Re: EZ Pass and the fast lane ....

2004-07-10 Thread Jerrold Leichter
|  No mention is made of encryption or challenge response
|  authentication but I guess that may or may not be part of the design
|  (one would think it had better be, as picking off the ESN should be duck
|  soup with suitable gear if not encrypted).
|
|  From a business perspective, it makes no
| sense to spend any money on crypto for this
| application.  If it is free, sure use it,
| but if not, then worry about the 0.01% of
| users who fiddle the system later on.
|
| It would be relatively easy to catch someone
| doing this - just cross-correlate with other
| information (address of home and work) and
| then photograph the car at the on-ramp.
It would, in principle, be relatively easy to query these boxes yourself, or
listen in near a station.  You could quickly build up a database of valid
ID's, and could then build/sell a clone box, perhaps a tumbler box that
would rotate among valid ID's.

The actual money involved can be substantial - in the NY area, a cross-Hudson
-River commuter spends at least $5/day through EZ-pass, and you can now charge
things like parking at airports - $25/day or more.  So ... you'd think there
would be an active market in rigged EZ-pass boxes by now (as, for example,
there has been an active market for counterfeit monthly passes on the commuter
rail lines in the New York area.)  Curiously, if there is such a thing, it's
so far on a low enough scale that the press hasn't picked it up.

The basic protection mechanism involved is apparently quite simple:  Every
time you use EZ-pass, a photo of your license plate, and of the driver, is
taken.  The photos are kept for quite some time.  So cheaters can be tracked.

In addition, where there are high-value charges, there is usually a gate.  If
your EZ-pass is invalid, you're stuck in what is effectively a man-trap,
waiting for the cops on duty to check things out.  You'd better have a valid
EZ-pass to show them.  I don't know how much info they can get out of the
system, but it could easily tell them if, when they scan your good pass,
it shows a different ID from the one registered before.  (On the other hand,
high-speed readers - where there is no gate - are spreading.  Several were
recently installed at the Tappan-Zee Bridge, where the toll is $7.)

All in all, the system seems to depend on what I've heard described as the
bull in the china shop theory of security:  You can always buy more china,
but the bull is dead meat.
-- Jerry

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: EZ Pass and the fast lane ....

2004-07-10 Thread Ian Grigg
John Gilmore wrote:
[By the way, [EMAIL PROTECTED] is being left out of this conversation,
 by his own configuration, because his site censors all emails from me.  --gnu]
Sourceforge was doing that to me today!
Well, I am presuming that ... the EZ Pass does have an account
number, right?  And then, the car does have a licence place?  So,
just correlate the account numbers with the licence plates as they
go through the gates.

If they could read the license plates reliably, then they wouldn't
need the EZ Pass at all.  They can't.  It takes human effort, which is
in short supply.
No, that is to confuse the collecting of tolls
with the catching of defrauders.  Consider one
to be the automatic turnstile and the other to
be the ticket inspector.  One records the tolls,
the other looks for error conditions.
The thing about phones is that they have no licence plates and no
toll gates.  Oh, and no cars.

Actually, cellphones DO have other identifying information in them,
akin to license plates.  And their toll gates are cell sites.
Yes, but so ineffective.  I can pass through the
toll gate - the cell site - and nobody can see
where I am.  I can make a call, and nobody can read
my location without doing complicated tracking stuff
with many cells.  The day that the cops get their
dream of cell phones being able to signal location,
that might change, but in the meantime, a cell phone
is for most purposes unlocatable.
Another factor is that the reward is very different,
one can save a lot more on a cellphone than a toll
way trip.
It's not clear what your remark about phones having no cars has to do
with the issue of whether EZ Pass is likely to be widely spoofed.
Sorry, yes:  if I catch a fraudster with a cell
phone, I can haul him down the station and seize
his phone.  BFD, it was probably stolen anyway.
If I catch a EZ Passter I can seize his car.
What incentive does a miscreant have to reprogram hundreds or
thousands of other cars???

