D4
/
architecture
mirror of https://github.com/D4-project/architecture
2
0
Fork 0
Code Issues Releases Wiki Activity

add: [preso] lid initial commit

master
Jean-Louis Huynen 2019-11-11 16:00:57 +01:00
parent 74a04d48e9
commit 50578d069a
No known key found for this signature in database
GPG Key ID: 64799157F4BD6B93
8 changed files with 789 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

71
docs/preso/05-LID/beamercolorthemefocus.sty Normal file
View File

@ -0,0 +1,71 @@
% Copyright (C) 2018 Pasquale Claudio Africa.
% 2018 Sebastian Friedl.
%
% This file is part of beamerthemefocus.
%
% beamerthemefocus is free software: you can redistribute it and/or modify
% it under the terms of the GNU General Public License as published by
% the Free Software Foundation, either version 3 of the License, or
% (at your option) any later version.
%
% beamerthemefocus is distributed in the hope that it will be useful,
% but WITHOUT ANY WARRANTY; without even the implied warranty of
% MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
% GNU General Public License for more details.
%
% You should have received a copy of the GNU General Public License
% along with beamerthemefocus. If not, see <http://www.gnu.org/licenses/>.
\mode<presentation>
% DEFINE COLORS. ---------------------------------------------------------------
\definecolor{main}{RGB}{64, 64, 64}
\definecolor{background}{RGB}{239, 239, 239}
\definecolor{alert}{RGB}{180, 0, 0}
\definecolor{example}{RGB}{0, 110, 0}
% SET COLORS. ------------------------------------------------------------------
\setbeamercolor{normal text}{fg=textcolor, bg=background}
\setbeamercolor{alerted text}{fg=alert}
\setbeamercolor{example text}{fg=example}
\setbeamercolor{titlelike}{fg=background, bg=main}
\setbeamercolor{frametitle}{parent={titlelike}}
\setbeamercolor{footline}{fg=background, bg=main}
\setbeamercolor{block title}{bg=main!80!background, fg=background}
\setbeamercolor{block body}{bg=main!10!background, fg=main}
\setbeamercolor{block title alerted}{bg=alert, fg=background}
\setbeamercolor{block body alerted}{bg=alert!10!background, fg=main}
\setbeamercolor{block title example}{bg=example, fg=background}
\setbeamercolor{block body example}{bg=example!10!background, fg=main}
\setbeamercolor{itemize item}{fg=main}
\setbeamercolor{itemize subitem}{fg=main}
\setbeamercolor{enumerate item}{fg=main!70!black}
\setbeamercolor{enumerate subitem}{fg=main!70!black}
\setbeamercolor{description item}{fg=main!70!black}
\setbeamercolor{description subitem}{fg=main!70!black}
\setbeamercolor{caption name}{fg=textcolor}
\setbeamercolor{section in toc}{fg=textcolor}
\setbeamercolor{subsection in toc}{fg=textcolor}
\setbeamercolor{section number projected}{bg=textcolor}
\setbeamercolor{subsection number projected}{bg=textcolor}
\setbeamercolor{bibliography item}{fg=main}
\setbeamercolor{bibliography entry author}{fg=main!70!black}
\setbeamercolor{bibliography entry title}{fg=main}
\setbeamercolor{bibliography entry location}{fg=main}
\setbeamercolor{bibliography entry note}{fg=main}
\mode<all>

