gns.tex (5978B)
1 \documentclass[aspectratio=169]{beamer} 2 \usepackage{appendixnumberbeamer} 3 \usetheme{metropolis} % Use metropolis theme 4 \definecolor{fhggreen}{RGB}{23,156,125} 5 \let\oldemph\textbf 6 \renewcommand{\textbf}[1]{{\color{mLightBrown}\oldemph{#1}}} 7 8 \usepackage{blkarray} 9 \usepackage{amsmath} 10 \usepackage{multirow} 11 \title{The GNU Name System\\\small{ICANN66}} 12 \date{11/5/2019} 13 \author{Martin Schanzenbach} 14 \institute{\hfill\large{GNUnet} \includegraphics[trim={0cm 1.5cm 0cm 0cm},clip,width=4em]{gnunet}} 15 \begin{document} 16 \metroset{block=fill,sectionpage=progressbar,numbering=counter} 17 \maketitle 18 19 \section{The GNU Name System In a Nutshell} 20 \begin{frame}{Motivation} 21 \begin{itemize} 22 \item DNS remains a source of traffic amplification DDoS. 23 \item DNS censorship (i.e. by China) causes collateral damage in other countries. 24 \item DNS is part of the mass surveillance apparatus (MCB). 25 \item DNS is abused for offensive cyber war (QUANTUMDNS). 26 \item DoT/DoH, DNSSEC, DPRIVE unfortunately do \textbf{NOT} fix this. 27 \end{itemize} 28 \end{frame} 29 30 \begin{frame}{What is the GNU Name System?\footnote{Joint work with Christian Grothoff and Matthias Wachs}} 31 \begin{itemize} 32 \item Fully decentralized name system $\Rightarrow$ Names are not global. 33 \item Supports globally unique and secure identification. 34 \item Features query and response privacy. 35 \item Provides a public key infrastructure 36 \begin{itemize} 37 \item Each zone is associated with a cryptographic key pair. 38 \item Delegation between zones establishes trust relationship. 39 \end{itemize} 40 \item Interoperable with DNS. 41 \item Usable.\footnote{User studies conducted in ``Decentralized Authentication for Self-Sovereign Identities using Name Systems'' (DASEIN) project.} 42 \end{itemize} 43 \end{frame} 44 45 \begin{frame}{Applications} 46 \begin{itemize} 47 \item Identity management: \textbf{re:claimID} (\url{https://reclaim-identity.io}) 48 \item Social Networks: \textbf{SecuShare} (\url{https://secushare.org}) 49 \item Healthcare: \textbf{Accident insurance and private health data}.\footnote{Joint work with FH Bern, ``Decentralized Authentication for Self-Sovereign Identities using Name Systems'' (DASEIN)} 50 \item Others: \textbf{Chat}, \textbf{Host addressing}, \ldots 51 \end{itemize} 52 \end{frame} 53 54 \section{Technical Overview} 55 \begin{frame}{Record Storage / Retrieval} 56 \begin{itemize} 57 \item GNS stores records in a \textbf{Distributed Hash Table} (DHT). 58 \item DHTs allow us to map keys to values. 59 \item Naive approach: Map domain names to records.\\e.g.: example.com $\Rightarrow$ A: 1.2.3.4 60 \end{itemize} 61 \begin{center} 62 \includegraphics[width=0.5\textwidth]{DHT.pdf} 63 \end{center} 64 \end{frame} 65 66 %\begin{frame}{Record Storage / Retrieval} 67 % \begin{itemize} 68 % \item GNS implements a \textbf{Private Information Retrieval} (PIR) scheme. 69 % \item DHT values (records) are signed and encrypted. 70 % \item DHT keys are derived from queried name and zone. 71 % \end{itemize} 72 % \begin{center} 73 % \includegraphics[width=0.5\textwidth]{DHT.pdf} 74 % \end{center} 75 %\end{frame} 76 77 \begin{frame}{Secure Storage / Retrieval} 78 \begin{itemize} 79 \item \textbf{Query privacy} 80 \begin{itemize} 81 \item GNS implements a \textbf{Private Information Retrieval} (PIR) scheme:\\ 82 ``a protocol that allows a user to retrieve an item from a server in possession of a database without revealing which item is retrieved.''\footnote{\url{https://en.wikipedia.org/wiki/Private_information_retrieval}} 83 84 \item Queries do not reveal domain name. 85 %item DHT keys are ``blinded'' record labels and zone identity. 86 \end{itemize} 87 \item \textbf{Record confidentiality}: Values in DHT are signed and encrypted by zone owner. 88 \item \textbf{Zone privacy}: Zones cannot be enumerated. 89 \item \textbf{Censorship and DDoS resistance}: Decentralized, resilient directory. 90 \end{itemize} 91 \end{frame} 92 93 \begin{frame}{Zone Delegation} 94 \begin{itemize} 95 \item The ``NS'' equivalent in GNS is called ``PKEY''. 96 \item A ``PKEY'' record contains public zone keys. 97 \item The combination of a ``PKEY'' record value and a name allows users to 98 query records in a delegated zone. 99 \end{itemize} 100 \end{frame} 101 102 103 104 \section{Quo Vadis?} 105 \begin{frame}{Roadmap} 106 \begin{itemize} 107 \item In progress: 108 \begin{itemize} 109 \item 2019-2020: Technical specification of GNS protocol, packaging and alternative implementations.\footnote{Funded by NLnet under EU Next Generation Internet program (\url{https://nlnet.nl/project/GNS/}).} 110 \item Continuous development and integration into applications. 111 \end{itemize} 112 \item 2020--: Establishment of governing body. 113 \end{itemize} 114 \end{frame} 115 116 \begin{frame} 117 \begin{center} 118 The GNU Name System\\ 119 \vspace{2cm} 120 \url{https://gnunet.org}\\ 121 \vspace{1em} 122 {\tiny 123 \texttt{schanzen@gnunet.org}\\ 124 \texttt{3D11~063C~10F9~8D14~BD24~D147~0B09~98EF~86F5~9B6A}\\ 125 } 126 \end{center} 127 \end{frame} 128 129 \appendix 130 131 \begin{frame}{References} 132 \centering 133 {\small 134 \begin{enumerate} 135 \item {Matthias Wachs, Martin Schanzenbach and Christian Grothoff. {\em A Censorship-Resistant, Privacy-Enhancing and Fully Decentralized Name System}. {\bf 13th Intern 136 ational Conference on Cryptology and Network Security}, 2014.} 137 \item {Martin Schanzenbach, Georg Bramm, Julian Schütte. {\em reclaimID: Secure, Self-Sovereign Identities Using Name Systems and Attribute-Based Encryption}. {\bf 17th 138 IEEE International Conference On Trust, Security And Privacy In Computing And Communications (TrustCom)}, 2018} 139 \item {Christian Grothoff, Martin Schanzenbach, Annett Laube, Emmanuel Benoist, Pascal Mainini. {\em Decentralized Authentication for Self-Sovereign Identities using Name Systems (DASEIN)}. {\bf https://git.gnunet.org/bibliography.git/plain/docs/dasein10.pdf}, 2018.} 140 \end{enumerate} 141 } 142 \end{frame} 143 144 \end{document}