Remote Booting Using a Wireless Network Card?

Eboneye asks: "I have been assigned to a project to figure out how to make a diskless portable workstation (laptop) boot through a wireless connection. The idea is to have a stateless client that stores no local data (for security purposes). The only totally network boot stuff I have found uses PXE extensions. I have seen nothing like this in a PCMCIA card, much less a -wireless- PCMCIA card. For the proof of concept, we'll boot from a read only device, but of course during the setup phase use media to create a boot image on a boot server. I am currently looking at a couple different products that will provide a booting service. Ultimately, the goal is a to have a wireless tablet that can use different PCMCIA wireless adapters to connect to different LANs. Because of the specialized concerns of tablet PCs the solution has to be Windows compatible (sorry, Linux). Has anyone seen or worked on remote boot through wireless? Any experiences, gotchas, or suggestions for ways to solve this are welcome."

Consider your security model

[Piquan]

I have been assigned to a project to figure out how to make a diskless portable workstation (laptop) boot through a wireless connection. The idea is to have a stateless client that stores no local data (for security purposes).

What's the model here? Does somebody walk into a secure facility, pick one up, use it to do some eyes-only investigation, and return it when they leave? What are you trying to secure against? Tampering, or somebody walking off with the data? The solution often depends on the threat model.

If your threat model is to prevent against tampering, then you may be better off exploring other options. For example, have you considered read-only media? How about having the tablets re-ghosted when they're returned, before they're re-issued? That can be done in an automated fashion without a whole lot of hassle-- primarily through the PXE extensions you've already investigated, combined with hardware at the docking stations.

If you're trying to keep people from walking off with data, then diskless isn't going to be the way to go. A lot of data gets left in RAM after power is removed. (See Gutman, P., "Secure Deletion of Data from Magnetic and Solid-State Memory," Proceedings of the Sixth USENIX Security Symposium, July 1996, or do a Google search for "RAM remanence".) You may have seen some computers-- notably the old Macs-- that would power up with their last display still on the screen!

Also, if you have a totally stateless box driven by a wireless LAN, then some shmuck can easily sit in a van a half-mile away with his laptop and find out everything you're wanting to keep private. Stateless booting means that your encryption has to be bootstrapped! A lot of naive ways of doing this exist, such as sending a root filesystem with encryption keys already on it. Some of these open themselves up to passive attacks. Even more sophisticated techniques, such as DH, still are totally vulnerable to active attacks (like the guy in the van pretending to be one of your tablets asking to be bootstrapped).

I seriously suggest you rethink your security model. The Windows compatibility is a big problem. It keeps some of the latest crypto filesystems, etc. from becoming part of the solution. Something based on VNC, Citrix, Windows Terminal Server, etc. may be helpful: make sure the computer doesn't know more than it's telling the visitor. Also, these small programs will tend to re-use the same part of memory repeatedly, making RAM remanence slightly less of an issue.

You need a CardBus card, not PCCard/PCMCIA

[AdamBa]

I actually worked on remote install of Windows 2000 when I was at Microsoft. Remote install meant you only booted setup off the network, then installed to a local hard drive. But it's not a huge step from there to remote boot, although Windows 2000 doesn't support that (don't know about XP and future products).

In terms of PXE hardware, you probably want a CardBus card, not a PCCard (which is what PCMCIA was renamed to). PCCard is 16 bit data path and cards are identified by a 64-character text string or something usly like that...PCCard is 32 bit data path and devices appear like PCI devices and are identified like PCI devices (I forget the details, but it's something like a 16-bit manufacturer ID and a 16-bit ID for that particular type of card).

Back in early 2000 or so, we had a PXE-compliant CardBus network adapter (not wireless, but that shouldn't matter to the software level) in our lab that would do remote install of Windows 2000. In fact we had to make zero changes to the code, it worked like any PXE-compliant PCI network card. So if you could find a PXE-compliant CardBus wireless network adapter, you should be able to do a remote install of Windows 2000/XP on it today. Of course this requires setting up a Windows server to hand out the images, etc. which there is undoubtedly a Microsoft white paper on somewhere.

- adam