47
docs/preso/05-LID/beamerfontthemefocus.sty Normal file
View File

@ -0,0 +1,47 @@
% Copyright (C) 2018 Pasquale Claudio Africa.
% 2018 Sebastian Friedl.
%
% This file is part of beamerthemefocus.
%
% beamerthemefocus is free software: you can redistribute it and/or modify
% it under the terms of the GNU General Public License as published by
% the Free Software Foundation, either version 3 of the License, or
% (at your option) any later version.
%
% beamerthemefocus is distributed in the hope that it will be useful,
% but WITHOUT ANY WARRANTY; without even the implied warranty of
% MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
% GNU General Public License for more details.
%
% You should have received a copy of the GNU General Public License
% along with beamerthemefocus. If not, see <http://www.gnu.org/licenses/>.
\mode<presentation>
% SET FONTS. -------------------------------------------------------------------
\setbeamerfont{title}{size=\huge, shape=\bfseries}
\setbeamerfont{subtitle}{size=\Large, parent=structure}
\setbeamerfont{author}{size=\scriptsize}
\setbeamerfont{institute}{size=\normalsize}
\setbeamerfont{date}{size=\scriptsize}
\setbeamerfont{sectiontitle}{size=\huge, series=\scshape\bfseries}
\setbeamerfont{frametitle}{size=\Large, shape=\scshape}
\setbeamerfont{footline}{size=\scriptsize}
\setbeamerfont{focusframe}{size=\huge, shape=\scshape}
\setbeamerfont{description item}{shape=\bfseries}
\setbeamerfont{caption name}{shape=\bfseries}
\setbeamerfont{bibliography item}{size=\small, shape=\scshape}
\setbeamerfont{bibliography entry author}{size=\small, shape=\scshape}
\setbeamerfont{bibliography entry title}{size=\small, series=\scshape\bfseries}
\setbeamerfont{bibliography entry location}{size=\small, shape=\scshape\normalfont}
\setbeamerfont{bibliography entry note}{size=\small, shape=\scshape\normalfont}
\mode<all>

117
docs/preso/05-LID/beamerinnerthemefocus.sty Normal file
View File

@ -0,0 +1,117 @@
% Copyright (C) 2018 Pasquale Claudio Africa.
% 2018 Sebastian Friedl.
%
% This file is part of beamerthemefocus.
%
% beamerthemefocus is free software: you can redistribute it and/or modify
% it under the terms of the GNU General Public License as published by
% the Free Software Foundation, either version 3 of the License, or
% (at your option) any later version.
%
% beamerthemefocus is distributed in the hope that it will be useful,
% but WITHOUT ANY WARRANTY; without even the implied warranty of
% MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
% GNU General Public License for more details.
%
% You should have received a copy of the GNU General Public License
% along with beamerthemefocus. If not, see <http://www.gnu.org/licenses/>.
\mode<presentation>
\RequirePackage{tikz}
% CUSTOMIZE STRUCTURE ELEMENTS. ------------------------------------------------
\setbeamertemplate{blocks}[default]
\setbeamertemplate{section in toc}[square]
\setbeamertemplate{subsection in toc}[square]
\setbeamertemplate{itemize items}[square]
\setbeamertemplate{itemize subitem}[triangle]
% STRUCTURE FRAME TEMPLATE DEFINITIONS. ----------------------------------------
% Title page.
\defbeamertemplate*{title page}{focus}{%
{\usebeamercolor{frametitle}\colorlet{focus@@temp}{bg}%
\begin{tikzpicture}[overlay, remember picture]
\fill[color=focus@@temp] (current page.north west) rectangle ([shift = {(0, -0.45\paperheight)}] current page.north east);
\end{tikzpicture}}
\vspace{-1.65\baselineskip}
\begin{minipage}[b][0.35\paperheight]{\textwidth}
\vspace{\baselineskip}
\usebeamerfont{title}
\usebeamercolor[fg]{frametitle}
\inserttitle
\end{minipage}
\begin{minipage}[t][0.1\paperheight]{\textwidth}
\usebeamerfont{subtitle}
\usebeamercolor[fg]{frametitle}
\insertsubtitle
\end{minipage}
% Set the title graphic in a zero-height box, so that
% the position of other elements is not affected.
{\vfuzz=9999pt\vbox to 0pt {
\raggedleft
\inserttitlegraphic
}}
\vspace*{\baselineskip}
\begin{minipage}[t]{\textwidth}
\usebeamerfont{institute}
\insertinstitute
\end{minipage}
\vspace*{\baselineskip}
\begin{minipage}[t]{\textwidth}
\usebeamerfont{date}{\insertdate}
\end{minipage}
\vspace*{\baselineskip}
\vspace*{\baselineskip}
\vspace*{\baselineskip}
\vspace*{\baselineskip}
\begin{minipage}[t]{\textwidth}
\usebeamerfont{author}
\insertauthor
\end{minipage}
\vspace*{5\baselineskip}
\addtocounter{framenumber}{-1}
}
% Section page.
\defbeamertemplate*{section page}{focus}{%
{%
\usebeamercolor{frametitle}\colorlet{focus@@temp}{bg}%
\begin{tikzpicture}[overlay, remember picture]
\fill[color=focus@@temp] (current page.north west) rectangle ([shift = {(0, -0.45\paperheight)}] current page.north east);
\end{tikzpicture}%
}
\vspace{-2\baselineskip}
\begin{minipage}[b][0.45\paperheight]{\textwidth}
\usebeamerfont{sectiontitle}
\usebeamercolor[fg]{frametitle}
\let\hyperlink\@secondoftwo\insertsection
\end{minipage}
\begin{minipage}[t][0.55\paperheight]{\textwidth}
\end{minipage}
}
\AtBeginSection{%
\begin{frame}[plain, noframenumbering]{}
\sectionpage
\end{frame}%
}
\mode<all>

