Re: Why Blockbuster looks at your ID.

2005-07-09 Thread Adam Shostack
On Fri, Jul 08, 2005 at 01:16:13PM -0400, Perry E. Metzger wrote:
| 
| Dan Kaminsky [EMAIL PROTECTED] writes:
|  Credit card fraud has gone *down* since 1992, and is actually falling:
| 
|  1992:  $2.6B
|  2003:  $882M
|  2004:  $788M
| 
|  We're on the order of 4.7 cents on the $100.
| 
|  
http://www.businessweek.com/technology/content/jun2005/tc20050621_3238_tc024.htm
| 
|  If it's any consolation, I was rather surprised myself.
| 
| I seem to have gotten that one drastically wrong. Thanks for the
| more accurate figures.
| 
| A back of the envelope calculation makes me think that it is still
| more than enough money to provide a good incentive for a change in
| systems, though, especially when the cost of the anti-fraud measures
| needed at every part of the system are taken in to account.

I think those numbers are misleading.  The FTC reports ID theft as a
$50B problem, but I haven't seen that broken down by vector.  I
suspect most of it is CC (rather than cheque, mortgage/line of
credit/auto loan), but have no data.

Adam

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Why Blockbuster looks at your ID.

2005-07-09 Thread Edgar Danielyan
May we see the back of that envelope? Upgrade to EMV (chip  PIN) here
in UK reportedly costs around 1.1 billion pounds (around $1.9
billion), and that is simply an upgrade to the existing infrastructure
and only in a single country. To fundamentally change the system would
require tens of billions and a concerted effort of banks, the
associations and the merchants, with all the associated hidden agendas
and underwater currents. It would be too big an undertaking with an
uncomfortable C/B ratio, whereas $788m in losses is not that bad
keeping in mind the amounts involved...




On 7/8/05, Perry E. Metzger [EMAIL PROTECTED] wrote:
 
 Dan Kaminsky [EMAIL PROTECTED] writes:
  Credit card fraud has gone *down* since 1992, and is actually falling:
 
  1992:  $2.6B
  2003:  $882M
  2004:  $788M
 
  We're on the order of 4.7 cents on the $100.
 
  http://www.businessweek.com/technology/content/jun2005/tc20050621_3238_tc024.htm
 
  If it's any consolation, I was rather surprised myself.
 
 I seem to have gotten that one drastically wrong. Thanks for the
 more accurate figures.
 
 A back of the envelope calculation makes me think that it is still
 more than enough money to provide a good incentive for a change in
 systems, though, especially when the cost of the anti-fraud measures
 needed at every part of the system are taken in to account.
 
 Perry


-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Why Blockbuster looks at your ID.

2005-07-09 Thread Perry E. Metzger

Adam Shostack [EMAIL PROTECTED] writes:
 I think those numbers are misleading.  The FTC reports ID theft as a
 $50B problem, but I haven't seen that broken down by vector.  I
 suspect most of it is CC (rather than cheque, mortgage/line of
 credit/auto loan), but have no data.

If you or anyone else has figures available, especially references to
original source material on the subject, it would be very useful.

Perry

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


payment system fraud, etc.

2005-07-09 Thread Perry E. Metzger

Jerrold Leichter [EMAIL PROTECTED] writes:
 In doing this calculation, be careful about the assumptions you make
 about how effective the countermeasures will be.  The new systems
 may be more secure, but people will eventually come up with ways to
 break them.  The history of security measures is hardly encouraging.

I'm not sure I agree with that, and I'll tell you why.

Take the case of NAMPS cell phone fraud. At one time, phone cloning
was a serious problem. The main issue was that people could simply
listen in on call setup and get all the information they needed to do
phone fraud. Once strong crypto was used to authenticate mobiles with
the deployment of digital cellphone networks, mobile phone cloning
fraud didn't just shift around, it almost completely vanished.

I suspect that many of the credit card frauds in question would be
sufficiently hard to conduct on an industrial scale given the correct
replacement for the current system that it would be difficult for
criminal enterprises to sustain themselves off of the available
revenue.

 There have been a couple of articles in RISKS recently about the
 fairly recent use of a two-factor system for bank cards in England.
 There are already significant hacks - and the banks managed to get
 the law changed so that, with this guaranteed to be secure new
 system, the liability is pushed back onto the customer.

That system has a number of flaws in it, including the fact that it is
not an end to end cryptographically protected communication, and is
thus subject to credential theft and the customer PIN is exposed to a
reader provided by the merchant. I think with the right design, most
such issues might go away.

