[3684] in cryptography@c2.net mail archive
RE: Is a serial cable as good as thin air?
daemon@ATHENA.MIT.EDU (Dianelos Georgoudis)
Wed Dec 2 13:04:14 1998
Date: Wed, 02 Dec 1998 01:24:31 -0600
From: Dianelos Georgoudis <dianelos@tecapro.com>
To: cryptography@c2.net
Reply-To: dianelos@tecapro.com
X-Return-Receipt-To: dianelos@tecapro.com
Thank you all for the feedback; I will take your observations into
account - replay attacks are accounted for and, for good measure,
I will include a random delay to invalidate timing attacks. I see
now that I should have been somehow more specific with my original
question:
Our home banking applications let the client use public Internet
to access information about his accounts and allow for limited
off-line transactional capability, such us to debit this account
to pay that credit card. Encryption and decryption are implemented
on the client's computer and within the bank's network. The Internet
server is used only as a encrypted data repository and as a
communications link. Now we want to implement on-line transactional
capability.
Here I am not concerned about the security of our application
itself, but rather whether our application can be used to attack
the bank's private computer network and interfere with the bank's
normal operation. On this network we plan to install a PC
connected to the Internet server by a serial cable. A dedicated
program on this PC will receive from the Internet server encrypted
data packages. These packages will be decrypted with the
individual clients' passwords, the resulting plaintext will be
validated, and if all looks right it will be forwarded and
processed by the bank's internal system. All packages that do not
validate correctly will be discarded. If three or so packages with
the same client id fail to validate in a row, future packages with
this id will be processed slowly.
Now, my reasoning is this: as I understand it, when a hacker
attacks a network, he finds a way to access or modify files on
this network, execute system level commands or plant his own code.
As far as I can see this will be impossible in our set-up; an
attacker will never be able to do anything worse than fake
transactions of our own application and therefore the bank's risk
cannot be higher than that.
The serial connection will not be one-way. The networked PC will
use the same cable to send (encrypted) confirmations to the
clients and to update the (encrypted) data base on the Internet
Server. If the internal network itself cannot be compromised,
neither is there any danger in having data sent out by our own
program.
Dianelos Georgoudis
email: dianelos@tecapro.com
http://www.tecapro.com
