Dutch Transport Card Broken

Anne & Lynn Wheeler lynn at garlic.com
Fri Jan 25 10:47:39 EST 2008


Aram Perez wrote:
> Not to defend the designers in any way or fashion, but I'd like to 
> ask, How much security can you put into a plastic card, the size of a 
> credit card, that has to perform its function in a secure manner, all 
> in under 2 seconds (in under 1 second in parts of Asia)? And it has to 
> do this while receiving its power via the electromagnetic field being 
> generated by the reader.
we sort of saw that in the mid-90s when we were doing the x9.59 
financial standard
http://www.garlic.com/~lynn/x959.html#x959

and getting comments that it wasn't possible to have both low cost and 
high security at
the same time. we looked at it and made the semi-facetious statements 
that we
would take a $500 milspec part and aggresively cost reduce it by 2-3 
orders of magnitude
will improving the security. along the way we got tapped by some in the
transit industry to also be able to meet the (then) transit gate 
requirements
(well under 1 second and do it within iso 14443 power profile).

part of it was having to walk the whole end-to-end process ... all the 
way back
to chip design and fab manufacturing process ... little drift about walking
fab in a "bunny suit"
http://www.garlic.com/~lynn/2008b.html#13

we effectively did get it on close to the RFID chip (i.e. the one that they
are targeting for UPC) technology curve ... i.e. chip fabrication cost 
is roughly
constant per wafer ... wafer size and circuit size have been leading to 
higher
number of chips per wafer (significantly reducing cost/chip). As circuit 
size
shrank with a corresponding shrinkage in the size of chips (that didn't have
corresponding increase in number of circuits) there was a "blip" on the
cost/chip curve as the area of the cuts (to separate chips in the wafer)
exceeded the (decreasing) chip size.  Earlier this decade there was
a new cutting process that significantly reduced the "cut" area ... allowing
yield of (small) chips per wafer to continue to significantly increase
(allowing pushing close to four orders of magnitude reduction ... rather
than 3-4 orders of magnitude reduction).

aads chip strawman references
http://www.garlic.com/~lynn/x959.html#x959




---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list