RE: The Register - UK firm touts alternative to digital certs (fw d)
David Howe[SMTP:[EMAIL PROTECTED]] writes: at Sunday, October 20, 2002 2:22 PM, Jim Choate [EMAIL PROTECTED] was seen to say: http://theregister.co.uk/content/6/27659.html looks like a dumbed-down version of the secureID system. Basically, it works like this 1. user enters five-digit pin code. code is in colours (four choices) not numbers though. Total pin keylength therefore ten bit. 2. device increments an internal counter, and generates a composite code comprising user id, current clock time and the internal counter (number of times card used, basically) 3. device uses single-DES to encrypt that data, and then binhexes it to give a keycode 4. user types in their username and keycode into website 5. website contacts quizid authentication server and verifies code is valid (and that account has enough to cover the transaction) 6. website completes transaction and bills quizid company 7. quizid company bills user's credit card. the plus side here is that the website never knows the user's credit card details, and is given a oneshot authentication handle that is useless once verified. the downside is that the system has no way to verify an amount, and is only weakly protected (both in pin (weaker than the usual four digit ATM pin) and in transit (single-des) [Disclosure: I work on SecurID]. This was discussed on Perry's Cryptography list last week. It does look kind of like a dumbed down SecurID - but what it looks like even more is an ActivCard keychain token http://www.activcard.com/activ/products/end_user/activ_card_one/index.html repackaged into a bigger form factor. The code generation scheme appears similar as well. The Company Info page reveals that ActivCard actually manufactures the device. I'd be nervous about a availability with centralized servers, even if they are triple redundant with two sites. DDOS attacks, infrastructure (backhoe) attacks, etc, could all wreck havoc. I also wonder about scalability with centralized servers. A BBC article http://news.bbc.co.uk/1/hi/technology/2334491.stm claims 600 authentications/second, in a system which cost UKP 1M in hardware alone. This is not really good enough if you're trying to cover the world (or even just Britain) from one site. AOL gets about *50,000* login attempts per second at peak times, to give one admittedly extreme example. Disclaimer: The above are my personal opinions only. Peter Trei
Re: The Register - UK firm touts alternative to digital certs (fwd)
at Monday, October 21, 2002 3:14 PM, Trei, Peter [EMAIL PROTECTED] was seen to say: I'd be nervous about a availability with centralized servers, even if they are triple redundant with two sites. DDOS attacks, infrastructure (backhoe) attacks, etc, could all wreck havoc. Indeed so, yes. I suspect (if it ever takes off) that they will have to scale their server setup in pace with the demand, but to be honest I think 600/sec is probably quite a high load for actual payments - we aren't talking logins or web queries, but actual real-money-payment requests. I suspect that, if it became the dominant payment method for amazon or ebay, they would need a much more hefty server, but at this stage I suspect a heavy load would be two auths per second :)
Re: The Register - UK firm touts alternative to digital certs (fwd)
On Mon, Oct 21, 2002 at 03:37:33PM +0100, David Howe wrote: at Monday, October 21, 2002 3:14 PM, Trei, Peter [EMAIL PROTECTED] was seen to say: I'd be nervous about a availability with centralized servers, even if they are triple redundant with two sites. DDOS attacks, infrastructure (backhoe) attacks, etc, could all wreck havoc. Indeed so, yes. I suspect (if it ever takes off) that they will have to scale their server setup in pace with the demand, but to be honest I think 600/sec is probably quite a high load for actual payments - we aren't talking logins or web queries, but actual real-money-payment requests. Looking at their web site, they seem pretty generic about what it's for, but I did not see any mention of using it for payments. So I assume it's for logins. They do say that their servers are benchmarked at 300 transactions/sec. That's pretty darn slow for single des. There would have to be an authenticated and probably encrypted session between the server accepting the login (or the merchant if it really does payments) and the back end. But even using SSL/TLS, which would be more than is required but an easy component to plug in, they ought to be able to get at least a true 1000 sessions/sec using one of the current SSL accelerators out there. Maybe they have a bunch of slow database lookups? Perhaps there is a long RTT for the check against the CIA blacklist? If it is for logins, how many sites would be willing to let someone else know when their employees log in? That could be useful competitive intelligence. Eric
Re: The Register - UK firm touts alternative to digital certs (fwd)
at Monday, October 21, 2002 4:20 PM, Eric Murray [EMAIL PROTECTED] was seen to say: Looking at their web site, they seem pretty generic about what it's for, but I did not see any mention of using it for payments. So I assume it's for logins. well, I was working from: The Quizid registry The Quizid registry is a database that translates the customer profile information required to facilitate secure online payment. Once a customer has been authenticated by the Quizid vault, the payment transaction is completed between the registry and the acquiring bank using the appropriate payment protocols. The bank then performs the necessary clearing between acquirers and issuers. As well as storing credit and debit card details the registry can be used to securely hold any personal information you would rather not enter over the Internet. So you can pre-load your delivery address, details of loyalty cards or even your seating preference for airline tickets. As well as being more secure this makes shopping online faster and simpler as you don't have to enter in the same information time after time. plus the two of their demo sites I checked offer it only as a checkout payment option. They do say that their servers are benchmarked at 300 transactions/sec. That's pretty darn slow for single des. Not sure that 1Des is the bottleneck. From my (perhaps incorrect) idea of the process: 1. user checks out with QuizID code 2. Website opens link to QuizID and presents *its* credentials 3. QuizID checks database, confirms valid login for the website 4. Website presents user ID and Quizid code 5. QuizID checks database, verifies that QuizID code was recently generated, the sequence number is in a reasonable range, and that the user hasn't closed his account or something 6. QuizID returns to Website any site-specific data held in its registry for that Website+Customer pair, plus any data that the user has marked of general accessability (such as delivery address) 7. Website requests payment of $amount 8. QuizID retrieves bank details from database for user, signs onto merchant services, and gets a authorization for the amount; signs on again and commits the payment; gets the account details for the Website owner from the database; signs on to the merchant services *again* and makes a payment of equal amount (presumably minus their fees) into the Website owner's account 9. QuizID sends a success (or fail) message to the Website there are probably enough individual comms and database lookup tasks there to slow things down quite a bit, even leaving aside the crypto aspects.
