| Jerrold Leichter <[EMAIL PROTECTED]> writes: | > In doing this calculation, be careful about the assumptions you make | > about how effective the countermeasures will be. The new systems | > may be more secure, but people will eventually come up with ways to | > break them. The history of security measures is hardly encouraging. | | I'm not sure I agree with that, and I'll tell you why. | | Take the case of NAMPS cell phone fraud. At one time, phone cloning | was a serious problem. The main issue was that people could simply | listen in on call setup and get all the information they needed to do | phone fraud. Once strong crypto was used to authenticate mobiles with | the deployment of digital cellphone networks, mobile phone cloning | fraud didn't just shift around, it almost completely vanished.... It's very difficult to get a "clean" experiment on something like this.
There is no doubt that going from NAMPS to digital cellphone networks raised the cost of phone cloning or related methods for getting uncharged/mischarged service considerably. However, at the same time, the cost of *legitimate* cellphone service fell dramatically. When you can get 500 minutes of free calls to anywhere in the US for around $40/month (with various hours or calls to customers of the same carrier free on top of that), just how much does it pay to clone a phone? Overseas calls probably provided some incentive for a while, but soon their prices dropped radically, pre-paid, cheap phone cards became widespread (and were probably stolen) - and more recently services like Skype have reduced the cost to zero. The only remaining reason to clone a phone is to place untraceable calls - but you can do as well by buying a pre-paid phone and the number of minutes of airtime you need, paying cash, then tossing the phone. (Using a clone phone for this purpose was getting rather dangerous toward the end of the NAMPS era anyway as the providers started rolling out equipment that recognized the transmission signatures of individual phones. Generally, this was aimed at preventing clones from operating, but it could as well be used to recognize a given clone regardless of the identification info it sent.) A better history to look at might be satellite TV subscription services, which took many generations of allegedly secure cryptography to get to wherever they are today (which as far as I can tell is a non-zero but tolerably low rate of fraud - the cost of entry to satellite TV subscription fraud these days is very high). -- Jerry --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]