Peter Gutmann wrote:
Smart cards are part of the problem set, not the solution set - they're just
an expensive and awkward distraction from solving the real problem.  What I
was suggesting (and have been for at least ten years :-) is a small external
single-function device (no need for an OS) that can't be compromised by
malware because there's no attack vector for the malware to get at it.

there is an interesting side story to this involving certification, common 
protection profiles, etc.

possibly the majority of the smartcard protection profiles have to do with all 
problems allowing software/application to be loaded. on the other hand, you can
get a common criteria evaluation done on the basic chip ... w/o any application
loading ... and being able to show a much higher security level ... than might 
possible with any application actually loaded.

one of the problems i ran into getting higher than eal4+ for aads chip strawman
... was since everything was built into the silicon at manufacturing time, and nothing could be subsequently loaded ... all the crypto had to also be resident in the silicon.
one of the original objectives given for the aads chip strawman was being able
to do digital signature in contactless form factor within transit gate elapsed
time requirements (very low power and very fast) ... which eventually fell to
doing ec/dsa ... and i couldn't get an protection profile definition for ec/dsa
higher than eal4+.  similar chips ... w/o anything loaded had been able to
get eal5+ evaluation (or better) ... but since ec/dsa was built into the chip 
it was only possible to get eal4+.

the other criteria for aads chip strawman was extremely aggressive cost 
i had joked i was taking a $500 milspec part, cost reducing by 2-3 orders of
magnitude and at the same time increasing the integrity. part of the aggressive
cost reduction was choosing a single function ("something you have" 
via chip digital signature) that could be used in a broad range of applications 
and eliminate everything else.

misc. aads

other posts in this thread: The bank fraud blame game The bank fraud blame game The bank fraud blame game The bank fraud blame game The bank fraud blame game

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to