the tpm 1.2 library which is autonomous from the bios and operating system we also developed io stack for the tpm and we implemented to use case a static chain of trust scenario so that everything is measured at startup and the dynamic code of thrust so that everything is measured at the us startup but it has it provides a better security because of the immune protection so that the dma access cannot be um an attack anymore so this is the architecture of the sequence of the startup and we developed what is before the drtm the dynamic code of trust sequence especially we developed one component which is the opendetects mle it takes as input many stuffs the secret banner the linux kernel and everything is measured so that when the integrity of the linux kernel is okay i can see the picture and if i see this cute little cat it means that my platform integrity is okay okay so as a conclusion during this project we focus on secure button so we provide remote attestations through android and secret banners so that we can be confident of our integrity of the operating system it works either on the static or dynamic way obviously it doesn't target everything so that if you have a hidden camera or if you have a hardware kilo gear it doesn't protect you against that okay so if you have a question please ask me after the duck okay so this talk focuses on the feel of protocol reverse rendering and it's its objective is to provide a tool that is called net zob that can be useful for security experts in the work of reversing protocols such as the ones that were presented during previous conferences or previous previous talks such as during the cyber necromancy talk on the sat phone hiking process where security experts had to face unknown protocols and had to reverse them so just to remind you a protocol is made of two distinct parts the first one is a vocabulary and the other one is a grammar of the protocol the first one specifies a list of messages that is accepted by the protocol and their format such as with the tcp protocol and the scene i can see synagogue messages and the other one specify the process rules that governs all the valid exchanges accepted by the protocol for example here we have the state machine machine of the tcp protocol and our objective is to infer this state machine so it takes these two approaches to infer the grammar of a protocol a passive one or an active one the passive relies on the um on samples of communication traces from which you try to generalize and create a model mostly based on prefix tree acceptors and so on and you try to create a model that accept all the sequences of message you've observed and that may accept the ones you didn't observe the other approach is an active approach is a one i prefer because you stimulate the implementation and try to infer and to discover all the valid exchanges accepted by the protocol implementation and theoretically it's provide completeness and correctness of the inferred state machine so this state of the art algorithm in this field is called elstar it's proposed by angelina and it relies on two blocks the first one is the implementation from which you want to extract the state machine and the inference process so you first create an observation table you try to upgrade it using membership queries which means yeah you stimulate the implementation with specified inputs and based on the outputs you upgrade your observation table once you reach a certain level you can create a hypothesis automaton and then you can try to verify that this hypothesis automaton is valid by means of a b simulation which means that you try to find for counter examples between your hypothesis automaton and the implementations if you find a counterexample you can refine your hypothesis automaton such as creating new states and start again your inference process whereas if you don't find any country example it means that you in successfully infer the state machine so in practice in practical you can use this elsta algorithm i successfully applied this algorithm to infer various implement various state machines so for example you can learn you can use the learn label implementation which is an open source implementation of the alsa algorithm you simply have to create your own system underlining process a proxy which means you implement the open connection the clouds connection methods and how you send queries to the implementations and based on this you can retrieve you execute the alzheimer's process which can take a few hours and finally you can perhaps retrieve the state machine of the protocol so for example i apply this algorithm to the botnet a very simple botnet as a ep but it's an irc malware and i successfully apply to inferior state machine and based on such knowledge you can then try to create some further smart further or try to validate or execute security security evaluations of your botnet or of the of your adversary.net you can also apply such technique on more common protocols for example here on the rlc but i also apply the samba protocol i cannot show you here because it's very large but i successfully infer the samba protocol after 10 hours of computation so all this work was done as part of the netsub project which is a tools that can be useful for security experts in the protoc ol reverse engineering processes so if you need help in reversing protocols or if you want to help us please contact and join us thank you so hi everybody my name is dmitry kushner and i will present you today hooker which is a solution to analyze and read markets so the main assessment here is that analysis tools are today centered on one specific application we wanted to know if is it relevant to analyze more than one application at a time can we have results by analyzing an entire market so that's why we created a hooker well it's a solution to analyze a lot of android applications and when it analyzes these applications it sends all the results to a distributed database and yeah it's called hooker because it hooked calls to the android api during your dynamic analysis so how co works in three steps so step one is just analysis of one application step two is automation and perisic parallelization of step one and step three yeah it's just profit so this is uh the global overview of uh step one uh what you do is you put you take an application in input you do some static analysis using androgeld you can do you do some dynamic analysis using the substrate framework and you send all these results into a distributed database which is elasticsearch and then you can do data mining either by using kibana or also python script so the interesting part here is substrate the dynamic analysis using substrate framework i'm not going to enter into substrate works works because it's it's quite difficult but basically it injects itself into every applications uh you have and when uh one application uh is calling uh the android api what's with the what we do with hooker is uh building an event object in real time that contains every information we need uh to do some uh further analysis we send this to a collect service which will then send it to the database so just to give you an example of how an event object look like it's here and interpreted by kibana web