255
docs/preso/05-LID/beamerouterthemefocus.sty Normal file
View File

@ -0,0 +1,255 @@
% Copyright (C) 2018 Pasquale Claudio Africa.
% 2018 Sebastian Friedl.
%
% This file is part of beamerthemefocus.
%
% beamerthemefocus is free software: you can redistribute it and/or modify
% it under the terms of the GNU General Public License as published by
% the Free Software Foundation, either version 3 of the License, or
% (at your option) any later version.
%
% beamerthemefocus is distributed in the hope that it will be useful,
% but WITHOUT ANY WARRANTY; without even the implied warranty of
% MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
% GNU General Public License for more details.
%
% You should have received a copy of the GNU General Public License
% along with beamerthemefocus. If not, see <http://www.gnu.org/licenses/>.
\mode<presentation>
\RequirePackage{appendixnumberbeamer}% Don't number appendix frames.
\RequirePackage{etoolbox}% \BeforeBeginEnvironment
\RequirePackage{tikz}
% FRAMETITLE TEMPLATES. --------------------------------------------------------
\defbeamertemplate*{frametitle}{focus}{%
% If not title page.
\ifnum\value{framenumber}>0%
\vspace{-1pt}%
\begin{beamercolorbox}[wd=\paperwidth,leftskip=0.55cm,rightskip=0.55cm,sep=0.2cm]{frametitle}%
\strut\insertframetitle\strut%
\end{beamercolorbox}%
\fi%
}
% Plain header.
\defbeamertemplate{frametitle}{plain}{%
% If not title page.
\ifnum\value{framenumber}>0%
\vspace{-1pt}%
\begin{beamercolorbox}[wd=\paperwidth,leftskip=0.55cm,rightskip=0.55cm,sep=0.2cm,ignorebg]{frametitle}%
\strut%
\end{beamercolorbox}%
\fi%
}
% FOOTLINE TEMPLATES. ----------------------------------------------------------
% Lenghts for the progress bar footline.
\newlength{\focus@pbar@height}% Progress bar height.
\newlength{\focus@pbar@leftoffset}
\newlength{\focus@pbar@rightoffset}
\defbeamertemplate*{footline}{progressbar}{%
% If not appendix.
\ifnum\mainend<0% From package appendixnumberbeamer.
%
\settowidth{\focus@pbar@leftoffset}{1}%
\addtolength{\focus@pbar@leftoffset}{1.5em}%
%
\settowidth{\focus@pbar@rightoffset}{\inserttotalframenumber}%
\addtolength{\focus@pbar@rightoffset}{1.5em}%
%
% If not title page.
\ifnum\c@framenumber>0%
\ifnum\c@framenumber<\inserttotalframenumber%
\begin{tikzpicture}[inner xsep=0.5em, inner ysep=0.5ex]\usebeamerfont{footline}
\pgfmathsetmacro{\focus@pbar@progress}%
{(\paperwidth-\focus@pbar@leftoffset-\focus@pbar@rightoffset)*(\insertframenumber/\inserttotalframenumber)}
\clip (0,0) rectangle ++(\paperwidth,\the\focus@pbar@height);
\fill[footline.bg] (0,0) rectangle ++(\the\focus@pbar@leftoffset,\the\focus@pbar@height);
\fill[footline.bg] (\the\focus@pbar@leftoffset,0) rectangle ++(\focus@pbar@progress pt,\the\focus@pbar@height)
