>>>AA6YQ comments

--- In digitalradio@yahoogroups.com, "DuBose Walt Civ AETC CONS/LGCA" 
<[EMAIL PROTECTED]> wrote:

BTW Dave...if I come up to your neck of the woods, I'll take you out 
to some place that you can recommend that serves good crab cakes, New 
England Clam Chowder and lobster.

>>>You're on, Walt! I'm giving a DXLab presentation at the ARRL New 
England Division Convention in Boxborough MA on Saturday morning; if 
you happen to be around, stop by.
 
>snip<

1. If we could reliably distinguish attack payloads from valid 
payloads, we'd already be doing this on the internet -- where its 
easier to accomplish given the hierarchical routing structure. Our 
ability to detect attack payloads has significantly improved over 
time, but are far from 100% -- in part because we're chasing a moving 
target.

*** I would disagree because DNS, routers, switches, network 
management software, load balancing, firewall, filters all are 
virtually not seen by the human eye and sometimes when there is 
an "automatic" notification of a problem or new "hack" is used, its 
days before its known.  If you don't what the attack is going to look 
like, you have a hard time defending against it.  That's it...for 
every measure there is a counter-measure.  For every counter-measure 
there is a measure.  Its a FAST moving target.  

>>>All true. That's why increasingly, these network components can be 
rapidly updated to deal with new threats.


And this is the reason I think a scaled down simple network would be 
less of a target.  

>>>The system you propose would not be simple, Walt. On how many 
versions of how many different operating systems would it run? What 
other applications would also be installed on these systems, 
downloaded from who knows where? How would you ever establish initial 
security, much less maintain security in the face of new installs and 
upgrades initiated by the user and the constantly changing threat 
environment?


The attacker would first have to get on the air, establish their 
credentials and be accepted to the network.

>>>This is trivial; if any US amateur can authenticate, anyone can 
authenticate. But even without this, a user-operated node could be 
penetrated by a bot embedded in software downloaded from the internet 
months or even years earlier.


Even my encrypted signature mail folder on occasion gets SPAM.  If I 
restrict my incoming E-Mail to only one known valid domain, I have no 
SPAM unless messages from my network control center are considered 
SPAM.  I wanna use the KISS theory.

>>>You'll have no control over what the user loads on the PC that's 
running your HF messaging application, KISS ("keep it simple, 
stupid") won't help you.


2. Since we can't distinguish attack payloads from valid payloads, 
your HF-based system would be equally vulnerable. What would stop an 
attacker from injecting an attack payload into your system that when 
delivered to its destination exploits a buffer overrun in the 
operating system and installs a bot that can then be commanded by 
subsequently delivered messages? Since it relies on HF links, your 
proposed system requires large numbers of user-operated nodes to 
perform the routing and terminal functions; it would be trivial for 
an attacker to join this system, operate one or more nodes, and use 
them to inject his attack.
 
*** Its really to install a "bot" or any malware if your system is 
90% text based.  Before MIME E-Mail, malware was unknown.  We take a 
GIANT leap backwards.  KISS. Hi Hi.

>>>As I point out above, the message isn't the only entry point -- 
there's other's whatever else the end user has installed on his or 
her node.

>>>I don't think your point regarding MIME being the enabler for 
malware is accurate. And without MIME or something similar, how will 
your system deliver attachments?


*** If you try to join my system and I can't authenticate your call 
sign, you ain't gettin in. With no hard feelings to non-U.S. amateur 
radio operators, I talking about only U.S. amateur radio operators.  
Any "tribal" contacts would be between only specific authorized 
stations. (BTW "tribal" is the international politically correct name 
to be used for sovereign nation.)

>>>Penetrating this sort of system would be all too easy, Walt. It 
happens thousands of times each day.

 
I did not say that an attack on the internet would bring down your 
proposed HF-based system. I said that an attacker would be foolish to 
bring down the internet without simultaneously bringing down your 
backup system. This would be accomplished with independent but 
synchronized attacks.
 
*** Ok...understand and that is true but again we have made it more 
complicated to the enemy...and the society that enemy comes from is 
not know for a large scale amateur radio contingent or operational 
capability nor is their government know for its RF capability.  They 
are well known for their Internet capability.  Know your enemy.

>>>A committed adversary will locate all weak points, and attack 
accordingly. Assuming that your opponent is naive would not be good 
judgement.

 
>snip<

A parallel email system implemented with the same software technology 
used in today's internet would provide no increase in protection from 
a committed attacker. None of the amateur protocols in use today were 
designed to resist intentional attack. Inspecting these applications 
with static analysis tools would likely reveal long lists of 
vulnerabilities.
 
*** Agree and I don't propose using current E-Mail software, amateur 
radio or commercial.  One other thing, and I know this is very 
controversial, but we can use encryption for network control and 
transmission control which the Internet as a whole doesn't 
do...except for VPNs.  And I might mention that there is some 
assumption by Internet gurus that some VPN circuits might well be 
able to withstand a cyber-attack.  I know the VPN that I run for my 
office use isn't even hackable by our network gurus.

>>>VPN and other encryption-based approaches guarantees the integrity 
and privacy of the packets they convey. They do not prevent an attack 
payload from corrupting the destination system after decryption.
 

The "redundancy from multiple identical systems" approach only works 
when you can deploy so many independent systems that an attacker 
cannot hope to disable them all, and is thus deterred from attacking 
any. This may work with strategic weapons, but no one remotely 
understands how to manage thousands of independent worldwide email 
systems.
 
*** Well if we have hundreds of independent RF networks that we 
can "patch together" if needed, we may well over come this problem.  
I would have to disagree with you last statement that "no one 
remotely understands how to manage thousands of independent worldwide 
email systems." because this some of the very "stuff" that some of 
the ARRL HSMM WG members are talking about and that the organizations 
they work for are actually working on this.  What can be done with an 
ad hoc mesh network scaled down to an HF level I believe is workable 
especially if you are not really mobile.

>>>Sorry, I must not have been clear. By "thousands of independent 
worldwide email systems", I didn't mean one email system with 
thousands of independent nodes. I meant thosands of independent email 
systems, each with thousands of independent nodes -- such that any 
one surviving system could provide worldwide messaging. I doubt the 
ARRL is talking about such a configuration, much less working on it.


I do believe there is a role for an RF-based email system that would 
complement the internet's email delivery system by supporting 
portable operation and by standing ready to compensate for local 
outages. The "boil the ocean" approach that you've been advocating 
can only delay the development and deployment of this far more 
practical application.
 
*** I believe that with forward looking local and regional level HF 
messaging systems (note I didn't say E-Mail), I think if we 
can't ""boil the ocean", we may be able to raise it to a temperature 
so that the foes don't want to enter it.

>>>To extend an already stretched analogy, raising the temperature a 
few degrees won't help; an opponent would simply increase his 
insulation by the same increment -- or use a cooling system.
 
    73,

        Dave, AA6YQ






Need a Digital mode QSO? Connect to  Telnet://cluster.dynalias.org

Other areas of interest:

The MixW Reflector : http://groups.yahoo.com/group/themixwgroup/
DigiPol: http://groups.yahoo.com/group/Digipol  (band plan policy discussion)

 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/digitalradio/

<*> To unsubscribe from this group, send an email to:
    [EMAIL PROTECTED]

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/
 


Reply via email to