Middleboxes are essential to the operation and the cybersecurity of networks. With the Middlebox Security Protocol (MSP) set of ETSI deliverables recently published and attracting journalistic attention, these standards are one of the hottest topics coming out of TC CYBER this year. This hackathon will set the scene for MSP: why it’s needed and how it can be used, an explainer of what the standards mean, and demonstrator code for developers to get hands-on and create their own implementations for their use case.
Participate in the ETSI Middlebox Hackathon 2019!
Interested in improving network security?
- Learn about middleboxes through practical implementation
- Learn about the TC CYBER Middlebox Security Protocol set of standards
- Create implementations that demonstrate industry need for a variety of deployments
All attendees interested in middlebox security are welcome.
The event is best suited for software development professionals. Students on relevant educational programmes are also welcome.
How to participate?
- Join in the Slack conversation now: middleboxhackathon.slack.com (email us for an invitation).
- And sign up on the ETSI registration link.
The Hackathon is focused on implementing Part 2 and Part 3 in the Middlebox Security Protocol series:
- Part 2: Transport layer MSP, profile for fine grained access control (ETSI TS 103 523-2)
- Part 3: Enterprise Transport Security (ETSI TS 103 523-3)
- To familiarise developers, systems engineers and other technical experts with the new standards in the Middlebox Security Protocol series (TS 103 523) to meet current industry needs
- To promote the new TC CYBER Middlebox Security Protocol specifications for use in middlebox implementations for enhanced cyber security, infrastructure protection, and other operational requirements
- To encourage anyone to create and demonstrate their own middlebox security protocol(s)
If you're short of inspiration for the hackathon, here are some suggested projects that you can get started with during the two-day workshop:
- Set up a vulnerable web application (e.g. with an SQL injection vulnerability). Create a client that exploits the vulnerability and downloads a file of user passwords. Demonstrate either:
a. Detection through a middlebox using the key from ETS and prevention of the attack
b. Detection through a TLMSP middlebox and prevention of the SQL injection
- Set up a vulnerable client IoT device (e.g. where patching has never been supported)
a. Implement a middlebox that can detect attempts to exploit the unpatched system and block it.
- Set up a client device that downloads a software update which changes the privacy of that device.
a. Implement a TLMSP filter that can detect the change and the updated app sending client data to a new location.
Of course, participants are also very welcome to work on their own implementation ideas instead of or as well as these starting points!