Security details

Security details

Security is built into the very foundations of RemoteCommand and is probably its most important feature. The information presented below is a description of RemoteCommand's security features so you can decide for yourself the effectiveness of the security system.

RemoteCommand security starts with the assumption that a user's email is NOT secure and so must provide its own security from the very start. Therefore before communication with a remote computer is accepted both computers must negotiate a secure session. This process is described below.

Initial Session Negotiation

RemoteCommand communication works on a 'session' concept. Before any two computers can communicate they must first negotiate a secure session, e.g.

Two computers 'Computer A' and 'Computer B' wish to communicate with each other.
- So a user on Computer A adds Computer B's email address with a unique password to it's list of valid computers
- And a user on Computer B adds Computer A's email address with the same unique password to it's list of valid computers

Both computers now regard the other to be in an 'Initializing' status. To start the session negotiation the computers send the other computer an 'Initialization Request'.

- Both computers send each other an Initialization Request, which forces an initial status of 'Initializing'.

The Initialization Request is a special 'package' that contains the public key portion of a randomly generated 1024bit RSA Public key.

- When either computer receives an Initialization Request it verifies the remote computer's email address is on the list of valid computers, and that an Initialization request is expected for that computer (i.e. validates the computer is in the 'Initializing' status) and authenticates the digital signature of the request.
- Using the public key sent by the remote computer it encrypts an 'Initialization Response' back to the remote computer.
- The remote computer's status stays in the 'Initializing' status until the remote computer responds to the local computer's Initialization Request.

An Initialization Response is another special package but this time it contains a randomly generated symmetric key (128-bit AES) that has been encrypted using the public key sent in the Initialization Request.

- When either computer receives the Initialization Response it first verifies the other computer's status is 'Initializing' and authenticates the digital signature of the response.
- The computer decrypts the response using its private key portion of the public key.
- The remote computer can now be marked as 'Confirmed'.
- The remote computer has now negotiated a valid 'session', i.e. a symmetric key to be used to communicate securely, and so commands can now be sent to the remote computer.

Sending Commands

All commands that are sent between two computers are encrypted with a session key (128-bit AES).

- Computer A sends a command to Computer B encrypting it with the most recent session key.
- Computer B receives the command and validates that the email is valid.
- Computer B looks in it's session database for Computer A to find the key and decrypt the commands.
- Computer B executes the commands
- Computer B generates a new randomly generated session key for use in subsequent communications
- Computer B encrypts the response with the original session key
- Computer B sends the response to Computer A
- Computer A decrypts the response and records the new session key in it's key database.

Digital Signatures

As well as being encrypted the communication between computers is also marked with a digital signature. The signature is a hash of the command information (using SHA256) which is then encrypted using the password specified for the remote computer. When the remote computer receives the command email it decrypts it with the session key and then further decrypts the hash information using the specified password. It then generates its own hash of the command information and compares it with the decrypted hash, only if the two hashes are the same is the email considered 'Authentic'.

How are random numbers generated?

Computers are, by design, deterministic and as such cannot truly generate a random sequence. The best we can achieve is a pseudo-random sequence.

RemoteCommand generates random keys using the ANSI X9.17 standard. Following the US Department of Defense recommendation the random sequence generator is seeded using system registers, tick count, system handles, cursor positions etc.

Other security factors

A computer is only as secure as it's weakest link. A computer user should make every precaution to prevent an attacker from compromising a computer's email system, although the ramifications are significantly reduced by RemoteCommand encrypting all emails, using passwords, and constantly changing security keys. As always the most important protection is a physical one. No matter how secure RemoteCommand may be it can't protect against an attacker gaining physical access to the computer.

Compression

All data in RemoteCommand is compressed using LZMA compression, a processor intensive high compression ratio algorithm. For more information on the LZMA compression library please visit: www.7-zip.org