--- begin forwarded text
Status: RO Sender: <[EMAIL PROTECTED]> Date: Tue, 12 Nov 2002 13:31:49 -0500 From: IanG <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] To: Adam Back <[EMAIL PROTECTED]> Cc: [EMAIL PROTECTED], Digital Bearer Settlement List <[EMAIL PROTECTED]> Subject: Re: security of limits in mondex (Re: Spending velocity limit implementation in smart cards) Adam Back wrote: > I was wondering about this recently to do with mondex. They claim as > you say have limits on transaction uploads, so the user could hide > some transactions. Indeed the user need never reconnect to the bank, > always refilling via other users and spending to other users. > Although they could if they chose implement something on the card to > force it to connect within some maxium interval to the bank. > > And yet I thought they claimed to be able to have some liability > limiting factors such as limits on card spending per month, and > perhaps card spending ever. > > And the card itself is just a tamper resistant counter, and signed > receipts are exchanged between cards to add to the counter (received > payment) and subtract from the counter (send payment)>. > > But I think these claims are contradictory unless the limiting factors > are implemented on the card, in which case they offer limited > protection against someone extracting private keys from the card. > > So are they really uploading everything to bank via other cards even > in peer to peer, or perhaps enough information (value, but not user or > transaction description) to notice imbalances (corresponding to hacked > bottomless cards)? Or is it that the limits in fact implemented on > card and their likely effectivness in combatting fraud from tampered > cards exaggerated? It's a real mess. The first thing to realise is that all the smart card money players practice security by obscurity. Mondex is particularly bad, as even people trying to help them get slammed with NDAs that slow down the information; working with Mondex is like swimming in molasses, it smells sweet, and you can do it for a year without leaving the side of the pool. What happens then is that actually, very few people within the organisation know how it works. And, those that do are constrained to not reveal. So what results is a case of institutional cognitive dissonance, that is, the various parts of the organisation holding contradictory beliefs at the same time. Do you recall when the Power Analysis thing was published in America? I was working in such a company at the time. I didn't sign an NDA, but I won't reveal their name. I took the work over to the security people and asked them about it. To my surprise, they knew all about it. It turns out that all that stuff that had been published had been known of in the European smart card industry, all along. But it was secret. I saw the slides of the presentations from TNO people where they listed the attacks that the tests that they used on smart cards. The didn't use the same words at TNO, but you could match up the dots and draw the same picture. These slides were 5 years old at the time. It was that work that got the security guys to admit - to me - that the smart cards were defeatable. Up until then, they hadn't admitted it. But, the rest of the organisation remained convinced the cards were undefeatable. Why? Because all the security was subject to a NDA or secrecy order. Which allowed all sorts of problems to arise. I have no internal knowledge of Mondex, but I see the same process. Those that know can't say, and those that don't know (the truth) don't tell you they don't know the truth. It is for reasons similar to this (but not precisely the same issues) that I don't think smart card money has a chance. Some disagree. Notably, Dave B is a loyal pundit of the chip card. Also, Rachel has tramped that path for 7 long years. If you ever need to see proof that smart card money is doomed, look at Intertrader. For all that time, they demonstrated that smart cards could be used as money over the net. Mondex remain blithely ignorant of this, in an institutional sense. Sure, 100 meetings later, the names are all known, but are they aware, in a sentient sense? No. My observations have led me to believe, that, like Mars, there is no possibility of useful life in smart card companies. PS: I know I haven't answered the real question, as to how Mondex does it. the following is speculative: There are 10 slots on the card for transactions, and it is possible for the oldest ones to be wiped by inserting new transactions. Those transactions can be read off by another card, if so organised, hence, when doing an upload to the "bank", it can read off the transactions. Now, if the "bank" detects that some of the transactions have been wiped, it can issue a freeze command. Here's where the cognitive dissonance comes in: all of the above is configurable. That is, one Mondex issue might do it that way, or it not. So, when asking the question, the answer is yes, and no. Hence, it takes a long time and a lot of questions to figure out how it works. Even worse, any authority can simply say, no, that's not the way it works, and refuse to elaborate. And, they would be correct. And incorrect. That's the great thing about Mondex, it is everything you want it to be. -- iang --- end forwarded text -- ----------------- R. A. Hettinga <mailto: [EMAIL PROTECTED]> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]