On 09/07/2010 02:18 PM, Perry E. Metzger wrote:

The question is, can you make it more expensive to do that than to,
say, buy a new parking card or whatever else the smart card is being
used for. If the attack is fairly cheap and repeatable and yields
something reasonably valuable, you have a problem. If you can make the
attack expensive and only yield something cheap, you're doing well.

The designer often has wrong information about what the system will be used for. Most systems don't see much adoption and are discontinued because they don't make any money. Systems that succeed with low-value transactions tend to get repurposed for more and more important roles until the breaking point. SSL and Zigbee are two examples.

Imagine how much an additional shielded region would cost to a cell phone that's expected to sell 50 million units. An engineer is probably going to be trading that cost off against some other feature with a tangible benefit. When the junior engineer speaks up and says "let's just use the microphone for entropy gathering instead" he's going to be considered a hero for saving millions.

An additional consideration is that the device must also operate reliably when someone puts popcorn in the microwave or uses an arc welder in the next room. The detector must absolutely never create a false positive.

Most actual consumer products sold will prefer to continue insecure operation rather than shut off. For example, the GSM standard includes a mechanism to notify the user on the display if they're connected to a cell tower with an unencrypted signal. Cell carriers typically disable this notification, presumably because it tangibly increases support costs for a benefit that appears highly theoretical. It's usually only when it's the interests of the manufacturer that are being protected that a device will actually go out of its way to find a reason to cease operation (e.g., DRM).

- Marsh

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com

Reply via email to