Re: palladium presentation - anyone going?
Palladium sets up a separate trusted virtual computer inside the PC processor, with its own OS, called Nexus, and it own applications, called agents. Holy crap. So does this mean that MS Windows 2005 with Palladium operating will take about 15 minutes to boot up? Will Age of Empires 5 even be able to run with all that crap going? And after that, I guess we'll find a reason to run another virtual machine on top of the Palladium virtual machine, no? Guess I gotta go upgrade my hardware... From: Arnold G. Reinhold [EMAIL PROTECTED] To: Adam Back [EMAIL PROTECTED], Cypherpunks [EMAIL PROTECTED] CC: Cryptography [EMAIL PROTECTED], Adam Back [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: palladium presentation - anyone going? Date: Sun, 20 Oct 2002 22:38:35 -0400 At 7:15 PM +0100 10/17/02, Adam Back wrote: Would someone at MIT / in Boston area like to go to this [see end] and send a report to the list? I went. It was a good talk. The room was jam packed. Brian is very forthright and sincere. After he finished speaking, Richard Stallman gave an uninvited rebuttal speech, saying Palladium was very dangerous and ought to be banned. His concerns are legitimate, but the net effect, I think, was to make the QA session that followed less hostile. Palladium sets up a separate trusted virtual computer inside the PC processor, with its own OS, called Nexus, and it own applications, called agents. The trusted computer communicates with a security co-processor on the mother board, and has a secure channel to your keyboard and mouse and to a selected window on your CRT screen. How to prevent the secure channel to the on-screen window from being spoofed is still an open problem. Brian suggested a secure mode LED that lights when that window has focus or having the secure window display a mother's-maden-name type code word that you only tell Nexus. Of course this doesn't matter for DRM since *your* trusting the window is not the issue. All disk and network I/O is done thru the untrusted Windows OS on the theory that the trusted machine will encrypt anything it wants to keep private. Windows even takes care of Nexus scheduling. A major design goal is that all existing software must run without change. Users are not required to boot Palladium at all, and are to be able to boot it long after Windows has booted. Might help clear up some of the currently unexplained aspects about Palladium, such as: - why they think it couldn't be used to protect software copyright (as the subject of Lucky's patent) The specific question never came up. As Brain did say, Palladium is just a platform. People can built whatever they want on top of it. It seemed clear to me that the primary goal is DRM, but as someone else in the audience said (approximate quote) We always hear that you can't do this or that without trusted hardware. Well, this is trusted hardware. I don't see why anyone would think protecting software copyright could not be done. - are there plans to move SCP functions into processor? any relation to Intel Lagrange No. The SCP is based on a smart card core and is to be a light weight, low pin count chip with a target cost of $1 in volume. I presume future deals between MS and Intel are always possible. The SCP will support several algorithms, including 2048-bit RSA, 128-bit AES, SHA1, an HMAC. They may include another cipher and another hash. There will also be a FIPS140-2 Random Number Generator and several monotonic counters, but no time of day clock. Each chip will have a unique RSA key pair, an AES key and a HMAC key. The only key that the SCP will reveal to the outside is the RSA public key and it will only do that once per power up cycle. - isn't it quite weak as someone could send different information to the SCP and processor, thereby being able to forge remote attestation without having to tamper with the SCP; and hence being able to run different TOR, observe trusted agents etc. There is also a change to the PC memory management to support a trusted bit for memory segments. Programs not in trusted mode can't access trusted memory. Also there will be three additional x86 instructions (in microcode) to support secure boot of the trusted kernel and present a SHA1 hash of the kernel code in a read only register. There may be a hole somewhere, but Microsoft is trying hard to get it right and Brian seemed quite competent. I notice at the bottom of the talk invite it says | Palladium is not designed to provide defenses against | hardware-based attacks that originate from someone in control of the | local machine. but in this case how does it meet the BORA prevention. Is it BORA prevention _presuming_ the local user is not interested to reconfigure his own hardware? Near as I can see, the real trust comes from the RSA key pair stored in the SCP and a cert on that key from the SCP manufacturer. There is no command to obtain the private key