 It's a continuing battle, and the banker's approach is really the
 only one that works over the long run: Keep the loss rate low enough
 that you can live with it while keeping the system easy enough to
 use that you don't lose customers.

That is always the case, in any business. The question is, though, if
you could lower the fraud costs from a billion a year to a few tens of
millions a year with the expenditure of a half billion in equipment,
would that be worthwhile? I suspect that it might.

Perry

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


the limits of crypto and authentication

2005-07-09 Thread Steven M. Bellovin
There's been a lot of discussion about how to strengthen cryptography 
and authentication, to get away from problems of phishing, pharming, 
etc.  But such approaches can take you only so far, as this link 
indicates:

http://www.lurhq.com/grams.html

Briefly, it's a Trojan that waits for you to log int o E-Gold, checks 
your balance, and drains your account except for .004 grams of gold.

--Steven M. Bellovin, http://www.cs.columbia.edu/~smb



-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Why Blockbuster looks at your ID.

2005-07-09 Thread R.A. Hettinga
At 1:16 PM -0400 7/8/05, Perry E. Metzger wrote:
I seem to have gotten that one drastically wrong. Thanks for the
more accurate figures.

Don't worry. I would bet that identity theft will more than make up for it
soon enough, as transaction settlement times converge to instantaneity.

*That's* potentially *infinite* risk to the *consumer*, which is an
interesting proposition.

Cheers,
RAH

-- 
-
R. A. Hettinga mailto: [EMAIL PROTECTED]
The Internet Bearer Underwriting Corporation http://www.ibuc.com/
44 Farquhar Street, Boston, MA 02131 USA
... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


EMV [was: Re: Why Blockbuster looks at your ID.]

2005-07-09 Thread astiglic

 Dan Kaminsky [EMAIL PROTECTED] writes:
 Credit card fraud has gone *down* since 1992, and is actually falling:

 1992:  $2.6B
 2003:  $882M
 2004:  $788M

 We're on the order of 4.7 cents on the $100.


Interesting statistics.
Seems like it's the same thing in Canada
http://www.rcmp.ca/scams/ccandpc_e.htm
Reported $227M in credit card fraud in 1999, droped at $200M in 2003.

But these are still considerable numbers, and the thinking that Banks
manage the risk and it's not worth them going over to smart card
technology so they won't, which was mentioned in a few replies, I think no
longer holds (probably because of the falling cost of the technology, so
even if fraud $ is down as mentioned, ratio of fraud cost / cost of
technology that is more secure still leads financial institutions to want
to go to a more secure technology).
Europe already has EMV, and Canada plans to have an infrastructure (card
readers) that support it by 2007.  Probably U.S. will follow
http://www.atmmarketplace.com/news_story_23380.htm
http://www.atmmarketplace.com/news_story_22849.htm
http://www.kioskmarketplace.com/news_printable.htm?id=23380

And here, for example, is a quote from Visa Canada
http://www.visa.ca/en/about/mc_article.cfm?pid=2
Visa Canada Member financial institutions will implement chip at their
own pace.  It is expected that within seven years, almost every Visa card
in Canada will feature chip technology and most merchants will have the
equipment to accept and fully benefit from these cards.
That was written in June 2003.


--Anton




-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Why Blockbuster looks at your ID.

2005-07-09 Thread Dan Kaminsky

Jerrold Leichter wrote:


|  Credit card fraud has gone *down* since 1992, and is actually falling:
| 
|  1992:  $2.6B
|  2003:  $882M
|  2004:  $788M
| 
|  We're on the order of 4.7 cents on the $100.
| 
|  
http://www.businessweek.com/technology/content/jun2005/tc20050621_3238_tc024.htm
| 
The article also mentions that the loss rate for 1992 was 15.7 cents per $100.

Something doesn't add up.  Combining the dollar values above with the loss
rate per $100, I calculate that the total charges handled in 1992 was about
$165 billion - which seems a bit low, but reasonable.  However, the
corresponding calculation for 2004 shows a total charges of about $16 billion,
which is clearly nonsense.

I don't actually see the $2.6B figure anywhere in the article.  Where did it
come from?

 

I did the math.  15.7 / 4.7 ~= 3.34.  3.34 * $778M = $2.6B.  There's a 
problem here, but I'll get to it in a sec.


