Monday, March 2, 2009

Secure Access With Devices

Skribe picked up this nice piece of footage that shows almost precisely what I find wrong with digital technology - it's stuck in the box.  The video is nice, if somewhat MS-centric.  

But here's the problem:  I have three computer machines at home, and one of them is on generally anytime I am, often two or sometimes even all three.  I have basic remote control between the machines by VNC, LogMeIn, and Synergy.  This is all 3rd party software (and in LMI's case, a 3rd party server) that I need to run in order to just share myself among the computers.  It's clumsy. I have to log into each of the machines, run the relevant software, then go to the machine I want to control others from, run the master software of whichever instance I'm using, and then find the controlled machine and log in again.

Each of these softwares that I mentioned does something different.  VNC works within my network, LogMeIn is better for finding machines that are farther afield on the network, or when I'm farther afield and need to get back to one of the machines at home.  These two bring the remote machine's screen to my screen so I can treat the remote computer like an application.  (But with provisos, read on.)  Synergy is different in that it transfers my mouse movements and keystrokes to the controlled machine, but uses the screen on that machine as the display.  This makes it suitable for times when I have my laptop and PC side by side and only got room for one keyboard and mouse, and don't want to use a manual mechanical KVM (Keyboard Video Mouse) switch.

I've become quite adept at picking and flicking between these remote control apps depending on situation, and to some degree they offer functionality I would hate to have to live without.  I can be sitting here in my kitchen using the laptop, pop open a VNC terminal to the PC which acts as a simple server and media PC, and change the volume of the music it's playing through my lounge room speakers.  I can close the streaming audio and instead open up a video which is relevant to what I'm working on.  (I could do much the same using Synergy, if my eyesight were good enough to read the other screen at 8 meters distance, VNC just brings things up close in that aforementioned local application window.)

But now I want to drag a video I'm watching here on my laptop to the PC, and the troubles start...  If I drag the video and drop it onto the window which holds the remote session, everything stops.  If I want to drag a tab from my Chrome browser on the laptop to the Chrome browser (or any other browser actually) on the PC, things come to a halt.  And let's not even talk about what happens when I want to edit a document that resides on the PC using the Open Office Writer here on the laptop...

One reason for this supremely useless behaviour is that we don't have any means of authentication of the user.  We're distrustful of who might be accessing our data via remote control, so it's walled-in pretty comprehensively.  "No you may NOT have this file, I don't know who you are!" even though I might be logged in at the laptop 8 meters away and the laptop is happy with my credentials that doesn't mean a thing to the PC.  Yet if there was a shred of intelligence built into the OS's, they would accept each other's validation (maybe after making ONE manually guided connection between my login creds on the laptop and the login creds on the PC) and realise that the laptop is portable and may be found accessing the network from different physical locations, so there will need to be some additional validation done.

The other is that there's no secure way to network the two machines - I'm effectively on a public medium.  So I need to establish a VPN tunnel using another third party software such as Hamachi. The list of things that my operating systems don't do is phenomenal.  Do I actually care if a window closes or animates down to a pinpoint and winks out of existence?  Not a helluva lot.  But ask me about portable login and applications and I'd be all ears and a deeper wallet...

Anyhow - back to the validation process.  Then it becomes just a matter of realising which machines a person is using, establish some kind of pattern to their use of those machines, and their login and validation credentials on each machine.  IPv6 and other network identification and location schemes will make it easier to establish where the user is, and that will give clues.  It should be possible to establish a few things that I can and can't do, such as fly at lightspeed, use a machine that's known to be secured to someone else's use only, or a machine registered to a corporation or network that I'm not a member of.

If I've logged in from somewhere in Mandurah at 0800hrs, there is virtually nil chance that I will be logging in from Hillarys Boat Harbor at 0815hrs.  Just to make sure there isn't a super high speed transit between the two points and it could be me after all, a second layer of security can be activated.  "Please provide a biometric, the password to your diary software, and tell me what you removed from the refrigerator this morning."  The latter works if you have a fridge that scans barcodes on the way in and out,but it's just one example.  The security system could as easily ask you which online news site you visited, or what was the last email you remember reading.  (Don't forget that your "network" of machines can communicate with each other and ask one another questions like this - so the PC you sit at in the Library can, once you've established identity, query your server at home, or a machine you used recently at your office, for some validation detail.)

In this way you have opened a "security tunnel" between the two machines.  (Or three machines, or four, or a whole server room full of them if that's how you roll.)  You can use this to also establish and encrypt the network VPN tunnel I mentioned earlier is needed, so that the VPN becomes keyed to your current identification details.  If you move to another machine and validate properly, then the VPN key fits and you have a tunnel to/from that machine also.  As long as the new machine is within a logically attainable distance of the last machine you logged in from, of course.  And not located in some Internet cafe or public access terminal or other place that's denied to your login.

And now that you have the VPN tunnel, there should be absolutely no reason whatsoever that I can't drag a file from the server to the word processor on the remote machine, edit it, and save it back to the server.  Or drag a URL from the browser here to a favourites folder over there.  Yes, I appreciate that the word processor on the remote machine may be compromised, and could wreak havoc.

Yes, the browser I'm using could attach 140 extra characters to the URL in order to lead my server to a zombiemaster website.  But those risks are inherent everywhere and can happen anytime to any machine anyplace.  Security needs to be a bit more flexible.  Once I have that tunnel established, I can send software to intercept every application my authenticated user opens and scan it on the fly - do I trust it?  - and make the call then as to whether to accept the file or reject it and suggest sending it in a more basic format.

If necessary I could even run my own word processor from my secure home server on this terminal I'm using via the VPN - it's not just data that should be possible to flow from one machine to the next - and that way I'm never using a compromised application.

The video makes it clear that Microsoft at least thinks they have some of those problems sorted out, and shows windows flying from one device to the next without frontiers or borders.  I would have been happy to see one "Access Denied - this is a public resource" warning or something, but I'll presume they did think of these things.

And I'm standing by my statement that eventually the difference between a computer and anything else (such as a key tag or a door) will blur and become kind of indistinct.  And when that does happen, and you want to store your data and distribute it out to your workplace, your coffee shop, your vehicle, your prospective customer's place, your entertainment wall in your home - it will always be riding shotgun on who you are, where you are, and if this is what you decided earlier is appropriate use of the data.

Once this happens you can get to the happy situation where you carry a data card with you and it unlocks relevant content on any public machines you are walking by, through RFID or cellphone technology, and if your wallet is stolen, you can establish new credentials through the security mechanism, and the instant that you do, your stolen ID's (which your security software knows were all in the same wallet that just got stolen) all become inactive at once.

In fact, if the thief tries to use them even once in a manner that raises suspicion in the security system and is unable to validate using one of the other mechanisms such as biometric or knowing your last email, then that entire cluster of access devices is flagged as compromised until you validate them again.

And of course, a whole class of currently annoying and bothersome exploits such as botnet herding become several orders of magnitude more difficult to do, because no-one can be in two places at once, and botnets are by definition geographically disparate.  So things like spam also become difficult, because each one is now identified by your particular validated ID.

You can't be sending an email from several hundred machines at once, nor sending to millions of "friends" at once.  Ditto for spammed Twitter messages, or IM's or even SMS spam - if it doesn't make sense, and if you did subvert a machine locally to do it, the other machines along the chain will realise that you can't do this and silently stem it.

I wonder what else is brewing in the very near future?

No comments:

Email Subscriptions powered by FeedBlitz

Subscribe to all my blogs at once!

Your email address:

Powered by FeedBlitz