Aram Perez <[EMAIL PROTECTED]> writes:
>> Ed Felten has an interesting post on his blog about a Dutch smartcard
>> based transportation payment system that has been broken. Among other
>> foolishness, the designers used a custom cryptosystem and 48 bit keys.
> Not to defend the designers in any way or fashion, but I'd like to
> ask, How much security can you put into a plastic card, the size of a
> credit card, that has to perform its function in a secure manner, all
> in under 2 seconds (in under 1 second in parts of Asia)?

Several other transit systems have payment cards that have proven
remarkably resilient to attack. For example, the NYC "Metrocard"
system has been attacked repeatedly without significant breaks (but it
does not rely on its cards being tamperproof -- it is an online system
using magstripes.)

The authors of the paper on the Dutch break claim that it would have
been possible to use far more secure means even given the basic
design, such as a non-proprietary crypto algorithm and longer keys. I
see no real reason to disbelieve this. In any case, if it was not
possible to do this with smartcards, existing, well proven mechanisms
that are in use in other transit systems could have been adopted. It
is not necessary to use an unimplementable architecture when
implementable and proven architectures exist.

Often we hear of a false need for "engineering tradeoffs" in such
circumstances. Engineering tradeoffs do indeed sometimes become
critical in security design. However, you should be very skeptical
when someone claims that they "need" to use a home grown crypto
algorithm or that they "need" to use a home grown protocol instead of
a well proven one. Generally these are not "engineering tradeoffs" but
reflections of ignorance on the part of the designers.

Perry E. Metzger                [EMAIL PROTECTED]

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to