Jerome Etienne's homepage
My short professional biography is available.
SECURITY:
I enjoy designing and breaking security.
In a moment of madness, i wrote
"designing security is playing chess alone, sure to outperform the opponent".
The moment is no more but i still like the sentence.
Secure tunnel:
Yavipin stands for Yet Another VPN. I wrote a new secure tunnel
even if numerous are already available because they don't satisfy
my needs in usability, network efficiency or security.
I release holes i know in the alternatives to bring awareness.
- yavipin:
Yavipind is a secure tunnel aka 2 peers securely forwarding packets
toward each other.
It forwards any kind of packet (IPv4, IPv6 or other) sent over the virtual
point-to-point device (e.g. tun0).
[homepage]
- Security analysis of VTun:
This text is a security analysis of VTun.
It includes a description of the security based on the source and
lists the possible attacks.
An attacker can modify packets, replay them, learn pattern
of the plain text or easily guess low-entropy password.
[ps]
[pdf]
[html]
- Security flaws in tinc:
This text describes security flaws in Tinc.
It includes a description of the security and
lists the possible attacks.
An attacker can modify packets, replay them and learn pattern
of the plain text.
[ps]
[pdf]
[html]
Protocol security:
- IETF:
My contributions
to the ietf are mainly security
related: secure pmtu discovery, improvement of IPsec,
discovery of security flaws in OSPFv2 and
RIPv2, security analyse of the ITrace
- Flaws in OSPF with digital signature: the specs are in
(rfc2154).
It is insecure against insider attacks.
[ps]
[pdf]
[html].
- ARPsec:
It intends to fix the numerous security holes of ARP
(rfc0826).
I talked about
ARPsec
in
ols 2000.
The slides are available in
html
and
staroffice[sdd]
format.
encrypted loop device for linux:
I did some security analysis of the encrypted loop device
and found a major hole which allows an attacker to modify the content
without being detected and a minor one in a script which reveals
the password to the users.
- Vulnerability in encrypted loop device for linux:
This text describes a security hole i found in encrypted loop
device for linux.
An attacker is able to modify the content of the encrypted device
without being detected.
This text proposes to fix the hole by authenticating
the whole device when performing mount operations.
[ps]
[pdf]
[html].
- initialization script revealing the password:
A short text describing a hole in the script proposed in
the
encryption HOWTO to setup an encripted loop device.
It allows any user of the box to learn the password used
to encrypt the block device on this box.
content. Note it isnt a bug of the encrypted loop device
in itself but a bug in a admin script.
[txt]
High availability related:
- vrrpd: an implementation of
VRRPv2 as specified in
rfc2338.
It run in userspace for linux.
In short, VRRP is a protocol which elects a master server on a LAN.
If the master fails, a backup server takes over.
- Online Disk Replicator: a protocol to
share read/write access a block device among several nodes. It
has been sketched for linux-ha.
- Informations about minor patches
written for the linux kernel during the developement of vrrpd.
Miscellaneous:
- my resume in ascii
- simuwan_usr:
a small software able to 'simulate wan', a big word for dropping
and delaying packets. it is fully in userspace.
It gets packet from IP_QUEUE(netfilter). It has been written to
satisfy my own needs, use it at your own risk.
[tgz]
- How to edit slides in latex:
This text describes how to edit slides in latex. It is just my
personnal experience.
[txt].
Personnal: