5638 Parallel sysplex network - Telecomix Crypto Munitions Bureau

Parallel sysplex network

From Telecomix Crypto Munitions Bureau

Jump to: navigation, search

In computing, a Parallel Sysplex is a cluster of IBM mainframes acting together as a single system image with z/OS. Used for disaster recovery, Parallel Sysplex combines data sharing and parallel computing to allow a cluster of up to 32 systems to share a workload for high performance and high availability. -- wikipedia

Contents

[edit] Project status

  • Telecomix Crypto Munitions Bureau has been given the task to set up high speed data havens. Full text.
  • Work is now in progress for setting up an anonymous and secure blogging platform.
    • This will be the first phase of the network. More services will follow shortly thereafter.

[edit] Introduction

Lets build a virtualization-data haven in teh cipherspace. It will be awesum :D

The SYSPLEX mirrors the IBM mainframe ideology. Z-series mainframes does not reboot, it is however possible to reboot parts of their operating system. One of the first stuff the mainframe prints out just after waking one of its subsystem to life is a message like "BLABLA SYSTEM XYZ IS NOW ACTIVE IN SYSPLEX ZYX", of course all in CAPS because the mainframes still live in the era of the cold war computing. This is so cool that it needs to be replicated :D

The idea of the SYSPLEX is that it should be some sort of darknet data haven, accessible only though cipherspace. One of the prime goals of the sysplex is that it should work as a cluster of IBM mainframes, except that the environments that execute in it will be virtual chaosboxes, not corporate business servers. The purpose of the sysplex is to be used by anonymous persons to access free and anonymous computing platforms that are well connected to the various darknets that exists.

[edit] Parallel sysplex network

All chaosboxen within the sysplex network can connect to all networks without the need for any configuration. The network should already route traffic to AnoNet, DarkNET Conglomeration and to the internets, when there are exit nodes available. Routers in the network that are part of TOR and/or I2P push the IPv6-addresses that OnionCat uses. Using TOR or I2P will thus be as simple as to type "ping" or irssi to a server. The connection is automatically encrypted and sent through to the other side, no matter what protocol is used to carry the packets.

People wanting to peer with or help building the sysplex does not need to identify themselves. One can set up a TOR or I2P node and begin exchanging information with the sysplex via OnionCat on top of TOR/I2P. Both the location of the SYSPLEX, and who is accessing it, can easily be hidden.

[edit] Trusting the sysplex

The operators of the sysplex can of course always open up the chaosboxes they host. Even if a box has hard disc encryption and uses SSH to unlock the cipher after a reboot, it would be possible for an operator to reboot the machine, install a trojan in the unencrypted /boot partition and wait for the user to log in with SSH to unlock the disks' crypto, thus sniffing the password.

However, it is not difficult to connect to the sysplex via I2P or TOR. The anonymity of a chaosbox owner will not be possible to break, unless the owner chooses to do so. It does not matter whether the operators can see the information stored or processed by the nodes, as the owner of the chaosbox is not possible to identify anyway.

[edit] Core protocols of the SYSPLEX

  • VirtualBox to create the virtual chaosbox machines. We could use XEN too.
  • OpenVPN and/or IPsec -- Core P2P pseudonymous VPN protocols (used to build the high-speed data haven islands)
  • Tor and I2P in combination with OnionCat - Core decentralized VPN protocols (used to link islands together anonymously)
  • BGP The routing protocol, we could perhaps also use other protocols such as RIPng or OSPF.
  • PPTP can be used, but it is not secure enough. It could be used to send traffic to the internets via IPREDATOR.

[edit] Services

  • It should be possible to give away virtual machines to just about anyone, so that anyone (even without knowledge of networking) can use the sysplex
    • If we use XEN to do this, we can migrate the machines while they are operating, between different host machines without any downtime. The sysplex nodes thus does not depend on physical hardware. Also see the definition from wikipedia, at the top of this article :)
      • Fast-flux virtual machines propagated over cipherspace connections (in this theoretical context considered ultimately secure) would be cool.
  • Physical chaosboxen can have hard disc encryption. Installing dropbear on the machines results in that not even the person that has physical access to the box can decrypt the hard disc (unless he dumps and/or sniffs the RAM/CPU or performs other "offline" attacks).
    • Which is why we need to have either (as a goal, these are probably too impractical as a start):
      • a system for "zero-knowledge" (in lack of better words) computation where only the user has access to the computed results. OR
      • OR distribution of operations among so many nodes that attacking the virtual machine becomes a practical impossibility

[edit] TODO

  1. We need to agree on which protocols to use, what virtualization plattform to use and which IP addresses to use.
  2. The first SYSPLEX mainframe node needs to be created. Just fuckin do it.
  3. Create a script that can create new accounts on machines. Perhaps about 10 users can use the same virtual machine.
  4. Create a new cipherspace-only IRC server and a bot which could be used to automatically create new virtual machines, in exchange from hashcash collisions or somewhat large primes. The reason to use hashcash in exchange to anonymous virtual machines is that it defends against DoS attacks (otherwise people can just issue commands quickly and fill the job queue with the task of just creating more and more chaos boxes.)
Retrieved from "https://cryptoanarchy.org/wiki/Parallel_sysplex_network"
Personal tools
0