interface so you have all the information you need you have time stamp of when the event was you had the package name with which the mate which made the the ca ll and you have the class name the method name so here it's javax cryptocipher with method name in it so if you look at the parameter you can see the different the the algorithm which is used and the key uh the secret key which is used so that's that's just to show you that we have every a lot of information when we do this so then post analysis is just like data mining within millions of events we have in in the database so we do this either by using kebab or python script so sorry oops and step two now then is automation of step one so how we did this in hooker is uh first you prepare your android device and then you configure a scenario uh which will tell the android device what what it has to do so install the application execute the application you can do some user stimulation you can do some network stimulation sms sending and stuff like that and you can also reboot your device and then you just have to launch your experiment and yeah step three is just profit so what you can do with the hooker is you can highlight weaknesses in applications you can highlight malwares uh within markets you can find which market is safer than all this you can do a lot of things it's just up to you so we just made a little experiment a few months ago we took the hooker and we put in an input of a thousand and a half applications from the google play and yeah and output it generates a lot lots of data and yeah just to give you an example it's it's very quick but uh it was a time when when there was some bitcoin minus on the google play so we asked ourselves to can we can we find some crypto miners so we just computed uh the number of digest operations the different applications we analyzed did and yeah we found this so here you have some applications that uh are highlighted by hooker so yeah it's free it's on github you can check it now and give it a try play hookah now hello everybody i'm thomas from arch and in our student storm we were building vending machines connected to the network for selling beer and condoms and chocolate and everything it was a great fun to build that and i think you also need a vending machine like this so i'll show you some pictures how we we implemented that um the first thing in progress of buying is um you need to charge your account there you see the interface on our that's another machine where you pay so you press charge the beer account and then you you insert some money why is that clicker not working no that's too long to render ah it's a battery i think um you enter some money that charges your account and once you have um have balance on your account you can go to the vending machine there the vending machine is you see there is a is an ipad installed which um has an open web app so it's very easy to to buy a cheap ipad and 60 euros or something if it's used and you enter your room number there so my room number is 1314 and then the machine asks me what do i want so in this case um i can select whatever is in the database the database always knows where um how many products are because we enter it when filling the um the machine so i select a beer it says okay it takes one euro for the father this clicker is [ __ ] no your slides are too big yeah your computer is too slow next slide ah yeah um then then this this uh device gets active um because it's sending a text message um the text message um contains the beta and that's like amtan for banking but it's for beer so it's called b10 um you get it on your mobile phone and there's the the message um and the code so that you have to enter the ton again you this clicker this computer yeah you are the first one experiencing this problem using using powerpoint extract slides as pictures and i'm putting them into pdf can you can you please um next slide yeah thank you then you have then then you have to press um the engage button next slide there's the button because since uh resistance is futile we call it the engage button it's because um if two bottles come they they will jam each other so next then the kangaroo starts blinking next then there comes the beer you see there's a year beer is going to show him next then you open the beer add next and there is the show next um let's skip fast because it's just explaining how the database works it looks up a pid and it's it's quite next yeah this is this is the internals of the of the machine you see the cans you should never if you buy a machine you should never in um insert some bitburger because bitborger bottles always break so you want a beer and it comes out only beer and and pieces of of glass so next um there you see um how how the the old 80s 1980s machine works there is a there is a small small motor electric motor and you you just need an additional one additional cable next which is connected to a arduino mega nx and there you see the mega inside there are two to relay boards it's very very easy to program and um there is also an arduino shield which connects to the to the network so what if i press the engage button it queries the server and if the server says okay slot three then there comes slot three so the server takes care of authentication that you entered the pin so that that's done in the web application and then the database knows that the next energy engage is right next yeah just the blinking next um yeah second machine is a is a spiral vending machine it's also in our washing machines room because if you um install some vending machines in public you need to fire extinguishing systems we don't have that so it's it's um not in public because it's a private there no next um there are the next next next this is the case this is the case this is the cabling of the spiral automotive it's a matrix um yeah you you can um you can watch a video there you can contact me um four four one three one i also have 100 um cheap energy drinks for s ale they they need to go away um please please contact me um contact information in the wiki if someone is interested in implementing i can also upload the code it's very easy arduino it's it's all um i'm not a good programmer it's very easy to do uh okay hello yes okay so i'm going to talk about tamper-proof web apps um the way things work currently is the user specifies a url and the browser fetches a bunch of resources and then runs it security is based on security of connection and the identity of the remote server so oh and you have to trust the remote service give the right content which is usually fine but increasingly web apps make promises about their own security things like private data never leaves the browser and users should want to know if this behavior changes and website providers might want to protect their users even in the case where their own servers are compromised so if we're running like a trusted page then we can fetch and load more resources but we where do we get the initial piece of uh the initial page the top level of the uh the hierarchy um of trust and we always have to start with something that's already on the user's computer like an html file with javascript in it and we want this to be a nice shareable form so that um we have