create talks dir and moved old slides in there

added slides for aconet meeating 2015-05-19

24 files changed, 336 insertions, 0 deletions

diff --git a/papers/acn/acn.ppt b/talks/acn/acn.ppt
index 126cd5b..126cd5b 100644
--- a/papers/acn/acn.ppt
+++ b/talks/acn/acn.ppt
diff --git a/papers/acn/anycast-dns-lan.dia b/talks/acn/anycast-dns-lan.dia
index c80a07f..c80a07f 100644
--- a/papers/acn/anycast-dns-lan.dia
+++ b/talks/acn/anycast-dns-lan.dia
diff --git a/papers/acn/app_anycast_rtp_proxy.dia b/talks/acn/app_anycast_rtp_proxy.dia
index fea87e9..fea87e9 100644
--- a/papers/acn/app_anycast_rtp_proxy.dia
+++ b/talks/acn/app_anycast_rtp_proxy.dia
diff --git a/papers/acn/app_securing_anycast_services.dia b/talks/acn/app_securing_anycast_services.dia
index ab6b20b..ab6b20b 100644
--- a/papers/acn/app_securing_anycast_services.dia
+++ b/talks/acn/app_securing_anycast_services.dia
diff --git a/papers/acn/app_tunnel_2_networks.dia b/talks/acn/app_tunnel_2_networks.dia
index 0d9f20c..0d9f20c 100644
--- a/papers/acn/app_tunnel_2_networks.dia
+++ b/talks/acn/app_tunnel_2_networks.dia
diff --git a/papers/acn/app_unicast_vpn_concentrator.dia b/talks/acn/app_unicast_vpn_concentrator.dia
index fa61c2c..fa61c2c 100644
--- a/papers/acn/app_unicast_vpn_concentrator.dia
+++ b/talks/acn/app_unicast_vpn_concentrator.dia
diff --git a/papers/acn/enc4-6ur.dia b/talks/acn/enc4-6ur.dia
index 25756d9..25756d9 100644
--- a/papers/acn/enc4-6ur.dia
+++ b/talks/acn/enc4-6ur.dia
diff --git a/papers/acn/enc6-e.dia b/talks/acn/enc6-e.dia
index c394a68..c394a68 100644
--- a/papers/acn/enc6-e.dia
+++ b/talks/acn/enc6-e.dia
diff --git a/papers/acn/header-auth.dia b/talks/acn/header-auth.dia
index 4522feb..4522feb 100644
--- a/papers/acn/header-auth.dia
+++ b/talks/acn/header-auth.dia
diff --git a/papers/acn/header-enc.dia b/talks/acn/header-enc.dia
index 9083401..9083401 100644
--- a/papers/acn/header-enc.dia
+++ b/talks/acn/header-enc.dia
diff --git a/papers/acn/header.dia b/talks/acn/header.dia
index d69be0f..d69be0f 100644
--- a/papers/acn/header.dia
+++ b/talks/acn/header.dia
diff --git a/papers/acn/kd-auth.dia b/talks/acn/kd-auth.dia
index c7506ae..c7506ae 100644
--- a/papers/acn/kd-auth.dia
+++ b/talks/acn/kd-auth.dia
diff --git a/papers/acn/kd-enc.dia b/talks/acn/kd-enc.dia
index bfb7644..bfb7644 100644
--- a/papers/acn/kd-enc.dia
+++ b/talks/acn/kd-enc.dia
diff --git a/papers/acn/kx-ipsec.dia b/talks/acn/kx-ipsec.dia
index 296ddce..296ddce 100644
--- a/papers/acn/kx-ipsec.dia
+++ b/talks/acn/kx-ipsec.dia
diff --git a/papers/acn/kx-ovpn.dia b/talks/acn/kx-ovpn.dia
index 2641220..2641220 100644
--- a/papers/acn/kx-ovpn.dia
