US Election Assistance Commission - Voluntary Voting System Guidelines Vote
EAC Home
Introduction
View Guidelines
View Comments
Glossary

View Comments

Section CommentsGeneral CommentsGlossary Comments
 
Name :   James Johnson
Organization :   N/A
Post Date :   9/30/2005

Section Comments
Section :  6.7
Page no. :  
Line no.:  
Comment :  Infrared is unregulated  
The infrared portion of the spectrum is unregulated meaning devices can be designed and built to any standard the manufacturer chooses, unlike RF which is regulated by the FCC. For practical (availability of inexpensive components) most manufacturers choose IrDA or the TV IR remote standard.  
The infrared beam spreads as it traverses the distance between the transmitter and the receiver. Visualize a flashlight beam that is narrow at the flashlight, but can spread to illuminate a large radius at a distance (this may be aided by a lens). Infrared like the visible light emitted by a flashlight also spreads only slightly more so because of its longer wavelength when uncorrected. IrDA uses a 30o cone for its transmissions. To maximize radiation delivered to the receiver, the beam is directed requiring the source to be pointed at the detector one wants to communicate with.  
How Secure is IrDA  
IrDA does not provide encryption at the Physical Layer, and depends on the end systems to implement security if any. It is possible for the radiation emitted form the voting terminal or the Election Judge’s controller to be intercepted and listened to. Bluetooth, a short range RF technology whose use is restricted by P1583 (as well it should) provides encryption at the physical layer and thus its basic design offers more security than short range optical. The current NIST standard does not mandate link encryption and strong authentication, thus facilitating this kind of attack.  
With optical, it is possible for a session to be ‘hijacked’ unless strong authentication measures are implemented between communicating systems. When a session is hijacked, a foreign device masquerades as a trusted system that is authorized to exchange data. Because the system has no way to distinguish the masquerader from the authorized system, it will accept anything from it as if was authorized.  
 [Statements submitted to NIST Technical Guidelines Development Committee]