CS Space

[defacto]

Re: CSPACE - p2p DHT secure Buddylist like WASTE open source

http://cspace.in/

What is CSpace?

CSpace provides a platform for secure, decentralized, user-to-user communication
over the internet. The driving idea behind the CSpace platform is to provide a
connect(user,service) primitive, similar to the sockets API connect(ip,port).
Applications built on top of CSpace can simply invoke connect(user,service) to
establish a connection. The CSpace platform will take care of locating the user
and creating a secure, nat/firewall friendly connection. Thus the application
developers are relieved of the burden of connection establishment, and can focus
on the application-level logic!

CSpace is developed in Python. It uses OpenSSL for crypto, and Qt for the GUI.
CSpace is licensed under the GPL.
What applications are available now?

The following applications are currently available with CSpace:
Text Chat
File Transfer
Remote Desktop (based on VNC)
How does it work?

Here are some of the salient points regarding the CSpace architecture:
User Identity
All users create 2048-bit RSA keys for themselves.
A user is uniquely identified by his RSA public key.
Every user has a contact list, which is just a list of public keys known to that
user.
A user assigns names to the public keys in his contact list. This is done
because it is easier to display & manage names rather than raw public keys.
CSpace ensures that there are no duplicate names present in the contact list.
This is done to allow a contact name to uniquely identify a public key in the
contact list.
To help with the exchange of public keys between users, a key server is used
(somewhat like PGP key servers).
Decentralized Network
A Distributed Hash Table (DHT) based on the Kademlia protocol is used.
When a user goes online, a mapping from his public key to his ip-address is
created in the DHT.
CSpace also registers with third party routers, so that the user can receive
connections even if he is behind a nat/firewall.
Connection Process
When an application wants to utilize the CSpace platform, it establishes a local
connection to the CSpace instance, and issues a connect request, say, something
along the lines of connect(alice,TextChat).
CSpace obtains the destination user's public key by looking up the name in the
contact list.
The DHT is used to obtain the destination user's network location (ip address).
A TCP connection is established to the destination user's network address. In
case the destination user is behind a nat/firewall, then a proxied connection is
established using a third party router.
A secure channel is established using the TLS protocol.
The service name which was requested (say TextChat) is sent over the secure
channel, and the destination CSpace instance responds with a success code.
The application which issued the connect request is notified about the
successful connection. CSpace proxies the data between the local application and
the secure channel. Thus the application only sees a plain TCP connection to
localhost.
Screenshots

[JackSpratts]

a few weeks ago member dreamcaster brought this to my attention and i put it into a july wir. interesting!

- js.

[DaSquad82]

I have been puttin some thought into starting up a gigantic Cspace community for these boards if you interested plz poste your interest here to let me know how big the community would be and if you know anything about the client (flaws/advantages/leaks/etc...) poste that too here too. Thank you. Look forward to gettin things fired up.

[theknife]

Quote:

Originally Posted by defacto

Re: CSPACE - p2p DHT secure Buddylist like WASTE open source

http://cspace.in/

What is CSpace?

CSpace provides a platform for secure, decentralized, user-to-user communication
over the internet. The driving idea behind the CSpace platform is to provide a
connect(user,service) primitive, similar to the sockets API connect(ip,port).
Applications built on top of CSpace can simply invoke connect(user,service) to
establish a connection. The CSpace platform will take care of locating the user
and creating a secure, nat/firewall friendly connection. Thus the application
developers are relieved of the burden of connection establishment, and can focus
on the application-level logic!

CSpace is developed in Python. It uses OpenSSL for crypto, and Qt for the GUI.
CSpace is licensed under the GPL.
What applications are available now?

The following applications are currently available with CSpace:
Text Chat
File Transfer
Remote Desktop (based on VNC)
How does it work?

Here are some of the salient points regarding the CSpace architecture:
User Identity
All users create 2048-bit RSA keys for themselves.
A user is uniquely identified by his RSA public key.
Every user has a contact list, which is just a list of public keys known to that
user.
A user assigns names to the public keys in his contact list. This is done
because it is easier to display & manage names rather than raw public keys.
CSpace ensures that there are no duplicate names present in the contact list.
This is done to allow a contact name to uniquely identify a public key in the
contact list.
To help with the exchange of public keys between users, a key server is used
(somewhat like PGP key servers).
Decentralized Network
A Distributed Hash Table (DHT) based on the Kademlia protocol is used.
When a user goes online, a mapping from his public key to his ip-address is
created in the DHT.
CSpace also registers with third party routers, so that the user can receive
connections even if he is behind a nat/firewall.
Connection Process
When an application wants to utilize the CSpace platform, it establishes a local
connection to the CSpace instance, and issues a connect request, say, something
along the lines of connect(alice,TextChat).
CSpace obtains the destination user's public key by looking up the name in the
contact list.
The DHT is used to obtain the destination user's network location (ip address).
A TCP connection is established to the destination user's network address. In
case the destination user is behind a nat/firewall, then a proxied connection is
established using a third party router.
A secure channel is established using the TLS protocol.
The service name which was requested (say TextChat) is sent over the secure
channel, and the destination CSpace instance responds with a success code.
The application which issued the connect request is notified about the
successful connection. CSpace proxies the data between the local application and
the secure channel. Thus the application only sees a plain TCP connection to
localhost.
Screenshots

can you browse other people's stuff?

[Malk-a-mite]

My only question is:

"Remote Desktop (based on VNC) "

Why?

[DaSquad82]

from what I can tell from using it so far is that the only way for a user to browse files is for the user to connect through remote desktop or for you to send the file manually. this app is really neat though...also, there are permissions you can setup on a user based system to where who can and who cant connect to you through VNC etc...I have not figured out a way to share HD's yet but I think there is someway to allow it through permissions...just need some more time. but the app is kewl as crap so far..

[Malk-a-mite]

Quote:

Originally Posted by DaSquad82

from what I can tell from using it so far is that the only way for a user to browse files is for the user to connect through remote desktop

Might I be the first to say.... ewwwww, no.


*spends too much time watching the VNC bugtraq and full-disclosure postings*

[DaSquad82]

still a very neat app though..I would love to see some sort of browsing of shared files/directories/roots/yadayada implemented in an easier fashion....

[theknife]

browsing is a critical feature, imo - i often don't know i need something until i see it in somebody else's library

[DaSquad82]

I find something everyday in messing with this program that needs work. I like the idea of coded permission it has but still that doesnt give you the ability to share a workspace etc... also, this app overwrites files instead of resuming them. there are some things that def need work with it.. if you have any experience poste your thoughts/findings/etc.. here....still a neat app though that could prove to be the next generation of p2p with enough work....the secure chat is awesome etc...

[Dream Catcher]

at least for now , the only reason why it have much potential is the dht.
as far as security concerns it still quite far behind WASTE and specially to SILC.
and hopefully cspace have a socks4a option and offline messaging or bulletin board much like filetopia bulletin board implementation.

Incidentally theres Scatterchat by Hacktivismo and was launched during hackers conference last July (i think).