Matt Blaze wrote:
A group of computer scientists at Johns Hopkins and RSA Labs
is reporting practical attacks against the TI "Digital Signature
Transponder" RFID chip, which is used, among other things, to
secure many automotive "transponder" ignition keys and the
"SpeedPass" payment system. Their paper is available at
http://www.rfidanalysis.org
The results are also mentioned in today's New York Times, at
http://www.nytimes.com/2005/01/29/national/29key.html
This is good research!
From a cursory scan of the paper, it appears that these attacks
could have been easily avoided had the designers of the system
followed well known, widely accepted computer security practices
such as the use of well-scrutinized algorithms and, most importantly,
not depending on easily discovered "secrets". Unfortunately, as
this work demonstrates, many designers of both computer and
physical security systems have yet to take these principles
seriously.
I don't think the designers have done the wrong thing. A
cursory scanning of the HTML above indicates that:
+ the device reduced auto theft by "as much as 90%";
+ In 2003, auto loss was 1.3 million vehicles and $8.6
billion dollars.
+ the device was fitted to 150,000 vehicles.
If we say (pick a number any number) 1% of vehicles are
stolen every year, then 1500 of those vehicles were to have
been stolen, and only a tenth of them were. That's a saving
of 1350 vehicles, or at a cost o $6600, $8.9 million saved.
Saved. Nothing can change that (except picking better
fudge factors, of course ;).
To criticise the actions of the designers would be to say
that they will lose inordinately more in the future, but even
that's not the case. It is unlikely that the system will result
in all vehicles now being at 'ordinary' risk of theft, it is more
likely that the risk benefit will shift from 10% to 20% over
time. So even in the future, they still save, just not as much
as last year.
Which is to say, the designers are still in profit.
Also, one has to wonder when the algorithm/size was chosen.
If 150,000 of these are out there, it wouldn't surprise me if the
basic design paramaters of the system are 10 years old, which
takes us back to the good old days when RC4 was considered
good, 40 bits was not easy to crack, and you were lucky to get
an RFID that could do crypto ... (Indeed, the paper states that
40 bits was beyond them unless they built the 16-way FPGA
array!).
iang
--
News and views on what matters in finance+crypto:
http://financialcryptography.com/
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
