Re: wireless technology risks request

[Ranjeet Shetye <ranjeet.shetye2 () zultys com>]

On Wed, 2003-11-12 at 13:38, SMiller () unimin com wrote:
> On topic, but not necessarily for debate here (Kelly, I hope this is OK):
>
> Rebecca Mercuri has done a tremendous amount of research and publication
> regarding public-interest issues related to electronic voting, much of it
> pro bono.  She is requesting some expertise that I am certain can be found
> here.  Cross-posted from RISKS 23.02:
> I would like to bring readers' attention to the fact that the current IEEE
> voting system draft allows for wireless (and other transmission) technology
> to be used with precinct electronic balloting systems.  We need some
> individuals with the ability to provide a detailed explanation of security
> issues with wireless to assist with the current debate on this subject.
> Anyone who has technical expertise in this area should contact me
> immediately at: mercuri () acm org
>
>
>
> ---------------------------------------------------------------------------
> Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE
> The Presidio integrates PGP data encryption and XML Web Services security to 
> simplify the management and deployment of PGP and reduce overall PGP costs 
> by up to 80%.
> FREE WHITEPAPER & 30 Day Trial - 
> http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027
> ----------------------------------------------------------------------------

I am sure that you've done all the research and know all this, but I am
putting together a long email that hits upon all the issues involved.

I am going to focus only on the security of the data while it is being
transported (over a wireless link). I wont go into security of static
data (the vote being stored on disk), or the firewall that protects the
voting server, or any exploits in the implementation of the voting
protocol server or in the design of the voting protocol itself.

At a basic level, wireless links can be run unencrypted or encrypted.
Call it layer 2. Above the wireless layer is IP, i.e. layer 3.

If layer 3 is encrypted (using IPSec) correctly  (i.e. no ESP_NULL or
weak algos) then it does not matter if layer 2 is encrypted or not.

Unencrypted layer 2 does SEEM more vulnerable to DoS attack. Is that so
? I dont know. Need to understand how links are initiated, maintained,
and torn down.

If layer 3 is not encrypted, then layer 2 MUST be encrypted. In which
case you are talking of WEP or the newer WPA. However, I recently read
that WPA's design is even more flawed than the WEP design (I dont know
details).

Now, if layer 2 AND layer 3 are unencrypted, your last option is to run
the voting protocol over SSL (layer 4) and use a browser as a client.
(i've mentioned SSH below).

So my order of preference is

1. layer 3 encrypted - cleanest and most flexible, but deploying VPNs
takes patience.
2. layer 4 encrypted - less flexible
  * all applications and protocols should be SSL aware, OR
  * use SSL wrappers with X.509 certs for server or mutual
authentication. X.509 certs are also a pain, OR
  * you could even run everything over SSH tunnels, as long as you can
GUARANTEE that you are taking care of the man-in-the-middle (MitM)
attack on the first connection.
3. layer 2 encrypted - well, its better than nothing cos you are raising
the bar - but in the long run its not really any more secure than an
unencrypted link.
4. Nothing is encrypted or protected - His Majesty George Bush II will
get elected as ACM President.

In short, you may use wireless links without any problems as long as you
protect the whole data stream at a higher protocol level; and the more
secure the solution you're deploying, the more pain you'll suffer while
deploying it. :)

To look at this from a different perspective: If we use only wired
ethernet, and a cracker manages to plug into the hub (which is probably
under a table anyways - and an 802.11b-ethernet bridge will help him/her
crack from a safe distance), then we can see that the data MUST be
protected at a higher level. It is not correct to think that layer 2
traffic is secure if it is wireline traffic.

$0.02,


BTW, my father-in-law has been pestering me to get ACM membership (he is
a member), and I was thinking about it esp since I want to catch up on
wireless knowledge. Any suggestions about which sub-group or focus group
I should look at ? My background is a Masters in Comp Sci (focus on
design/analysis of network/security protocols) from USC/ISI, and I've
been working in *BSD/Linux kernels, network protocol design, and
security architectures for the last 7 years. I'd appreciate any
pointers. Thanks.

-- 

Ranjeet Shetye
Senior Software Engineer
Zultys Technologies
Ranjeet dot Shetye2 at Zultys dot com
http://www.zultys.com/
 
The views, opinions, and judgements expressed in this message are solely
those of the author. The message contents have not been reviewed or
approved by Zultys.



---------------------------------------------------------------------------
Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE
The Presidio integrates PGP data encryption and XML Web Services security to 
simplify the management and deployment of PGP and reduce overall PGP costs 
by up to 80%.
FREE WHITEPAPER & 30 Day Trial - 
http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027 
----------------------------------------------------------------------------