Crypto to defend chip IP: snake oil or good idea?

Anne & Lynn Wheeler lynn at garlic.com
Wed Jul 26 10:07:22 EDT 2006


re:
http://www.garlic.com/~lynn/aadsm24.htm#49 Crypto to defend chip IP: 
snake oil or good idea?
http://www.garlic.com/~lynn/aadsm24.htm#50 DDA cards may address the UK 
Chip&Pin woes
http://www.garlic.com/~lynn/aadsm24.htm#51 Crypto to defend chip IP: 
snake oil or good idea?
http://www.garlic.com/~lynn/2006n.html#36 The very first text editor
http://www.garlic.com/~lynn/2006n.html#57 The very first text editor

a little more backgroun ....

the x9a10 financial standard working group had been given the
requirement to preserve the integrity of the financial infrastructure
for all retail payments .... that included ALL ... aka, internet,
non-internet, point-of-sale, credit, debit, stored-value, ... ALL.
the result was x9.59 financial standard
http://www.garlic.com/~lynn/x959.html#x959
http://www.garlic.com/~lynn/subpubkey.html#x959

which reguired strong authentication of every transaction. part of
this was business rule that account numbers used in x9.59 transactions
couldn't be used in non (strongly) authenticated transactions.  this
went a long way to closing the security breaches and data breaches
associated with account fraud (i.e. it was no longer necessary to
encrypt and hide account numbers and transactions since any "skimmed"
information couldn't be used in replay attacks). a recent post
http://www.garlic.com/~lynn/aadsm24.htm#48 more on FBI plans new Net- 
tapping push

however, it did mean that some sort of chip technology was going to be
needed for at least point-of-sale operation. there was some grappling
at the time (mid-90s) with the cost of high integrity chips. we
approached it from the standpoint of KISS ... making a semi-facetious
statement that we were going to take $500 mil-spec technology,
cost-reduce it by better than two orders of magnitude while improving
the integrity at the same time. The other comparison was that it was
going to be significantly more secure than any "DDA" technology while
costing much less than any "SDA" technology.

so the AADS chip strawman was looking at such aggresive KISS and
cost reduction
http://www.garlic.com/~lynn/x959.html#aads

so part of it was that institutions were also claiming that each had
to issue their own chip token ... since it was only by taking
possesion of the chip at the fab and maintaining strong security
thru-out all its personalization and delivery to the individual, that
they could guarantee they weren't dealing with copy chips. this
possibly implied that if hardware token paradigm ever took off,
individuals will have been issued scores of hardware tokens (i.e.
somewhat analogous to the current password management nightmare).

so the opportunity was could a person choose to present their own
hardware token for institutional use ... rather than have to be issued
a unique token by each institution. this got back to how could the
institution know that it wasn't a copy chip.

so the process was to do key-gen and export as part of power-on/test.
this met that no additional business processes were needed. the
exported public key went into the standard fab
inventory/manifest. when a person presented a hardware token, the
institution could take the public key and validate a digital signature
from the token and then request that the public key and hardware
integrity characteristics be corroborated by the original fab
manifest for the chip.

the idea was to enable transition from institution-centric token
paradigm to a person-centric token paradigm. instead of a person
needed a hundred or more tokens, they could get by with one or
possibly a very small number. this could reduced the overall
token-based infrasstructure costs by a hundred by reducing the number
of required tokens by a hundred. since it was no longer necessary to
have huge amounts of personalization and security between the fab and
delivery to the individual ... up to another factor in one hundred in
processing costs could be eliminated (per token).

a combination of possibly a factor of one hundred times reduction in
the number of required tokens plus a possible reduction of one hundred
times in per token processing costs ... could represent an overall
factor of ten thousand times reduction in overall infrastructure costs
for a hardware token deployment (i.e. one hundred times one hundred).

sometime late 1999 or early 2000 time-frame ... that if the AADS chip
strawman scenario could address the hardware token copy chip
opportunity, then it concievably could also be used to address the
general copy chip opportunity.

this is were the initial estimate came from for being able to do a
general chip core for around 40,000 gates ... and possibly a complete
secure hardware token using total custom chip design for around
100,000 gates.

I had raised the subject during a talk at the assurance session in the
TPM track at the spring 2001 Intel Developers Forum

misc. past posts mentioning person-centric
http://www.garlic.com/~lynn/aadsm12.htm#0 maximize best case, worst 
case, or average case? (TCPA)
http://www.garlic.com/~lynn/aadsm19.htm#14 To live in interesting times 
- open Identity systems
http://www.garlic.com/~lynn/aadsm19.htm#41 massive data theft at 
MasterCard processor
http://www.garlic.com/~lynn/aadsm19.htm#47 the limits of crypto and 
authentication
http://www.garlic.com/~lynn/aadsm20.htm#41 Another entry in the internet 
security hall of shame
http://www.garlic.com/~lynn/aadsm22.htm#12 thoughts on one time pads
http://www.garlic.com/~lynn/2003e.html#22 MP cost effectiveness
http://www.garlic.com/~lynn/2003e.html#31 MP cost effectiveness
http://www.garlic.com/~lynn/2004e.html#8 were dumb terminals actually so 
dumb???
http://www.garlic.com/~lynn/2005g.html#47 Maximum RAM and ROM for smartcards
http://www.garlic.com/~lynn/2005g.html#57 Security via hardware?
http://www.garlic.com/~lynn/2005m.html#37 public key authentication
http://www.garlic.com/~lynn/2005p.html#6 Innovative password security
http://www.garlic.com/~lynn/2005p.html#25 Hi-tech no panacea for ID 
theft woes
http://www.garlic.com/~lynn/2005t.html#28 RSA SecurID product
http://www.garlic.com/~lynn/2005u.html#26 RSA SecurID product
http://www.garlic.com/~lynn/2006d.html#41 Caller ID "spoofing"

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list