jcew...@acm.org (Joel C. Ewing) writes: > If the final verdict has not yet been reached on whether or not there > is any increased health risk from having a cell-phone transmitter next > to your head for prolonged periods, the idea of having a permanent RF > transmitter internally or attached to my body doesn't sound that > appealing. > > Sounds like it would also mean someone forceably detained could be > impersonated easily without their need to cooperate (or even be > conscious or alive?). I still see a need for authentication to > require something only known by the individual, not solely based on > something they possess.
static data vulnerable to replay attacks has been known for decades (if not centuries). we had been brought in as consultants to small internet client/server startup that wanted to do payment transactions on server ... they had also invented this stuff called "SSL" they wanted to use ... the result is now frequently called "electronic commerce". somewhat as a result, in the mid-90s we were asked to participate in the x9a10 financial standards working group which had been given the requirement to preserve the integrity of financial infrastructure for all retail payments. as a result we did detailed end-to-end threat & vulnerability studies. part of the issue is three factor authentication paradigm * something you have * something you know * something you are the above can also be static or non-static (dynamic); static means they are subject to replay attacks. multi-factor authentication is assumed to be more secure if they have indepedent vulnerabilities. However, two-factor authentication ATM transactions ... ATM card (something you have) with magstripe and PIN (something you know) ... have separate failure modes for lost/stolen card (if the PIN isn't written on the card ... which has found to be the case in 30% of the cards). However, both the magstripe and PIN are static data and have a common vulnerability to skimming attacks involving compromised end-points (ATM machines and/or point-of-sale terminals). for x9a10, I semi-facetiously said I would take a $500 mil-spec chip, aggresively cost reduce it by 2-3 orders of magnitude (eventually well under dollar) while making it more secure ... including supporting dynamic data (immune to replay attacks). then the transit industry asked that the chip also be able to work on RF power within turnstyle time limits (very low power & around 100ms) ... this was at time when contact powered chips were taking several seconds for dynamic data ... and RF-powered versions would take 100 times longer (needed to be able to do dynamic data strong authentication in about 1/1000 power profile of common chips of the era). basically chipcard that can work as contact and contactless ... like walking thru turnstyle. The contactless chipcard has antenna embedded in the card that picks up RF energy to power the chip when walking through transit turnstyle ... the same RF signal is also used for communication. from security proportional to risk ... the chip dynamic data by itself is single factor ("something you have") authentication for low-value operations ... but for higher value operations ... then add in "something you know" &/or "something you are" for multi-factor authentication. another facet is whether "something you know" type authentication (say static data) is "shared-secret" or "non-shared-secret". A "something you know" shared secret are things like passwords ... where the password is registered at the authentication agency. For "shared-secret" "something you know", kindergarten security requires unique "shared-secret" for every unique security domain ... as countermeasure to cross-domain attacks ... this results in some people being faced with needing hundreds of unique passwords. however, it is possible design multi-factor authentication that includes pin/password "something you know" ... which isn't a shared-secret (not divulged or registered). disclaimer: dozens of (assigned) patents on the subject (including covering person-centric operation as opposed to institutional-centric operation where something unique is required for each different institution and/or environment) http://www.garlic.com/~lynn/aadssummary.htm -- virtualization experience starting Jan1968, online at home since Mar1970 ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN