It’s Election Day today! I cast my vote earlier today. The voting process was very simple. I stopped by a neighbor’s house and the whole procedure did not take more than five minutes. When I arrived at the office, I realized that it was about time to reignite the discussion about secure online voting.
I have worked in the security space for many years and would make sense to provide my personal perspective on this issue. I believe that secure online voting is a problem that can be technologically solved. It involves different levels of strict security requirements that could be broken down into ensuring each of the following:
- The voter is who he claims to be which is an identity problem
- The computing environment used for voting is both clean and reliable which are more or less assurance and availability problems
- The back-end online voting server (the voting cloud) is secure, available and traceable
- The confidentiality and authenticity of the communication taking place between the voting client application and the voting cloud
- The voter is casting his or her vote from a geo location that can be made reliably known to the voting cloud
For many obvious reasons, traditional security solutions like Anti-Virus, Host Intrusion Prevention Systems, Data Leakage Prevention, Full Disk Encryption, Application Firewall, Browser Hardening, etc. fail and some even fail miserably.
At this past Citrix Synergy Barcelona 2012 conference I spoke at the Day Two Super Session Keynote about virtualization and security. I also discussed the collapse of the traditional computing model from a system security and availability standpoint. I mentioned two key things:
- Taking advantage of innovation at the hardware level
- Building an end-to-end secure infrastructure from the client all the way to the cloud
The keynote is available on YouTube and my portion starts approximately at the 11th minute. It all starts with the hardware as it offers specific unique technologies:
- The ability to measure and decide on which software to load and boot the hardware system
- The ability to run software in an out-of-band trusted computing environment that’s isolated from the traditional user computing environment
- The ability to decouple the running software in the user software from the underlying hardware resources
System virtualization gives us the ability to reliably achieve number two and number three above. Luckily, the three major hardware vendors today provide virtualization support at the processor level. This includes the traditional PC vendors: Intel and AMD along with ARM. ARM has been the latest technology to provide that capability which is available in ARMv7 specification for 32 bit systems and ARMv8 specification for 64 bit systems.
ARM has taken slightly a different approach by uniquely delivering a very compelling advanced technology called TrustZone for achieving number 1 and number 2 above.
Intel has delivered a technology called Trusted Execution Technology (TXT) for dynamic secure measurement and launch of the hypervisor which helps in achieving #1 above though it’s associated with the delivery of a hypervisor.
Microsoft has been working with Firmware vendors as well for static secure launch and measure of their Windows OS.
Another key point is the pressing need for a full end-to-end software implementation of all of those hardware-driven innovations from the client all the way to the cloud.
At this past Intel Developer Forum 2012, I spoke about the need and potential for the reinvention of the PC. I talked a little bit about the new notion of hardware-assisted security. Parallel to that, Citrix also demonstrated the integration of Citrix XenServer along with Citrix CloudPlatform and Intel’s TXT technology for securing the hypervisors in private and public clouds.
Looking at all of that from a holistic approach, it’s easier to put everything in the following simple diagram:
As illustrated in the diagram above:
- System virtualization is used on both the client and the server sides to isolate different computing software environments into separate virtual machines.
- The user’s regular computing environment is encapsulated in a VM that’s separate from the user voting app which is placed in its own VM. That level of isolation provides a great deal of security assurances.
- The User Voting App VM is populated by its software environment dynamically via delivering from the voting cloud.
- Virtualization is used on the server side as well to isolate the voting server from the web server
- On both the client and the server sides, the hardware enforced Secured Out-of-Band Execution Environment is used for actual communication and for hosting all data. Data confidentiality is achieved by encrypting and sealing the data used secrets obtained from the hardware.
- Both the client and server sides are attested through a remote secured and isolated server running Citrix CloudPlatform through which the authenticity of both the user voting along with the voting server environments can be determined.
The architecture depicted above is very close to the ARM implementation as the Secured Out-of-Band Execution Environment is obtained via TrustZone while as in the Intel and AMD implementation, this environment can be another regular VM.
At Citrix we have been promoting a dedicated security solution called XenClient XT which is a custom hardware version of XenClient. It delivers highly assured government-type execution environments. It’s the closest you can get to the diagram above except that it’s based on Intel’s chipset not ARM.
In the future, as ARM becomes more deployed on compute-type servers and as Intel becomes more available on mobile client devices, we can envision a world in which all clients and servers are virtualized, everything runs in a VM and all environments and communications are secured with the assistance of the hardware. This would allow devices from both Intel and ARM to communicate securely form servers made by both vendors.
We live at a point in time in which new rules for the digital world are being defined. A world in which many of the old boundaries disappear, a world with newer possibilities, a world in which many of the hard historical technical challenges are being overcome, a world empowered by knowledge, enlightened by human creativity and inspired by new possibilities for man kind. In the spirit of all of that, the traditional security challenges have to be overcome and the life of world’s citizen should be simplified. Voting is a key component of modern democracy. Shifting voting to the digital online space would certainly empower the citizens of our country and the world to entertain a new form of power that is driven by flexibility, consistently simplicity and accountability.
Finally let me conclude by shedding more light on Citrix solutions talked about in the blog:
- XenClient is Citrix type-1 bare-metal hypervisor solution offered for securing and managing client devices. Supporting various types of Intel vPro-based mobile business devices. Recently Citrix announced three way partnership between Citrix, Lenovo and Intel to deliver XenClient preloaded on Lenovo business client machines.
- XenServer is Citrix type-1 bare-metal hypervisor powering large scale server data centers and cloud environments.
- Both XenClient and XenServer are based on Xen the leading open source hypervisor powering large scale clouds like AmazonEC2 and RackSapce and is foundation of OracleVM.
- CloudPlatform is Citrix leading solution for cloud management and orchestration powered by Apache open source CoudStack supporting hosted private, hosted public and in premise private clouds.
- XenClient XT is the most secure personal computing environment offering highest levels of security assurances and network isolation.
The combination of XenClient, XenServer and CloudPlatform provide a very compelling end-to-end solution for managing and securing clouds and client devices. We recently talked about our vision for turning them into an extensible integration platform for wider enabling of our ecosystem partners.
Join the conversation by connecting with the Citrix XenClient team online!
- Visit the XenClient product page
- Follow us on Twitter
- Like us on Facebook
- Visit our XenClient Technical Forum
About the author:
Ahmed Sallam drives technology and product strategy working with ecosystem partners for Citrix XenClient and the emerging client devices virtualization market. Prior to Citrix, he was CTO and chief architect of advanced technology at McAfee, now part of Intel Corp. He was co-inventor and architect of DeepSAFE, co-developed with Intel Labs, and co-designer of VMware’s VMM CPU security technology known as VMsafe. Prior to McAfee, Ahmed was a senior architect with Nokia’s security division and a principal engineer at Symantec. He holds 17 issued patents and has more than 40 pending patent applications. He earned a bachelor’s degree in computer science and automatic control from the University of Alexandria.
Follow Ahmed on twitter: https://twitter.com/ahmedsallam
Check ahmed public profile: www.linkedin.com/in/ahmedsallam