Hmm...lets verify the rest of this:

4.7 cents per 100 is 0.047 dollars per 100 dollars is 0.00047 dollars 
per dollar.


x * 0.00047 = $778M

x = $778M / 0.00047
x = 1655319M = 1.65T

Looking at Federal Reserve data ( 
http://www.federalreserve.gov/releases/g19/Current/g19.htm ), there was 
about $2T in overall consumer credit.  I can envision the vast majority, 
but not all of this being on plastic.  So, $1.65T works.


If you try to repeat this for 1992, though, you'll find an interesting 
bug...total transactions in 1992 were also about 1.65T.  Gee, it's 
almost like I assumed credit card usage rates were constant over the 12 
year period...oops :)  But then there's inflation, which alters dollar 
figures substantially.  So oops in the other direction.


The fundamental point stands, though...credit fraud has been managed 
surprisingly well (though some people have said fraud is understated by 
~~200%).


--Dan


-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


SISW05, the 3rd International IEEE Security in Storage Workshop

2005-07-09 Thread james hughes


3rd International IEEE Security in Storage Workshop
December 13, 2005
Golden Gate Holiday Inn, San Francisco, California USA

Sponsored by the IEEE Computer Society
 Task Force on Information Assurance (TFIA)
 Part of the IEEE Information Assurance Activities (IEEEIA)

Held In Cooperation and Co-Located With the
4th USENIX Conference on File and Storage Technologies (FAST05)
 December 14-16, 2005, San Francisco, CA, USA

In Cooperation with the
 IEEE Mass Storage Systems Technical Committee (MSSTC)

Description

Meeting the challenge to protect stored information critical to  
individuals, corporations, and governments is made more difficult by  
the continually changing uses of storage and the exposure of storage  
media to adverse conditions.


Example uses include employment of large shared storage systems for  
cost reduction and, for convenience, wide use of transiently- 
connected storage devices offering significant capacities and  
manifested in many forms, often embedded in mobile devices.


Protecting intellectual property, privacy, health records, and  
military secrets when media or devices are lost, stolen, or captured  
is critical to information owners.


A comprehensive, systems approach to storage security is required for  
the activities that rely on storage technology to remain or become  
viable.


This workshop serves as an open forum to discuss storage threats,  
technologies, methodologies and deployment.


The workshop seeks submissions from academia and industry presenting  
novel research on all theoretical and practical aspects of designing,  
building and managing secure storage systems; possible topics  
include, but are not limited to the following:

- Cryptographic Algorithms for Storage
- Cryptanalysis of Systems and Protocols
- Key Management for Sector and File based Storage Systems
- Balancing Usability, Performance and Security concerns
- Unintended Data Recovery
- Attacks on Storage Area Networks and Storage
- Insider Attack Countermeasures
- Security for Mobile Storage
- Defining and Defending Trust Boundaries in Storage
- Relating Storage Security to Network Security
- Database Encryption
- Search on Encrypted Information

The goal of the workshop is to disseminate new research, and to bring  
together researchers and practitioners from both governmental and  
civilian areas. Accepted papers will be published by the IEEE  
Computer Society Press in the workshop proceedings and become part of  
the IEEE Digital Library.


Workshop Sponsor
- Jack Cole (US Army Research Laboratory, USA)

Program Chair
- James Hughes (StorageTek, USA)

Program Committee
- Don Beaver (USA)
- John Black (University of Colorado, USA)
- Randal Burns (Johns Hopkins University, USA)
- Ronald Dodge (United States Military Academy, USA)
- Kevin Fu (University of Massachusetts Amherst, USA)
- Russ Housley (Vigil Security, USA)
- Yongdae Kim (University of Minnesota, USA)
- Ben Kobler (NASA, USA)
- Noboru Kunihiro (University of Electro-Communications, Japan)
- Arjen Lenstra (Lucent Technologies' Bell Laboratories and
 Technische Universiteit Eindhoven, Netherlands)
- Fabio Maino (Cisco Systems, USA)
- Ethan Miller (University of California, Santa Cruz, USA)
- Reagan Moore (University of California, San Diego, USA)
- Dalit Naor (IBM Haifa, Israel)
- Andrew Odlyzko (University of Minnesota, USA)
- Rod Van Meter (Keio University, Japan)
- Tom Shrimpton (Portland State, USA)
- John Viega (Secure Software, USA)
- Erez Zadok (Stony Brook University, USA)
- Yuliang Zheng (University of North Carolina, USA)

Submissions

Papers must begin with the title, authors, affiliations, a short  
abstract, a list of key words, and an introduction. The introduction  
should summarize the contributions of the paper at a level  
appropriate for a non-specialist reader. Papers must be submitted in  
PDF format less than 4MB in size (final paper has no limit). Email  
submissions must attach the paper, specify if this is a duplicate  
work, and be sent to [EMAIL PROTECTED]


Papers should be at most 12 pages in length including the  
bibliography, figures, and appendices (using 10pt body text and two- 
column layout). Authors are responsible for obtaining appropriate  
clearances. Authors of accepted papers will be asked to sign IEEE  
copyright release forms. Final submissions must be in camera-ready  
PostScript or PDF. Authors of accepted papers must guarantee that  
their paper will be presented at the conference.