(1) Same one they have for releasing viruses or breaking into
thousands of networked systems.  Because they can; it's a fun way to
learn.  Like John Draper calling the adjacent phone booth via
operators in seven countries.  (2) The miscreant gets a cheap toll
along with hundreds of other people who get altered tolls.
OK, so run this past me again.  I get to send a
virus or whatever that causes EZ Pass to go down
or mis-bill thousands of their customers, and I
also have to drive down the free way and drive
through their toll gates, in order to collect my
prize of ... a free ride on the toll way?
[Cory Doctorow's latest novel (Eastern Standard Tribe, available free
online, or in bookstores) hypothesizes MP3-trading networks among
moving cars, swapping automatically with whoever they pass near enough
for a short range WiFi connection.  Sounds plausible to me; there are
already MP3 players with built-in short range FM transmitters, so
nearby cars can hear your current selection.  Extending that to faster
WiFi transfers based on listening preferences would just require a
simple matter of software.  An iPod built by a non-DRM company might
well offer such a firmware option -- at least in countries where
networking is not a crime.  Much of the music I have is freely
tradeable.]
All of which is irrelevant.  The MP3s you are trading
do not generate a transaction request, being fraudulent
or otherwise, do not hit a server that has details on
who you are, and are probably encrypted so nobody can
tell what it is you are doing, thus forcing the cops
(IP terrorists being your #3 priority) to pull the car
to a halt and search for contraband music.
The only questions here are:  do the EZ Pass people have
your licence plate and your EZ Pass account number?  Do
they have the budget to employ some students with cameras?
Do they have the ability to target people who should be
travelling A - D but keep getting billed from B - C?
And, do the drivers who decide to defraud the EZ Pass
system have the ability to avoid 2 points, being any 2
of A, B, C, D?
iang
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: EZ Pass and the fast lane ....

2004-07-10 Thread Steven M. Bellovin
In message [EMAIL PROTECTED], John Gilmore writes:

If they could read the license plates reliably, then they wouldn't
need the EZ Pass at all.  They can't.  It takes human effort, which is
in short supply.


There are, in fact, toll roads that try to do that; see, for example,
http://www.where.ca/toronto/subcategory_guide.cfm?subcategory_id=25category_id=24subtitle_id=142

But it's not foolproof; see
http://66.102.7.104/search?q=cache:ELIC5NLh1qQJ:www.canoe.ca/Columnists/blizzard_feb18.html+ottawa+%22licence+plate%22+%22toll+road%22+toronto+problemhl=en
(the original seems to have expired, hence the reference to the Google 
cache).

--Steve Bellovin, http://www.research.att.com/~smb


-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: EZ Pass and the fast lane ....

2004-07-10 Thread Greg Rose
At 21:54 2004-07-09 +0100, Ian Grigg wrote:
John Gilmore wrote:
It would be relatively easy to catch someone
doing this - just cross-correlate with other
information (address of home and work) and
then photograph the car at the on-ramp.
Am I missing something?
It seems to me that EZ Pass spoofing should become as popular as
cellphone cloning, until they change the protocol.  You pick up a
tracking number by listening to other peoples' transmissions, then
impersonate them once so that their account gets charged for your toll
(or so that it looks like their car is traveling down a monitored
stretch of road).  It should be easy to automate picking up dozens or
hundreds of tracking numbers while just driving around; and this can
foil both track-the-whole-populace surveillance, AND toll collection.
Miscreants would appear to be other cars; tracking them would not
be feasible.
Well, I am presuming that ... the EZ Pass
does have an account number, right?  And
then, the car does have a licence place?
So, just correlate the account numbers
with the licence plates as they go through
the gates.
If they could do that reliably, they wouldn't need the toll thingy, nu? I 
have been told by someone in the photo-enforcement industry that their 
reliability is only around 75%, and they're very expensive, and ... anyway, 
not a viable solution to the problem given the current economics. But to a 
weekly commuter over one of the bridges in New York, for example, it's 
$1000 per year.

What incentive does a miscreant have to
reprogram hundreds or thousands of other
cars???
Until recently, when viruses and worms started to be used to assist 
spamming, what incentive did a miscreant have to invade hundreds or 
thousands of computers?

Greg.
Greg RoseINTERNET: [EMAIL PROTECTED]
Qualcomm Australia   VOICE:  +61-2-9817 4188   FAX: +61-2-9817 5199
Level 3, 230 Victoria Road, http://people.qualcomm.com/ggr/
Gladesville NSW 2111/232B EC8F 44C6 C853 D68F  E107 E6BF CD2F 1081 A37C
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: EZ Pass and the fast lane ....

2004-07-10 Thread Elliott Frank
FasTrak is a passive system relative to the transponder -- it uses the
transponder ID, a vehicle sensor, and an axle counter to generate toll
records. The associated license plate capture-and-decode feature is only
invoked if a non-transponder-equipped or invalidated-transponder-equipped
vehicle attempts to use a transponder-controlled lane or toll booth. Its
primary purpose is to provide sufficient information for a CHP officer to
stop the offending vehicle. The original FasTrak design couldn't handle an
invalidated transponder: it assumed that all correctly-formatted responses
were from valid devices.

Most of the automated toll systems were designed in an era of expensive
processing and centralized databases: if the toll collection point can
generate a formatted record that can be subsequently processed for billing
purposes, that was sufficient functionality.

Social engineering of automated toll systems may have already arrived: as
long as the dollar amounts of the abuse lie within the noise factor of the
victim's bill (e.g., a limousine service or a trucking company) the issue of
retrofitting encryption to provide 'sufficient protection' will not be
raised.

