You are here: Home > Participate > Join a Discussion > Membership Mailing Lists > The ripe-atlas Archives

[atlas] Reasons to celebrate - passed 1K active probes :)

Previous message (by thread): [atlas] Reasons to celebrate - passed 1K active probes :)
Next message (by thread): [atlas] Reasons to celebrate - passed 1K active probes :)

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Simon Josefsson simon at josefsson.org
Sun Dec 25 20:45:16 CET 2011

fre 2011-12-23 klockan 19:33 +0100 skrev Philip Homburg:
> On 12/23/11 19:10 , Simon Josefsson wrote:
> > One way to deal with that is to let the probes send in the hash value of
> > its firmware or something similar, which can be used to detect problems
> > like that.  And you could prepare "official" reports based only on the
> > probes running "official" firmware.
> You want untrusted firmware to send a hash value of itself? How do you 
> know it is not lying?
> 
> > I really think this is orthogonal to releasing source code though.  If
> > you haven't built in any security mechanism, people can already do what
> > you appear to be afraid of today.
> >
> (From a technical point of view) releasing the source is not an issue. 
> The probes come with key material that allows them to connect to the 
> Atlas infrastructure. In theory you can get that out of the probe. But, 
> you would violate the agreement as a probe host and it would be quite 
> tricky to do. And, you can take over only one probe at a time which has 
> to be in your physical possession.
> 
> If we would allow 'third party' probes to connect to the Atlas 
> infrastructure then all of that changes. No need to physically obtain a 
> probe. Just download the source, request a key. And start hacking away.

How does this keying work today?  I haven't seen this documented
anywhere.

If you embed a symmetric or asymmetric key in the probes, which sounds
like what you are suggesting (and is more advanced than what I
expected), there shouldn't be any threat to publish source code for the
firmware: people will not have access to any private key that you will
trust.

I was assuming that your current threat model was that you aren't
concerned about fake probes, but if you have embedded keys in the
probes, that suggests a different threat model.  Solving that is
relatively complicated, and describing your setup would be a useful
contribution.

My proposed solution to send a hash of the firmware was to be able to
diagnose on the server side which firmware sent what information and to
do larger-scale data mining.  It is not a solution to malicious probes.
Sorry if anything I said implied that.

Cheers,
/Simon

Previous message (by thread): [atlas] Reasons to celebrate - passed 1K active probes :)
Next message (by thread): [atlas] Reasons to celebrate - passed 1K active probes :)

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[ ripe-atlas Archives ]