Papers that duplicate work that any of the authors have or will  
publish elsewhere are acceptable for presentation at the workshop.  
However, only original papers will be considered for publication in  
the proceedings.


Although full papers are preferred, submissions of extended abstracts  
describing the final paper will be considered based on merit and  
assessing the author's ability to complete the paper within the  
allotted time.


Important Dates

Paper due: September 1, 2005

Re: the limits of crypto and authentication

2005-07-09 Thread Nick Owen
It would seem simple to thwart such a trojan with strong authentication
simply by requiring a second one-time passcode to validate the
transaction itself in addition to the session.

Steven M. Bellovin wrote:
 There's been a lot of discussion about how to strengthen cryptography 
 and authentication, to get away from problems of phishing, pharming, 
 etc.  But such approaches can take you only so far, as this link 
 indicates:
 
 http://www.lurhq.com/grams.html
 
 Briefly, it's a Trojan that waits for you to log int o E-Gold, checks 
 your balance, and drains your account except for .004 grams of gold.
 
   --Steven M. Bellovin, http://www.cs.columbia.edu/~smb
 
 
 
 -
 The Cryptography Mailing List
 Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
 

-- 

Nick Owen
WiKID Systems, Inc.
404.962.8983 (desk)
404.542.9453 (cell)
http://www.wikidsystems.com
At last, two-factor authentication, without the hassle factor

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: EMV [was: Re: Why Blockbuster looks at your ID.]

2005-07-09 Thread Victor Duchovni
On Fri, Jul 08, 2005 at 03:48:30PM -0400, [EMAIL PROTECTED] wrote:

  We're on the order of 4.7 cents on the $100.
 
 
 Interesting statistics.
 Seems like it's the same thing in Canada
 http://www.rcmp.ca/scams/ccandpc_e.htm
 Reported $227M in credit card fraud in 1999, droped at $200M in 2003.
 

Whose loses do these numbers measure?

- Issuer Bank?

- Merchant?

- Consumer?

- Total?

-- 

 /\ ASCII RIBBON  NOTICE: If received in error,
 \ / CAMPAIGN Victor Duchovni  please destroy and notify
  X AGAINST   IT Security, sender. Sender does not waive
 / \ HTML MAILMorgan Stanley   confidentiality or privilege,
   and use is prohibited.

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Why Blockbuster looks at your ID.

2005-07-09 Thread Steven M. Bellovin
In message [EMAIL PROTECTED], John Levine writes:
Why does the clerk at Blockbuster want to see your driver's license?
Because his management has been told, by their bank, that if they do
not attempt to verify the identity of credit card users they will
risk their business relationship with the bank.

It's been my impression that the way you're supposed to verify the ID
of a credit card user is by checking the signature.  I've heard of
banks telling businesses not to demand separate ID.  On the other
hand, I can easily believe that Blockbuster came up with the ID idea
all by themselves.

I very rarely rent from Blockbuster, so I may have the details wrong; I 
can state for sure how things work at the local video store I usually 
patronize.

When I signed up with them, I supplied a credit card number; they 
retained that for contingency charges if I fail to return a video.  
(Odd -- my local library doesn't do that.  But I digress.)  In return, 
they handed me an account-linked credential -- exactly the sort of 
thing that is often advocated on this list.

From my perspective, the form factor of the credential wasn't ideal; it 
was one of those key ring-sized cards, and I soon lost it, probably 
during a wallet upgrade.  No problem -- they're happy to fall back to 
the secondary authentication system, to whit my drivers' license.  I 
show that to get access to the account, independent of how I actually 
pay for the rental.  In other words, they are not using my license to 
authenticate my credit card.  (I would add that the feeds are low 
enought that I almost always pay in cash; I have no idea if they even 
have the ability to use the stored credit card for rental fees if I 
don't present the card separately.  Hmm -- the account is old enough 
that the expiration date on my credit card has long since expired.  
They've never asked me for an update.  Maybe they're using a reputation 
system?)

