I recently took a trip to Europe and wanted to do my usual computer things once a day. This includes checking my email and checking up on servers, backups, etc... Internet cafes are everywhere and are inexpensive. The problem is that the computers are not trustworthy. They can violate your trust in any way imaginable. Fro example, Kinko's copy shop in the New York area provides a sort of Internet cafe service. It was recently discovered that many of their machines were recording peoples keystrokes, specifically for harvesting credit card numbers which were collected by the attacker for use in credit card fraud. So even though the computers appear to support security features such as SSL in the browsers, it is of no value because I cannot verify that the encryption is working correctly. I cannot verify that there is not a keystroke logger installed in the operating system. I cannot verify that there is not one of those little keystroke logger devices installed inside the keyboard. I cannot verify that there is not a video camera watching what I type and what is on the screen. This reduced the usefulness of the Internet cafes to me. I felt that checking my personal email account was an acceptable amount of exposure, but I did not do any kind of system administration stuff.

Clearly, the smart way to handle this situation is to bring a laptop. If I had a trusted laptop I would only have to fear people eavesdropping on the network and the hidden cameras. Good encrypting software could guard against the usual network insecurities. The browser on my trusted laptop would have SSL to protect my credit card numbers and passwords when I use them on the web. My trusted laptop would have SSH to protect my remote login sessions to the servers I need to check up on at CCNY. Public key authentication in SSH eliminates the need for me to type my password, so the hidden cameras would have nothing to see. VPN software might also be useful in this scenario, although, in general, the VPN paradigm seems guilty of the classical firewall fallacy. But how many Internet cafes will let you plug in your laptop to their ethernet? I never see people with laptops using Internet cafes purely for Internet connectivity. But public IEEE 802.11 wireless ethernet access points are all over the place now. Obviously that is all about them providing pure connectivity service and the customer using his own computer. But still, I didn't want to carry a laptop with me. It is more weight and more worries. I like to travel really light. I never check luggage.

So then, let's get to the interesting question. Is it possible for me to use the Internet cafe's untrustworthy computers to somehow access the computers at CCNY without exposing myself to a lot of risk? For example, I could switch to one-time passwords so the eavesdropping attack would not provide the attacker with a usable access token. But there are dozens of other aspects. There is a bidirectional privacy issue. My keystrokes are just part of the picture. There is also the down channel, whatever goes to the screen. The should be kept private. And there is integrity and authenticity issue, also bidirectional. For example, if I protect the initial session authentication, there is still the very real possibility of session hijacking (not only at the TCP level) or maybe just a little modification like switching the "OK" and "Cancel" text on an applet that is being downloaded. I feel that the bottom line is that one needs to trust the cryptography implementation. If we could do cryptography in our head, then we could securely use Internet cafes.

OK, so here is my model: There is a core of trust within your mind. Your thoughts are private. You think clearly and correctly. Nobody can modify your thoughts or memories without your consent.