Re: Is a serial cable as good as thin air?
The problem is that we're trying to combine the answers to two rather separate questions. Here is the question: Is this as good as thin air? With suitable precautions as discussed already, most likely yes. Can you see any way a hacker could use such a connection to penetrate the bank's network? Sure, but you can do that with floppies, too, as also discussed. I think the real answer is "restate the question, please." Regards, John Levine, [EMAIL PROTECTED], Primary Perpetrator of "The Internet for Dummies", Information Superhighwayman wanna-be, http://iecc.com/johnl, Sewer Commissioner Finger for PGP key, f'print = 3A 5B D0 3F D9 A0 6A A4 2D AC 1E 9E A6 36 A3 47
RE: Is a serial cable as good as thin air?
Thank you all for the feedback; I will take your observations into account - replay attacks are accounted for and, for good measure, I will include a random delay to invalidate timing attacks. I see now that I should have been somehow more specific with my original question: Our home banking applications let the client use public Internet to access information about his accounts and allow for limited off-line transactional capability, such us to debit this account to pay that credit card. Encryption and decryption are implemented on the client's computer and within the bank's network. The Internet server is used only as a encrypted data repository and as a communications link. Now we want to implement on-line transactional capability. Here I am not concerned about the security of our application itself, but rather whether our application can be used to attack the bank's private computer network and interfere with the bank's normal operation. On this network we plan to install a PC connected to the Internet server by a serial cable. A dedicated program on this PC will receive from the Internet server encrypted data packages. These packages will be decrypted with the individual clients' passwords, the resulting plaintext will be validated, and if all looks right it will be forwarded and processed by the bank's internal system. All packages that do not validate correctly will be discarded. If three or so packages with the same client id fail to validate in a row, future packages with this id will be processed slowly. Now, my reasoning is this: as I understand it, when a hacker attacks a network, he finds a way to access or modify files on this network, execute system level commands or plant his own code. As far as I can see this will be impossible in our set-up; an attacker will never be able to do anything worse than fake transactions of our own application and therefore the bank's risk cannot be higher than that. The serial connection will not be one-way. The networked PC will use the same cable to send (encrypted) confirmations to the clients and to update the (encrypted) data base on the Internet Server. If the internal network itself cannot be compromised, neither is there any danger in having data sent out by our own program. Dianelos Georgoudis email: [EMAIL PROTECTED] http://www.tecapro.com
Re: Is a serial cable as good as thin air?
I am uncomfortable with the tone of this thread. There is nowhere near enough information provided in Mr. Georgoudis' posting to conclude that hisbank's existing floppy disk transfer scheme is secure, much less render an opinion on the impact of a serial connection. Most computer systems can be broken down in to a series of components, like links on a chain, and analyzed individually. If all the links are ok, the system should work. Cryptography is not like that. Crypto is more like a condom where a single hole can cause a failure without the user even being aware of the problem until it is too late. A careful analysis of Mr. Georgoudis' total system, including threat models, acceptable levels of risk, audit possibilities, etc. is needed to reach a sound conclusion. Arnold Reinhold At 1:46 PM -0600 11/30/98, Missouri FreeNet Administration wrote: Why not keep the "ThinAir" concept, and use an optically-isolated link? A one-way connection: just like your floppies... On Sun, 29 Nov 1998, Dianelos Georgoudis wrote: :Date: Sun, 29 Nov 1998 22:20:29 -0600 :From: Dianelos Georgoudis [EMAIL PROTECTED] :To: [EMAIL PROTECTED] :Subject: Is a serial cable as good as thin air? : : :We are installing home banking systems where the Internet Server :is separated from the bank's computer center by air. Data is moved :periodically back and forth using low tech but dependable floppy :disks that carry only encrypted data (the principle of red/black :separation is implemented by loading only encrypted data on the :server). This "air-wall" is an effective way to stop hackers from :penetrating the bank's computer center using its Internet :services. This works quite well with services such as users' :credit-card queries. : :Now, we have a potential client insisting on on-line transaction :capability. One possible solution is to connect the Internet :server with a PC on the bank's private network using a serial :cable. We would write our own transmission protocol. The PC :working on the bank's network would run a memory resident program :that services the serial port and will discard any blocks that do :not decrypt properly or have an invalid structure (only blocks :that decrypt into the correct data structure would be processed at :all). Here is the question: Is this as good as thin air? Can you :see any way a hacker could use such a connection to penetrate the :bank's network? : : :Dianelos Georgoudis :email: [EMAIL PROTECTED] :http://www.tecapro.com : : Yours, J.A. Terranson [EMAIL PROTECTED] [EMAIL PROTECTED] -- If the Government wants us to behave, they should set a better example!
Re: Is a serial cable as good as thin air?
re. the use of a serial cable rather than an air gap / sneaker net (floppy disk). One thing that occurs is that if you were not careful the system might be used to mount a timing attack against the back-end machine. See Paul Kocher's RSA timing attack. Timing attacks may be possible without compromising the front end machine, the a compromised front end machine might have advantages in avoiding detection, or obtaining more accurate timing information. Adam
Re: Is a serial cable as good as thin air?
