Difference between TCPA-Hardware and a smart card (was: examp le: secure computing kernel needed)
Anne & Lynn Wheeler
lynn at garlic.com
Tue Jan 6 09:45:58 EST 2004
At 07:06 PM 1/6/2004 +1100, McMeikan, Andrew wrote:
>This is the real bit, how tied to identity can it be bound. How tightly do
>people want to be bound. In any abuse or failing of identity whatever that
>identity was authorized for is going to be the *Responsibility* of the true
>identity. I frequently give out my true name (there it is at the top :)
>perhaps there are times I specifically do not.
a lot of current identity theft is evesdropping &/or otherwise harvesting
shared secrets and then doing replay attacks. part of this is that the
prevalence of shared secrets paradigm creates significant human factors
problems with being able to memorize all the possibly scores of shared
secrets that are used as "something you know" authentication. the obvious
is various kinds of skimming of real transactions and the harvesting of
merchant payment transactions file to extract the shared secrets sufficient
to perform fraudulent financial transactions. two aspects of this: 1) the
transactions are based on static shared-secrets that are subject ...
effectively to replaying the shared secret and 2) a security guideline
about requiring unique shared-secret for every security domain ... so that
an authorized entity in one security domain can't extract your shared
secret and perform fraudulent transactions in another security domain (as
simple as one employee at one merchant getting your shared secret and
performing fraudulent transaction at another merchant). slightly related is
discussion regarding posting about security proportional to risk:
http://www.garlic.com/~lynn/2001h.html#61
somewhat related issue is because of the human factor memory issue, a
common authentication shared secret (something you know) is "mothers maiden
name". The upside is that most people will tend to remember it. The
downside is 1) it really isn't all that secret and 2) using the same
shared-secret in multiple different security domains violates the security
principle requiring a unique (and preferably unpredictable) shared secret
in every security domain.
So, my assertion is that a significant amount of fraudulent activity that
is currently labeled identity theft is really poorly implemented
shared-secret, something you know authentication. Furthermore, various
aspects of existing shared-secret implementations lends itself to
electronic collection and/or harvesting of large batches of shared-secrets
that, then in turn can be used in fraudulent transactions (significant
fraud return-on-investment).
So one solution is significantly changing all such existing authentication
transactions and turning them into identification transactions .... where
the cost of faking the identification is significantly higher than the
value of the fraudulent transactions.
Another solution is significantly changing the existing shared-secret
authentication transactions and turning them into non-shared-secret
authentication transactions ... where the cost of faking the authentication
is significantly higher than the value of the fraudulent transactions.
The previous paradigm description has the use of asymmetric cryptography
and digital signature technology to infer "something you have"
authentication because enrollment establishes 1) private key is contained
in a specific hardware token and 2) characteristics can be established
about the hardware token where it has generated a random key pair in the
token and the token never voluntarily gives up the private key.
Enrollment may also establish that such a hardware token also works in a
specific way when a unique pin/password and/or biometric has been passed to
the token. Later when transactions arrive that are believe to have been
digitally signed by such a hardware token, it may also be valid to infer
that "something you know" and/or "something you are" authentication has
also occurred (w/o the pin/password and/or the biometric needing to be
passed to the authenticating institution and becoming a shared-secret).
It will probably always be possible to subvert various kinds of
identification and/or authentication technologies. Two issues are:
1) can such subversion be made more costly than any resulting risk/fraud
2) can solution be authentication oriented as opposed to identification
oriented
The second is possibly a bias towards not wanting to proliferate identity
oriented events into each and every transaction that occurs in the world
(when authentication may be sufficient).
With regard to the first point, the claim has been that X9.59 changes the
existing retail electronic transactions from shared-secret based to
non-shared-secret based ... and therefor eliminates the existing
vulnerability of harvesting merchant transaction files as a threat
(discussed in the security proportional to risk reference).
http://www.garlic.com/~lynn/index.html#x959
Furthermore, as implied in the security proportional to risk reference, it
may never be possible to eliminate the transaction file harvesting,
what x9.59 did was eliminate the threat of fraud that results when such
harvesting takes place.
--
Anne & Lynn Wheeler http://www.garlic.com/~lynn/
Internet trivia 20th anv http://www.garlic.com/~lynn/rfcietff.htm
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list