On 11/10/2009 09:44 AM, Jerry Leichter wrote:
Not that this should block the use of devices like the ZTIC! They're
still much more secure than the alternatives. But it's important to keep
in mind the vulnerabilities we engineer *into* systems at the same time
we engineer others *out*.

vulnerabilities tend to be proportional to complexity.

we had been asked in to consult with small client/server startup that wanted to do payment transactions on 
their server ... they had also invented this technology called "SSL" applied to the process. The 
result is frequently called "electronic commerce". The major use/purpose of that "SSL" in 
the world today is hiding the account number and other transaction details.

somewhat as a result, in the mid-90s we were invited to to participate in the x9a10 
financial standard working group which had been given the requirement to preserve 
the integrity of the financial infrastructure for all retail payments. Part of that 
was detailed threat&vulnerability studies of different payment methods and 
environments. One of the biggest problems was vulnerability of leaking account 
number ... since it was trivial for crooks to use it for originating fraudulent 
transactions ... and at the same time required by millions of business processes 
around the world. So part of the resulting standard was slightly tweaking the 
paradigm and eliminating the account number (and transaction details) as a 
vulnerability (which then also eliminates the major use of SSL in the world today).

along the way, i also made semi-facetious comment that i would take a $500 
milspec item and aggressively cost reduce it by 2-3 orders of magnitude while 
making it more secure. Part of the effort effectively worked out getting it 
close to the EPC RFID technology process (items targeted at replacing UPC 
barcodes on grocery items at a few cents or less) w/o reducing security.

Basically it is all silicon ... which not only reduces a lot of after-FAB 
vulnerabilities ... but also eliminates the costs of a lot of the post-FAB 
processing steps (as silicon cost goes to zero, post-FAB processing costs 
started to dominate).

Along with it is the concept of security proportional to risk ... at the 
issuing authorization end of a transaction ... the security characteristics of 
the originating components can be evaluated ... in the case of the chip ... the 
security level of the chip can even be updated in real time as vulnerabilities 
are identified.
This can help decide like a when a few cent item might be needed to be replaced 
for higher value  transactions

--
40+yrs virtualization experience (since Jan68), online at home since Mar1970

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com

Reply via email to