1 files changed, 195 insertions, 0 deletions
diff --git a/icann66/gns.tex b/icann66/gns.tex
new file mode 100644
index 0000000..6838432
--- /dev/null
+++ b/icann66/gns.tex
@@ -0,0 +1,195 @@
+\documentclass[aspectratio=169]{beamer}
+\usepackage{appendixnumberbeamer}
+\usetheme{metropolis}           % Use metropolis theme
+\definecolor{fhggreen}{RGB}{23,156,125}
+\let\oldemph\textbf
+\renewcommand{\textbf}[1]{{\color{mLightBrown}\oldemph{#1}}}
+\usepackage{blkarray}
+\usepackage{amsmath}
+\usepackage{multirow}
+\title{The GNU Name System\\\small{ICANN66}}
+\date{11/5/2019}
+\author{Martin Schanzenbach}
+\institute{\hfill\large{GNUnet} \includegraphics[trim={0cm 1.5cm 0cm 0cm},clip,width=4em]{gnunet}}
+\begin{document}
+  \metroset{block=fill,sectionpage=progressbar,numbering=counter}
+  \maketitle
+\section{The GNU Name System In a Nutshell}
+\begin{frame}{Motivation}
+  \begin{itemize}
+    \item DNS remains a source of traffic amplification DDoS.
+    \item DNS censorship (i.e. by China) causes collateral damage in other countries.
+    \item DNS is part of the mass surveillance apparatus (MCB).
+    \item DNS is abused for offensive cyber war (QUANTUMDNS).
+    \item DoT/DoH, DNSSEC, DPRIVE unfortunately do \textbf{NOT} fix this.
+  \end{itemize}
+\end{frame}
+\begin{frame}{What is the GNU Name System?\footnote{Joint work with Christian Grothoff and Matthias Wachs}}
+  \begin{itemize}
+    \item Fully decentralized name system $\Rightarrow$ Names are not global.
+    \item Supports globally unique and secure identification.
+    \item Features query and response privacy.
+    \item Provides a public key infrastructure
+      \begin{itemize}
+        \item Each zone is associated with a cryptographic key pair.
+        \item Delegation between zones establishes trust relationship.
+      \end{itemize}
+    \item Interoperable with DNS.
+    \item Usable.\footnote{User studies conducted in ``Decentralized Authentication for Self-Sovereign Identities using Name Systems'' (DASEIN) project.}
+  \end{itemize}
+\end{frame}
+\begin{frame}{Applications}
+  \begin{itemize}
+    \item Identity management: \textbf{re:claimID} (\url{https://reclaim-identity.io})
+    \item Social Networks: \textbf{SecuShare} (\url{https://secushare.org})
+    \item Healthcare: \textbf{Accident insurance and private health data}.\footnote{Joint work with FH Bern, ``Decentralized Authentication for Self-Sovereign Identities using Name Systems'' (DASEIN)}
+    \item Others: \textbf{Chat}, \textbf{Host addressing}, \ldots
+  \end{itemize}
+\end{frame}
+\section{Technical Overview}
+\begin{frame}{Record Storage / Retrieval}
+  \begin{itemize}
+    \item GNS stores records in a \textbf{Distributed Hash Table} (DHT).
+    \item DHTs allow us to map keys to values.
+    \item Naive approach: Map domain names to records.\\e.g.: example.com $\Rightarrow$ A: 1.2.3.4
+  \end{itemize}
+  \begin{center}
+    \includegraphics[width=0.5\textwidth]{DHT.pdf}
+  \end{center}
+\end{frame}
+%\begin{frame}{Record Storage / Retrieval}
+%  \begin{itemize}
+%    \item GNS implements a \textbf{Private Information Retrieval} (PIR) scheme.
+%    \item DHT values (records) are signed and encrypted.
+%    \item DHT keys are derived from queried name and zone.
+%  \end{itemize}
+%  \begin{center}
+%    \includegraphics[width=0.5\textwidth]{DHT.pdf}
+%  \end{center}
+%\end{frame}
+\begin{frame}{Secure Storage / Retrieval}
+   \begin{itemize}
+    \item \textbf{Query privacy}
+      \begin{itemize}
+        \item GNS implements a \textbf{Private Information Retrieval} (PIR) scheme:\\
+  ``a protocol that allows a user to retrieve an item from a server in possession of a database without revealing which item is retrieved.''\footnote{\url{https://en.wikipedia.org/wiki/Private_information_retrieval}}
+        \item Queries do not reveal domain name.
+        %item DHT keys are ``blinded'' record labels and zone identity.
+      \end{itemize}
+    \item \textbf{Record confidentiality}: Values in DHT are signed and encrypted by zone owner.
