The lecture focuses on satellite ISP technology and how to misuse it for anonymously broadcasting to an unlimited number of anonymous users while only one user pays for a standard dial-up connection of a satellite ISP. The lecture focuses on satellite ISP technology and how to misuse it for broadcasting to an unlimited number of users. Satellite ISPs connect users to the Internet by means of satellite communication. The first part of the lecture introduces the basic types of satellite ISPs (symmetric vs. asymmetric or encrypted vs. unencrypted broadcasts). Then we give an overview of our basic idea: We exploit the fact, that the satellite downstream, containing the data requested by the user, can be received in the whole footprint of the satellite. To broadcast certain data the sender first sends it to a dedicated server, which is connected to the Internet. Then the sender requests this data over the satellite ISP, which results in the data being broadcasted by the satellite ISP. The potential receivers simply listen to the satellite broadcast and filter the data, e.g., by implicit addresses. Implicit addresses are achieved by means of public key encryption and, at the same time, achieves confidentiality of the broadcasted data. While unconditionally strong receiver anonymity is immediately achieved by the nature of a broadcast channel, sender anonymity is achieved by techniques similar to those applied in anonymous P2P publication systems. Our system works immediately if the satellite ISPs does not encrypt the data. If the satellite ISP encrypts the satellite downstream, the system works as well, but is more involved. This issue and other technical hurdles (e.g., robust broadcasts in face of a high error rate of the broadcast downstream or achieving sender anonymity) are discussed in the third part of the lecture. The lecture closes with the results of a prototype implementation (a modified web server plus user client) that enables broadband data broadcasting (e.g., file sharing) by exploiting a satellite ISPs. We propose an open-source project to continue the development of our prototype.
Secdocs is a project aimed to index high-quality IT security and hacking documents. These are fetched from multiple data sources: events, conferences and generally from interwebs.
Serving 8166 documents and 531.0 GB of hacking knowledge, indexed from 2419 authors from 163 security conferences.