++(0,{-0.5*\the\focus@pbar@height}) node[anchor=east, text=footline.fg] {\strut\insertframenumber};
\fill[footline.bg] (\paperwidth,0) rectangle ++(-\the\focus@pbar@rightoffset,\the\focus@pbar@height)
++(0,{-0.5*\the\focus@pbar@height}) node[anchor=west, text=footline.fg] {\strut\inserttotalframenumber};
\end{tikzpicture}%
\else%
\begin{tikzpicture}[inner xsep=0.5em, inner ysep=0.5ex]
\clip (0,0) rectangle ++(\paperwidth,\the\focus@pbar@height);
\fill[footline.bg] (0,0) rectangle ++(\paperwidth,\the\focus@pbar@height);
\node[anchor=east, footline.fg] at ({\paperwidth-\the\focus@pbar@rightoffset},{0.5*\focus@pbar@height}) {\strut\insertframenumber};
\node[footline.fg] at ({\paperwidth-\the\focus@pbar@rightoffset},{0.5*\focus@pbar@height}) {\strut/};
\node[anchor=west, footline.fg] at ({\paperwidth-\the\focus@pbar@rightoffset},{0.5*\focus@pbar@height}) {\strut\inserttotalframenumber};
\end{tikzpicture}%
\fi%
\fi%
\fi%
}
% Full bar footline.
\defbeamertemplate{footline}{fullbar}{%
% If not appendix.
\ifnum\mainend<0% From package appendixnumberbeamer.
%
\settowidth{\focus@pbar@leftoffset}{1}%
\addtolength{\focus@pbar@leftoffset}{1.5em}%
%
\settowidth{\focus@pbar@rightoffset}{\inserttotalframenumber}%
\addtolength{\focus@pbar@rightoffset}{1.5em}%
%
% If not title page.
\ifnum\c@framenumber>0%
\begin{tikzpicture}[inner xsep=0.5em, inner ysep=0.5ex]
\clip (0,0) rectangle ++(\paperwidth,\the\focus@pbar@height);
\fill[footline.bg] (0,0) rectangle ++(\paperwidth,\the\focus@pbar@height);
\node[anchor=east, footline.fg] at ({\paperwidth-\the\focus@pbar@rightoffset},{0.5*\focus@pbar@height}) {\strut\insertframenumber};
\node[footline.fg] at ({\paperwidth-\the\focus@pbar@rightoffset},{0.5*\focus@pbar@height}) {\strut/};
\node[anchor=west, footline.fg] at ({\paperwidth-\the\focus@pbar@rightoffset},{0.5*\focus@pbar@height}) {\strut\inserttotalframenumber};
\end{tikzpicture}%
\fi%
\fi%
}
% Empty footline.
\defbeamertemplate{footline}{none}{}
\DeclareOptionBeamer{numbering}{\def\beamer@focus@numbering{#1}}
\ExecuteOptionsBeamer{numbering=progressbar}
\ProcessOptionsBeamer
\def\beamer@focus@numberingprogressbar{progressbar}
\def\beamer@focus@numberingfullbar{fullbar}
\def\beamer@focus@numberingnone{none}
% BACKGROUND CANVAS TEMPLATES. -------------------------------------------------
\defbeamertemplate*{background canvas}{focus}{%
\begin{tikzpicture}
\clip (0,0) rectangle ++(\paperwidth,\paperheight);
\fill[normal text.bg] (0,0) rectangle ++(\paperwidth,\paperheight);
\end{tikzpicture}%
}
\defbeamertemplate{background canvas}{focusplain}{%
\begin{tikzpicture}
\clip (0,0) rectangle ++(\paperwidth,\paperheight);
\fill[normal text.bg] (0,0) rectangle ++(\paperwidth,\paperheight);
\end{tikzpicture}%
}
\defbeamertemplate{background canvas}{focusframe}{%
\begin{tikzpicture}
