[Cryptography] ORWL - The First Open Source, Physically Secure Computer
Peter Todd
pete at petertodd.org
Thu Sep 1 23:55:50 EDT 2016
On Thu, Sep 01, 2016 at 08:18:58PM -0700, Francisco Corella wrote:
> In: https://www.crowdsupply.com/design-shift/orwl <https://www.crowdsupply.com/design-shift/orwl>
> >
> > Secure Key Fob
> >
> > Each ORWL comes with a key fob that uses the same authentication
> > technology as smart-cards, with an added ability to detect
> > proximity. After the initial pairing of the key fob with the ORWL to
> > generate a shared secret, the key fob’s near field communication (NFC)
> > is used to authenticate the user, at which point the key fob’s uses
> > Bluetooth (BLE) to monitor whether or not the user is within
> > range. Once a user goes out of range, ORWL will lock, requiring the
> > key fob’s NFC authentication to unlock.
>
> That seems vulnerable to a relay attack.
Not if they're using latency to determine range; you can't fake the speed of
light.
I'm not sure if ORWL is in fact using time-of-flight distance measurement
instead of the more common received-signal-strength distance measurement, but
it is possible to do with Bluetooth BLE and some products implement it.
--
https://petertodd.org 'peter'[:-1]@petertodd.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: Digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160902/7a8a83ff/attachment.sig>
More information about the cryptography
mailing list