project turris - news€¦ · security research end user security improve the situation of soho...
TRANSCRIPT
![Page 1: Project Turris - news€¦ · Security research End user security Improve the situation of SOHO routers. Data collection - probes Distribute 1000 + 1000 probes - SOHO routers to end](https://reader033.vdocuments.mx/reader033/viewer/2022042920/5f6415e765f3f60bc41920a9/html5/thumbnails/1.jpg)
Project Turris - newsAnd it's child Turris Omnia
Ondřej Filip • 19 Oct 2015 • RIPE-71 Bucharest
![Page 2: Project Turris - news€¦ · Security research End user security Improve the situation of SOHO routers. Data collection - probes Distribute 1000 + 1000 probes - SOHO routers to end](https://reader033.vdocuments.mx/reader033/viewer/2022042920/5f6415e765f3f60bc41920a9/html5/thumbnails/2.jpg)
Project Turris - motivation
● Presented at RIPE-68
● Started in 2013 – project of shared cyber defence
● Main goals
● Security research● End user security● Improve the situation of SOHO routers
![Page 3: Project Turris - news€¦ · Security research End user security Improve the situation of SOHO routers. Data collection - probes Distribute 1000 + 1000 probes - SOHO routers to end](https://reader033.vdocuments.mx/reader033/viewer/2022042920/5f6415e765f3f60bc41920a9/html5/thumbnails/3.jpg)
Data collection - probes
● Distribute 1000 + 1000 probes - SOHO routers to end users for 3 year lease (for 1 CZK = 0,04 USD)
● Additional features to increase value for end users
● Probe – powerful enough to forward 1Gbps of traffic with analysis – no HW found on the current market -> HW development
![Page 4: Project Turris - news€¦ · Security research End user security Improve the situation of SOHO routers. Data collection - probes Distribute 1000 + 1000 probes - SOHO routers to end](https://reader033.vdocuments.mx/reader033/viewer/2022042920/5f6415e765f3f60bc41920a9/html5/thumbnails/4.jpg)
Turris 1.0 Turris 1.1
![Page 5: Project Turris - news€¦ · Security research End user security Improve the situation of SOHO routers. Data collection - probes Distribute 1000 + 1000 probes - SOHO routers to end](https://reader033.vdocuments.mx/reader033/viewer/2022042920/5f6415e765f3f60bc41920a9/html5/thumbnails/5.jpg)
Project Turris - news
● 10 major releases of Turris OS
● Majordomo – watch your home network
● Telnet and ssh honeypots – botnet found
● Attacker similarity analysis
● Containers on Turris OS
● Greylist & opendata
● Turris Omnia
![Page 6: Project Turris - news€¦ · Security research End user security Improve the situation of SOHO routers. Data collection - probes Distribute 1000 + 1000 probes - SOHO routers to end](https://reader033.vdocuments.mx/reader033/viewer/2022042920/5f6415e765f3f60bc41920a9/html5/thumbnails/6.jpg)
Majordomo
● Project Turris is not focused on devices inside LAN
● Strange communication of some of them (LG Smart TV case)
● Majordomo – check what/who are your devices talking to
● Interface integrated with OpenWRT (LUCI)
![Page 7: Project Turris - news€¦ · Security research End user security Improve the situation of SOHO routers. Data collection - probes Distribute 1000 + 1000 probes - SOHO routers to end](https://reader033.vdocuments.mx/reader033/viewer/2022042920/5f6415e765f3f60bc41920a9/html5/thumbnails/7.jpg)
Majordomo
![Page 8: Project Turris - news€¦ · Security research End user security Improve the situation of SOHO routers. Data collection - probes Distribute 1000 + 1000 probes - SOHO routers to end](https://reader033.vdocuments.mx/reader033/viewer/2022042920/5f6415e765f3f60bc41920a9/html5/thumbnails/8.jpg)
Honeypot
