Category Archives: Networking

Wednesday, September 9, 2020

Interesting times. Hitting a bunch of topics that are more than a little divergent but interesting.

Networking Security

Work keeps me deeply involved on this front. Down in the TLS RFCs, certificate stuff, algorithm and cipher suite options and some lower level work. This may sync well with some home project work as well at some point..later once I’ve gotten some other things back rolling.

WPF

I’m digging deeper into WPF coding for some of the simpler home-front tools. I’ve done a decent amount of JavaFX coding and MFC work but java doesn’t give me access to the low level APIs these tools need and MFC is old, crusty and much harder to work with.

WPF is a bit of an odd critter but seems to fit my needs decently. I’m still working through many of its oddities and figuring out what works well with its design but I’m optimistic that it will remain a good tool for prototyping on windows and for small home tools development.

Unity

Last year I did a good bit of Unity VR programming with a couple of friends.

The year since has been busy as I changed jobs and took on a very challenging set of problems at my new work (cybersecurity, networking security design and fitting it all into an existing architecture that goes back quite a way). I’m hoping that with the fall I will be able to put some more effort into home projects in off hours. Till now I’ve been working during work hours and digging into technology and background issues in off hours.

I’ve got the VR system downstairs back together and calibrated to the room. I’m still eyeing headset upgrades but don’t feel that I’m at the point where I want to throw the money at the systems that are out there.

I need to get back into the basic details needed to build out a VR Unity app. I know I have notes on this blog that will get me there. Once I have that together I’ll move forward with some ‘stretching exercises’ in VR.

I’m also realizing that both the VR environment and the flat screen environment Unity could be a nice environment for some amount of tooling so I’ll probably try to see if PInvoke and similar are supported. Being able to pull information out of a system and then render it and manipulate it in a Unity managed space seems potentially very interesting. With a bit of TLS and networking support and this might get even more interesting. Things to think about.

Rest of it…

I will almost certainly bite off more than I can chew on the home front. Hoping that some interesting bits will make it to a level where they’re useful. I’ll keep blogging here (and on my personal blog and pandamallet for more detailed game stuff). Hoping to reconnect with the friends I was working with a year ago and that a covid vaccine lets us all get back closer to normal life in 2021.

Cybersecurity and Cryptography

I’ve been getting more deeply involved in the cybersecurity and cryptography end of things in the last few weeks.

Did some serious work looking into current best practices for password management. Found that the bcrypt algorithm I had been familiar with has been long ago superseded (no surprise there) and that there is a hash iteration algorithm that can be used to bump up the work involved in computing an off the shelf HMAC to levels where it is suited for use as a password hash (PBKDF2 and here).

I’ve been looking at TLS and related technologies. In the past I’ve tended to treat them as black box components. I’m digging a bit deeper on a few fronts now.

I knew that elliptic curve algorithms were available in the TLS cypher suite but had not realized that they were in active use. Last time I looked at elliptic curve algorithms the community was viewing them with suspicion after the Dual_ED_DRBG fiasco. I think that the reduced computational complexity when processing them may have also lent an air of insecurity to them. At this point it sounds as if they’ve passed muster and are in serious use. I picked up a book (Modern Cryptography and Elliptic Curves, A Beginner’s Guide) to get a better handle on the underlying mathematics and will be taking a closer look on a broader scale.

I’m setting up my raspberry pi controllers (at least a few of them) as TLS/DTLS test endpoints. I’ve loaded and built OpenSSL on them over the weekend and will be coding up some samples to play with in the evenings this week. I’ve got machines ranging from pi-2 to pi-4 so they should provide a nice range of performance for testing.

TLS on TCP

I expect to initially put together some simple TLS over TCP code to make sure I’ve got everything working properly and that my certs are set up correctly.

DTLS on UDP

Once I’ve got TLS working I’ll likely try to transition to point-to-point DTLS as that is also a standardized protocol and a good stepping stone to the proposed multicast adaptation.

Multicast on UDP

I haven’t worked with multicast datagram traffic much (pretty much never) so I’ll likely move on to simple, un-encrypted multicast traffic from there. If I can get some of the machines to join a multicast group and ping traffic off of them, I’ll count that as a win.

Multicast over DTLS on UDP

The final step of this exercise will involve taking the multicast sample and the DTLS sample and attempting to implement the proposed approach to providing multicast support to DTLS. This isn’t a standards track proposal, but seems like the closest thing we’ve got to secure multicast traffic support.

Hoping this comes together. It seems like an interesting exercise. If I can get this work done entirely off hours, I’ll share the resulting code on my github account