a we can do a review we can you know share it in lots of different ways because the more ways you can share and the more different copies there are then the more you end up with a sort of decentralized security because there's no single point of like trust to start with um now actually sometimes dealing with html files and attachments is a bit awkward so do we have anything else which lets us share things more easily and data urls are quite good um so you can have this is a plain text example but we can use them for html documents um obviously the more javascript you pack in this html then the longer the url gets so um basically the question is becomes how neat can we make this data url so that it's as sharable as possible um there we are so the a minimal setup might be um you have a verification function like sha-256 and you have some acceptable hash values and then some loading logic and this gives you um data urls some around one half kilobytes and this this this is great this works um it's a little light on features because it tries to fetch a single javascript file and then if the hash match isn't great otherwise nothing um i started thinking about javascript modules because as well as being a nice way to organize dependencies that will be a nice way to a nice a loader is a good way to implement behavior like fallbacks so if your big resource bundle doesn't quite check out for some reason then you can start looking in the backup locations and cdns or even user-supplied places so yeah the setup i then ends up with is um sha-256 module loading logic and then sort of the asynchronous fallback loading and this gives data urls around three kilobytes and you can actually add features like verification using public key signatures instead of hash matching or even other module formats like common js and you can add these as modules there is so i've got my reference implementation as caution.js um these are not the latest version of the slides for some reason so my email's not on there but my dect extension is four five nine seven um and i'm looking to make an initial proof of concept and what i want is something where you can share encrypted files between two people over a service like dropbox um so you'd give someone a date url and that means that both of you using that date url would be able to exchange uh encrypted documents and you know maybe this could be used for whistleblowers or just like private notes shared between people and that kind of thing um i've talked a lot faster than i did when i was practicing this so i have a bit of time left um questions or anything i guess um yeah so the uh the public one is uh sadly gmail um lufgd gmail.com um yeah do get in touch okay so actually if you have more than one minute left we might also have time for some questions so now we just passed a one minute threshold but you know there's some microphones there in the also yeah and if you are a speaker and see that you're finished uh too fast uh and see that's the queen you can ask for questions yourself this is probably faster okay okay hi everybody i'm jalen i'm from namisad i'm here to invite you and to present our haki congress that's happening uh for this time for the year in serbia and it will be 2015 in september so what is the balkan balkan is balkan computer congress that will happen in 11th 12th and 14th september in novi sad in west choose the monitor in front of you so you speak to the audience okay so uh what is the balkan uh balkan is balkan computer congress it's a national hacker conference organized by lugons linux user group of navisad and wow holland foundation and from hamburg and berlin this time it was it will be the first time to reorganize this congress and our goal is to on one place um get the hackers from the communities from this part of europe because there is a lot of hackers in this part of europe but they don't have so much opportunity to travel to hamburg or the similar conferences in the europe so we want to share that experience on that conference to own our conference in novi sad why logons lugons is the oldest hacker community in serbia uh so it is exists more than decades so with uh on 28th c3 we came to india to organize the something similar ccc on in novi sad so okay uh the important dates and deadlines for the congress uh we will publish our cfp first of february next year and the submission deadline will be until the first of july and the conference will be from 11 september to 13 september so deported links you can find all the information about our congress at balkan.org we have a video material from first congress it was was uh first contact the name was you can find found it on our ift ftp servers and also on youtube and from the uh this year it was it's only also on our ftp servers you can follow us at twitter also at balcon 2k 15 for last last year or it was 2k14 so if you are interesting if you have time if you want to join us share knowledge with us if you're a programmer hacker artist journalists you're welcome and we want to invite you to come and have party and have fun in novi sabine next year in september so the next speaker is obelix i think is obelix in the room no this is actually the last talk before the break so it would be really cool if the speaker showed up else there might be some problem like for him so last request for overlakes please proceed to the microphone last call okay well then i guess we have to break early so uh we are continuing at 1400 here so this is in about 20 minutes and yeah so thanks for everyone who's been presenting so far awesome oh oh do so so so so oh so so the speakers who are just arriving can you please sit somewhere at the front so you can later quickly get to the stage thanks so so do so so so so foreign so so welcome back so please everyone who's still looking for a seat please sit down uh yeah so this is the second half of the landing talks for today and just a quick reminder speakers you can please take a seat at the front and if the previous speaker is about to finish then just prepare to come forward so we have a quick changeover and your slides are down there so you don't have to turn around you know and here here's your microphone please adjust it so the first talk is going to be about the open observatory of network inter interference so where is my speaker okay perfect so uh what i'm going to talk to you uh briefly about today is uh uni um this project that uh we've been working on for uh at this point uh a couple of years um and what what is uni uh uni is basically a set of principles guidelines best practices and more specifically test specifications for conducting network related measurements the sorts of network related measurements that we do are aimed at identifying um deviations from normal network behavior that is network irregularities uh that can be a symptom of internet censorship uh and surveillance um so what what we are identifying is not uh necessarily um internet censorship directly but uh clues uh that can lead us to believe that that is what is happening um our methodology is peer-reviewed uh we have published a paper on it uh and it is implemented uh using uh free software and all of the data that we collect is made available to the public so what is it that we detect the