+++ b/talks/acn/kx-ovpn.dia
diff --git a/papers/acn/kx-satp.dia b/talks/acn/kx-satp.dia
index eb9e47c..eb9e47c 100644
--- a/papers/acn/kx-satp.dia
+++ b/talks/acn/kx-satp.dia
diff --git a/talks/aconet-meeting-2015-05-19/anytun-logo.png b/talks/aconet-meeting-2015-05-19/anytun-logo.png
new file mode 100644
index 0000000..e0b3eda
--- /dev/null
+++ b/talks/aconet-meeting-2015-05-19/anytun-logo.png
diff --git a/talks/aconet-meeting-2015-05-19/anytun.pdf b/talks/aconet-meeting-2015-05-19/anytun.pdf
new file mode 100644
index 0000000..ba2a01e
--- /dev/null
+++ b/talks/aconet-meeting-2015-05-19/anytun.pdf
diff --git a/talks/aconet-meeting-2015-05-19/anytun.tex b/talks/aconet-meeting-2015-05-19/anytun.tex
new file mode 100644
index 0000000..10830ed
--- /dev/null
+++ b/talks/aconet-meeting-2015-05-19/anytun.tex
@@ -0,0 +1,336 @@
+%%% Beamer Vorlage, (c) Bernhard Tittelbach
+\ifx\mode\undefined  % only include documentclass if beamer not already included via handout_
+ \documentclass{beamer}
+\fi
+\usepackage{cmap}
+\usepackage{ngerman}
+\usepackage[utf8]{inputenc}
+
+\mode<presentation>{
+%%% Layout Themen
+ \usetheme{Luebeck}
+ %\usetheme{Boadilla}
+ %\usetheme{Copenhagen}
+ %%% Farb Theme
+ %\usecolortheme{crane}
+ %\usecolortheme{realraum}
+
+ %\useinnertheme{circles}
+ %%% Hier Fußzeile und Subsections konfigureren bzw ausschalten
+ \useoutertheme[footline=authorinstitute,subsection=false]{miniframes}
+ %\useoutertheme{infolines}
+ %\useoutertheme{split}
+ %\useoutertheme{shadow}
+ %\useoutertheme[hooks]{tree}
+ %\useoutertheme{smoothtree}
+ %\useoutertheme[hooks]{sidebar}
+
+\setbeamertemplate{footline}
+  {%
+    \begin{beamercolorbox}[colsep=1.5pt]{upper separation line foot}
+    \end{beamercolorbox}
+    \begin{beamercolorbox}[ht=2.5ex,dp=1.125ex,leftskip=.3cm,rightskip=.3cm plus1fil]{author in head/foot}%
+      \leavevmode{\usebeamerfont{author in head/foot}\insertshortauthor}%
+      \hfill%
+      {\usebeamerfont{institute in head/foot}\usebeamercolor[fg]{institute in head/foot}\insertshortinstitute}%
+      \hfill%
+      \usebeamercolor[fg]{page number in head/foot}%
+      \usebeamerfont{page number in head/foot}%
+      \insertframenumber\,/\,\inserttotalframenumber%\kern1em\vskip2pt%
+    \end{beamercolorbox}%
+    \begin{beamercolorbox}[colsep=1.5pt]{lower separation line foot}
+    \end{beamercolorbox}
+  }
+
+
+%%% Schriftgröe von Float Captions (Bildunterschriften, Tabellenunterschriften)
+\setbeamerfont{caption}{size=\scriptsize}
+
+ %%% Textpos erlaubt die "absolute" positionierung von Elementen
+ \usepackage[overlay,absolute]{textpos}
+ \TPGrid{ 40 }{ 30 }
+
+ %% Hier die Transparenz von \uncover Elementen einstellen (siehe Beamer Doku)