--Steven M. Bellovin, http://www.cs.columbia.edu/~smb



-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: the limits of crypto and authentication

2005-07-09 Thread Steven M. Bellovin
In message [EMAIL PROTECTED], Nick Owen writes:
It would seem simple to thwart such a trojan with strong authentication
simply by requiring a second one-time passcode to validate the
transaction itself in addition to the session.


How does the user know which transaction is really being authenticated?
(I alluded to this in a 1997 panel session talk; see
http://www.cs.columbia.edu/~smb/talks/ncsc-97/index.htm )

--Steven M. Bellovin, http://www.cs.columbia.edu/~smb



-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: the limits of crypto and authentication

2005-07-09 Thread Nick Owen
To validate the transaction, a receipt could be sent to the user
encrypted by the server's public key.  If the receipt is correct, the
user enters their PIN to 'sign' the transaction.

I'm assuming an asymmetric authentication system here outside the
browser. The attacker would have to steal the user's private key, their
PIN and the server's private key, correct?

I know that if the PC is compromised anything is possible, but I think
this raises the bar significantly - perhaps to an unprofitably level.

Steven M. Bellovin wrote:
 In message [EMAIL PROTECTED], Nick Owen writes:
 
It would seem simple to thwart such a trojan with strong authentication
simply by requiring a second one-time passcode to validate the
transaction itself in addition to the session.

 
 
 How does the user know which transaction is really being authenticated?
 (I alluded to this in a 1997 panel session talk; see
 http://www.cs.columbia.edu/~smb/talks/ncsc-97/index.htm )
 
   --Steven M. Bellovin, http://www.cs.columbia.edu/~smb
 
 
 

-- 

Nick Owen
WiKID Systems, Inc.
404.962.8983 (desk)
404.542.9453 (cell)
http://www.wikidsystems.com
At last, two-factor authentication, without the hassle factor

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


RE: Why Blockbuster looks at your ID.

2005-07-09 Thread Cid Carlos

I was in England last week where I noticed that the banks are 
switching all UK credit cards to chip+pin technology.  We'll see.  
For that matter, French cards have all been chip+pin for years.  
Any idea what their fraud rates are like?  The French card machines 
will do magstripe with a signature, but it's mostly us foreigners who need
it.

Below is a link to an interesting site discussing the chip and PIN
technology and its introduction in the UK (the article Chip and Spin also
addresses the French experience):  

http://www.chipandspin.co.uk/

Carlos

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: the limits of crypto and authentication

2005-07-09 Thread Lance James

Steven M. Bellovin wrote:

There's been a lot of discussion about how to strengthen cryptography 
and authentication, to get away from problems of phishing, pharming, 
etc.  But such approaches can take you only so far, as this link 
indicates:


http://www.lurhq.com/grams.html

Briefly, it's a Trojan that waits for you to log int o E-Gold, checks 
your balance, and drains your account except for .004 grams of gold.
 




There is a possible solution against an OLE event driven session rider 
such as this one. The solution I proposed was to use a variant of 
CAPTCHA that would add mutual authentication in the mix within the 
picture. Yes, there are some people that say CAPTCHA can be broken, but 
in the game of phishing, it's abouit numbers, not about silver bullets. 
The way to get around the porn CAPTCHA problem was to ask something 
that the user might only know and then ask the user about the activity 
they are performing.


This would stop this instance of E-gold attacks.


--Steven M. Bellovin, http://www.cs.columbia.edu/~smb



-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


 




--
Best Regards,
Lance James
Secure Science Corporation
www.securescience.net
Author of 'Phishing Exposed'
http://www.securescience.net/amazon/
Find out how malware is affecting your company: Get a DIA account today!
https://slam.securescience.com/signup.cgi - it's free!


-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: the limits of crypto and authentication

2005-07-09 Thread Florian Weimer
* Steven M. Bellovin:

 In message [EMAIL PROTECTED], Nick Owen writes:
It would seem simple to thwart such a trojan with strong authentication
simply by requiring a second one-time passcode to validate the
transaction itself in addition to the session.


 How does the user know which transaction is really being authenticated?

You send the pass code in an SMS to the user's mobile phone, together
with some information on the transaction.  (If the SMS delay is a
problem, use a computer-generated phone call.)  The pass code is then
entered by the user to authorize the transaction.

This will eventually break down, once PCs and mobile phones are
integrated tightly, but in the meantime, it's reasonably secure even
if the client PC is compromised.