two sorts of broad categories of measurements or experiments that we run fit under what is called either traffic manipulation where we are trying to answer the question is my traffic being intercepted is there some middle boxes that that is uh performing deep packet inspection that is uh downgrading for example the youtube video that i am uh that i am seeing uh so we're we're not um specifically trying to see if some particular types of content or keywords are being filtered but we're just asking in general the question is somebody altering the packets that i am transmitting to an endpoint that is under my control the other broad category of tests that we have implemented uh is what we call content blocking so here we are actually asking the question what is being blocked so what websites are unavailable what keywords are triggering uh particular types of of filtering and so generally tests implemented um tests of this category will generally have an input list they will take as input some lists of urls some keywords uh and whatnot and and we'll run through them and and see uh which one trigger uh uh anomalous network activity and which ones do not so why is all of this important why why have we decided to um to work on this project well we believe that uh making data on censorship available uh to everybody under an open license is uh extremely useful to journalists to researchers but also to activists that are interested in better understanding uh the phenomenon of internet censorship and surveillance and uh when these people have um evidence that is uh based on facts as opposed to just anecdotal reports they can make a stronger case uh against internet censorship um and our goal is that of promoting uh uh transparency uh for uh internet censorship that is um we believe it's important to uh have oversight uh also in uh democratic countries uh on on how these systems are deployed and how they are used because we have seen uh in the past and in the present a lot of instances of overblocking of sites that should not be blocked that are in fact blocked um and so that's that's the reason for that uh we think it's uh it's important to have open methodologies because only by having the the test be specified and documented in english before it is implemented in code will people then be able to verify that what we are testing what we are measuring uh is in fact uh um corresponding to uh to what what we should be measuring um so only by by doing this will we have um results that are you know that have a scientific uh value um as as i was saying we focus a lot on tests tests are very important oh [ __ ] uh open implementation well we believe in openness and uh uh open open everything these are some of our users come to our talk tomorrow and uh and adopt an uniprobe yeah that wasn't his fault i made those slides for him so uh played me um so uh i work as a internet engineering researcher at the university of aberdeen and i do a lot of work with uh internet measurements um so this is uh measuring are you getting the bad width that is advertised by your isp uh is is your path broken for certain protocols are there middle boxes that are rewriting your traffic and it's important to do these experiments in a real world environment uh enter censorship and suddenly you don't know what your environment is anymore you don't you don't know if you're measuring the network the path or if you're actually measuring the isp censorship system so we've got here some results from uh openrightsgroupblock.org.uk's website and you can see that on the talktalk strict setting 13 of the top 100 000 websites six months ago were in fact blocked each isp has a different block list these are not actually maintained by the isps themselves it's a third-party service the isp doesn't even know to some extent what what is being blocked um there's no way of getting access to this information so there's no way of verifying once you've done your measurements whether or not you've actually done good science or if uh you've been intercepted um each isp a different way of dealing with it so some will have a an error page some will just send you a 404 sub a 403 um ideally there would be a system for for looking these up o2 has a system for this you put in your url it tells you whether or not it's blocked but of course the isps don't really have access to this information as far as i know and so they're not providing the service um it's it's it's bad science you publish these results no one can base anything on these results uh because they it it's very difficult to verify that they're correct so there's a number of solutions to this uh ideally http 451 which you may have heard of uh unavailable for legal reasons as an error code comes back instead of a 404 or a 403 and you know you haven't spoken to the server you were intending to speak to and then you can disregard that result microsoft actually have done something good here with windows parental controls and they do return http 450. um this this currently isn't uh in the standard standardization process as far as i could tell but i would really like to see this adopted so you've got an error code for this has been blocked for legal reasons and an error code for this is something that you've opted into um and and this is something you've chosen so you can distinguish between the two but ideally there would be a way of just getting access to the lists uh not even bothering to test the websites that are going to be censored uh so yeah that's uh that's all i've got there so again come along to the the adopt-a-dudy probe talk tomorrow uh six o'clock uh 13 um and i'll be there if you uh want to answer any questions noisy square not whole30 noisy square any questions now because we have one minute 40. should have let him carry on a bit oh yeah there's one uh the isp needs to have obviously needs to know the list because otherwise they wouldn't be able to block it uh no um so what it is is who executes the blocking uh so they have hardware that's provided by a third party it's in their network but it's not controlled by them interesting okay great then let's thank the speaker again and so the next talk will be in german i think it's the only german talk today and if you need a translation and have a dect phone 8014 so and before you start i have a quick announcement please try not to abstract the isles so if you are sitting on the wall and in the front of the front part of the room it's okay but everyone uh sitting in the aisles behind the half first half of the room please move to the front of behind the seat we absolutely have to keep the emergency exits clear thank you all right so sorry for the german slides first of all but i've decided to talk in english so i hope everybody everybody can follow me my name is stephan hugel i come from fifth which translates to computer professionals for peace and social responsibility and i would like to introduce our cyberpeace campaign we just started and where we aim at the peaceful use of the internet without military misuse and i would like to recall first what's the problem today we're all talking much about surveillance these days and from our point of view these kinds of surveillance which endanger human rights are in itself an act of cyber war which we reject for doing these these surveillance we need manipulations of communication infrastructure we need the creation of vulnerabilities in internet devices and this is an act of war and this is not only our point of view but also the point of view of the so-called talon manual which was initiated by the nato some months ago we have today the situation that national cyber warriors intelligence agency we can consider a hacker a hacker organization with also unlimited unlimited resources for hacking the internet and these acts of war lead to a large potential of escalation and so in danger security entirely and moreover it leads to the preparation of conventional military operations we all know about drone strikes um within with uh mainly or many innocent victims without a trial uh without even a suspicion against these people which are killed by these by these drone strikes and this also is prepared by the surveillance of the of the intelligence agencies last we have we have a main problem of this kind of cyber war we have the illusion of a clean war with not many victims we can't see the victims but this leads to the to the illusion of this clean war and so what do we call for first of all we call for the rejection of all kinds of cyber war all kinds of cyber warfare we call for the preservation of the integrity of all communication infrastructures and the entirely peaceful use of all communications infrastructures we call for the peaceful use of these infrastructures we call for protection of military misuse of the infrastructures and we call for the preservation of human rights on the internet on on in all communications and and uh last of all we call for the rejection of a security doctrine which puts everybody of us under um uh under a general suspicion of being criminals so what are our targets we want to influence we want to take influence on security wars and security strategies for example by lobbying we want arms control uh in cyber ins with uh on cyber weapons uh we want um rejection of all kinds of offensive cyber weapons um we want a sensible form of publication of all vulnerabilities uh with the with the target to have them closed early as early as possible and this is all 30 seconds okay thank you this is all what we see as a secure communications infrastructure we call for a call for in our campaign and as a first step we have prepared 14 claims you can find on our internet website yeah you can find us you can find us on the internet of course cyberpeace.fifth.de and you can find us on a nice square on the first floor here in the congress thank you very much next one is going to be a special double feature of 10 minutes yeah thank you hello congress i will talk about boot kits but via sms i will talk about usb modem 3g 4g usb modem it's very complex device is you if you don't know it's a computer which you include plug into your computer but it also uh have one more computer inside it's called sim card but it's a different story so uh there are a lot of hacks related to usb modems but mostly it's related to fairway update and vendors decide to harder with systems uh decide to switch off additional interface and use only web interface web dashboard to management this was a mistake why let's talk about hacking usb modem first of all you need identity correct manufacturer why because it's very heavily branded uh there are different ways some you can broke it see inside but sometimes very stupid tricks are work for instance you can take a photo office modem and google uh via picture search and find correct model of the device uh how 4g modems works when you plug it into your laptop operation system on modem boot up and starts works like a router so you have additional interface you get uh ip address through the cp and work like through rotor not with wireless network of operator if you have network device you we can scan it sometimes you can find even telnet on the system and sometimes via simple google search you even can find password for this telnet but sometimes you cannot find nothing because for instance it's very new device but we don't need just a password we need a remote code execution and http is the best way at the moment we start to find vulnerabilities and there are thousands of trivial web vulnerabilities like csrf uh lack of quantification cross-site scripting uh just few examples and these vulnerabilities can be used not only to write xss in alert but for our staff for instance we can change dns uh settings sms center settings to intercept sms manipulate with contacts uh issue ussd commands manage wireless network and also we can break device and now i want to show you a short video to describe to demonstrate how it can work in general here it is this is a web dashboard of modem attacker can send sms with cross-site scripting vector here it is sometimes it's necessary to read sometimes it works just by arriving so new sms let's read it just to be sure what is cross-site scripting here it is so we have this cross-site scripting we can do different stuff for instance we can send ussd request to a provider asking to reset our password to self-service portal sending after this uh provider send us a sms with new self service portal password via xss we can read it it's hidden sorry it's my password uh and we can delete with sms to not bore the user so we have a password to self service portal and we can i don't know uh subscribe subscriber to something useful like uh i don't know weber forecast for 15 euros per day uh slice please uh but uh i need the power uh i'm sorry skip it uh and it's easy to find it because uh i i can say that well this very poorly written uh web application they use direct shell calls we sometimes use awk to calculate content length of the http request so you can play with it and our different trivial remote code execution vulnerabilities and we can get the shell so we get the shell for instance it's a real request launch netcat get root access and we can check this firmware sometimes during firmware assessment you can find a lot of interesting stuff for instance uh cmg uh cmdcgi uh this is a backdoor uh we can't find it uh via blackbox why because web server is uh case sensitive and during brute force we uh don't know that but uh if you know what there is a cmg cgi we can execute any uh code without any vulnerabilities just uh ask it so but but anyway we we have remote code execution on modem what we can do we get firmware yes it's nice but we can download it it's from internet sometimes find more bugs we already have vulnerabilities we can send sms or usd but we can do it via sms's or very cross-site scripting trivial stuff but what we want we want to own the subscriber laptop so we can own modem and modem shoot on their laptop how to do it it's in usb and all we know that usb is bad uh some time for coding uh and in google play you can find very useful tool it's usb cable for android as i say this modem is linux device linux android device so we can reprogram usb modem to be a keyboard there are some technical issues related we can discuss it later if you're interested in now we'll see the demo okay i see it on your screen oh here it is let's assume that we already oh so let's come back uh let's assume that uh uh somebody