[Cryptography] Phishing Attacks - Alice, HAL and Bob

Joseph Kilcullen kilcullenj at gmail.com
Mon Aug 22 07:12:34 EDT 2016 

On 22-Aug-16 9:56 AM, Maxime MEYER wrote:
> "You’re about to hop into bed with
> a woman and you are wondering if the condoms you have are genuine or
> fake? You open the tamper proof packaging (a one-way function) retrieve
> a one-time password from inside the packaging. Now you enter that code
> into a website. If the genuine manufacturer confirms the code, then the
> condoms are genuine, otherwise they are fake."
>
> I think that the problem would still apply here.
> What if the package is intercepted?

Here 'tamper proof packaging' is analogous to encryption i.e. Eve cannot 
steal the concealed code without breaking the packaging. Same goes for 
Mallory.

> Then the attacker could reproduce the same package with a valid one time password
> in a new packaging, sealing this new one and selling it as a genuine one.


The objective is to break the counterfeiters business model i.e. each 
product will have a unique code which will tell the user 'its probably 
genuine' on its first use. All subsequent uses will state that the code 
was used before i.e. it definitely fake. Hence 1000 counterfeits would 
require the theft of 1000 genuine products to get their codes. Yes there 
is the possibility that you might be unlucky. If one genuine product has 
its code used in 200 counterfeits. Then the first to use the 
authentication code will be told the product is genuine (that's why I 
said 'its probably genuine' above). However all subsequent uses of the 
code, all 199, will be told its a fake.

This is analogous to the solution in the phishing attacks paper i.e. my 
solution there argues that phishers now have to hack into 1000 
computers, steal 1000 user-browser shared secrets. Hacking into 1000 
computers being different to either a MITM or a basic HTML website 
knock-off.


>
> However for the package seal, I have seen one company who is making sealing RFID tags working with PUF technology for authentication of the product, Verayo Inc (http://www.verayo.com/)
> ________________________________________


I can't patent this solution it's the same as the Kellogg's 'free spoon 
offer'. So all I can get is the credit for solving this/figuring this 
out. And I'm actually more interested in the phishing solution, anyway. 
My solution is DIRT cheep. (1) tamper proof packaging (analogous to 
encryption!), and (2) a concealed password inside the packaging. Then 
(3) a website to authenticate the code. Its basically the 'free spoon 
offer' I just figured it out from the conclusions of the phishing paper.


> From: cryptography [cryptography-bounces+maxime.meyer=huawei.com at metzdowd.com] on behalf of Joseph Kilcullen [kilcullenj at gmail.com]
> Sent: Friday, August 19, 2016 6:12 PM
> To: cryptography at metzdowd.com
> Subject: Re: [Cryptography] Phishing Attacks - Alice, HAL and Bob
>
> So if you're all out there, reading these posts, can you look at my
> original posts that started this thread i.e.
>
> June (4 posts)  First =
> http://www.metzdowd.com/pipermail/cryptography/2016-June/029544.html
> July (2 posts) First =
> http://www.metzdowd.com/pipermail/cryptography/2016-July/029695.html
>
> I'm arguing that a remote website (Mallory/a phishing website) cannot
> counterfeit a secret shared between me and my web browser. At least not
> without hacking into my PC first. And that's hacking, not phishing!
>
> Another example, connected with the second paper, is the Kellogg's ‘Free
> Spoon’ offer i.e. a one-time password inside the cereal box is entered
> into a website to get your free spoon. If the code works then you know
> your box of cereal is not counterfeit. The thing is, someone needs to
> tell the pharmaceutical industry (and cigarettes industry) so that they
> can use this solution on their products. Like the coin solution this is
> cryptography/authentication, it just doesn’t look like it because there
> is no maths involved.
>
> P.S. Cool responses, very helpful, I love the nuclear energy connection.
> So thank you Jerry, Dirk-Willem, Philip and Thierry. Some of my original
> work did involve laminating glitter to create random patterns. And
> assessing daft ideas like printing digital signatures onto sheets that
> would be inside your box of drugs. (That’s a telephone directory sized
> book inside your box of toothpaste. After scanning it in (OCR) you
> verify the digital signature, then compare a picture inside the digital
> signature to a piece of glass with glitter inside it. Also inside the
> box with your toothpaste. I guess you might have issues if you do this
> rather than brush your teeth with the fake toothpaste.)
>
> Ok. Joking aside, real world example: You’re about to hop into bed with
> a woman and you are wondering if the condoms you have are genuine or
> fake? You open the tamper proof packaging (a one-way function) retrieve
> a one-time password from inside the packaging. Now you enter that code
> into a website. If the genuine manufacturer confirms the code, then the
> condoms are genuine, otherwise they are fake.
>
> About 11 years ago there was a small baby boom in Ireland after a batch
> of condoms was found to be faulty. The media did not report them as
> counterfeit, just faulty. Legal issues I guess.
>
> This is cryptography/authentication, confirmation of a shared secret,
> one-time functions etc. etc.
>
> Also, the two papers are connected, one is about the counterfeiting of
> websites (phishing) the other counterfeiting of pharmaceutical drugs. In
> both cases the solution is classic cryptography.
>
>
>
> _______________________________________________
> The cryptography mailing list
> cryptography at metzdowd.com
> http://www.metzdowd.com/mailman/listinfo/cryptography
> _______________________________________________
> The cryptography mailing list
> cryptography at metzdowd.com
> http://www.metzdowd.com/mailman/listinfo/cryptography

More information about the cryptography mailing list