Topologies of Harm

Elio Grieco

1-july-2024

Where

Talk given at the 2024-07-01 meeting of the SouthWest Cyber Security Forum.

Slides available at: https://eliogrieco.com/topologies-of-harm/

What

The security of a system is an intrinsic part of its design.

The topology (or shape) of a digital system determines many of its security characteristics.

Why

What we’re doing today isn’t working.

The biggest gains to our collective security and wellbeing can be had by switching to topologies that align with the original goals of the internet.

Terms

Let’s define a few terms that might be helpful when discussing this topic…

Topology

What Is Network Topology?

Our focus:

Centralized
Decentralized/Federated
Distributed

Trust

Certificate Authorities
Web of Trust
Trust Mapping
Zero Trust

Addressing

Positional addressing
Content based addressing

Other Terms

Cloud
Local First Applications
State management
Replication

Parkerian Hexad

The Parkerian Hexad attributes are the following:

Confidentiality
Possession or Control
Integrity
Authenticity
Availability
Utility

Components

Identity

Uses of identity:

Authentication
Authorization
Discovery
Routing
Confidentiality (encryption)

Discovery and Search

DNS
Search Engines
DHT
Flood Search

Data Transport

Circuit Switched
Packet Switched

Data Storage

Replication
Error correcting codes
Encryption at rest

Advantages of Distributed Topologies

Verification of Keys/Identity

Knowledge Horizons

Attacks

Impersonation
Sybil attacks
Man in the Middle
Onwership Transfer
Denial of Service

Issues

CDA 230
Data longevity
Censorship
Algorithmic manipulation

Popular Topologies

Currently in Use

Client-Server
Decentralized/Federated
Cloud
Pub Sub/Gossip Protocols
Mixnets (Tor)

Up and Coming

Blockchain/Distributed Ledger
Distributed/Peer to Peer
- BitTorrent
- IPFS
- Hyphanet/Freenet
- Open-net/Darknet/Brightnet