\clip (0,0) rectangle ++(\paperwidth,\paperheight);
\fill[frametitle.bg] (0,0) rectangle ++(\paperwidth,\paperheight);
\end{tikzpicture}%
}
% HOOKS FOR CREATING FRAMES. ---------------------------------------------------
\BeforeBeginEnvironment{frame}{%
\setbeamertemplate{background canvas}[focus]%
\setbeamertemplate{frametitle}[focus]%
%
% Reset footline height and determine it for the current slide.
\setlength{\focus@pbar@height}{0cm}%
\focus@calculatefootheight%
%
% If not appendix.
\ifnum\mainend<0 % From package appendixnumberbeamer.
\settoheight{\focus@pbar@height}{\usebeamerfont{footline}1234567890/}%
\addtolength{\focus@pbar@height}{6pt}%
%
\ifx\beamer@focus@numbering\beamer@focus@numberingprogressbar%
\setbeamertemplate{footline}[progressbar]%
\else%
\ifx\beamer@focus@numbering\beamer@focus@numberingfullbar%
\setbeamertemplate{footline}[fullbar]%
\fi%
\fi%
%
\focus@calculatefootheight%
\fi%
}
% Enable noframenumbering option.
\define@key{beamerframe}{noframenumbering}[true]{%
\setbeamertemplate{footline}[none]%
\setlength{\focus@pbar@height}{0cm}%
\focus@calculatefootheight%
%
\addtocounter{framenumber}{-1}%
}
% Enable plain option.
\define@key{beamerframe}{plain}[true]{%
\setbeamertemplate{background canvas}[focusplain]%
\setbeamertemplate{frametitle}[plain]%
%
\setbeamertemplate{footline}[none]%
}
% Full vertical centering
% (from https://tex.stackexchange.com/questions/247826/beamer-full-vertical-centering).
\define@key{beamerframe}{c}[true]{%
\beamer@frametopskip=0pt plus 1fill\relax%
\beamer@framebottomskip=0pt plus 1fill\relax%
\beamer@frametopskipautobreak=0pt plus 0.4\paperheight\relax%
\beamer@framebottomskipautobreak=0pt plus 0.6\paperheight\relax%
\def\beamer@initfirstlineunskip{}%
}
% Enable focus option.
\providebool{focus@standout}
\define@key{beamerframe}{focus}[true]{%
\booltrue{focus@standout}%
\begingroup%
\setkeys{beamerframe}{noframenumbering}%
\setbeamertemplate{background canvas}[focusframe]%
\setbeamertemplate{frametitle}[plain]%
%
\setkeys{beamerframe}{c}%
\centering%
\usebeamerfont{focusframe}%
\usebeamercolor[fg]{frametitle}%
}
\apptocmd{\beamer@reseteecodes}
{%
\ifbool{focus@standout}%
{%
\endgroup%
\boolfalse{focus@standout}%
}{}%
}{}{}
% Recalculate the footline's size and refresh other parameters.
% Partially copied from the definition of \beamer@calculateheadfoot.
\def\focus@calculatefootheight{%
\footheight=\focus@pbar@height%
\advance\footheight by 4pt%
\sidebarheight=\paperheight%
\advance\sidebarheight by-\headheight%
\advance\sidebarheight by\headdp%
\advance\sidebarheight by-\footheight%
\advance\sidebarheight by 4pt%
\footskip=\footheight%
\textheight=\paperheight%
\advance\textheight by-\footheight%
\advance\textheight by-\headheight%
\@colht\textheight%
\@colroom\textheight%
\vsize\textheight%
}
\mode<all>