+%\setbeamercovered{transparent=4}
+%\setbeamercovered{invisible}
+%\setbeamercovered{dynamic}
+%\setbeamercovered{highly dynamic}
+\setbeamercovered{transparent}
+
+%% Hier auskommentieren um die Navigationsleiste unten auszublenden
+\setbeamertemplate{navigation symbols}{}
+
+%%% 16:10 Folien
+%\usepackage[orientation=landscape,size=custom,width=16,height=10,scale=0.5]{beamerposter}
+
+\usepackage{multimedia}
+}
+
+\mode<article>{
+ \usepackage{fullpage}
+ \usepackage{hyperref}
+ \usepackage{pgf}
+ \hypersetup{colorlinks=true,%
+            urlcolor=blue,%
+            pdftex}
+% WARNING this command requires beamer v3.07 (2007)
+% it makes subsections from frametitle sin article mode
+ \setbeamertemplate{frametitle}{\subsection{\insertframetitle}}
+% \setbeamertemplate{frametitle}{}
+}
+
+% Needed for PS Tricks Images
+%\usepackage{tikz}
+
+%\usepackage{fancyvrb}
+\definecolor{Brown}{cmyk}{0,0.81,1,0.60}
+\definecolor{OliveGreen}{cmyk}{0.64,0,0.95,0.40}
+\definecolor{CadetBlue}{cmyk}{0.62,0.57,0.23,0}
+%% Das Listings Package eignet sich zum Anzeigen von Code
+%\usepackage{listings}
+%\lstset{language=sh}
+%\lstset{tabsize=2}
+%\lstset{basicstyle=\small,
+%  keywordstyle=\ttfamily\color{OliveGreen},
+% identifierstyle=\ttfamily\color{CadetBlue}\bfseries,
+% commentstyle=\color{Brown},
+% stringstyle=\ttfamily,
+% showstringspaces=false}
+
+\title{ Anytun - Secure Anycast Tunneling }
+\author{Christian Pointner}
+\date{\today}
+%\institute{sat.mur.at}
+%\logo{\pgfimage[height=0.6cm]{logo}}
+%\logo{\pgfimage[height=0.6cm]{logo}\hspace{1mm}\pgfimage[height=0.6cm]{mur-logo-dark}}
+% \logo{\pgfimage{MURsat-logo}\hspace{1mm}\pgfimage[height=0.6cm]{mur-logo-dark}}
+% \logo{\includegraphics[clip=true,trim=0 12.0cm 0 10.0cm,scale=0.1]{MURsat-logo}}
+\logo{\includegraphics[height=1cm]{anytun-logo}\hspace{0.2cm}}
+
+\begin{document}
+\frame{
+\titlepage
+}
+%-----------------------------------------------
+% \frame{
+% \frametitle{Outline}
+% \tableofcontents
+% }
+
+\AtBeginSection[]
+{
+ \begin{frame}
+  \frametitle{Überblick}
+  \small
+  \tableofcontents[currentsection,hideothersubsections]
+  \normalsize
+ \end{frame}
+}
+
+%===============================================
+\section{Open Source VPN}
+
+% welche open source VPN Lösungen gibt es
+%  openvpn: viele features, große community, firma mit support,
+%           leider ssl
+%  tinc:    ähnlich openvpn, meshing, leider ssl
+%  IPSec:
+%    ipsec-tools:  setkey, racoon -> use linux kernel ipsec implementation
+%    strongSwan:   auf linux, ikev1, ikev2!
+%    libreSwan:    formerly openswan, ikev1
+%  anytun:  !!!
