[center]*** I recommend using it only for running node ***[/center]
[center]for Raspberry Pi only[/center]
What is Peerbox?
Intro
Peerbox is created to address security and privacy concerns regarding using cryptocurrencies. Security and quality of Peercoin client (or any Bitcoin based client) is not tested enough and it taken for granted. Most crypto coins, the other forks of Bitcoin have wallet’s that are not being used in same way as Peercoin’s wallet, that is running 0-24h connected to the Internet. They are mined with specialized software, not linked with wallet and thus coins are not exposed to attack as they are simply not connected. This kind of cryptocurrencies, the POW ones are the most popular cryptocurrencies at the moment, and this approach that takes security and privacy for granted just works for most of people. Peercoin however utilizes process called minting that requires that wallet is unlocked and then connected to at least 8 peers on the network, each and everyone of those peers now knows IP of person minting, thus enabling attack vector. Running full node is even more risky, now you connect to 20-70 peers with port 9901 forwarded. That means this port, on which Peercoin wallet is running is now completely open to anyone on the internet, exposing it to attacker. Knowing this people tend to avoid minting and risk entire network security by doing so. One way to solve this is to develop cold-locked minting where coins remain encrypted even if in minting mode. So, they are safe even if attacker does succeed and hacks the wallet. In my opinion this is not elegant solution, as it calls for changing the protocol itself and will probably cost a lot of time to develop and properly test. I do admit that it will ease a lot of minds and persuade them to start minting. Peerbox is taking diffirent approach to this, instead of dealing with Peercoin code and protocol it ensures that underlying OS is secure and limits possible attack vectors. So, it protects the wallet software and thus indirectly coins in it.
Thus, this project’s ultimate goal is to provide maximum security platform for minting and running nodes.
Security will be enforced by underlying OS, which will be hardened by default to repel most of the attack vectors.
Secondary goal of Peerbox is to provide plug&play platform for running Peercoin nodes and to allow safe minting as easily as running a wallet software.
Design
Peerbox is designed as extension to Arch Linux, well know Linux distribution which focuses on minimalism and simplicity. An ideal distribution to shape to our needs. What is important, Arch Linux provides very simple solution for building packages, it’s PKGBUILD scripts allow anyone to compile the entire OS themselves with ease. Being able to understand internals of every package and to be able to quickly learn how to make one on your own is very important to avoid centralization of knowdlege around one developer or team. Best of all, Arch Linux runs on various hardware, starting from high end servers to simple Raspberry Pi, and everything in between.
Peerbox platform uses some of well know security philosophies already used in production servers like “principle of least privilege”, limiting every process to as few right it needs to run along with chrooted environments for essential programs. Beside that, system will use Grsecurity patches for Linux kernel. Grsecurity is an extensive security enhancement to the Linux kernel that defends against a wide range of security threats through intelligent access control, memory corruption-based exploit prevention, and mandatory access control (MAC). A major component of Grsecurity is its approach to memory corruption vulnerabilities and their associated exploit vectors, which is extremely important to Peercoin since it is coded in C++, a programming language well know for memory corruption vulnerabilities.
Peerbox pules packages from upstream Arch Linux repository and pre-configures them to our needs. With dedicated package and git repository so anyone can inspect and build packages them selves, and contribute if they notice something is wrong or just feel like there is better approach. It is very important to have user understand risks and dangers involved with crypto currency. We will try to educate our users and explain what can they do to protect their data and privacy in a world that is becoming increasingly hostile to principles of free speech.
Vision
Peerbox will deliver same experience on all platforms but focus on cheap, energy efficient devices like Raspberry Pi or Beaglebone Black which are compatible to general idea of Peercoin in ecological way. Peerbox primary platforms will be those who are cheap and easy to find, as well as recycled computers and parts. Peerbox will compliment Peercoin’s goal of providing energy efficient cryptocurrency without need for high end components like GPU’s or dedicated mining hardware (ASIC’s). If ASIC is term for dedicated and energy efficient mining, then this is ASIC of PoS.
[size=14pt]How to use it?[/size]
- It is plug&play actually, download the image/ungzip it and move it to SD card.
Please note that this image is optimized for 2GB sized card, and I don’t see any need to use more space… not in 2 years at least.
The OS itself is very lightweight (and it will become more lightweight) and peercoin’s blockchain also quite small.
Also, I want people to be able to recycle their old SD’s and give them use. This philosophy is part of all this “green” talk around Peercoin, energy saving etc. So, if you have old SD’s lying around, use them.
- Upon boot, which is quite fast (maybe 15sec on low speed SD card) system will auto-connect to ethernet and request IP from dhcpd server.
Inspect which address is assigned for Peerbox, write it down.
- Use proper SSH client
I’ve notice that a lot of people, notably Windows users use PUTTY for SSH connections.
You should know PUTTY is bad software, there are much better alternatives.
To keep things simple please try one of in-browser solutions:
(Look for this addons in your browsers extension repository)
Firefox: FireSSH a SSH Client for Mozilla Firefox.
Chrome/Chromium: Secure Shell
Please take a minute to check it out, it is worth it.
- Login via ssh
You may see something like this, depending on your client:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
This is due to Peerbox making new public keys on first boot, don’t worry about it just accept the new key.
ssh sunny@Peerbox-ip
pass: sunny
I know some of won’t like that root user is enabled and password is so simple but I don’t see it as threat now, since it is usable only within LAN. You can change the password with “passwd” command.
Yeah, it’s that simple.
- Check the status of Peerbox:
peerbox-info
It will display classic json-ish output where you can read if it is synced, how many connections, along with raspberry’s serial number.
For more info on this program see dedicated thread: http://www.peercointalk.org/index.php?topic=3313.0
After this please post your opinion and confirm that it is working.
[center]###########################################################################[/center]
[size=12pt]Roadmap:[/size]
-
Write detailed description of project, explaining goals and methods.
-
Finish filesystem-peerbox package
-
Package pre-configured firewall
-
[b]Use more optimal filesystem for SD cards, encrypt it
-
Package the blockchain
-
Configure and package linux-grsecurity (http://grsecurity.net/)
-
Add limited user to Peerbox, disable root account.
-
Write grsec rules for ppcoind and other important parts of system
With this release I’ll remove warning to not use Peerbox for minting. By now, Peerbox will be 99% secure.
- Shave more weight of the system
- After this, I expect projects based on Peerbox, like user friendly interface and detached with stats, monitoring etc.
[size=18pt]
THANKS TO:[/size]
irritant
- for donating server and domain / supporting the idea
river333
- for hearing me out in the first place and supporting the idea from day one
sunnyking
- for one of the best cryptocurrencies out there
ArchLinuxArm team
- for bringing the beauty of ArchLinux to arm platform
All the donors on peer4commit
Update 1: added documentation for ppcoind https://dl.dropboxusercontent.com/u/9689469/ppcoind.pdf
Update 2: PKGBLD git repo is now on http://peer4commit.com/projects/92
Update 3: got domain! peerbox.me
Update 4: i686 packages uploaded, please test
Update 5: Uploaded peershares packages
Update 6: Build environment on server is now configured and running
Update 7: First img release!
Update 8: Grsecurity kernel built!
Update 9: Second img released!
Update 10: Third image released!
Update 11: v0.21 released!
Update 12: v0.22 released!