already hacked this modem via sms for instance cross-site scripting can rca vector and we plug this device to our laptop it will be detected like a network adapter here it is remote in this device but out after timeout it starts to behave oh sorry it's you know disclosure after timeout it starts behave like a human interface device like a keyboard and keyboard can type no hands but it's typing we launched uh calculator for sure after we launched cmg oh it's uh but sorry uh but first we get we get bios specification bios name and version and after reboot the computer when it rebooted our modem became a cd-rom so uh after all for telecom all your 3g 4g i belong to us for everybody don't plug computer into your usb even it's a harmless network printer but this story for next congress thank you with our team hi i'm talking about void linux what links is a new distribution based on the xps packaging system first of all before before i begin uh does someone already use void linux please raise your hands oh great nobody one one oh cool cool um uh arch links guys here sure all right yeah we got you um okay what this talk was planned like i would first i would say something like oh voidlinks great what linux use all right linux then as i'm ranting about system d writing about other distributions i'm talking about you arch guys um and then i would talk about how great this package manager is but then i thought i thought kitties by the way there's a great book on amazon and some more kitties okay but obviously that's what we [ __ ] why should i do this instead i'm talking i'm talking about some facts of what notes uh we are using our unit or uh run it i don't know how it's spelled how it's called as as a in its system we use no d small asterisk please applause we have about 4 500 packages around 10 packages came come to the distribution every week so we are uh growing we are using the xpps package manager it's written from the scratch that's how it's looked like um it's was started as a replacement for a package source on netbsd then it got ported to linux and became the default package manager of void linux it's optimized for speed like all software is some kind of optimized for speed but um extreme uh extra m sorry i always uh pronounced it wrong um but extra m measures every [ __ ] operation this this package manager can do so void packages is our build system it's as i said it has around 4500 packages um about 3300 can be cross-compiled to arm for arm v six arm v7 um and also native compile to uh uh uh xxt 88 both both 64 and 32-bit uh these are the platforms as i said and we we're supporting both the geolipsy and the moose lipsy and a great announcement announcement um juan the maintainer of the of nearly everything just managed to compile the uh live cd this morning on moose libsy so when you download the easels on our web website you're getting the moose libsy default on your live system oh please applause no series plus thanks juan okay that's uh what uh build process is looking like here i'm uh compiling uh s cma and uh yeah you just it's uh you're uh using templates files for this and you're starting the build process and you're getting both and repository on your local system and the uh compiled packages when when the compile step is finished and crossfall is also also in uh fast step uh xp press d graph gives um ah no yeah so yes gives uh a short uh gives your dependencies as a graphical output with graphics and any questions no we have no time seriously thank you yeah so so hello my name is matthias um and i fiddled around a bit with the wpa enterprise networks and discovered some well not so nice effects in the authentication security i want to talk about so we're talking about password authenticated wpa enterprise networks we have one here the congress network and the prominent example is the ethereum network which is a network provided by a lot of universities to their students which they can use worldwide to log into other universities networks well just a short question who of you uses the edw network regularly who of you uses it on an android device okay so yeah i come to that a bit later this is a very short overview about how it works so uh we have the eduroam network um then when you connect to the network you use an anonymous identity to set up kind of a tls tunnel um your the server does not really provide um an authentication to your device it is just proved by providing a by um a ca certificate in the case of eduroam this is the deutsche telekom root ca2 where nearly everyone can get a certificate which is assigned by the ca so inside this tunnel there's the amstrad v2 authentication is a challenge response method but there is also the possibility to use plain text username and password authentication so inside this tunnel you just use a username and password to authenticate to the network well so this is kind of a problem let's play man in the middle create a network called eduroam use the patched host apd which allows any user to log in and well just tell the device you want to use it uh to use the gtc plaintext login instead of the msg v2 channel response well then go to a public location fire up your network and lots of clients will try to connect to your fake eduroam network and unfortunately a huge amount of devices will give their plaintext login information to you so i'm talking of about 10 here but i did not run any great field tests because i'm the legal situation is not quite clear but as you may have heard also the amazon v2 exchange response is not quite secure so there are lots of devices which will just supply you with a challenges points hash which you may use later to correct the username and password offline okay so why do we have this problem well it's mostly and device support we really need server certificate checking and this is not implemented in a lot of client devices apple is a great positive example here because you have profiles which can be very easily installed on apple devices and additionally i saw some apple devices or maybe all these days use certificate pinning so when you first connect to the network it asks you to verify the server certificate and then it remembers this certificate and will warn you if it changes so this fixes the problem but other platforms especially google android do not allow any kind of server certificate validation even if it uses the wpa supplicant underneath there's no way to configure something like a common name matching yeah um i don't know how this and other mobile platforms but even on desktop linux or windows we have the problem that it is mostly impossible but at least very inconvenient to configure any um further server certificate validation methods so i have a few links here um i when i discovered this issue later i googled about it and a guy from another university also discovered it with eduroam and talked to adrian people about it their answer to the problem mainly is th e universities should provide better setup guides but as i told you this is not always the solution because for some devices you cannot fix this problem a really great advice would be to not use a common ca but use a private ca for every network you set up so there's also a link to my github where you can download the patch