+    \item \textbf{Zone privacy}: Zones cannot be enumerated.
+    \item \textbf{Censorship and DDoS resistance}: Decentralized, resilient directory.
+  \end{itemize}
+\end{frame}
+\begin{frame}{Zone Delegation}
+  \begin{itemize}
+    \item The ``NS'' equivalent in GNS is called ``PKEY''.
+    \item A ``PKEY'' record contains public zone keys.
+    \item The combination of a ``PKEY'' record value and a name allows users to
+      query records in a delegated zone.
+  \end{itemize}
+\end{frame}
+\begin{frame}
+  \includegraphics[height=0.9\textheight]{deleg0.pdf}
+\end{frame}
+\begin{frame}
+  \includegraphics[height=0.9\textheight]{deleg1.pdf}
+\end{frame}
+\begin{frame}
+  \includegraphics[height=0.9\textheight]{deleg2.pdf}
+\end{frame}
+\section{How do we bootstrap the top-level zones?}
+\begin{frame}
+  \includegraphics[height=0.9\textheight]{deleg3.pdf}
+\end{frame}
+\begin{frame}{The GNU Name System Root}
+  ``Hyper-hyper local root'' concept:
+  \begin{itemize}
+    \item Resolver ships with initial root zone configuration.
+    \item Root zone configurable \emph{locally} at \emph{each} endpoint.
+    \item User override/extension of root at top-level or subdomain-level for:
+      \begin{itemize}
+        \item Circumvent censorship if necessary.
+        \item Private networks.
+      \end{itemize}
+  \end{itemize}
+\end{frame}
+\begin{frame}{Envisioned Governance Model}
+  \begin{itemize}
+    \item Non-profit organization.
+    \item Multi-stakeholder model: Board, supporting organizations, \ldots
+    \item Examples for possible stakeholders:
+      \begin{itemize}
+        \item Software and OS Distributors
+        \item Browser vendors
+        \item Governments
+      \end{itemize}
+    \item Funding options:
+      \begin{itemize}
+        \item Applications for new top-level domains.
+        \item Registrations of new top-level domains.
+        \item \ldots
+      \end{itemize}
+  \end{itemize}
+\end{frame}
+\section{Quo Vadis?}
+\begin{frame}{Roadmap}
+  \begin{itemize}
+    \item In progress:
+      \begin{itemize}
+        \item 2019-2020: Technical specification of GNS protocol, packaging and alternative implementations.\footnote{Funded by NLnet under EU Next Generation Internet program (\url{https://nlnet.nl/project/GNS/}).}
+        \item Continuous development and integration into applications.
+      \end{itemize}
+    \item 2020--: Establishment of governing body.
+  \end{itemize}
+\end{frame}
+\begin{frame}
+  \begin{center}
+    The GNU Name System\\
+    \vspace{2cm}
+    \url{https://gnunet.org}\\
+    \vspace{1em}
+    {\tiny
+    \texttt{schanzen@gnunet.org}\\
+    \texttt{3D11~063C~10F9~8D14~BD24~D147~0B09~98EF~86F5~9B6A}\\
+    }
+  \end{center}
+\end{frame}
+\appendix
+\begin{frame}{References}
+  \centering
+  {\small
+  \begin{enumerate}
+    \item {Matthias Wachs, Martin Schanzenbach and Christian Grothoff. {\em A Censorship-Resistant, Privacy-Enhancing and Fully Decentralized Name System}. {\bf 13th Intern
+      ational Conference on Cryptology and Network Security}, 2014.}
+    \item {Martin Schanzenbach, Georg Bramm, Julian Schütte. {\em reclaimID: Secure, Self-Sovereign Identities Using Name Systems and Attribute-Based Encryption}. {\bf 17th
+      IEEE International Conference On Trust, Security And Privacy In Computing And Communications (TrustCom)}, 2018}
+    \item {Christian Grothoff, Martin Schanzenbach, Annett Laube, Emmanuel Benoist, Pascal Mainini. {\em Decentralized Authentication for Self-Sovereign Identities using Name Systems (DASEIN)}. {\bf https://git.gnunet.org/bibliography.git/plain/docs/dasein10.pdf}, 2018.}
+  \end{enumerate}
+  }
+\end{frame}
+\end{document}

diff --git a/icann66/gns.tex b/icann66/gns.tex new file mode 100644 index 0000000..6838432 --- /dev/null +++ b/icann66/gns.tex
@@ -0,0 +1,195 @@
	1	\documentclass[aspectratio=169]{beamer}
	2	\usepackage{appendixnumberbeamer}
	3	\usetheme{metropolis} % Use metropolis theme
	4	\definecolor{fhggreen}{RGB}{23,156,125}
	5	\let\oldemph\textbf
	6	\renewcommand{\textbf}[1]{{\color{mLightBrown}\oldemph{#1}}}
	7
	8	\usepackage{blkarray}
	9	\usepackage{amsmath}
	10	\usepackage{multirow}
	11	\title{The GNU Name System\\\small{ICANN66}}
	12	\date{11/5/2019}
	13	\author{Martin Schanzenbach}
	14	\institute{\hfill\large{GNUnet} \includegraphics[trim={0cm 1.5cm 0cm 0cm},clip,width=4em]{gnunet}}
	15	\begin{document}
	16	\metroset{block=fill,sectionpage=progressbar,numbering=counter}
	17	\maketitle
	18
	19	\section{The GNU Name System In a Nutshell}
	20	\begin{frame}{Motivation}
	21	\begin{itemize}
	22	\item DNS remains a source of traffic amplification DDoS.