I'm not sure if users will accept it, though.  What's worse, the costs
for sending the SMS message (or making the phone call) are so
significant that it's unrealistic we'll see widespread use of such
technologies.

(Manually transferring cryptographic tokens which depend on the
transaction contents seems to be infeasible, given the number of bits
which must be copied.)

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: EMV [was: Re: Why Blockbuster looks at your ID.]

2005-07-09 Thread J
--- [EMAIL PROTECTED] wrote:

[decline in credit card fraud]
 Interesting statistics.

[...]

 But these are still considerable numbers, [...]

I totally agree. And I would just like to make a quick point: the
credit card companies (especially Visa/Mastercard) have been very
agressive in fraud prevention in the last ten years. 

And I don't mean algorithms that detect unusual activity and flag a
card, thereby prompting your bank to call and verify that that the
charges are good. They've been doing that for years, if not decades.

No, I mean literally detective work -- tracking people down, having
their sites closed and bank accounts freezed and actually pushing to
have people prosecuted. They have been quite active, trying to recruite
people in the law enforcement community and offering handsome salaries.


The whole thing works based on the premise that there are a lot of
small-time gangsters at any given time but only a few big fish. And if
you can increase the cost of doing business (either in terms of making
credit fraud more expensive or in terms of increasing the likelihood to
get caught) you can basically justify the expense of running a big
anti-fraud unit.

But, in a way, that's only dealing with the symptoms, whilst at the
same time ignoring the root cause of the problem. You're only making it
less attractive to commit credit card fraud. You are, however, not
making it harder. That's why I believe the credit cards companies will
indeed have a good, long look at smartcards. Probably not tomorrow or
next week but in the near future. 

  -Jörn

__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: the limits of crypto and authentication

2005-07-09 Thread Ian Grigg
FTR, e-gold were aware of the general makeup of this
threat since 1998 and asked someone to look at it.  The
long and the short was that it was more difficult to solve
than at first claimed, so the project was scrapped.  This
was a good risk-based decision.  The first trojans that I
know of for e-gold weren't spotted until 12-18 months
ago, so it was also a profitable decision.  What they are
doing now I don't know.

In the payments world we've known how to solve all
this for some time, since the early 90s to my knowledge.
The only question really is, have you got a business
model that will pay for it, because any form of token is
very expensive, and the form of token that is needed -
a trusted device to put the application, display, keypad
and net connection on - is even more expensive than
the stop-gap two-factor authentication units commonly
sold.

iang
-- 
Advances in Financial Cryptography, Issue 2:
   https://www.financialcryptography.com/mt/archives/000498.html
Mark Stiegler, An Introduction to Petname Systems
Nick Szabo, Scarce Objects
Ian Grigg, Triple Entry Accounting

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: [Forwarded] RealID: How to become an unperson.

2005-07-09 Thread Florian Weimer
* Perry E. Metzger:

 [EMAIL PROTECTED] writes:
 But nevertheless, I do not understand why americans are so afraid of
 an ID card.

 Perhaps I can explain why I am.

 I do not trust governments. I've inherited this perspective. My
 grandfather sent his children abroad from Speyer in Germany just after
 the ascension of Adolf Hitler in the early 1930s -- his neighbors
 thought he was crazy, but few of them survived the coming events. My
 father was sent to Alsace, but he stayed too long in France and ended
 up being stuck there after the occupation. If it were not for forged
 papers, he would have died. (He had a most amusing story of working as
 an electrician rewiring a hotel used as office space by the Gestapo in
 Strasbourg -- his forged papers were apparently good enough that no
 one noticed.)  Ultimately, he and other members of the family escaped
 France by illegally crossing the border into Switzerland. (I put
 illegally in quotes because I don't believe one has any moral
 obligation to obey a law like that, especially since it would leave
 you dead if you obeyed.)

 Anyway, if the governments of the time had actually had access to
 modern anti-forgery techniques, I might never have been born.

I share your general concern, but it's not the ID cards which worry
me.  After all, forgeable passports are only a very, very weak form of
defense in an age of non-invasive biometric applications which operate
in real-time.  (I know, we aren't quite there yet, but we're getting
close.)

My concern is that our government is building infrastructure for
monitoring extremist citizens, trying very hard to interdict all
extremist propaganda.  The rationale behind that is the assumption
that most Germans are still latent nazis.  (I'm not sure if this is
really the case, but it seems that anti-democratic feelings are rather
widespread.)  Unfortunately, this monitoring infrastructure covers the
whole population by design, and in case of a coup d'etat, it can be
easily abused by the perpetrators to make sure that they stay in
power.  In other words, this approach is not fail-safe.  I find it
rather unsettling that our politicians seem to be completely unaware
of this risk.

