The Reliable Security Environment
- A Pretty Good Solution For Really Bad Networks -
January 2000
The Problem
Unfortunately everyone who is willing to use PGP in a networking environment
is confronted with a
problem,
I have described in detail, the risk of disclosure of your secret-key.
All kinds of possible attacks on the security of your secret key are lurking
around in a networking environment beginning with vulnerabilities of your
operating system allowing snooping attacks to undesired side-effects using
network software like browsers and other TCP/IP-based information systems.
Even if you are careful when using your passphrase, you don't know
in which condition the computer system you have just logged in
is at the moment, and you don't know, whether your keyboard input
isn't going anywhere you don't know.
You simply have no access to a computer system which is reliably secure
to use your passphrase and to enjoy its secrecy for your lifetime.
If you don't have this problem, you are lucky, and you will never need
RSE, because you have already a computer system you can rely on.
SECT - The Secure Terminal
But if your computer system is not reliable for using PGP and you have
access to another system that offers you reliable security somewhere
out on the net you can turn your local computer into a
secure terminal (SECT) by booting a single disk, I call
SECT-disk.
Once you have booted SECT your local PC is turned into a LINUX system
which provides reliable security
so that you can establish a cryptographically secured connection
(Secure Shell)
to your reliable system somewhere
out on the net, and you can safely enter your passphrase locally, even
if there is something next to Sodom and Gomorrah happening on the other
systems connected to your completely unreliable local network.
RSE - The Reliable Security Environment
But if you don't have access to some reliable system on the net
you can turn your local PC into a safe system, safe to enter secret
passwords for PGP, using another disk which creates the
Reliable Security Environment (RSE) on your local system.
The RSE-disk
holds your PGP-secret-keys doubly encrypted and provides
all functionality to read and compose email and to sign documents
without a risk of disclosure of your secret-key while
your computer is still connected to a totally unreliable network.
What is Reliable Security ?
Everyone who promises total security should be treated with great
suspicion. But RSE does not make this promise, and I'd like to
emphasize, that RSE is designed to provide as much reliability as
possible, so that you can be sure, your system is working in a reliable
way, using carefully selected software to avoid risks that can be
avoided.
Total security means nothing will go wrong. Nobody with
some experience in complex information technology will regard this
being possible during this millennium. But reliable security means
that something important - like the use of PGP - is being performed
in a certain way you can rely on every time you are booting your
SECT and RSE-disk.
So what can you expect from the "Reliable Security Environment" ?
- You will be using LINUX, which is reduced to a minimum of files
on the SECT-disk. The source code of LINUX is publicly available
but even if the ordinary user would not scrutinize the complete
source code, experts can take a close look on security relevant
parts of LINUX and can warn the community. (Tranparency)
- The whole system will be running in RAM, the main memory of the
computer, so that every secret will ultimately be forgotten
when the power is turned off. No part of the filesystem will be
located on a permanent storage, so that you can switch your
computer off at any time although you are running UNIX.
(Protection of filesystem)
- All traffic to the local network over the ethernet will be
blocked, except the indispensable SSH-trafic (SECT) and
POP/SMTP-traffic (RSE). Some people call this a firewall.
The local system will be running none (SECT) or very few
server-processes (RSE) and will be inaccessable as much as possible.
(Minimal connectivity)
- Your ssh-secret-key will be stored on the SECT-disk and there is
no more encryption than SSH itself provides, which is strong
encryption as well. All your pgp-keys will be stored on the RSE-disk
using pgp twice so that your secretkey-ring will not be accessable
if you forget your RSE-disk in the drive, which will surely happen.
So everything depends on you selecting two secure passphrases, one
to protect your secretkey-ring and one for your encrypted backup
to the RSE-disk.
(Strong encryption)
- RSE provides a mail client (pine) and a software (securemail)
which integrates pgp into your mail client in a transparent way,
so that you don't have to deal with pgp on the command line, but
you can see pgp being invoked by open-source filter software.
(PGP-integration)
- And last but not least RSE provides PGP-2.6.3i which has been
compiled using checked source code.
(Trusted software)
Intellectual Property
Most of the content of both disks is not my intellectual property!
The Reliable Security Environment uses :
All rights reserved to the authors of those famous software and everyone
who has contributed. I am glad that I could find such a professional
basis for the design of RSE. I thank you all very much.
For a few scripts, mostly in /root and /RSE/bin and /RSE/securemail,
all of them I have signed with my
PGP-key
I would like to claim intellectual property, as well as for the idea
of designing RSE.
Copyright © 2000
Ralf Senderek