unforgeable optical tokens?
John Kelsey
kelsey.j at ix.netcom.com
Wed Sep 25 14:50:21 EDT 2002
At 09:24 AM 9/21/02 -0400, Derek Atkins wrote:
...
>This isn't security -- this is a small-form-factor physical ROM. This
>"read-only data crystal". The fact that they cannot be duplicated
>easily just means that you cannot use these tokens for real data
>storage. Imagine if they _were_ replicable.. Imagine keeping a
>terabyte of backup data on one of these tokens!
Well, you can get a nice (provable) level of security from a big memory
device like this, if the entries are random, and if there is a strict limit
on how quickly you can read information out of it. Bruce Schneier and I
did a paper on this several years ago. (Though I'm sure a bunch of other
people had used the same idea in their own systems before....) Let's
see...."Authenticating Secure Tokens Using Slow Memory Access," at the
USENIX workshop on smartcard technology in 1999.
The big question is under what conditions it's possible to read out a
significant fraction of the data. If you have a secure token that refuses
to respond to a memory query in less than a second, then the answer is
pretty simple. For this device, it's not so clear. It might be that the
device can't be read out by a compromised terminal (assuming there are one
day terminals for these devices), but it may still be readable by someone
who steals the device and takes it apart in a lab or something.
>-derek
--John Kelsey, kelsey.j at ix.netcom.com // jkelsey at certicom.com
--John Kelsey, kelsey.j at ix.netcom.com // jkelsey at certicom.com
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list