[16379] in cryptography@c2.net mail archive
Re: Financial identity is *dangerous*? (was re: Fake
daemon@ATHENA.MIT.EDU (Anne & Lynn Wheeler)
Thu Oct 28 17:39:26 2004
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Thu, 28 Oct 2004 12:21:32 -0600
To: Ian Grigg <iang@systemics.com>
From: Anne & Lynn Wheeler <lynn@garlic.com>
Cc: Alan Barrett <apb@cequrux.com>, cryptography@metzdowd.com
In-Reply-To: <417D70C4.30803@systemics.com>
--=====================_12305484==.ALT
Content-Type: text/plain; charset="us-ascii"; format=flowed
At 03:31 PM 10/25/2004, Ian Grigg wrote:
>:-)
>
>It should be obvious. But it's not. A few billions
>of investment in smart cards says that it is anything
>but obvious.
>
>To be fair, the smart card investments I've been
>familiar with have been at least very well aware of
>the problem. It didn't stop them proceeding with
>papering over the symptoms, when they should have
>gone for the underlying c
>iang
my claim about the paradigm is that during the 80s, there was start of lot
of investment by all sorts of parties into smartcards ... targeted for the
portable computing market niche ... where the state of the art would allow
relatively powerful computing and memory in such chips ... but the
technology didn't exist for portable input/output technology .... as a
result there also had to be ISO international standards for the
input/output stations that would interoperate with the smartcards. that
market niche started to disappear in the early 90s with the appearance of
portable input/output technology associated with cellphones and PDAs. by
this time, at least several billion dollars had been invested in the
technology.
somewhat to recoup (at least some portion of) the investment, there has
been some searching for alternative market niches for the
technology. In the early 90s, my wife and I consulted to some agencies on
aspects of this. one such target was emergency medical information .... a
person could carry their complete medical records in such a form factor
.... and in a life&death emergency .... the emergency crews could pull out
the victims card and insert it into their locak, offline, portable display
technology and have access to the victims complete medical records. The
problem in this scenario was that an emergency first responder isn't likely
to be able to make use of the victims medical records in offline manner.
First off, if it is a real emergency ... how does a first responder do
other than triage. Typically for anything that involves anything more
complicated ... the first responder has to go online to "real" doctors at
some remote location. If you have a real online environment ... to real
(remote) doctors ... then a much better solution is to have something that
authenticates the victim ... and the consulting doctor then has some
mechanism for locating and retrieving the online medical records (as
opposed to first responder being able to make sense out of a victim's
complete medical records).
Another niche for the technology was offline financial transactions ... for
parts of the world where online connectivity was difficult, non-existent
and/or extremely expensive. the smartcard would contain the business rules
and logic for performing (offline) financial transaction interacting with
random merchant terminals. Two issues arise here .... there is a
significant mutual suspicion (lack of trust) problem between random
merchant terminals anywhere in the world and random consumer smartcards
anywhere in the world; and the technology started to be deployed at a time
when online connectivity was starting to become ubiquitous and easily
available in most places in the world. An example is the european deployed
stored-value (offline) smartcards in the 90s compared to the rapid market
penetration of stored-value (online) magstripe (gift, affinity, merchant,
etc) cards in the US .... making use of the ubiquitous nature of online
connectivity available in the US. Again, which the availability of online
.... the problem changes from requiring a very expensive and trusted
distributed offline infrastructure and offline distributed business
rules .... to the much more simple problem of requiring (increasingly
strong) authentication.
So the financial oriented infrastructure has seen some amount of "skimming"
threats and exploits with the terminals and/or networks. Even if the
smartcard paradigm is just reduced to a (dumb) chipcard that only provides
strong authentication .... the issue is does the consumer completely
provide their own environment ... or do they have to depend on (and trust)
randomly located terminals at random locations around the world.
Part of the authentication issue ... is the 3-factor authentication model
* something you have
* something you know
* something you are
the "card" (or chip) provides the "something you have" piece.
in order to add "something you know" ... requires the consumer entering a
pin or password; the issue then becomes does the consumer trust some
randomly located pin-pad. there is a similar issue with whether the
consumer trust their own biometric sensor or would they trust somebody
else's biometric sensor.
a consumer owned cell phone .... could presumably provide both a consumer
trusted pin-pad ... and w/o a whole lot of magic ... a consumer camera cell
phone could be used for sensor for various kinds of biometric info.
some part of the issue is that the original target market niche for
smartcards (portable computing with fixed interoperable input/output
stations) started to evaporate after a lot of the investment had been done
but before there was a lot of deployment and investment recovery.
