[15797] in cryptography@c2.net mail archive
Re: dual-use digital signature vulnerability
daemon@ATHENA.MIT.EDU (Anne & Lynn Wheeler)
Wed Jul 21 11:20:02 2004
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Sun, 18 Jul 2004 23:51:28 -0600
To: Sean Smith <sws@cs.dartmouth.edu>
From: Anne & Lynn Wheeler <lynn@garlic.com>
Cc: cryptography@metzdowd.com
In-Reply-To: <8476019A-D928-11D8-B4C6-000A9590A7FC@cs.dartmouth.edu>
At 08:08 PM 7/18/2004, Sean Smith wrote:
>Why isn't it sufficient? (Quick: when was the last time anyone on this=20
>list authenticated by signing unread random data?)
>
>The way the industry is going, user keypairs live in a desktop keystore,=20
>and are used for very few applications. I'd bet the vast majority of=20
>usages are client-side SSL, signing, and encryption.
>
>If this de facto universal usage suite contains exactly one authentication=
=20
>protocol that has a built-in countermeasure, then when this becomes solid,=
=20
>we're done.
so if digital signing is used for nothing else than authentication ... with=
=20
signing of challenge data (with or with/out client-side modification) ...=20
then there is no concern that something signed might be a document or=20
authorization form. it is a non-problem.
EMV chipcards are supposed to be doing dynamic data RSA signing of=20
authorized transactions ... at some point, real soon now ... and the=20
financial industry is writting some number of apps to be able to use the=20
EMV cards for other applications.
this is from yesterday
http://www.smartcardalliance.org/industry_news/industry_news_item.cfm?itemID=
=3D1316
which talks about additional applications (in addition to expected RSA=20
signing at EMV point-of-sale terminals)
* OneSMART MasterCard Authentication =96 ensures a higher level of security=
=20
for online shopping and remote banking
* OneSMART MasterCard Web =96 allows cardholders to securely store and=
manage=20
a wide range of personal data (such as names, addresses, URLs, log-on=20
passwords) on the smart card chip
* OneSMART MasterCard Pre-Authorised =96 a new chip-based payment solution=
=20
suitable for new markets and off-line payment environments
=3D=3D=3D
it doesn't give any details but possibly if the expected RSA signing at EMV=
=20
point-of-sale terminals is an example of aggreement/approval ... then the=20
authentication application may be RSA signing of some sort of challenge=20
data .... and i would guess that few, if any people make it a habit to=20
examine presented challenge data.
part of the issue is creating an environment where all authentication=20
protocols and all authentication implements are required to have=20
countermeasures against dual-use attack on signing of documents or=20
transactions ... means that loads of stuff have to be perfect in the future.
the other is requiring more proof regarding the signing environment to be=20
carried when the signing is associated with approval, agreement, and/or=20
authorization (more than simple authentication) .... for instance that for=
=20
some of the non-repudiation features (that supposedly address such issues)=
=20
.... that they have to also sign in some manner to indicate non-repudiation=
=20
features in in place.
--
Anne & Lynn Wheeler http://www.garlic.com/~lynn/=20
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
