A group of computer scientists at Johns Hopkins and RSA Labs is reporting practical attacks against the TI "Digital Signature Transponder" RFID chip, which is used, among other things, to secure many automotive "transponder" ignition keys and the "SpeedPass" payment system. Their paper is available at http://www.rfidanalysis.org The results are also mentioned in today's New York Times, at http://www.nytimes.com/2005/01/29/national/29key.html
Aside from the practical significance of this work (a thief may be able to copy your ignition immobilizer and payment transponder from a short distance away without your knowledge or cooperation), it nicely illustrates yet again the increasing convergence of cryptology, computer security and physical security, as well as the importance of exposing any security technology to scrutiny before it is fielded.
From a cursory scan of the paper, it appears that these attacks could have been easily avoided had the designers of the system followed well known, widely accepted computer security practices such as the use of well-scrutinized algorithms and, most importantly, not depending on easily discovered "secrets". Unfortunately, as this work demonstrates, many designers of both computer and physical security systems have yet to take these principles seriously.
-matt
--------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