![Page 9: Project Turris - news€¦ · Security research End user security Improve the situation of SOHO routers. Data collection - probes Distribute 1000 + 1000 probes - SOHO routers to end](https://reader033.vdocuments.mx/reader033/viewer/2022042920/5f6415e765f3f60bc41920a9/html5/thumbnails/9.jpg)
Honeypot
● Large botnet of ASUS routers
● Using telnet – yes, really
● Trying even non-trivial passwords
● Using C&C
● About 32000 devices
![Page 10: Project Turris - news€¦ · Security research End user security Improve the situation of SOHO routers. Data collection - probes Distribute 1000 + 1000 probes - SOHO routers to end](https://reader033.vdocuments.mx/reader033/viewer/2022042920/5f6415e765f3f60bc41920a9/html5/thumbnails/10.jpg)
Attacker similarity analysis
● Groups addresses seen in firewall and honeypot logs into clusters with similar behavior
● Based on cosine similarity and graph analysis
● Can reveal surprising relationships
● Applicable to millions of records at once
![Page 11: Project Turris - news€¦ · Security research End user security Improve the situation of SOHO routers. Data collection - probes Distribute 1000 + 1000 probes - SOHO routers to end](https://reader033.vdocuments.mx/reader033/viewer/2022042920/5f6415e765f3f60bc41920a9/html5/thumbnails/11.jpg)
Containers
● Turris OS – instant updates
● Problems with end users' enhancements
● Proper way – virtualization (yes we can) – containers
● Debian, and some other distributions
● Secure base system – open to end user applications
![Page 12: Project Turris - news€¦ · Security research End user security Improve the situation of SOHO routers. Data collection - probes Distribute 1000 + 1000 probes - SOHO routers to end](https://reader033.vdocuments.mx/reader033/viewer/2022042920/5f6415e765f3f60bc41920a9/html5/thumbnails/12.jpg)
Outputs
● Greylist of suspicious IP addresses
● Portrend – ports blocked on firewalls
● Response time of selected internet servers + connection speed – published as open data
● Everything is on https://www.turris.cz/
![Page 13: Project Turris - news€¦ · Security research End user security Improve the situation of SOHO routers. Data collection - probes Distribute 1000 + 1000 probes - SOHO routers to end](https://reader033.vdocuments.mx/reader033/viewer/2022042920/5f6415e765f3f60bc41920a9/html5/thumbnails/13.jpg)
![Page 14: Project Turris - news€¦ · Security research End user security Improve the situation of SOHO routers. Data collection - probes Distribute 1000 + 1000 probes - SOHO routers to end](https://reader033.vdocuments.mx/reader033/viewer/2022042920/5f6415e765f3f60bc41920a9/html5/thumbnails/14.jpg)
![Page 15: Project Turris - news€¦ · Security research End user security Improve the situation of SOHO routers. Data collection - probes Distribute 1000 + 1000 probes - SOHO routers to end](https://reader033.vdocuments.mx/reader033/viewer/2022042920/5f6415e765f3f60bc41920a9/html5/thumbnails/15.jpg)
Turris "Lite" - concept
● Quite a lot of demand – SamKnows, Comcast support
● Reuse our experience - HW, Turris OS
● Not much open hardware related to networking on the market
● Suitable for education in networking
● Price optimized
● No agreement, no participation on security research required (but appreciated)
![Page 16: Project Turris - news€¦ · Security research End user security Improve the situation of SOHO routers. Data collection - probes Distribute 1000 + 1000 probes - SOHO routers to end](https://reader033.vdocuments.mx/reader033/viewer/2022042920/5f6415e765f3f60bc41920a9/html5/thumbnails/16.jpg)
Turris Omnia – more than a router
● New generation – but rather “heavy” than “lite”
● Publicly available – still not for profit!
● One of the most powerful SOHO routers
● Forwarding 1Gbps (small packets)
● Open source SW & HW
● Security research optional
● Flexible linux based router – full BGP etc.