Arnold G. Reinhold writes: I am uncomfortable with the tone of this thread. There is nowhere near enough information provided in Mr. Georgoudis' posting to conclude that hisbank's existing floppy disk transfer scheme is secure, much less render an opinion on the impact of a serial connection. :all). Here is the question: Is this as good as thin air? He didn't ask if it was secure. He only wanted to know if a serial connection could be made as secure as a floppy disk transfer. I contend that an xmodem transfer of the file is as secure as a floppy disk transfer. The truly paranoid would insert a PIC chip which enforces that only the xmodem protocol could transit the wire, and then in only one direction. Sure, the floppy disk transfer could be insecure, but as you say, he neither gave us enough information, nor asked if we felt it was secure. -- -russ nelson [EMAIL PROTECTED] http://crynwr.com/~nelson Crynwr supports Open Source(tm) Software| PGPok | There is good evidence 521 Pleasant Valley Rd. | +1 315 268 1925 voice | that freedom is the Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | cause of world peace.
(Fwd) Re: Is a serial cable as good as thin air?
From: Russell Nelson [EMAIL PROTECTED] To:[EMAIL PROTECTED] Subject: Re: Is a serial cable as good as thin air? Arnold G. Reinhold writes: I am uncomfortable with the tone of this thread. There is nowhere near enough information provided in Mr. Georgoudis' posting to conclude that hisbank's existing floppy disk transfer scheme is secure, much less render an opinion on the impact of a serial connection. Russell Nelson responds: He didn't ask if it was secure. He only wanted to know if a serial connection could be made as secure as a floppy disk transfer. I contend that an xmodem transfer of the file is as secure as a floppy disk transfer. The truly paranoid would insert a PIC chip which enforces that only the xmodem protocol could transit the wire, and then in only one direction. Sure, the floppy disk transfer could be insecure, but as you say, he neither gave us enough information, nor asked if we felt it was secure. I think we need to revisit the original problem: can a serial-wire transfer protocol be implemented that protects the bank's computer from providing unlimited access. The simple answer is 'yes' - but it will require some modifications to the bank's software. First, the serial port must be isolated from existing drivers so that you can ensure that the port cannot be hijacked through whatever means. Then, the new driver must provide very specific services with appropriate protocol added to ensure that the data coming in the port is real -- you guys with more crypto experience can devise that scheme probably better than I can. Once you have written the driver with appropriate authentication and security protocols, and limited its range of action to processing only one type of transaction (updates from the remote terminal), the ability of an intruder to access any other data on the system is removed. Of course the connection must be 2-way because the protocol must provide for feedback to ask for resend of bad blocks, and commands to send the data must be implemented. But the driver can clearly be made to receive data only - never to send anything except commands and acknowledgments. Xmodem would work (Ymodem and Zmodem would probably be a bit better simply because they are faster), but it still would need a protocol of some sort added to specify what data to transfer, and perhaps to update keys or purge old data, etc. Were I coding the system, I think I would implement a custom protocol for everything and avoid something like Xmodem simply because I don't like the flow-control baggage you get with them. Such a package is relatively simple to implement, and can be made as robust as your requirements demand. Carl Carter - Software Eng Sansearch, Inc. [EMAIL PROTECTED] 10225 Willow Creek Rd voice(619) 635-5300 San Diego, CA 92131 fax(619) 635-5299
RE: Is a serial cable as good as thin air?
Brown, R Ken writes: If I was a bank I would be very wary of proposals like "We would write our own transmission protocol. " That seems to introduce yet more complexity, not to mention maintenance effort and undiscovered bugs. It would seem safer (more conservative a bank might say) to use off-the-shelf code which had been tried and tested ( for which source code was available if you really cared about security) Use xmodem. Only provide the receive code and the transmission code on the respective sides. That will be as safe as sneakernet. -- -russ nelson [EMAIL PROTECTED] http://crynwr.com/~nelson Crynwr supports Open Source(tm) Software| PGPok | There is good evidence 521 Pleasant Valley Rd. | +1 315 268 1925 voice | that freedom is the Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | cause of world peace.
Re: Is a serial cable as good as thin air?
Why not keep the "ThinAir" concept, and use an optically-isolated link? A one-way connection: just like your floppies... On Sun, 29 Nov 1998, Dianelos Georgoudis wrote: :Date: Sun, 29 Nov 1998 22:20:29 -0600 :From: Dianelos Georgoudis [EMAIL PROTECTED] :To: [EMAIL PROTECTED] :Subject: Is a serial cable as good as thin air? : : :We are installing home banking systems where the Internet Server :is separated from the bank's computer center by air. Data is moved :periodically back and forth using low tech but dependable floppy :disks that carry only encrypted data (the principle of red/black :separation is implemented by loading only encrypted data on the :server). This "air-wall" is an effective way to stop hackers from :penetrating the bank's computer center using its Internet :services. This works quite well with services such as users' :credit-card queries. : :Now, we have a potential client insisting on on-line transaction :capability. One possible solution is to connect the Internet :server with a PC on the bank's private network using a serial :cable. We would write our own transmission protocol. The PC :working on the bank's network would run a memory resident program :that services the serial port and will discard any blocks that do :not decrypt properly or have an invalid structure (only blocks :that decrypt into the correct data structure would be processed at :all). Here is the question: Is this as good as thin air? Can you :see any way a hacker could use such a connection to penetrate the :bank's network? : : :Dianelos Georgoudis :email: [EMAIL PROTECTED] :http://www.tecapro.com : : Yours, J.A. Terranson [EMAIL PROTECTED] [EMAIL PROTECTED] -- If the Government wants us to behave, they should set a better example!