--- begin forwarded text
Status: RO
Sender: [EMAIL PROTECTED]
Date: Tue, 12 Nov 2002 13:31:49 -0500
From: IanG [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
To: Adam Back [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED], Digital Bearer Settlement List
[EMAIL PROTECTED]
Subject: Re: security of limits in mondex (Re: Spending velocity limit
implementation in smart cards)
Adam Back wrote:
I was wondering about this recently to do with mondex. They claim as
you say have limits on transaction uploads, so the user could hide
some transactions. Indeed the user need never reconnect to the bank,
always refilling via other users and spending to other users.
Although they could if they chose implement something on the card to
force it to connect within some maxium interval to the bank.
And yet I thought they claimed to be able to have some liability
limiting factors such as limits on card spending per month, and
perhaps card spending ever.
And the card itself is just a tamper resistant counter, and signed
receipts are exchanged between cards to add to the counter (received
payment) and subtract from the counter (send payment).
But I think these claims are contradictory unless the limiting factors
are implemented on the card, in which case they offer limited
protection against someone extracting private keys from the card.
So are they really uploading everything to bank via other cards even
in peer to peer, or perhaps enough information (value, but not user or
transaction description) to notice imbalances (corresponding to hacked
bottomless cards)? Or is it that the limits in fact implemented on
card and their likely effectivness in combatting fraud from tampered
cards exaggerated?
It's a real mess. The first thing to realise is that
all the smart card money players practice security by
obscurity. Mondex is particularly bad, as even people
trying to help them get slammed with NDAs that slow
down the information; working with Mondex is like
swimming in molasses, it smells sweet, and you can do
it for a year without leaving the side of the pool.
What happens then is that actually, very few people
within the organisation know how it works. And, those
that do are constrained to not reveal. So what results
is a case of institutional cognitive dissonance, that
is, the various parts of the organisation holding
contradictory beliefs at the same time.
Do you recall when the Power Analysis thing was published
in America? I was working in such a company at the time.
I didn't sign an NDA, but I won't reveal their name.
I took the work over to the security people and asked
them about it. To my surprise, they knew all about it.
It turns out that all that stuff that had been published
had been known of in the European smart card industry,
all along. But it was secret. I saw the slides of the
presentations from TNO people where they listed the
attacks that the tests that they used on smart cards.
The didn't use the same words at TNO, but you could
match up the dots and draw the same picture. These
slides were 5 years old at the time.
It was that work that got the security guys to admit
- to me - that the smart cards were defeatable. Up
until then, they hadn't admitted it. But, the rest
of the organisation remained convinced the cards were
undefeatable.
Why? Because all the security was subject to a NDA or
secrecy order. Which allowed all sorts of problems to
arise.
I have no internal knowledge of Mondex, but I see the
same process. Those that know can't say, and those
that don't know (the truth) don't tell you they don't
know the truth.
It is for reasons similar to this (but not precisely
the same issues) that I don't think smart card money
has a chance. Some disagree. Notably, Dave B is a
loyal pundit of the chip card. Also, Rachel has
tramped that path for 7 long years. If you ever need
to see proof that smart card money is doomed, look at
Intertrader. For all that time, they demonstrated
that smart cards could be used as money over the net.
Mondex remain blithely ignorant of this, in an
institutional sense. Sure, 100 meetings later, the
names are all known, but are they aware, in a sentient
sense? No. My observations have led me to believe,
that, like Mars, there is no possibility of useful
life in smart card companies.
PS: I know I haven't answered the real question, as to
how Mondex does it. the following is speculative:
There are 10 slots on the card for transactions, and
it is possible for the oldest ones to be wiped by
inserting new transactions. Those transactions can
be read off by another card, if so organised, hence,
when doing an upload to the bank, it can read off
the transactions. Now, if the bank detects that
some of the transactions have been wiped, it can issue
a freeze command.
Here's where the cognitive dissonance comes in: all
of the above is configurable. That is, one Mondex
issue might do it that way, or it not. So, when asking
the question,
