[Cryptography] Near field and crypto

Natanael natanael.l at gmail.com
Mon Apr 4 05:52:30 EDT 2016 

Den 4 apr. 2016 08:48 skrev "Tom Mitchell" <mitch at niftyegg.com>:
> Near field devices are in anything and everywhere.
>
> Modern phones can read or present an NFC ID on demand.
> Apple uses NFC for payment on some models of phone.
>
> They can contain between 96 and 4,096 bytes of information.
> which is sufficient to pass an interesting sized key, a URI,
> or to unlock a keyring with locked PGP private key.
>
> NFC and RFID devices are easy to hide on benches in public places.
> A set of passive RFID devices uniquely identifies most individuals.
>
> Could passive RFID/NFC in a shoe, jacket or purse become the next
> big data slurp target.
>
> Could these devices be the critical long set of bits that when combined
> with modest known salt be a useful part of key management systems?

1: first you have to extend the range compared to standard readers. You
can, but then you'll often end up reading multiple tags at once, and the
energy usage is going to spike. Using many medium range antennas spread out
is easier, but more expensive. (you'll also be triggering many phones to
make an "NFC tag detected" noise)

2: you can still separate multiple simultaneous readings (within limits,
perhaps you can read 5-6 tags from one antenna before you only get noise),
but that's getting complicated and require fancier electronics.
And that's for passive tags - simultaneously talking to multiple active
tags will be incredibly hard. Another argument for many short range
antennas over long range antennas.

3: passive static tags are easy to identify people by. However, not all
tags have static strings, and not all phones and other active NFC devices
transmit any static strings by default.
(there's however another way to identify people here - by how many NFC
devices they have of each type).

4: this is yet another reason for why I want to see anonymous mutual
authentication algorithms, where nothing identifying is discernable UNLESS
you're one of the parties in the authentication AND both parties already
shared some identifier / have each other whitelisted. Wireless devices
should be indistinguishable from each other until they make the choice to
identify themselves.
This could technically already be done with multiparty computation
algorithms and some variants of private set intersections (the latter only
for shared secrets), except that's sloooooow.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160404/0abd8c23/attachment.html>

More information about the cryptography mailing list