2

Let’s consider these 4 computers :

East Coast location :

  • computer East1 is connected to the internet.
  • computer East2 is connected to East1 through a RS232 serial cable.

West Coast location :

  • computer West1 is connected to the internet.
  • computer West2 is connected to West1 through a RS232 serial cable.

East2 and West2 have a copy of the same one time pad.
Their only connection to another computer is the serial cable.
They use a custom written software to transmit (crypted) messages on the serial port.
They have another custom written software that can crypt / decrypt a message with the one time pad.

East1 and West1 have another custom software that can :

  • send and receive the crypted messages through the serial cable
  • send and receive the crypted messages to each other via internet (email, FTP, SSH ...)

They don't have the one time pad so cannot decrypt the messages. They're just acting as transmitters.

Example scenario :

Bob is on east coast and want to send a crypted message to Jane who is living on west coast.
- Bob writes the message on East2.
- East2 encrypt the message with the one time pad
- East2 sends the message to East1 through the serial cable
- East1 receives the message and forwards it to West1 via internet
- West1 receives the message and transmits it to West2 through the serial cable
- West2 decodes the message
- Jane reads the message on West2
...
- she decides to answer
- West2 encrypts her new message and pass the message to West1 through the serial cable
- West1 sends the message to East1 via internet
- East1 receives the message and sends it to East2 through the serial cable
- East2 decrypts the message and Bob reads Jane's answer

Let's make some assumptions :
- the one time pad is truly random (meaning unbreakable)
- East2 and West2 were not compromised before being connected with the serial cable
- Bob and Jane are trusted
- and so is the developer that wrote the custom softwares used to communicate through the serial port
- the potential attackers can't access physically to East2 and West2 (nor with tempest etc)

And finally here is my question:
can an attacker who gained control of East1 and / or West1 access the one time pad on East2 and / or West2 ?

I understand that the attacker can :
- intercept the coded messages (wich he can't read if the one time pad is random)
- stop the communications between all the computers
- send fake messages (wich should be gibberish once decoded)

But can he do anything else if its target is behind a serial cable ?

More questions :
- does it change anything if instead of true serial ports, serial to USB converters are used ?
- if the solution is secure, does the operating system of East2 and West 2 has any role to play or even an unpatched Windows 95 would not change anything (remember the attacker can't access physically the computers) ?

Thanks in advance for your inputs.

jmn
  • 101
  • 1
  • 6
  • 3
    How is the one-time pad key shared between the two machines? It's only one-time if it's used *literally once*. If you're using the same key for more than one message, it's no longer a one-time pad. – Polynomial Jul 18 '12 at 14:55
  • What is the point of this question? Why are you asking about Windows 95? There are hundreds of exploits that exist for Windows 95, that can never be fixed, because of the simple fact it was created and sold before there wwere those types of exploits. – Ramhound Jul 18 '12 at 16:16
  • @Polynomial : the one time pad would be big enough to encode several messages (maybe I should have called it one time pads) and loaded on both machines when they are build. If need be, a new one time pad could be generated and loaded by someone whos has physical access to both computers. – jmn Jul 18 '12 at 16:21
  • @Ramhound : the point of this question is to know if the solution I imagined is secure. Windows 95 was just the most insecure OS I could think about. But I still don't think it would be vulnerable behind a serial cable. Now I'm all ears if someone can explain me why I'm wrong. – jmn Jul 18 '12 at 16:24

2 Answers2

4

Interesting theoretical question, so I'll provide a theoretical answer :).

Lets assume that East1 and West1 are compromised (they're connected to the Internet and running COTS software so not a massively unreasonable assumption).

The interface to the code running on East/West2 is the software making the serial connection and transmitting the encrypted messages. Like any software it will have bugs and these bugs may be security relevant.

If the software running the communication over the serial port has a buffer overflow issue for example it may be possible for an attacker to transmit a message which allowed for code execution on the serial-only computer.

At that point the Operating System in use on the serial connected systems could be relevant as OS level mitigations (e.g. ASLR) could be relevant in whether it's possible to exploit the hypothetical vulnerability in the software running over the serial connection.

Assuming that the software running the serial connection has an exploitable buffer overflow or similar it could be possible got get remote command execution on the serial connected machine and thereby get access to the one-time pad.

Of course in the real-world that's a pretty unlikely chain of events and it would likely be easier for the attacker to take some alternate avenue to get access to the information :)

Rory McCune
  • 61,541
  • 14
  • 140
  • 221
1

Yes, you are right, this is a powerful way to reduce the level of risk.

It does not completely eliminate all possibility of a compromise. For instance, if there is any vulnerability in the code on East2/West2 that listens to the serial port and acts on the bytes coming in over the serial port, then you are hosed. If there is any vulnerability in the OS device drivers for the serial port, you might be hosed.

But, this is still a significant improvement. The amount of code that is security-critical is greatly diminished. And, if you write the code that handles the bytes coming in over the serial cable very carefully, and have it reviewed and audited by a bunch of different security experts, you can reduce the likelihood of vulnerabilities there. So, the approach you sketched is a reasonable way to reduce the risk, in general.

In summary: not perfect, doesn't completely eliminate all risk, but does make it less likely that an attacker will be able to compromise and take control of East2/West2.


Now let's talk about the crypto. The one-time pad is not such a wonderful choice in practice. The key management is difficult and often gets screwed up. Also, the one-time pad provides only confidentiality but not message authentication. Using encryption without message authentication is one of the most common crypto mistakes people make, and it can have catastrophic consequences.

In short: you still need to get the crypto right, and I don't think you've got the crypto quite right just yet. However, the question of how to do the crypto right is an orthogonal, separable question that has been well-covered elsewhere, and I don't think it's really the point of what you are asking anyway. So, I'll leave that one aside for now.

Hopefully this helps you get a better sense of the risks you are and aren't exposed to, with your proposal.

D.W.
  • 98,860
  • 33
  • 271
  • 588