60
docs/preso/05-LID/beamerthemefocus.sty Normal file
View File

@ -0,0 +1,60 @@
% Copyright (C) 2018 Pasquale Claudio Africa.
% 2018 Sebastian Friedl.
%
% This file is part of beamerthemefocus.
%
% beamerthemefocus is free software: you can redistribute it and/or modify
% it under the terms of the GNU General Public License as published by
% the Free Software Foundation, either version 3 of the License, or
% (at your option) any later version.
%
% beamerthemefocus is distributed in the hope that it will be useful,
% but WITHOUT ANY WARRANTY; without even the implied warranty of
% MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
% GNU General Public License for more details.
%
% You should have received a copy of the GNU General Public License
% along with beamerthemefocus. If not, see <http://www.gnu.org/licenses/>.
\NeedsTeXFormat{LaTeX2e}
\ProvidesPackage{beamerthemefocus}[2018/08/09 v2.2 Focus Beamer theme]
\mode<presentation>
% THEME OPTIONS. ---------------------------------------------------------------
\DeclareOptionBeamer{numbering}{%
\PassOptionsToPackage{numbering=#1}{beamerouterthemefocus}
}
\newif\if@focus@loadfirafonts
\@focus@loadfirafontstrue
\DeclareOptionBeamer{nofirafonts}{\@focus@loadfirafontsfalse}
\ProcessOptionsBeamer
% LOAD EXTERNAL PACKAGES. ------------------------------------------------------
\if@focus@loadfirafonts
\RequirePackage[T1]{fontenc}
\PassOptionsToPackage{type1}{FiraSans}
\PassOptionsToPackage{type1}{FiraMono}
\RequirePackage{FiraSans}
\RequirePackage{FiraMono}
\fi
\usecolortheme{focus}
\usefonttheme{focus}
\useinnertheme{focus}
\useoutertheme{focus}
\setbeamertemplate{navigation symbols}{}
% SET MARGINS. -----------------------------------------------------------------
\setbeamersize{text margin left=0.75cm, text margin right=0.75cm}
\setlength{\leftmargini}{0.75cm}
\mode<all>

BIN
docs/preso/05-LID/lid.pdf Normal file
View File

Binary file not shown.

