Unforgeable dialog.
Bowness, Piers
pbowness at rsasecurity.com
Wed Feb 1 09:46:59 EST 2006
This is concept is surprisingly complex. Once the attacker sees the
"secure" dialog, what prevents them from using the same techniques
and/or code to create a visually identical spoof? There have been
several OS-level designs to create hardware-supported secure dialogs.
Needless to say, these schemes became exceedingly complex and had a
variety of implementation issues (i.e. special graphics hardware,
drivers, TCMs, etc.)
I don't see your proposals as providing 'secure' data viewing or data
entry solutions. IMHO, the best bet is currently provided by layered
security software where each component monitors and reports on the
others. Even this approach is temporary at best as we're now seeing with
malware that attacks by first disabling the currently available
protection layers (e.g., anti-virus, firewalls).
-Piers
--
Piers Bowness
"I know what I believe, and I believe what I believe is right." - G.W.
Bush
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list