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


security infrastructure and government

2005-07-09 Thread Perry E. Metzger

Florian Weimer [EMAIL PROTECTED] writes:
 I share your general concern, but it's not the ID cards which worry
 me.  After all, forgeable passports are only a very, very weak form of
 defense in an age of non-invasive biometric applications which operate
 in real-time.  (I know, we aren't quite there yet, but we're getting
 close.)

 My concern is that our government is building infrastructure for
 monitoring extremist citizens, trying very hard to interdict all
 extremist propaganda.  The rationale behind that is the assumption
 that most Germans are still latent nazis.  (I'm not sure if this is
 really the case, but it seems that anti-democratic feelings are rather
 widespread.)  Unfortunately, this monitoring infrastructure covers the
 whole population by design, and in case of a coup d'etat, it can be
 easily abused by the perpetrators to make sure that they stay in
 power.  In other words, this approach is not fail-safe.  I find it
 rather unsettling that our politicians seem to be completely unaware
 of this risk.

I believe John Gilmore once made a pithy comment about this
danger. Sadly I can't find the original quote, but it was more or less
something like this: if you give the government all the tools a
dictatorship would need to maintain control of the citizenry, all that
stands between you and a dictatorship is a change in attitude by the
people in power.

Another thing he or someone else once said went something like this:
you want to design your system of laws such that, with your worst
enemy in power, you will have no more to fear than if your best friend
is in power. This is because, someday, your worst enemy may very well
be in power.

If anyone remembers or can find the originals of these statements, I'd
appreciate it.

Perry

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: the limits of crypto and authentication

2005-07-09 Thread Nick Owen
I think that the cost of two-factor authentication will plummet in the
face of the volumes offered by e-banking.  Also, the more uses for the
token, the more shared the costs will be.  The question to me is will
the FIs go with a anything beyond secure cookies, IP address validation
and unique images.  Will they be forced to by the powers that be or by
disclosure requirements after the basic systems are thwarted?

I also think that the lower end cell phone is now capable of handling
the task.  While a PC client may not be very secure, it does offer some
potential benefits such as auto-validating SSL certs.  Whether the
carriers will bother with a potential revenue stream in two-factor
authentication when they can make more money in ringtones is another
question - back to the business model ;).

Ian Grigg wrote:
 FTR, e-gold were aware of the general makeup of this
 threat since 1998 and asked someone to look at it.  The
 long and the short was that it was more difficult to solve
 than at first claimed, so the project was scrapped.  This
 was a good risk-based decision.  The first trojans that I
 know of for e-gold weren't spotted until 12-18 months
 ago, so it was also a profitable decision.  What they are
 doing now I don't know.
 
 In the payments world we've known how to solve all
 this for some time, since the early 90s to my knowledge.
 The only question really is, have you got a business
 model that will pay for it, because any form of token is
 very expensive, and the form of token that is needed -
 a trusted device to put the application, display, keypad
 and net connection on - is even more expensive than
 the stop-gap two-factor authentication units commonly
 sold.
 
 iang

-- 

Nick Owen
WiKID Systems, Inc.
404.962.8983 (desk)
404.542.9453 (cell)
http://www.wikidsystems.com
At last, two-factor authentication, without the hassle factor

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Why Blockbuster looks at your ID.

2005-07-09 Thread dan

 1992:  $2.6B
 2003:  $882M
 2004:  $788M

 We're on the order of 4.7 cents on the $100.


I consulted an oracle at a major third party
processor.  He said the number is more like
64-67 basis points, that you have to be very
precise about your definitions, i.e., very
precise about what goes in the numerator and
what goes in the denominator.  For example, 
if a dishonored transaction is the merchant's
fault and the merchant has to foot the bill
then the card association has not had a fraud
loss.  I doubt it is actually germane to this
list, but I can go back to said oracle if
requested.

BTW, if you ever have the opportunity to hear
Frank Abagnale's discussion of check forgery
by all means do so.

--dan


-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: the limits of crypto and authentication

2005-07-09 Thread Perry E. Metzger

Nick Owen [EMAIL PROTECTED] writes:
 It would seem simple to thwart such a trojan with strong authentication
 simply by requiring a second one-time passcode to validate the
 transaction itself in addition to the session.

