diff --git a/About b/About index cac3a49..9abed49 100644 --- a/About +++ b/About @@ -40,7 +40,7 @@ access on new development, influencing on the development roadmap. ### Alfred -Alfred is a research associate at University of Cambridge. He enjoys to write +Alfred is a research associate at the University of Cambridge. He enjoys to write code, and also travelling and repairing his recumbent bicycle, and being a barista. @@ -49,7 +49,8 @@ imperative code (using a higher-order separation logic and the theorem prover Coq). At the moment he is working on an executable formal model of TCP/IP which can act as a test validator. -Alfred co-authored a TLS implementation from the grounds up in OCaml. +Alfred co-authored a TLS implementation from the grounds up in OCaml, and +contributes to the MirageOS project as a core team member. ### Eva diff --git a/Projects/Pinata b/Projects/Pinata index 1d2d716..fbcb922 100644 --- a/Projects/Pinata +++ b/Projects/Pinata @@ -1,7 +1,32 @@ --- title: The Bitcoin Piñata author: someone -abstract: some abstract +abstract: A transparent self-serving bug bounty with 10 BTC. --- -This is one of our projects +The [Bitcoin Piñata](http://ownme.ipredator.se) is a unikernel which serves as +bug bounty system to test TLS and the underlying implementations. Its +communication endpoints are a website describing the setup, and both a TLS +client and a TLS server listening on a port. The total size, including TLS, +X.509, TCP/IP, of the virtual machine image is 4MB, which is less than 4% of a +comparable system using a Linux kernel and OpenSSL. + +When a TLS handshake is successfully completed with mutual authentication, the +Piñata transmits the private key to a bitcoin wallet which is filled with ~10BTC +(~40000 EUR). + +On startup, the Piñata generates its certificate authority on the fly, including +certificates and private keys. This means that only the Piñata itself contains +private keys which can authenticate successfully, thus an attacker has to find +an exploitable flaw in any software layer (OCaml runtime, virtual network +device, TCP/IP stack, TLS library, X.509 validation, or elsewhere). + +The Piñata is online since February 2015, and although thousands of unique IP +addresses initiated connections, the wallet still contains the 10 BTC. + +By using a Bitcoin wallet, the Piñata is a transparent bug bounty. Everybody +can observe (by looking into the Bitcoin blockchain) whether it has been +compromised and the money has been transferred to another wallet. It is also +self-serving: when an attacker discovers a flaw, they don't need to fill out +any forms to retrieve the bounty, instead they can take the wallet, without any +questions asked. diff --git a/Projects/TLStunnel b/Projects/TLStunnel new file mode 100644 index 0000000..4483ad1 --- /dev/null +++ b/Projects/TLStunnel @@ -0,0 +1,22 @@ +--- +title: TLS reverse proxy +author: someone +abstract: ![TLS reverse proxy](/static/img/reverse.png) +--- + +![TLS reverse proxy](/static/img/reverse.png) + +The [tlstunnel](https://github.com/hannesm/tlstunnel) is a unikernel (depicted +as Proxy) which listens for TLS connections, and forwards requests to backend +services (depicted as web server). The specific backend is chosen by inspecting +the Server Name Indication, a widely deployed extension of the TLS protocol, +where a client requests the server name to talk with during the TLS handshake. + +It is similar to other projects such as stunnel or stud, but uses our TLS +implementation written in the memory-safe language OCaml, instead of one written +in the error-prone language C. The backend web servers don't need TLS support, +which lowers the maintainence burden. Many security issues in TLS +implementations are due to memory safety and support for outdated ciphersuites. + +This TLS reverse proxy is deployed on various websites, including [Real World +OCaml](https://realworldocaml.org) since 2015. diff --git a/static/img/reverse.png b/static/img/reverse.png new file mode 100644 index 0000000..d803078 Binary files /dev/null and b/static/img/reverse.png differ