![Page 17: Project Turris - news€¦ · Security research End user security Improve the situation of SOHO routers. Data collection - probes Distribute 1000 + 1000 probes - SOHO routers to end](https://reader033.vdocuments.mx/reader033/viewer/2022042920/5f6415e765f3f60bc41920a9/html5/thumbnails/17.jpg)
Turris Omnia – HW
![Page 18: Project Turris - news€¦ · Security research End user security Improve the situation of SOHO routers. Data collection - probes Distribute 1000 + 1000 probes - SOHO routers to end](https://reader033.vdocuments.mx/reader033/viewer/2022042920/5f6415e765f3f60bc41920a9/html5/thumbnails/18.jpg)
Turris Omnia – box
![Page 19: Project Turris - news€¦ · Security research End user security Improve the situation of SOHO routers. Data collection - probes Distribute 1000 + 1000 probes - SOHO routers to end](https://reader033.vdocuments.mx/reader033/viewer/2022042920/5f6415e765f3f60bc41920a9/html5/thumbnails/19.jpg)
Omnia – hardware
● SoC Marvell Armada 385 @ 2 x 1.6 GHz
● 1 GB RAM
● 4 GB eMMC + 8 MB NOR
● 5 + 1 Gbit ports
● dedicated line for WAN port + SFP
● 2 lines between CPU and switch chip
![Page 20: Project Turris - news€¦ · Security research End user security Improve the situation of SOHO routers. Data collection - probes Distribute 1000 + 1000 probes - SOHO routers to end](https://reader033.vdocuments.mx/reader033/viewer/2022042920/5f6415e765f3f60bc41920a9/html5/thumbnails/20.jpg)
Turris Omia – HW
![Page 21: Project Turris - news€¦ · Security research End user security Improve the situation of SOHO routers. Data collection - probes Distribute 1000 + 1000 probes - SOHO routers to end](https://reader033.vdocuments.mx/reader033/viewer/2022042920/5f6415e765f3f60bc41920a9/html5/thumbnails/21.jpg)
Omnia – more hardware details
● 2 x USB 3.0
● 3 x miniPCIe (one switchable to mSATA)
● WiFi cards in 2 slots (5 + 2.4GHz), SIM socket● RTC chip with battery backup
● Cryptochip for better entropy in RNG
● 10x GPIO, 2x UART, SPI, I2C on pinheader
● Dimmable programmable RGB LEDs
![Page 22: Project Turris - news€¦ · Security research End user security Improve the situation of SOHO routers. Data collection - probes Distribute 1000 + 1000 probes - SOHO routers to end](https://reader033.vdocuments.mx/reader033/viewer/2022042920/5f6415e765f3f60bc41920a9/html5/thumbnails/22.jpg)
Omnia – more hardware details
● 2 x USB 3.0
● 3 x miniPCIe (one switchable to mSATA)
● WiFi cards in 2 slots (5 + 2.4GHz), SIM socket● RTC chip with battery backup
● Cryptochip for better entropy in RNG
● 10x GPIO, 2x UART, SPI, I2C on pinheader
● Dimmable programmable RGB LEDs
![Page 23: Project Turris - news€¦ · Security research End user security Improve the situation of SOHO routers. Data collection - probes Distribute 1000 + 1000 probes - SOHO routers to end](https://reader033.vdocuments.mx/reader033/viewer/2022042920/5f6415e765f3f60bc41920a9/html5/thumbnails/23.jpg)
Omnia - benchmarksextra accelerationoff in Omnia
![Page 24: Project Turris - news€¦ · Security research End user security Improve the situation of SOHO routers. Data collection - probes Distribute 1000 + 1000 probes - SOHO routers to end](https://reader033.vdocuments.mx/reader033/viewer/2022042920/5f6415e765f3f60bc41920a9/html5/thumbnails/24.jpg)
Omnia crowd funding
● Currently IndieGoGo campaign
● Target $100.000 USD – covered in about 21 hours
● We continue – campaign ends on Jan 12
● Backers get discounted boards – just production costs
● http://igg.me/at/turris-omnia
![Page 25: Project Turris - news€¦ · Security research End user security Improve the situation of SOHO routers. Data collection - probes Distribute 1000 + 1000 probes - SOHO routers to end](https://reader033.vdocuments.mx/reader033/viewer/2022042920/5f6415e765f3f60bc41920a9/html5/thumbnails/25.jpg)
THANK YOU!
Ondřej Filip http://www.turris.cz/en/
http://omnia.turris.cz