Elliott

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Using crypto against Phishing, Spoofing and Spamming...

2004-07-10 Thread Florian Weimer
* Amir Herzberg:

 Florian Weimer wrote:

 * Amir Herzberg:

# Protecting (even) Naïve Web Users, or: Preventing Spoofing and
Establishing Credentials of Web Sites, at
http://www.cs.biu.ac.il/~herzbea/Papers/ecommerce/trusted%20credentials%20area.PDF
 The trusted credentials area is an interesting concept.
 Thanks.
   However,
 experience suggests that given the current business models, we cannot
 build the required logotype registry.  All registries which are used
 on the Internet (for IP address assignments, BGP prefixes, DNS names,
 and even X.509 certificates) are known to fail under stress.

 I'm not sure what you mean by `logotype registry`.

A body which registers visual elements etc. and assigns them to an
owner.

 Such a registry already exist (off-web), i.e. national trademark
 offices, e.g. www.uspto.gov.

There are simply too many of them, and not all of them implement
checks for conflicts.  I'm pretty sure I could legally register
Metzdowd in Germany for say, restaurant service.

 These bodies could issue logo certificates.

These certificates would only have value if there is extensive
verification.  We probably lack the technology to do that cheaply
right now, and the necessary level of international cooperation.

 Or, private companies, e.g. verisign, can issue logo certificates,
 based on the official trademark registers; that shouldn't be hard.

But it is, it all boils down to who does the verification, and who
pays for it.  Identifying someone is not that hard, of course, but how
do you know if he or she is authorized to use a resource (be it a
trademark or an IP subnet)?

 As to a registry to hold these certificates - the site (e.g. bank)
 would probably keep it... and many other places (this is signed
 i.e. not risky to keep).

You still have to handle revocation.  Mistakes will happen. 8-/

 Finally, of course, until such certificates are available, we simply
 use the manual binding of logos/icons/names to public keys, on the
 first time you enter a secure site using a browser with our
 enchancement. It works great... very convenient, and very clear (see
 screen shots in paper).

Ah, I missed that part.  This could be rather helpful if users are
able to understand the concept.  Have you run any usability tests?

BTW, you can emulate it by removing all root CAs from your browser,
and just relying on previously stored certificates.  Works rather
well, although some people who have different threat models sneer at
it.

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Using crypto against Phishing, Spoofing and Spamming...

2004-07-10 Thread Florian Weimer
* Hal Finney:

 Only now are we belatedly beginning to pay the price for that decision.
 If anything, it's surprising that it has taken this long.  If phishing
 scams had sprung up five years ago it's possible that SET would have
 had a fighting chance to survive.

Wouldn't typical phishing attacks just read like:

| We have upgraded our e-commerce server software.  In order to use
| your PayPal account after August 1, 2004, you have to upgrade your
| Elecontric Wallet.  This upgrade is free.  Download it from:
|
|   http://www.example.com/downloads/set_upgrade.exe

 I predict that we will eventually move to a SET-like system; not
 necessarily that exact protocol, but something based on cryptographic
 authorizations for online purchases rather than the card number based
 systems in use today.

I talked to a financial services provider recently, and they were
scared when I proposed that.  It brings back horrible memories.  To
them, the avent of Java-less SSL banking was a real breakthrough.  It
seems that end-user support issues have plummeted.

Even some form of pre-registration of banking sites seems infeasible.
In Germany, we have a standard called HBCI which supports smart cards
and signed transactions (providing, in theory, end-to-end
verifiability), but support overhead seems to be much larger.

There still remains the issue that you can provide a good visual
approximation to any peace of software just by using JavaScript and
HTML.  I fear that too many users would fall for that. 8-(

 In considering such solutions, it is important to distinguish threat
 models.  Phishing is so harmful because it succeeds without even breaking
 in to users' computers.

But is it so harmful?  How much money is lost in a typical phishing
attack against a large US bank, or PayPal?  (I mean direct losses due
to partially rolled back transactions, not indirect losses because of
bad press or customer feeling insecure.)

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: EZ Pass and the fast lane ....

2004-07-10 Thread Jon Snader
On Sat, Jul 10, 2004 at 10:28:49AM +1000, Greg Rose wrote:
 
 If they could do that reliably, they wouldn't need the toll thingy, nu? I 
 have been told by someone in the photo-enforcement industry that their 
 reliability is only around 75%, and they're very expensive, and ... anyway, 
 not a viable solution to the problem given the current economics. But to a 
 weekly commuter over one of the bridges in New York, for example, it's 
 $1000 per year.
 

Just today I read the following remark by Brad Delong on Eric
Rescorla's Web site http://tinyurl.com/3aw8a:

The IRS's comparative advantage is using random terror to
elicit voluntary compliance with the tax code on the part of
relatively rich people.

