The bank fraud blame game

Anne & Lynn Wheeler lynn at garlic.com
Mon Jul 2 11:50:15 EDT 2007


Peter Gutmann wrote:
> Smart cards are part of the problem set, not the solution set - they're just
> an expensive and awkward distraction from solving the real problem.  What I
> was suggesting (and have been for at least ten years :-) is a small external
> single-function device (no need for an OS) that can't be compromised by
> malware because there's no attack vector for the malware to get at it.

there is an interesting side story to this involving certification, common criteria,
protection profiles, etc.

possibly the majority of the smartcard protection profiles have to do with all the
problems allowing software/application to be loaded. on the other hand, you can
get a common criteria evaluation done on the basic chip ... w/o any application
loading ... and being able to show a much higher security level ... than might be
possible with any application actually loaded.

one of the problems i ran into getting higher than eal4+ for aads chip strawman
... was since everything was built into the silicon at manufacturing time, and 
nothing could be subsequently loaded ... all the crypto had to also be resident
in the silicon. 

one of the original objectives given for the aads chip strawman was being able
to do digital signature in contactless form factor within transit gate elapsed
time requirements (very low power and very fast) ... which eventually fell to
doing ec/dsa ... and i couldn't get an protection profile definition for ec/dsa
higher than eal4+.  similar chips ... w/o anything loaded had been able to
get eal5+ evaluation (or better) ... but since ec/dsa was built into the chip silicon,
it was only possible to get eal4+.

the other criteria for aads chip strawman was extremely aggressive cost reduction;
i had joked i was taking a $500 milspec part, cost reducing by 2-3 orders of
magnitude and at the same time increasing the integrity. part of the aggressive
cost reduction was choosing a single function ("something you have" authentication
via chip digital signature) that could be used in a broad range of applications ...
and eliminate everything else.

misc. aads
http://www.garlic.com/~lynn/x959.html#aads

other posts in this thread:
http://www.garlic.com/~lynn/aadsm27.htm#31 The bank fraud blame game
http://www.garlic.com/~lynn/aadsm27.htm#32 The bank fraud blame game
http://www.garlic.com/~lynn/aadsm27.htm#33 The bank fraud blame game
http://www.garlic.com/~lynn/aadsm27.htm#34 The bank fraud blame game
http://www.garlic.com/~lynn/aadsm27.htm#35 The bank fraud blame game

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list