	23	\item DNS censorship (i.e. by China) causes collateral damage in other countries.
	24	\item DNS is part of the mass surveillance apparatus (MCB).
	25	\item DNS is abused for offensive cyber war (QUANTUMDNS).
	26	\item DoT/DoH, DNSSEC, DPRIVE unfortunately do \textbf{NOT} fix this.
	27	\end{itemize}
	28	\end{frame}
	29
	30	\begin{frame}{What is the GNU Name System?\footnote{Joint work with Christian Grothoff and Matthias Wachs}}
	31	\begin{itemize}
	32	\item Fully decentralized name system $\Rightarrow$ Names are not global.
	33	\item Supports globally unique and secure identification.
	34	\item Features query and response privacy.
	35	\item Provides a public key infrastructure
	36	\begin{itemize}
	37	\item Each zone is associated with a cryptographic key pair.
	38	\item Delegation between zones establishes trust relationship.
	39	\end{itemize}
	40	\item Interoperable with DNS.
	41	\item Usable.\footnote{User studies conducted in ``Decentralized Authentication for Self-Sovereign Identities using Name Systems'' (DASEIN) project.}
	42	\end{itemize}
	43	\end{frame}
	44
	45	\begin{frame}{Applications}
	46	\begin{itemize}
	47	\item Identity management: \textbf{re:claimID} (\url{https://reclaim-identity.io})
	48	\item Social Networks: \textbf{SecuShare} (\url{https://secushare.org})
	49	\item Healthcare: \textbf{Accident insurance and private health data}.\footnote{Joint work with FH Bern, ``Decentralized Authentication for Self-Sovereign Identities using Name Systems'' (DASEIN)}
	50	\item Others: \textbf{Chat}, \textbf{Host addressing}, \ldots
	51	\end{itemize}
	52	\end{frame}
	53
	54	\section{Technical Overview}
	55	\begin{frame}{Record Storage / Retrieval}
	56	\begin{itemize}
	57	\item GNS stores records in a \textbf{Distributed Hash Table} (DHT).
	58	\item DHTs allow us to map keys to values.
	59	\item Naive approach: Map domain names to records.\\e.g.: example.com $\Rightarrow$ A: 1.2.3.4
	60	\end{itemize}
	61	\begin{center}
	62	\includegraphics[width=0.5\textwidth]{DHT.pdf}
	63	\end{center}
	64	\end{frame}
	65
	66	%\begin{frame}{Record Storage / Retrieval}
	67	% \begin{itemize}
	68	% \item GNS implements a \textbf{Private Information Retrieval} (PIR) scheme.
	69	% \item DHT values (records) are signed and encrypted.
	70	% \item DHT keys are derived from queried name and zone.
	71	% \end{itemize}
	72	% \begin{center}
	73	% \includegraphics[width=0.5\textwidth]{DHT.pdf}
	74	% \end{center}
	75	%\end{frame}
	76
	77	\begin{frame}{Secure Storage / Retrieval}
	78	\begin{itemize}
	79	\item \textbf{Query privacy}
	80	\begin{itemize}
	81	\item GNS implements a \textbf{Private Information Retrieval} (PIR) scheme:\\
	82	``a protocol that allows a user to retrieve an item from a server in possession of a database without revealing which item is retrieved.''\footnote{\url{https://en.wikipedia.org/wiki/Private_information_retrieval}}
	83
	84	\item Queries do not reveal domain name.
	85	%item DHT keys are ``blinded'' record labels and zone identity.
	86	\end{itemize}
	87	\item \textbf{Record confidentiality}: Values in DHT are signed and encrypted by zone owner.
