A Technical Discussion Regarding the CryptoVue System

AUDITORS:  Thanks for the heads up on this new technology.  We offer the following:

The going theory for new crypto systems is that they need to be tested in an open forum.  If testing is not open to the scientific community, then the crypto device cannot be taken seriously, so says interested people that seem to know. 

ERF Wireless:  Completely agreed.  With the possible exception of the NSA, no group has enough resources or skills to develop good security without review of the security community.  There are numerous examples to support this.  So far as a society, our best track record is security systems developed by experts that are reviewed by a group of their peers.  For this reason, ERF Wireless is using standards track documents of the Internet Engineering Taskforce (IETF) for our security protocols. The IETF is the standards body for the Internet.  Its security area combines cryptographers, protocol designers and network engineers. Documents receive significant peer review before and after publication. 

We currently use triple DES for our basic encryption LAN to LAN across the WAN. The microwave signal is further encrypted with Single DES.  As you are aware, triple DES is approved by NIST for use in civilian government applications and has been approved by ANSI for banking applications.  We ultimately plan a move to AES, the new NIST standard for the LAN to LAN encryption.  However we are waiting on some documents to specify how to use AES with IPsec to finish security review and be approved before we make that transition. 

Of course as you point out, encryption is not enough.  The 802.11 wireless WEP standard uses 128-bit RC4 for its encryption. Unlike AES or triple DES, RC4 has not been favorably reviewed in the cryptography community. In addition, RC4 key management and initialization vector handling was not subjected to significant review and, consequently, is very weak. 

ERF Wireless did not make the same mistake.  Instead, we are using peer-reviewed key management and encapsulation technologies.  In particular, we use the Internet Key Exchange protocol (IETF RFC 2409 http://www.ietf.org/rfc/rfc2409.txt).  This defines a mechanism for setting up key management and for setting up IPsec security associations.  We use ESP (not WEP) to actually encrypt and protect the traffic once key management concludes.  All these protocols have received significant security analysis both in the IETF and in other open forums.

AUDITORS:  Layer 3 encryption using IPsec does not encrypt layer 2, which includes the MAC address; therefore, MAC address can be spoofed.

ERF Wireless:  Actually it turns out that the MAC address is neither encrypted nor transmitted over the ERF Wireless microwave system so it cannot be spoofed.  The Ethernet packet comes into the CryptoVue device including its MAC address.  All Layer 2 information is removed from the packet, and the Layer 3 IP packet is encrypted and sent out over the microwave link.  On the other side, the packet is decrypted and verified.  New Layer 2 information, including the MAC address of the gateway, is added to the packet before it is sent out over the Ethernet.  Working at Layer 3 provides better robustness and avoids complexity of certain Layer 2 issues.  Avoiding complexity will make it easier for us to evaluate the security of our system.  In other words we are acting as a router not a bridge. 

AUDITORS:  Use of a key: current weakness with many wireless systems is key management.  How is the key updated at both ends.  How often is it updated?  How is it generated?  

ERF Wireless:  Our initial deployment will give each device a public and private key pair.  The device will use this public key as part of the IKE protocol to set up a new randomly generated key for each session.  We can adjust how long these ephemeral keys last, although we probably wouldn't want to re-key that much more often than once an hour. 

Unlike WEP, each device has its own master key stored only on that device.  In addition, each pair of devices automatically generates their own ephemeral keys as they communicate.  In addition, this architecture allows us to roll out new master keys to devices over a period of time by first authorizing the new public keys, and later actually installing the new keys and declining authorization for the old keys.  We will initially generate the public/private key pairs on a USB storage device that will be sent securely to customer locations.  This will allow us to use good random data to generate strong keys.  In case of an incident that causes us to believe a device has been compromised, we can invalidate only that device's key without disrupting the rest of the network. 

AUDITORS:  One of the weaknesses with WEP is that the initialization vector (IV), as one article calls it, used to create the cipher key, has a limited range, and therefore is not "truly random".  Supposedly, scientists and hackers have figured out that by monitoring encrypted microwave traffic for a period of time, the vector sequence could be determined and the key broken, and this is with 128 bit encryption. That period of time could be as short as 15 minutes in a high use link (which is exactly what these links ERF Wireless is creating would be). 

ERF Wireless:  Yes, WEP does have this weakness.  But the CryptoVue devices from ERF Wireless do not have a similar weakness.  The IPsec ESP algorithm was specifically structured to avoid attacks of this form and research in the Open Forum to date indicates this was successful.

By the way, is there a formal process that we need to go through to receive approval from regulators (or a "non-objection" letter) to move forward with a project for a bank?

AUDITORS:  No formal approval is necessary.  What ERF Wireless does in installing its equipment is not a service, but an application and a device, which, in our opinion, is no different than a Pix firewall or Win 2003 server.  The market will determine your viability.  For this type of item, it needs to pass the exam cycle each time it is encountered without having an uncorrectable security flaw detected.  As long as it passes scrutiny each time, it floats.  Same is true for any application or appliance or hardware that we encounter in the audit process.  It either works, or it doesn't, and security must be good while maintaining customer data confidentiality.  We suspect that it will not even be identified by half of the examiners for the early go-around, however, if it gets hacked and data stolen or compromised - all bets are off.  We see little likelihood of that with your experienced team of folks.  Good luck with this new venture, it looked good to us overall.