Secrets and cell phones.

[James A. Donald]

A sim card contains a shared symmetric secret that is known to the 
network operator and to rather too many people on the operator's staff, 
and which could be easily discovered by the phone holder - but which is 
very secure against everyone else.

This means that cell phones provide authentication that is secure 
against everyone except the network operator, which close to what we 
need for financial transactions.  The network operator maps this 
narrowly shared secret to a phone number. The phone number, which once 
upon a time directly controlled equipment that makes connections, is now 
a database key to the secret.

There are now send-money-to-and-from-phone-number systems in Canada 
<http://digitaldebateblogs.typepad.com/digital_identity/2008/10/sos-sms.html>, 
in South Africa, and in various third world countries with collapsed 
banking systems.

At present, each of these systems sits in its own narrow little silo - 
you cannot send money from a Canadian phone number directly to a South 
Africa phone number, and, despite being considerably more secure than 
computer sign on to your bank, are limited to small amounts of money, 
probably to appease the banking cartel and the "money laundering" controls.

Skype originally planned to introduce such a system, which would have 
been a world wide system, skype id to skype id, but backed off, perhaps 
because of possible regulatory reprisals, perhaps because computers are 
insufficiently secure.  If you click on the spot in the UI that would 
have connected you to Skype's offering, you instead get an ad for paypal.

Of course, the old cypherpunk dream is a system with end to end 
encryption, with individuals having the choice of holding their own 
secrets, rather than these secrets being managed by some not very 
trusted authority, and with these secrets enabling transfer of money, in 
the form of a yurls representing a sum of money, from one yurl 
representing an id, to another yurl reprsenting an id.

We discovered, however, that most people do not want to manage their own 
secrets, and that today's operating systems are not a safe place on 
which to store valuable secrets.

We know in principle how to make operating systems safe enough 
<http://jim.com/security/safe_operating_system.html>, but for the moment 
readily transferable money is coming in through systems with centralized 
access to keys, and there is no other way to do it.

If the mapping of phone numbers to true names is sufficiently weak, (few 
of my phone numbers are mapped to my true name) centralized access to 
symmetric keys is not too bad.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com