--
Anne & Lynn Wheeler http://www.garlic.com/~lynn/
--=====================_12305484==.ALT
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
<html>
<body>
<font face=3D"Century Schoolbook, New Century Schoolbook" size=3D3>At 03:31
PM 10/25/2004, Ian Grigg wrote:<br><br>
<blockquote type=3Dcite class=3Dcite cite=3D"">:-)<br><br>
It should be obvious. But it's not. A few billions<br>
of investment in smart cards says that it is anything<br>
but obvious.<br><br>
To be fair, the smart card investments I've been<br>
familiar with have been at least very well aware of<br>
the problem. It didn't stop them proceeding with<br>
papering over the symptoms, when they should have<br>
gone for the underlying c<br>
iang<br>
</font></blockquote><br>
my claim about the paradigm is that during the 80s, there was start of
lot of investment by all sorts of parties into smartcards ... targeted
for the portable computing market niche ... where the state of the art
would allow relatively powerful computing and memory in such chips ...
but the technology didn't exist for portable input/output technology ....
as a result there also had to be ISO international standards for the
input/output stations that would interoperate with the smartcards. that
market niche started to disappear in the early 90s with the appearance of
portable input/output technology associated with cellphones and PDAs. by
this time, at least several billion dollars had been invested in the
technology.<br><br>
somewhat to recoup (at least some portion of) the investment, there has
been some searching for alternative market niches for the <br>
technology. In the early 90s, my wife and I consulted to some agencies on
aspects of this. one such target was emergency medical information .... a
person could carry their complete medical records in such a form factor
.... and in a life&death emergency .... the emergency crews could
pull out the victims card and insert it into their locak, offline,
portable display technology and have access to the victims complete
medical records. The problem in this scenario was that an emergency first
responder isn't likely to be able to make use of the victims medical
records in offline manner. First off, if it is a real emergency ... how
does a first responder do other than triage. Typically for anything that
involves anything more complicated ... the first responder has to go
online to "real" doctors at some remote location. If you have a
real online environment ... to real (remote) doctors ... then a much
better solution is to have something that authenticates the victim ...
and the consulting doctor then has some mechanism for locating and
retrieving the online medical records (as opposed to first responder
being able to make sense out of a victim's complete medical
records).<br><br>
Another niche for the technology was offline financial transactions ...
for parts of the world where online connectivity was difficult,
non-existent and/or extremely expensive. the smartcard would contain the
business rules and logic for performing (offline) financial transaction
interacting with random merchant terminals. Two issues arise here ....
there is a significant mutual suspicion (lack of trust) problem between
random merchant terminals anywhere in the world and random consumer
smartcards anywhere in the world; and the technology started to be
deployed at a time when online connectivity was starting to become
ubiquitous and easily available in most places in the world. An example
is the european deployed stored-value (offline) smartcards in the 90s
compared to the rapid market penetration of stored-value (online)
magstripe (gift, affinity, merchant, etc) cards in the US .... making use
of the ubiquitous nature of online connectivity available in the US.
Again, which the availability of online .... the problem changes from
requiring a very expensive and trusted distributed offline infrastructure
and offline distributed business rules .... to the much more simple
problem of requiring (increasingly strong) authentication.<br><br>
<font face=3D"Century Schoolbook, New Century Schoolbook" size=3D3>So the
financial oriented infrastructure has seen some amount of
"skimming" threats and exploits with the terminals and/or
networks. Even if the smartcard paradigm is just reduced to a (dumb)
chipcard that only provides strong authentication .... the issue is does
the consumer completely provide their own environment ... or do they have
to depend on (and trust) randomly located terminals at random locations
around the world.<br><br>
Part of the authentication issue ... is the 3-factor authentication
model<br><br>
* something you have<br>
* something you know<br>
* something you are<br><br>
the "card" (or chip) provides the "something you
have" piece. <br><br>
in order to add "something you know" ... requires the consumer
entering a pin or password; the issue then becomes does the consumer
trust some randomly located pin-pad. there is a similar issue with
whether the consumer trust their own biometric sensor or would they trust
somebody else's biometric sensor. <br><br>
a consumer owned cell phone .... could presumably provide both a consumer
trusted pin-pad ... and w/o a whole lot of magic ... a consumer camera
cell phone could be used for sensor for various kinds of biometric info.
<br><br>
some part of the issue is that the original target market niche for
smartcards (portable computing with fixed interoperable input/output
stations) started to evaporate after a lot of the investment had been
done but before there was a lot of deployment and investment recovery.
<br><br>
<x-sigsep><p></x-sigsep>
--<br>
Anne & Lynn Wheeler
<a href=3D"http://www.garlic.com/~lynn/"=
eudora=3D"autourl">http://www.garlic.com/~lynn/<br>
</a> </font></body>
</html>
--=====================_12305484==.ALT--
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