	88	\item \textbf{Zone privacy}: Zones cannot be enumerated.
	89	\item \textbf{Censorship and DDoS resistance}: Decentralized, resilient directory.
	90	\end{itemize}
	91	\end{frame}
	92
	93	\begin{frame}{Zone Delegation}
	94	\begin{itemize}
	95	\item The ``NS'' equivalent in GNS is called ``PKEY''.
	96	\item A ``PKEY'' record contains public zone keys.
	97	\item The combination of a ``PKEY'' record value and a name allows users to
	98	query records in a delegated zone.
	99	\end{itemize}
	100	\end{frame}
	101
	102	\begin{frame}
	103	\includegraphics[height=0.9\textheight]{deleg0.pdf}
	104	\end{frame}
	105
	106
	107	\begin{frame}
	108	\includegraphics[height=0.9\textheight]{deleg1.pdf}
	109	\end{frame}
	110
	111
	112	\begin{frame}
	113	\includegraphics[height=0.9\textheight]{deleg2.pdf}
	114	\end{frame}
	115
	116	\section{How do we bootstrap the top-level zones?}
	117	\begin{frame}
	118	\includegraphics[height=0.9\textheight]{deleg3.pdf}
	119	\end{frame}
	120
	121
	122	\begin{frame}{The GNU Name System Root}
	123	``Hyper-hyper local root'' concept:
	124	\begin{itemize}
	125	\item Resolver ships with initial root zone configuration.
	126	\item Root zone configurable \emph{locally} at \emph{each} endpoint.
	127	\item User override/extension of root at top-level or subdomain-level for:
	128	\begin{itemize}
	129	\item Circumvent censorship if necessary.
	130	\item Private networks.
	131	\end{itemize}
	132	\end{itemize}
	133	\end{frame}
	134
	135	\begin{frame}{Envisioned Governance Model}
	136	\begin{itemize}
	137	\item Non-profit organization.
	138	\item Multi-stakeholder model: Board, supporting organizations, \ldots
	139	\item Examples for possible stakeholders:
	140	\begin{itemize}
	141	\item Software and OS Distributors
	142	\item Browser vendors
	143	\item Governments
	144	\end{itemize}
	145	\item Funding options:
	146	\begin{itemize}
	147	\item Applications for new top-level domains.
	148	\item Registrations of new top-level domains.
	149	\item \ldots
	150	\end{itemize}
	151	\end{itemize}
	152	\end{frame}
	153
	154
	155	\section{Quo Vadis?}
	156	\begin{frame}{Roadmap}
	157	\begin{itemize}
	158	\item In progress:
	159	\begin{itemize}
	160	\item 2019-2020: Technical specification of GNS protocol, packaging and alternative implementations.\footnote{Funded by NLnet under EU Next Generation Internet program (\url{https://nlnet.nl/project/GNS/}).}
	161	\item Continuous development and integration into applications.
	162	\end{itemize}
	163	\item 2020--: Establishment of governing body.
	164	\end{itemize}
	165	\end{frame}
	166
	167	\begin{frame}
	168	\begin{center}
	169	The GNU Name System\\
	170	\vspace{2cm}
	171	\url{https://gnunet.org}\\
	172	\vspace{1em}
	173	{\tiny
	174	\texttt{schanzen@gnunet.org}\\
	175	\texttt{3D11~063C~10F9~8D14~BD24~D147~0B09~98EF~86F5~9B6A}\\
	176	}
	177	\end{center}
	178	\end{frame}
	179
	180	\appendix
	181
	182	\begin{frame}{References}
	183	\centering
	184	{\small
	185	\begin{enumerate}
	186	\item {Matthias Wachs, Martin Schanzenbach and Christian Grothoff. {\em A Censorship-Resistant, Privacy-Enhancing and Fully Decentralized Name System}. {\bf 13th Intern
	187	ational Conference on Cryptology and Network Security}, 2014.}
	188	\item {Martin Schanzenbach, Georg Bramm, Julian Schütte. {\em reclaimID: Secure, Self-Sovereign Identities Using Name Systems and Attribute-Based Encryption}. {\bf 17th
	189	IEEE International Conference On Trust, Security And Privacy In Computing And Communications (TrustCom)}, 2018}
	190	\item {Christian Grothoff, Martin Schanzenbach, Annett Laube, Emmanuel Benoist, Pascal Mainini. {\em Decentralized Authentication for Self-Sovereign Identities using Name Systems (DASEIN)}. {\bf https://git.gnunet.org/bibliography.git/plain/docs/dasein10.pdf}, 2018.}
	191	\end{enumerate}
	192	}
	193	\end{frame}
	194
	195	\end{document}