jcew...@acm.org (Joel C. Ewing) writes:
> If the final verdict has not yet been reached on whether or not there
> is any increased health risk from having a cell-phone transmitter next
> to your head for prolonged periods, the idea of having a permanent RF
> transmitter internally or attached to my body doesn't sound that
> appealing.
>
> Sounds like it would also mean someone forceably detained could be
> impersonated easily without their need to cooperate (or even be
> conscious or alive?). I still see a need for authentication to
> require something only known by the individual, not solely based on
> something they possess.
static data vulnerable to replay attacks has been known for decades (if
not centuries).
we had been brought in as consultants to small internet client/server
startup that wanted to do payment transactions on server ... they had
also invented this stuff called "SSL" they wanted to use ... the result
is now frequently called "electronic commerce". somewhat as a result, in
the mid-90s we were asked to participate in the x9a10 financial
standards working group which had been given the requirement to preserve
the integrity of financial infrastructure for all retail payments. as a
result we did detailed end-to-end threat & vulnerability studies.
part of the issue is three factor authentication paradigm
* something you have
* something you know
* something you are
the above can also be static or non-static (dynamic); static means they
are subject to replay attacks. multi-factor authentication is assumed to
be more secure if they have indepedent vulnerabilities. However,
two-factor authentication ATM transactions ... ATM card (something you
have) with magstripe and PIN (something you know) ... have separate
failure modes for lost/stolen card (if the PIN isn't written on the card
... which has found to be the case in 30% of the cards). However, both
the magstripe and PIN are static data and have a common vulnerability to
skimming attacks involving compromised end-points (ATM machines and/or
point-of-sale terminals).
for x9a10, I semi-facetiously said I would take a $500 mil-spec chip,
aggresively cost reduce it by 2-3 orders of magnitude (eventually well
under dollar) while making it more secure ... including supporting
dynamic data (immune to replay attacks). then the transit industry asked
that the chip also be able to work on RF power within turnstyle time
limits (very low power & around 100ms) ... this was at time when
contact powered chips were taking several seconds for dynamic data
... and RF-powered versions would take 100 times longer (needed to be
able to do dynamic data strong authentication in about 1/1000 power
profile of common chips of the era).
basically chipcard that can work as contact and contactless ... like
walking thru turnstyle. The contactless chipcard has antenna embedded in
the card that picks up RF energy to power the chip when walking through
transit turnstyle ... the same RF signal is also used for communication.
from security proportional to risk ... the chip dynamic data by itself
is single factor ("something you have") authentication for low-value
operations ... but for higher value operations ... then add in
"something you know" &/or "something you are" for multi-factor
authentication.
another facet is whether "something you know" type authentication (say
static data) is "shared-secret" or "non-shared-secret". A "something you
know" shared secret are things like passwords ... where the password is
registered at the authentication agency. For "shared-secret" "something
you know", kindergarten security requires unique "shared-secret" for
every unique security domain ... as countermeasure to cross-domain
attacks ... this results in some people being faced with needing
hundreds of unique passwords.
however, it is possible design multi-factor authentication that includes
pin/password "something you know" ... which isn't a shared-secret (not
divulged or registered).
disclaimer: dozens of (assigned) patents on the subject (including
covering person-centric operation as opposed to institutional-centric
operation where something unique is required for each different
institution and/or environment)
http://www.garlic.com/~lynn/aadssummary.htm
--
virtualization experience starting Jan1968, online at home since Mar1970
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