239
docs/preso/05-LID/lid.tex Normal file
View File

@ -0,0 +1,239 @@
% Full instructions available at:
% https://github.com/elauksap/focus-beamertheme
\documentclass{beamer}
\usetheme[numbering=progressbar]{focus}
\usepackage{tikz}
\usetikzlibrary{positioning}
\usetikzlibrary{shapes,arrows}
\usepackage{transparent}
\usepackage{fancyvrb}
\usepackage{listings}
\usepackage{tabularx}
\usepackage{amsfonts}
\usepackage{ulem}
\usepackage{csquotes}
\definecolor{main}{RGB}{47, 161, 219}
\definecolor{background}{RGB}{240, 247, 255}
\definecolor{textcolor}{RGB}{85, 87, 83}
\title{Mind your Ps and Qs: }
\subtitle{Performing crypto sanity checks with D4.}
\author{Jean-Louis Huynen}
\titlegraphic{\includegraphics[scale=0.20]{../../logos/d4-logo.pdf}}
\institute{Team CIRCL \\ \url{https://www.d4-project.org/}}
\date{November 12, 2019}
\begin{document}
\begin{frame}
\maketitle
\end{frame}
\begin{frame}
\frametitle{D4 - Problem statement}
\begin{itemize}
\item CSIRTs (or private organisations) build their {\bf own honeypot, honeynet or blackhole monitoring network}
\item Designing, managing and operating such infrastructure is a tedious and resource intensive task
\item {\bf Automatic sharing} between monitoring networks from different organisations is missing
\item Sensors and processing are often seen as blackbox or difficult to audit
\end{itemize}
\end{frame}
\begin{frame}
\frametitle{D4 - Objective}
\begin{itemize}
\item Based on our experience with
MISP\footnote{\url{https://github.com/MISP/MISP}} where sharing
played an important role, we transpose the model in D4 project
\item Keeping the protocol and code base {\bf simple and minimal}
\item Allowing every organisation to {\bf control and audit their own sensor network}
\item Extending D4 or {\bf encapsulating legacy monitoring protocols} must be as simple as possible
\item Ensuring that the sensor server has {\bf no control on the sensor} (unidirectional streaming)
\item Don't force users to use dedicated sensors and allow {\bf flexibility of sensor support} (software, hardware, virtual)
\end{itemize}
\end{frame}
\begin{frame}
\frametitle{D4 - (short) History}
\begin{itemize}
\item D4 Project (co-funded under INEA CEF EU program) started - {\bf 1st November 2018}
\item D4 encapsulation protocol version 1 published - {\bf 1st December 2018}
\item v0.1 release of the D4 core\footnote{\url{https://www.github.com/D4-project/d4-core}} including a server and simple D4 C client - {\bf 21st January 2019}
\item First version of a golang D4
client\footnote{\url{https://www.github.com/D4-project/d4-goclient/}}
running on ARM, MIPS, PPC and x86 - {\bf 14th February 2019}
\end{itemize}
\end{frame}
\begin{frame}
\frametitle{D4 - Overview}
\includegraphics[scale=0.38]{../../diagram/d4-overview.png}
\end{frame}
\begin{frame}
\frametitle{Snake Oil Crypto - Problem Statement}
IoT devices {\bf are often the weakest devices} on a network:
\begin{itemize}
\item Usually the result of cheap engineering,
\item sloppy patching cycles,
\item sometimes forgotten--not monitored,
\item few hardening features enabled,
\end{itemize}
\vspace{10 mm}
{\bf We feel a bit safer when they use TLS, but should we?}
\end{frame}
\begin{frame}
\frametitle{Snake Oil Crypto - TLS Fingerprinting}
{\bf Keep} a log of links between:
\begin{itemize}
\item x509 certificates,
\item ports,
\item IP address,
\item client (ja3),
\item server (ja3s),
\end{itemize}
\begin{displayquote}
``JA3 is a method for creating SSL/TLS client fingerprints that should be easy to produce on any platform and can be easily shared for threat intelligence.''\footnote{https://github.com/salesforce/ja3}
\end{displayquote}
{\bf Pivot} on additional data points during Incident Response
\end{frame}
\begin{frame}
\frametitle{Snake Oil Crypto - Objectives}
{\bf Collect} and {\bf store} x509 certificates and TLS sessions:
\begin{itemize}
\item Public keys type and size,
\item moduli and public exponents,
\item curves parameters.
\end{itemize}
{\bf Detect} anti patterns in crypto:
\begin{itemize}
\item Moduli that share one prime factor,
\item Moduli that share both prime factors, or private exponents,
\item Small factors,
\item Nonces reuse / common preffix or suffix, etc.
\end{itemize}
\end{frame}
\begin{frame}[fragile]
\frametitle{Snake Oil Crypto - RSA on IoT }
Researchers have shown that several devices generated their public
keys at boot time without enough entropy\footnote{Bernstein, Heninger, and Lange: \url{http://facthacks.cr.yp.to/}}:
\begin{lstlisting}[frame=single, language=python]
prng.seed(seed)
p = prng.generate_random_prime()
// prng.add_entropy()
q = prng.generate_random_prime()
n = p*q
\end{lstlisting}
Given n=pq and n' = pq' it is trivial to recover the shared p by computing their
Greatest Common Divisor (GCD), and therefore both private keys\footnote{\url{http://www.loyalty.org/~schoen/rsa/}}.
\end{frame}
\begin{frame}
\frametitle{Snake Oil Crypto - GCD}
In Snake-Oil-Crypto we compute GCD\footnote{using Bernstein's Batch GCD algorithm} between:
\begin{itemize}
\item between certificates having the same issuer,
\item between certificates having the same subject,
\item on keys from various sources (PassiveSSL, Certificate Transparency,
shodan, censys, etc.),
\end{itemize}
\vspace{10 mm}
{\bf ``Check all the keys that we know of for vendor X''}
\end{frame}
\begin{frame}
\frametitle{Snake Oil Crypto - MISP feed}
\begin{figure}
\centering
\includegraphics[width=\textwidth]{misp.png}
\end{figure}
\end{frame}
\begin{frame}
\frametitle{Snake Oil Crypto - MISP feed}
The MISP feed
\begin{itemize}
\item {\bf Allows} for checking automatic checking by an IDS on hashed values,
\item {\bf contains} thousands on broken keys from a dozen of vendors,
\item {\bf will be accessible upon request (info@circl.lu).}
\end{itemize}
In the future:
\begin{itemize}
\item {\bf Automatic} the vendor checks by performing TF-IDF on x509's subjects,
\item {\bf automatic} vendors notification.
\end{itemize}
\end{frame}
\begin{frame}
\frametitle{First release}
\begin{itemize}
\item[\checkmark] sensor-d4-tls-fingerprinting
\footnote{\url{github.com/D4-project/sensor-d4-tls-fingerprinting}}:
{\bf Extracts} and {\bf fingerprints} certificates, and {\bf computes} TLSH fuzzy hash.
\item[\checkmark] analyzer-d4-passivessl
\footnote{\url{github.com/D4-project/analyzer-d4-passivessl}}:
{\bf Stores} Certificates / PK details in a PostgreSQL DB.
\item snake-oil-crypto
\footnote{\url{github.com/D4-project/snake-oil-crypto}}:
{\bf Performs} crypto checks, push results in MISP for notification
\item lookup-d4-passivessl
\footnote{\url{github.com/D4-project/lookup-d4-passivessl}}:
{\bf Exposes} the DB through a public REST API.
\end{itemize}
\end{frame}
\begin{frame}
\frametitle{Use it}
\begin{itemize}
\item {\bf Manage} your own sensors and servers, {\bf find} shameful bugs and
{\bf fill} in github issues
\item Even better, {\bf send} Pull Requests!
\item {\bf Share} data to public servers to improve the datasets (and detection,
response, etc.)
\item {\bf Feed} your MISP instances with D4's findings - {\bf Share} yours
\item {\bf Leech} data, {\bf write} your own analyzers, {\bf do} research
\end{itemize}
\end{frame}
\begin{frame}
\frametitle{Get in touch if you want to join the project, host a sensor or contribute}
\begin{itemize}
\item Collaboration can include research partnership, sharing of collected streams or improving the software.
\item Contact: info@circl.lu
\item \url{https://github.com/D4-Project}
\item \url{https://twitter.com/d4_project}
\item \url{https://d4-project.org}
\begin{itemize}
\item
\href{https://d4-project.org/2019/05/28/passive-dns-tutorial.html}{Passive DNS tutorial}
\item
\href{https://d4-project.org/2019/06/17/sharing-between-D4-sensors.html}{Data
sharing tutorial}
\end{itemize}
\end{itemize}
\end{frame}
\end{document}

BIN
docs/preso/05-LID/misp.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 65 KiB