DeepSec 2023 Talk: WEFF : p2p Communication without Third Party – Nikolaos Tsapakis
References in public available literature pertaining to a completely serverless connection method between two peers behind routers implementing NAT are scarce. In this talk, we are describing a more generic method for NAT traversal that requires no intermediate server and relies on a multiple port testing method which resembles a brute force attack. We have created a proof of concept for verifying and showing our results.
This talk relates to p2p communication without the need for a third party (intermediate server or other) for initiating the communication.
We asked Nikolaos a few more questions about his presentation.
Please tell us the top 5 facts about your talk.
- Privacy
- Decentralized communications
- Secure communications
- Easy to implement
- Fun to use
How did you come up with it? Was there something like an initial spark that set your mind on creating this talk?
There were two thoughts that created the initial spark for the idea. The first is why does someone need to have an account in some sort of service in order to communicate through the internet (like an account on Skype, Viber, Messenger, etc.)? The second is, why, in the earlier 56k modem era we could open a port listening on a computer and then directly connect to it from another computer between two houses far away from each other, while nowadays this is not the case?
Why do you think this is an important topic?
Because it highlights how important decentralized and independent, secure peer-to-peer (p2p) communication is.
Is there something you want everybody to know – some good advice for our readers, maybe?
Not good at giving advice 😀. It would be great if everyone was trying to answer the two initial thoughts/questions that sparked the idea of this talk, as mentioned in one of the previous questions here, prior to listening to the talk. Would be great to see the diversity of opinions on these matters.
A prediction for the future – what do you think will be the next innovations or future downfalls when it comes to your field of expertise / the topic of your talk in particular?
I am afraid that privacy and decentralization of communications is something that is by default at risk when people use ready-made applications and services. Only by creating their own custom application someone can be confident that it will function as expected. I would even propose for people to create their own encryption schemes and use them since public news in the past highlighted that encryption schemes/implementations seem likely to have been sabotaged in order to be easier to break. The innovation may initially derive from the purpose of a creation.
Nikolaos Tsapakis is a reverse engineering enthusiast and poetry lover from Greece. He has been working as a security & software engineer in companies like NCR, Persado, Fujitsu, Symantec, Citrix. He has also been writing articles or presented for Virus Bulletin, 2600 magazine, Hakin9, leHACK, Athcon, Symantec. George Tselos is a computer science tutor who lives and works in Athens, Greece. He is interested in embedded systems, microcontrollers, peripheral device development.