toast apd you can contact me here after the lightning talks outside or by email thank you uh hi everyone my name is guy or shift when people say when i tell them my name they don't say they don't understand it so sometimes i say shift or sometimes they say guy uh i'm gonna talk about hypervisors i've been auditing this in hypervisor for the past several months i didn't do any vtd escapes or txt stuff for the stuff you've seen on corey's and rafael stock but i managed to get vm escapes from dom u to dom zero and from dom zero to the hypervisor itself um this is not going to be i'm not going to give a lot of details here this is just a teaser talk from what i'm going to show so tldr then is broken be careful if you use amazon or if you try to use it on i don't know privacy stuff so i'm going to show you a short demo of what i did there's not much over there than just me escaping from dom dom u to dom zero so if you're gonna applause to the reason now it would be awesome so she'll show the demo so right now we see the host we can see that llc is the actual route so you can see it's here uh it's kind of redacted but [ __ ] it when i do ls there there aren't any stuff here so i'm not bluffing or anything like it and now we're looking at the guest here i'm using root access but if you're smart enough you can actually escape from using a regular user when i try to do a lesson on home lols it doesn't works and so i'm going to guest i'm not bluffing or at least just believe me so now using the actual exploit this one this one is working on 4.1 and 4.2 we just escaped there's nothing to see here but other than okay you can see it but root law z so i'm not gonna touch now a file on the host nothing over there going back to the host that's it enjoy we have still some time for questions if you want to answer questions can you please use a microphone i give you mine just as an exception yes can you repeat the question please uh this could you repeat uh i can say that the mini os sucks qmu sucks when it tries to emulate different kinds of stuff i wouldn't recommend not many people use it be careful when you do it uh that's it i'm going to present more stuff like later this is just a teaser as i said there are there is no there aren't many technical stuff is as you can see just other than this video and that it doesn't give much so we can talk about it later if you want and we'll show you some when stuff where do you present more that's a good question the question was when do you present more and where i think i'll do it in csgon or something like it i hope to is it documented anywhere i think i'm gonna drop it on twitter or whatever okay thank you very much so a big round of applause well this doesn't look like my slides ah better okay perfect can i go back cool okay hello my name is barney and i will present to you the hackathon we did at cern cern is an international organization for particle physics research and as such well we have a lot of technology there a lot of innovation and stuff that you maybe know from magazines and newspapers but also stuff that you this thing doesn't work okay that you maybe use in your daily life like the world wide web and touch screens however we asked ourselves how can we use this old technology and innovative force that we have there for humanitarian purposes and well we came up with some ideas and we started talking to two experts from the red cross from un organizations um okay other physicists and so on um and i thought well let's make some projects let's make a hackathon and let's try to to get some functional prototypes out of it that can be used directly in the field so we also tried to to be a little experimental about this so we don't didn't want to have like a group of um people coming from well one feet of work so we tried to be had to uh have heterogenic groups as possible so we gathered experts from science arts from private companies ngos academia we just uh were very open we had a long selection process and in the end formed yeah these teams so they had six weeks of intensive research phase we gave them online workspaces to work on um and this was concluded by a 72 hour hackathon at cern in the well quite inspiring environment of the idea labs um we wanted our participants to to leave their comfort zone and to think out of the box completely all these has been uh closely followed and supported by experts that will hopefully use this in the end in the field so we oh sorry um so we had 35 participants and 23 local mentors they came from 28 nationalities and i think this graph shows that we well quite managed to to have uh people from from from all uh fields of work and they worked on these topics so we had one thing which is elevation determination for refugee camps so you have to know where to put your refugee camp if you don't want to to have it flooded after a couple of days um the other one was um complex zone uh humanitarian demarcation certificate certificate which means uh you need to to label buildings uh buses uh camps whatever that they are not military otherwise they could get um well attacked and if somebody attacks these marked um well locations then you can go to to like a court and and try to get uh well the people that did orders attacked court martial um the other thing is um like improving the performance of demining dogs and rescue dogs our topics are a ten uh dollar inflatable flip fridge for feed operations and what is more on the scientific side portable cost and grade detector and blind store which is a private information retrieval data store system uh i will not talk about this i know because it will be talk in 10 minutes so please stay here stay tuned it will be very interesting um from well our point of view the um hackathon was a huge success we had a lot of discussions a lot of progress people are very happy to be there had a lot of fun and in the end we had quite some work in prototypes so here's some results so from the taran elevation team they built a nice app using gps and data from the aromatic sensors of of mobile phones and made them tur n elevation map from well the same premises at the time then the demarcation team but also an app that can authenticate personal in conflict zones that they are really from humanitarian organizations it's quite easy to use it works via bluetooth and you can and it works with certificates and you can be quite sure okay this person is really well coming from red cross for example and there's also another um idea how to to mark buildings uh from the fridge point of view this project was split up into well they built actually a fridge that is um very well very simple to build it's very cheap and they also worked on on a new generation of body bags so um you can keep like well that was safe and and transport them safely so that's it thank you very much well if you have questions i mean there's my contact it's 5319 or just go to this website thank you very much hello my name is nicobar or at least you can find me in the congresswiki and there are five people missing of our team so i want to talk about photopia which is our id more or less maybe they are here maybe they can stand up one of them there are two okay three four three of them are stayed at home and my goal will be to win your