Doesn't a similar principle apply here?  Let's grant, as you say,
that the system is only 75% effective, and perhaps the expense
prevents us from deploying it at every lane so that the
probability of catching a cheater is, say, only 40%.  If we make
the fine for cheating $5000 and/or 6 months in jail, then the
cheater's expected savings, considering just the fine, is -$1994,
assuming a $10 toll.  That seems like a pretty good deterrent to
me.

jcs

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


RE: identification + Re: authentication and authorization

2004-07-10 Thread bear


On Thu, 8 Jul 2004, Anton Stiglic wrote:

The problem is not really authentication theft, its identity theft, or if
you want to put it even more precisely, it's identity theft and
authenticating as the individual to whom the identity belongs to.  But the
latte doesn't make for a good buz-word :)

I have always thought that credential fraud would make a better
description than identity theft.  The crime about which we are
concerned, literally, is the use of your credentials by someone
else in the commission of a fraud.

Theft would imply to me that he simply walked into the bank (or
wherever) and took the money (or whatever) at gunpoint, directing
them to charge your account; an image I find more than a little
preposterous.  There has to be some kind of fraud or subterfuge
for the proposed crime to even be credible.

Bear

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: EZ Pass and the fast lane ....

2004-07-10 Thread Eric Rescorla
Perry E. Metzger [EMAIL PROTECTED] writes:

 John Gilmore [EMAIL PROTECTED] writes:
 It would be relatively easy to catch someone
 doing this - just cross-correlate with other
 information (address of home and work) and
 then photograph the car at the on-ramp.

 Am I missing something?

 It seems to me that EZ Pass spoofing should become as popular as
 cellphone cloning, until they change the protocol.

 I doubt it.

 All the toll lanes that accept EZ Pass that I've seen are equipped
 with cameras. These cameras are used to identify toll evaders
 already. You point out that doing this would require manual work, but
 in fact several systems (including the one used for handling traffic
 fees in central London) have already demonstrated that automated
 license plate reading systems are feasible. Even without automated
 plate reading, storing photographs is also now astoundingly cheap
 given how cheap storage has gotten, so if anyone ever complained about
 incorrect charges on their bill, finding the plates of the cars that
 went through during the disputed toll collections would be trivial.

Precisely. Moreover, you can presumably use fairly unsophisticated
data mining/fraud detection techniques to detect when a unit has
been cloned and then go back to the photographs to find and punish
the offenders.

-Ekr

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: EZ Pass and the fast lane ....

2004-07-10 Thread Perry E. Metzger

Eric Rescorla [EMAIL PROTECTED] writes:
 All the toll lanes that accept EZ Pass that I've seen are equipped
 with cameras. These cameras are used to identify toll evaders
 already. You point out that doing this would require manual work, but
 in fact several systems (including the one used for handling traffic
 fees in central London) have already demonstrated that automated
 license plate reading systems are feasible. Even without automated
 plate reading, storing photographs is also now astoundingly cheap
 given how cheap storage has gotten, so if anyone ever complained about
 incorrect charges on their bill, finding the plates of the cars that
 went through during the disputed toll collections would be trivial.

 Precisely. Moreover, you can presumably use fairly unsophisticated
 data mining/fraud detection techniques to detect when a unit has
 been cloned and then go back to the photographs to find and punish
 the offenders.

By the way, this is yet another instance in which it is important to
consider threat models and economics when thinking about security
systems. The people willing to fake both their license plates and
their EZ Pass device are few, so the losses from them will be
small. (If you fake your license plates, in many instances you don't
even need to fake the EZ Pass device as nothing prevents you from
simply driving through.)

On the other hand, the cost of a system capable of doing a
challenge-response turnaround -- and we're talking both that of
building new tags plus the cost of designing and deploying units
capable of conducting two full round trip communications with cars
going through at 25 miles an hour -- is pretty high. You also will
always need the camera systems because you need to catch people simply
driving through, and because you will always get toll disputes that
need resolution. That means you can't even save the cost of the plate
cameras even with a challenge/response system.

Economically speaking, then, it doesn't seem like the threat (a small
amount of toll evasion by people willing to fake their license plates
and to clone EZ Pass equipment) doesn't cost as much as the putative
cure, and can't even cure the problem (since fare evaders with fake
plates will simply drive through toll lanes without physical barriers,
such as all the high speed toll lanes).

If I were advising the automated toll system people, I'd say it was
not worth it.

On the other hand, more complicated tags *might* be worth it for
another purpose -- preserving the privacy of drivers by using more
complicated protocols. However, as the benefit of such systems is to
people who are unlikely to have much voice in the construction of the
system, and who are also unlikely to be willing to pay more money to
gain privacy, I think the implementation of such tags is unlikely.

-- 
Perry E. Metzger[EMAIL PROTECTED]

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]