Crypto dongles to secure online transactions
Jerry Leichter
leichter at lrw.com
Tue Nov 10 09:44:58 EST 2009
On Nov 8, 2009, at 7:45 PM, Thorsten Holz wrote:
> ...There are several approaches to stop (or at least make it more
> difficult) this attack vector. A prototype of a system that
> implements the techniques described in your blog posting was
> presented by IBM Zurich about a year ago, see http://www-03.ibm.com/press/us/en/pressrelease/25828.wss
> for details.
Bring two threads together: The ZTIC is designed to work with
unmodified servers, hence implements SSL/TLS internally. Could the
recently discovered SSL injection attack be used against it? (I
haven't thought it through and have no idea.) Whether or not it can,
it demonstrates the hazards of freezing implementations of crypto
protocols into ROM: Imagine a world in which there are a couple of
hundred million ZTIC's or similar devices fielded - and a significant
vulnerability is found in the protocol they speak. (Since we're
talking about a *protocol* vulnerability, having multiple competing
implementations doesn't help.)
Now, you could make the same argument about the encryption mechanisms
- AES, RSA, whatever else is frozen in that silicon - as well. We're
reasonably sure of our ability to build strong block and public key
ciphers - there have been no significant (publicly known!) breaks in
any fielded system in years. The problems with hash functions show
that our abilities there aren't as good as we thought. But this
recent attack against SSL/TLS, studied by so many people for so many
years, should make us really humble about the state of the art in
secure protocol development.
Not that this should block the use of devices like the ZTIC! They're
still much more secure than the alternatives. But it's important to
keep in mind the vulnerabilities we engineer *into* systems at the
same time we engineer others *out*.
-- Jerry
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list