sympathy at least and maybe also to win your some contribution or participation to our um to our team and okay um okay what is photopia photopia should be like a community picture database for social movements so basically we got tons of images in and hopefully tons of images out and um these pictures getting in are from off or with mo social movements as a subject and they should go out to non-commercial um media with some let's say idealistic motives um media who wants to spread the word more or less and as blogs or certain websites print magazines designs posters flyers and the thing in between is the engine room sorry um i i'm going to talk about later and um what makes us maybe a bit special is that we are um we are non-commercial so we are not like flicker it's a great difference because many people asked us what would be the difference we are maybe from the left you could say we want to use creative commons license with the non-commercial module which is very important to us we want to be easy to use and at least we want to be cool and there's some history because i stood here already two years ago in the 29th c3 and if you want to get more information about the idea you can also visit this last lightning talk where there's a url and now i want to talk about the engine room because that's the point um i want to focus on um it's that's a list of work to do we will going or we want to do or at least we think we have to do and um maybe i give some time to read it out i'm not going to read it out and maybe you think it's fancy stuff you want to work with us on and you can do that by joining us to our workshop where we are going to discuss all these points to today i learned maybe it's free software and not open source there's a difference i didn't know that so exactly before we want to write free software that's our goal and these are the dates or these are the points where you can communicate to us there will be a workshop at eight at six pm today um we are going to discuss all these topics we're also on twitter and facebook um and maybe later on more cooler media there's a blog you can visit blog.photopia.cc there's a web web website coming soon down there is our ptp hash you can write us and now questions anyone well we only have one minute left so i guess we don't really have time for questions but i think you can find a speaker later on we only have one talk left and i think after the lightning talks we will uh it will be possible to find some of the people who have presented okay hi i'm benny i'm talking about blindstore a privacy preserving datastore that is this one that was developed at the port hackathon we started this project at cern during our time as summer students this summer and then had the opportunity to continue working on it in november at the port so what do we mean by data store well it's a data store with some data it's just n blocks of data with equal length and the client can request a certain item item number three for example and he receives this data but the server doesn't know which item the client asked for so how do we do this this kind of problems is called private information retrieval there is one very simple approach just download all the things but obviously this is very expensive in bandwidth and takes a long time so there are some methods to lower this resource usage there is information theoretic private information retrieval that's like you distribute your query in a way to multiple servers that if they don't collude your privacy is still preserved there are examples that work when only two stores don't collude then there's computational private information retrieval there you need an algorithm that runs on the whole database so that single store doesn't learn anything about you that can be achieved with homomorphic encryption so what's that it's a very specific encryption scheme where we can run calculations on the ciphertext and get the same results then when you would run these operations on the plain text after decrypting so for example if you have two plaintexts p1 and p2 and encrypt them to c1 and c2 then you add c1 and c2 decrypt it and it's the same result than just adding p1 and p2 so how is this used in computational pir for example you encrypt the item number send it to the server the server does some super expensive calculations returns some data blob to you and if you decrypt it with your private key you get what you asked for blind so just goes for this computational pir approach it's a library that provides functions for the client and the server part and it implements an encryption and pir scheme that was published in 2013 you have the name of the paper on the slides if you download these slides you have a link there to a huge paywall so if you are not in a university network you can contact me afterwards i can show you the paper if you want the complexity of this algorithm is very simplified with n the database size in common communication login and in computation n log n so that means if you have a database of 1000 records with one kilobyte each record then it takes three seconds to retrieve one record that's a lot i mean a normal database would maybe take a millisecond and the size of the data blob is a return to you would be two megabytes okay anyway what can pir be useful for if it gets faster two points you can be authenticated against the servers but still your queries are hidden and if you have a huge user base still the server doesn't not know anything about yeah what the community is asking for no statistics examples for this would be a dns server where the server does not know what domains are hip at the moment or yeah presence discovery where you can ask the server if your friends are online or not maybe get their current ip address to establish another communication channel a question i was asked asked very often was why is this different from tor well tor hides your identity but not what you ask for your so the end point or the service you access through tor still knows what's happening with blindstore it doesn't know nothing but you can use tor to connect to to a privacy preserving data store to even hide your identity but this works of course only if you don't need to be authenticated then there's group db which does something with encrypted database as well you might have heard about it but within cryptobe the database is encrypted already so it's only useful for one party some things like blindsor can be used from a lot of people we have to increase it in performance by one million to make it usable but maybe we can do something like you need less privacy uh yeah then it's faster go to this talk it's interesting by goldberg and two other researchers they built this presence a discovery service on top of pir so this was the last lightning talk for today let's thank all our speakers again for walking up here and presenting their ideas and projects and and also let's have a big round of applause for our angels who are working in the room who are working hard on translating on video audio and and signal angels and also alex who built the time keeper and who brought it here and set it up and yeah so that's really great there will be another round of lightning talks tomorrow same time same room so stay tuned you