[Clips] Contactless payments and the security challenges

Anne & Lynn Wheeler lynn at garlic.com
Sun Sep 18 21:14:57 EDT 2005

related ref:
http://www.garlic.com/~lynn/aadsm21.htm#11 Payment Tokens
http://www.garlic.com/~lynn/aadsm21.htm#21 Payment Tokens

there is an interesting side light involving x.509 identity
certificate and the non-repudiation bit ... in the context of point of
sale terminals for financial transactions.

fundamentally, PKIs, CAs, and digital certificates have a design point
of addressing the opportunity for first time communication between
strangers ... when the relying party has no prior information about the
communicating stranger and/or has no ability to obtain such
information by either online or other mechanisms (the "letters of
credit" model from the sailing ship days).

the fundamental characteristic of digital signatures is "something you
have" authentication ... i.e. the validation of the digital signature
(with a public key) implies that the originator has access and use of
the corresponding private key (the effect can be further enhanced by
binding the private key to a unique hardware token).

the appending of x.509 identity digital certificate to digitally
signed transactions, tends to turns possibly straight-forward, simple
authentication operation unnecessarily into a heavy weight
identification operations,

the other characteristic was the confusing digital signatures with
human signagures (possibly semantic confusion because both terms
confain the word *signature*). in addition to x.509 identify
certificates turning simple authentication operations into
identification operations, supposedly if a certification authority had
included the non-repudiation bit in the issued x.509 identity
certificate ... not only did the operation unncessarily become an
identity operation ... the digital signature then became proof that
the person had read, understand, agrees, approves, and/or authorizes
what had been digitally signed. Eventually there was some realization
that just because some certification authority had turned on the
non-repudiation bit, it could hardly provide proof and some possibly
much later time (after the certification authority had issued the
digital certificate), the person was reading, understanding, agreeing,
authorizing, and/or approving what had been digitally signed.

now an interesting situation comes about with point-of-sale terminals.
the current equivalent to human signature at POS terminals is when the
terminal displays the amount of the transaction and asks the person to
select the yes button ... aka the swiping of the card is an
"authentication" operating ... the equivalent of the human signature
or approval operation is the pressing of the "yes" button in response
to the message (i.e. a specific human operation indicating agreement).

so applying an aads chip card doing x9.59 digital signature at

the digital signature becomes "somthing you have" authentication
... not the agreement indication. the aads chip strawman had
postulated form factor agnostic as well as interface agnostic

from 3-factor authentication

* something you have
* something you know
* something you are

the additional requirement for pin/password (at POS) would make the
operation two-factor authentication ... where the pin/password entry
("something you know") is nominally a countermeasure to a lost/stolen

so it is possible to imagine a POS terminal that delays requesting the
entry of pin/password until the amount of the transaction is displayed
...  and the terminal requests entry of the pin/password as confirming
the transaction.

in this scenario, the result has the interesting aspect of the
"digital signature" representing "something you have" authentication
but the entry of the pin/password not only represents part of
two-factor authentication, but in addition, the entry of the
pin/password also represents a human operation implying agreement (aka
implication of human signature is understanding a message and some
human response to the message)

it is rather difficult to turn "digital signatures" into "human
signatures" ... because "human signatures" will require implication of
human interaction. "digital signatures" is something generated by some
computer process that frequently is totally missing any human effort
(also some of the dual-use attacks). however, the entry of a
pin/password involving a human hitting specific sequence of keys in
response to a message requesting agreement ... can meet standard
implying agreement/response ... especially with terminals that have
certified operational characteristics are involved.

confusing authentication and identification
http://www.garlic.com/~lynn/aadsm20.htm#14 the limits of crypto and 
http://www.garlic.com/~lynn/aadsm21.htm#2 Another entry in the internet 
security hall of shame

recent post referencing dual-use attack
http://www.garlic.com/~lynn/aadsm21.htm#5 Is there any future for smartcards

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list