+
+
+%-----------------------------------------------
+\begin{frame}
+ \frametitle{OpenVPN}
+ \begin{itemize}
+   \item<1-> eines der ältesten SSL basierten VPNs
+   \item<2-> viele Features
+   \item<3-> Multi-Platform
+   \item<4-> große Community
+   \item<5-> wird von Coverity regelmäßig geprüft
+   \item<6-> Firma die Support bietet
+ \end{itemize}
+\end{frame}
+%-----------------------------------------------
+\begin{frame}
+ \frametitle{tinc}
+ \begin{itemize}
+   \item<1-> neueres Projekt - weniger Legacy Code
+   \item<2-> basiert auf SSL
+   \item<3-> unterstützt automatisches Meshing
+   \item<4-> kleinere Community
+   \item<5-> Multi-Platform (weniger als OpenVPN)
+ \end{itemize}
+\end{frame}
+%-----------------------------------------------
+\begin{frame}
+ \frametitle{strongSwan}
+ \begin{itemize}
+   \item<1-> IPsec Implementierung für Linux
+   \item<2-> basiert auf freeS/WAN
+   \item<3-> unterstützt IKEv1 und IKEv2
+   \item<4-> kann mit vielen IPSec Implementierungen arbeiten
+ \end{itemize}
+\end{frame}
+%-----------------------------------------------
+\begin{frame}
+ \frametitle{ipsec-tools}
+ \begin{itemize}
+   \item<1-> Key Exchange Daemons für IPsec im Linux Kernel
+   \item<2-> raccoon: unterstützt nur IKEv1
+   \item<3-> setkey: für statisches keying
+ \end{itemize}
+\end{frame}
+%-----------------------------------------------
+
+%===============================================
+\section{Warum Anytun?}
+
+% openvpn, tinc etc -> ssl based :(
+% ipsec: kein anycast -> replay protection
+% satp
+% warum anycast:  wer mit anycast umgehen kann kann jede adressierungsform
+%                 gratis load balancing
+
+%-----------------------------------------------
+\begin{frame}
+\frametitle{Warum Anytun}
+\begin{itemize}
+  \item<1-> OpenVPN und tinc basieren auf SSL
+  \begin{itemize}
+    \item<1-> Angriffe gegen SSL treffen eventuell auch das VPN
+    \item<1-> kein standardisiertes Protokoll
+  \end{itemize}
+  \item<2-> IPSec kann nicht mit Anycast umgehen (keine Replay Protection oder hoher Synchronisationsaufwand)
+  \item<2-> NAT Transversal ist in IPSec umständlich und schwierig
+  \item<3-> Anycast bietet viele Vorteile bei Load Balancing und Redundanz
+  \item<3-> ein Protokoll das Anycast unterstüzt kann in vielen Szenarien eingesetzt werden.
+\end{itemize}
+\end{frame}
+
+%===============================================
+\section{SATP und (u)Anytun}
+
+% SATP -> secure anycast tunneling protocol
+%         adds sender-id -> replay protection
+% anytun   full-featured implementation C++/Boost
+% uanytun  small implementation (no sync) C
+
+%-----------------------------------------------
+\begin{frame}
+\frametitle{SATP}
+\begin{itemize}
+  \item<1-> Name des Protokolls: Secure Anycast Tunneling Protocol
+  \item<2-> dokumentiert als Internet Draft
+  \item<3-> spezifiziert nur die Payload Kommunikation und NAT Transversal
+  \item<4-> agnostisch gegenüber dem Key Exchange Protokoll
+\end{itemize}
+\end{frame}
+%-----------------------------------------------
+\begin{frame}
+\frametitle{SATP Details}
+\begin{itemize}
+  \item<1-> Ähnlich zu IPSec ESP und GRE
+  \item<2-> geringer Overhead (10 Byte + MAC)
+  \item<3-> über UDP oder direkt auf IP
+  \item<4-> unterstützt jedes Ethertype Protocol als Payload (Ethernet, IPv4, IPv6, ...)
