home router
This commit is contained in:
parent
e0c7654f6e
commit
3d6d7d1574
2 changed files with 47 additions and 0 deletions
47
Projects/HomeRouter
Normal file
47
Projects/HomeRouter
Normal file
|
|
@ -0,0 +1,47 @@
|
|||
---
|
||||
title: Home router
|
||||
author: someone
|
||||
abstract: 
|
||||
---
|
||||
|
||||
|
||||
|
||||
This is just a project idea, not (yet) a finished project.
|
||||
|
||||
A home router is a computer which manages the Internet uplink for a client, and
|
||||
provides local connectivity. It is accessible via the Internet, and the
|
||||
software running on a router needs to be hardened against attackers. Attackers
|
||||
are searching for flaws in popular routers, because if they can breach their
|
||||
security, they get access to a large amount of computing and bandwidth
|
||||
resources.
|
||||
|
||||
The home router provides basic network services for the local network, such as a
|
||||
domain name service (DNS) caching resolver, dynamic host configuration (DHCP),
|
||||
wireless (using WPA2 and WPS) networks, wired network connectivity,
|
||||
communication with the service provider (e.g. using PPP and PPPoE) including
|
||||
authentication, a web server for configuration.
|
||||
|
||||
Clients are demanding increasing featuresets, including network storage, voice
|
||||
over IP (VoIP) endpoint, virtual private network (VPN) integration, data
|
||||
collector and broker for the Internet of things.
|
||||
|
||||
Lots of home routers are currently based on a small Linux distribution, and if a
|
||||
security issue is discovered in any subsystem, this likely leads to a compromise
|
||||
of the entire router. Secure update channels may not be available, and even if
|
||||
so, the fear that updating may introduce unforeseen behaviour keeps people away
|
||||
from updating their routers.
|
||||
|
||||
We would base a router on top of an off-the-shelf arm64 board, where MirageOS is
|
||||
already running, using kvm as hypervisor. Each network service would run as a
|
||||
separate virtual machine. Several services are already available as MirageOS
|
||||
unikernels, such as a caching DNS resolver, a DHCP server, a firewall with NAT, an MQTT implementation,
|
||||
a web server, ... A secure update channel, based on TUF, is currently under
|
||||
development.
|
||||
|
||||
The infrastructure for distributing binary updates would be some Linux host
|
||||
which compiles the above mentioned unikernels whenever a dependent library is
|
||||
updated or changes are rolled out to the unikernel code themselves.
|
||||
|
||||
Other required network services which are not yet implemented in OCaml, such as
|
||||
WPA2 or VoIP, would initially be based on a Linux virtual machine. MirageOS
|
||||
unikernels and Linux virtual machines can coexist.
|
||||
BIN
static/img/homerouter.png
Normal file
BIN
static/img/homerouter.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 46 KiB |
Loading…
Reference in a new issue