Difference between TCPA-Hardware and a smart card (was: examp le: secure computing kernel needed)

Anne & Lynn Wheeler lynn at garlic.com
Tue Jan 6 09:45:58 EST 2004

At 07:06 PM 1/6/2004 +1100, McMeikan, Andrew wrote:
>This is the real bit, how tied to identity can it be bound.  How tightly do
>people want to be bound.  In any abuse or failing of identity whatever that
>identity was authorized for is going to be the *Responsibility* of the true
>identity.  I frequently give out my true name (there it is at the top :)
>perhaps there are times I specifically do not.

a lot of current identity theft is evesdropping &/or otherwise harvesting 
shared secrets and then doing replay attacks. part of this is that the 
prevalence of shared secrets paradigm creates significant human factors 
problems with being able to memorize all the possibly scores of shared 
secrets that are used as "something you know" authentication. the obvious 
is various kinds of skimming of real transactions and the harvesting of 
merchant payment transactions file to extract the shared secrets sufficient 
to perform fraudulent financial transactions. two aspects of this: 1) the 
transactions are based on static shared-secrets that are subject ... 
effectively to replaying the shared secret and 2) a security guideline 
about requiring unique shared-secret for every security domain ... so that 
an authorized entity in one security domain can't extract your shared 
secret and perform fraudulent transactions in another security domain (as 
simple as one employee at one merchant getting your shared secret and 
performing fraudulent transaction at another merchant). slightly related is 
discussion regarding posting about security proportional to risk:

somewhat related issue is because of the human factor memory issue, a 
common authentication shared secret (something you know) is "mothers maiden 
name". The upside is that most people will tend to remember it. The 
downside is 1) it really isn't all that secret and 2) using the same 
shared-secret in multiple different security domains violates the security 
principle requiring a unique (and preferably unpredictable) shared secret 
in every security domain.

So, my assertion is that a significant amount of fraudulent activity that 
is currently labeled identity theft is really poorly implemented 
shared-secret, something you know authentication. Furthermore, various 
aspects of existing shared-secret implementations lends itself to 
electronic collection and/or harvesting of large batches of shared-secrets 
that, then in turn can be used in fraudulent transactions (significant 
fraud return-on-investment).

So one solution is significantly changing all such existing authentication 
transactions and turning them into identification transactions .... where 
the cost of faking the identification is significantly higher than the 
value of the fraudulent transactions.

Another solution is significantly changing the existing shared-secret 
authentication transactions and turning them into non-shared-secret 
authentication transactions ... where the cost of faking the authentication 
is significantly higher than the value of the fraudulent transactions.

The previous paradigm description has the use of asymmetric cryptography 
and digital signature technology to infer "something you have" 
authentication because enrollment establishes 1) private key is contained 
in a specific hardware token and 2) characteristics can be established 
about the hardware token where it has generated a random key pair in the 
token and the token never voluntarily gives up the private key.

Enrollment may also establish that such a hardware token also works in a 
specific way when a unique pin/password and/or biometric has been passed to 
the token.  Later when transactions arrive that are believe to have been 
digitally signed by such a hardware token, it may also be valid to infer 
that "something you know" and/or "something you are" authentication has 
also occurred (w/o the pin/password and/or the biometric needing to be 
passed to the authenticating institution and becoming a shared-secret).

It will probably always be possible to subvert various kinds of 
identification and/or authentication technologies. Two issues are:

1) can such subversion be made more costly than any resulting risk/fraud
2) can solution be authentication oriented as opposed to identification 

The second is possibly a bias towards not wanting to proliferate identity 
oriented events into each and every transaction that occurs in the world 
(when authentication may be sufficient).

With regard to the first point, the claim has been that X9.59 changes the 
existing retail electronic transactions from shared-secret based to 
non-shared-secret based ... and therefor eliminates the existing 
vulnerability of harvesting merchant transaction files as a threat 
(discussed in the security proportional to risk reference).
Furthermore, as implied in the security proportional to risk reference, it 
may never be possible to eliminate the transaction file harvesting, 
what  x9.59 did was eliminate the threat of fraud that results when such 
harvesting takes place.
Anne & Lynn Wheeler    http://www.garlic.com/~lynn/
Internet trivia 20th anv http://www.garlic.com/~lynn/rfcietff.htm

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list