+  \item<5-> verschiedene Anycast Sender können identifiziert werden somit funktioniert die Replay Protection auch ohne viel Synchronisationsaufwand
+  \item<6-> Crypto basiert auf sRTP
+\end{itemize}
+\end{frame}
+%-----------------------------------------------
+\begin{frame}
+\frametitle{Anytun}
+\begin{itemize}
+  \item<1-> erste Implementierung von SATP
+  \item<2-> unterstützt Cluster Synchronisation
+  \item<3-> geschrieben in C++ / Boost (Multi-Threaded)
+  \item<4-> läuft unter Linux, Windows, FreeBSD
+\end{itemize}
+\end{frame}
+%-----------------------------------------------
+\begin{frame}
+\frametitle{uAnytun}
+\begin{itemize}
+  \item<1-> kleine Implementierung von SATP
+  \item<2-> keine Cluster Synchronisation
+  \item<3-> geschrieben in C mit wenig Library Abhängigkeiten (nur Crypto)
+  \item<4-> läuft unter Linux, FreeBSD und OpenBSD
+\end{itemize}
+\end{frame}
+%-----------------------------------------------
+
+%===============================================
+\section{Verwendungs-Szenarien}
+
+% anytun usage scenarios:
+%   anycast VPN server cluster
+%   securing anycast service
+%   mutli path interconnect
+
+%-----------------------------------------------
+\begin{frame}
+\frametitle{Anycast VPN Cluster}
+\includegraphics[width=0.9\textwidth]{usage-anycast-cluster}\\
+\end{frame}
+%-----------------------------------------------
+\begin{frame}
+\frametitle{Secure Anycast Service/Application}
+\includegraphics[width=0.9\textwidth]{usage-anycast-service}\\
+\end{frame}
+%-----------------------------------------------
+\begin{frame}
+\frametitle{Mulit-Path Interconnect}
+\includegraphics[width=0.9\textwidth]{usage-interconnect}\\
+\end{frame}
+%-----------------------------------------------
+
+%===============================================
+\section{Zukunft}
+
+% anytun future:
+%   RAIL
+%   Key Exchange
+%     ike2, inbound, interface zu key store
+%   anytun multi threading
+%   RFC für SATP
+
+%-----------------------------------------------
+\begin{frame}
+\frametitle{RAIL}
+\begin{itemize}
+  \item<1-> Redundant Array of Inexpensive Links
+  \item<2-> SATP Pakete werden mehrmals über verschiedene Pfade gesendet
+  \item<3-> Empfänger verwirft alle doppelten Pakete
+  \item<4-> Redudanz und oder gesteigerte Bandbreite
+  \item<5-> erste Test Implementierung in uAnytun funktioniert
+  \item<6-> ohne Key Exchange sehr umständlich zu verwenden :(
+\end{itemize}
+\end{frame}
+%-----------------------------------------------
+\begin{frame}
+\frametitle{Key-Exchange, RFC, ...}
+\begin{itemize}
+  \item<1-> Zurzeit untstützt Anytun und uAnytun nur statische Keys :(
+  \item<2-> Interface für externes Keyexchange um Inbound Daten schicken zu können
+  \item<3-> Interface um Keys im Daemon zu installieren
+  \item<4-> Update der Crypto Primitives in SATP
+  \item<5-> RFC für SATP
+  \item<6-> Threading Modell von Anytun
+\end{itemize}
+\end{frame}
+%-----------------------------------------------
+
+%===============================================
+% \section{Bibliography}
+%-----------------------------------------------
+% \frame[allowframebreaks]{
+% \mode<presentation>{\frametitle{Bibliography}}
+%
+% \bibliographystyle{ieeetr}
+% \bibliography{}
+% }
+%-----------------------------------------------
+\end{document}
diff --git a/talks/aconet-meeting-2015-05-19/usage-anycast-cluster.png b/talks/aconet-meeting-2015-05-19/usage-anycast-cluster.png
new file mode 100644
index 0000000..a9182c7
--- /dev/null
+++ b/talks/aconet-meeting-2015-05-19/usage-anycast-cluster.png
diff --git a/talks/aconet-meeting-2015-05-19/usage-anycast-service.png b/talks/aconet-meeting-2015-05-19/usage-anycast-service.png
new file mode 100644
index 0000000..c48339b
--- /dev/null
+++ b/talks/aconet-meeting-2015-05-19/usage-anycast-service.png
diff --git a/talks/aconet-meeting-2015-05-19/usage-interconnect.png b/talks/aconet-meeting-2015-05-19/usage-interconnect.png
new file mode 100644
index 0000000..331e776
--- /dev/null
+++ b/talks/aconet-meeting-2015-05-19/usage-interconnect.png
diff --git a/papers/linuxtage2008.odp b/talks/linuxtage2008.odp
index b712dbd..b712dbd 100644
--- a/papers/linuxtage2008.odp
+++ b/talks/linuxtage2008.odp
diff --git a/papers/realraum.odp b/talks/realraum.odp
index 7f41608..7f41608 100644
--- a/papers/realraum.odp
+++ b/talks/realraum.odp