On Nov 8, 2009, at 2:07 AM, John Levine wrote:
At a meeting a few weeks ago I was talking to a guy from BITS, the
e-commerce part of the Financial Services Roundtable, about the way
that malware infected PCs break all banks' fancy multi-password logins
since no matter how complex the login process, a botted PC can wait
until you login, then send fake transactions during your legitimate
session. This is apparently a big problem in Europe.
I told him about an approach to use a security dongle that puts the
display and confirmation outside the range of the malware, and
although I thought it was fairly obvious, he'd apparently never heard
it before.
Wow. *That's* scary.
When I said I'd been thinking about it for a while, he
asked if I could write it up so we could discuss it further.
So before I send it off, if people have a moment could you look at it
and tell me if I'm missing something egregiously obvious? Tnx.
I've made it an entry in my blog at
http://weblog.johnlevine.com/Money/securetrans.html
Technical content is fine, with one comment: You don't need a big
keyboard to allow for a secure "user login": Even a single one will
do. You'd have a list of, say, 5 key words that you memorize. When
the device turns on, it flashes a set of 10 words across the screen,
one at a time for 1 second a piece (times/numbers subject to usability
testing). Exactly one is from your list of 5; you need to press the
button while your word is on the screen. Repeat this process 3 times
and the chance of guessing the right words is 1 in a thousand. (Yes,
someone can watch you using the device, but if it continues to the end
of the set of 10 even after you press the button, it's a bit of a
challenge to know which one you picked - and of course they could
watch you type your password.)
It does need another pass for typos and such - e.g., "to defeat
attacks that steal credentials and reuse *it* to set up another
session later".
I think $50 is a very high estimate. (Lynn Wheeler has described a
design for a more powerful version of such a device that, as I recall,
came in well under this figure a couple of years back.) Note that if
the bank supplies the device - so that it necessarily knows any secret
contained in it, and it's designed to be resistant to attempts to
determine the secrets in it - then you don't need to use public key
crypto; symmetric algorithms are just fine. These require very little
compute power and memory.
Once you assume that the secure endpoints are the device and the bank,
the connection between the device and the PC is something you don't
need to worry about. For somewhat higher cost than USB, you can use
Bluetooth. Then the device can be anything. Look at the iPod shuffle
and imagine how Apple might build such a thing. It could easily
become a fashion accessory - a bank could get a lot of marketing
mileage out of providing a fob with some famous designer's name on it.
-- Jerry
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