Far better would be to have a token with a display attached to the
PC. The token will display a requested transaction to the user and
only sign it if the user agrees. Because the token is a trusted piece
of hardware that the user cannot install software on, it provides a
trusted communications path to the user that the PC itself cannot.

Perry

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: the limits of crypto and authentication

2005-07-09 Thread dan

Florian Weimer writes:
 | 
 | It would seem simple to thwart such a trojan with strong authentication
 | simply by requiring a second one-time passcode to validate the
 | transaction itself in addition to the session.
 | 
 | 
 |  How does the user know which transaction is really being authenticated?
 | 
 | You send the pass code in an SMS to the user's mobile phone, together
 | with some information on the transaction.  (If the SMS delay is a
 | problem, use a computer-generated phone call.)  The pass code is then
 | entered by the user to authorize the transaction.


[ Disclaimer -- I advise this company ]

Take a look at Boojum Mobile -- it is
precisely the idea of using the cell
phone as an out-of-band chanel for an
in-band transaction.

http://www.boojummobile.com

[ Disclaimer -- I advise this company ]

--dan




-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: the limits of crypto and authentication

2005-07-09 Thread dan

Nick Owen writes:
 | I think that the cost of two-factor authentication will plummet in the
 | face of the volumes offered by e-banking.

Would you or anyone here care to analyze
what I am presuming is the market failure
of Amex Blue in the sense of its chipcard
and reader combo?

--dan


-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: the limits of crypto and authentication

2005-07-09 Thread Florian Weimer
* Nick Owen:

 I think that the cost of two-factor authentication will plummet in the
 face of the volumes offered by e-banking.

I doubt this is true.  In Germany, we already use some form of
two-factor authentication for Internet banking transaction (account
number/password and a one-time password for each transaction).  Yet
banks are desperately looking for alternatives because distributing
those one-time password lists is too expensive (!).  To me, this was
quite surprising because it's just one sheet of paper every 200
transactions or so.

Even worse, this scheme has failed, and there are successful attacks
in the wild (involving compromised client PCs).  Right now,
time-dependent tokens do help, but only because you outrun the other
guy.  The real-time requirements imposed by them are not a fundamental
obstacle to the attackers, and even now, the way they route the money
makes it very hard to detect things in real-time (at least on the
money side).

Well, you can imagine my surprise when Howard Schmidt praised
two-factor authentication as a solution to our current problems at the
FIRST 2005 conference. 8-/

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Why Blockbuster looks at your ID.

2005-07-09 Thread Peter Fairbrother
Perry E. Metzger wrote:
 
 A system in which the credit card was replaced by a small, calculator
 style token with a smartcard style connector could effectively
 eliminate most of the in person and over the net fraud we experience,
 and thus get rid of large costs in the system and get rid of the need
 for every Tom, Dick and Harry to see your drivers license when you
 make a purchase. It would both improve personal privacy and help the
 economy by massively reducing transaction costs.

I agree that it might well reduce costs and fraud - but how will it improve
privacy? Your name is already on the card ... and the issuer will still have
a list of your transactions.

Not having to show ID may save annoyance, but it doesn't significantly
improve privacy.



-- 
Peter Fairbrother


-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Why Blockbuster looks at your ID.

2005-07-09 Thread Peter Fairbrother
Jerrold Leichter wrote:

 There have been a couple of articles in RISKS recently about the fairly recent
 use of a two-factor system for bank cards in England.  There are already
 significant hacks -

yes ...

 and the banks managed to get the law changed so that, with
 this guaranteed to be secure new system, the liability is pushed back onto
 the customer.

 I'm not too sure what you mean.

 In the UK the merchant is not usually liable for card-present fraud.

 There has been / is about to be a change to the liability of the merchant,
usually to the effect that if a fraud is successful because the merchant
hasn't installed PIN equipment then they will be liable. A few banks are
making merchants liable for all fraud if PIN equipment has not been
installed.

EMV said the change would begin on 1st Jan, but the banks haven't all
implemented it yet. Many did so on 1st July.

The change occurs in the contract between the aquiring banks and the
merchants, not the law; the legality of the change is questionable, but as
it is basically just a way to encourage retailers to install PIN equipment
it has not been challenged afaik.

There is no change in the merchant's liability if he has installed Chip n'
PIN equipment - the tales circulating of all merchants becoming liable for
all frauds are simply not true.





 There will also be a change in the way fraud claims are dealt with, to the
almost certain disadvantage of the cardholder, as there is no physical
signature to contest and at least in the first instance the issuers
determine the facts.


 However I am not aware of any changes to the law.


 There was a very recent Banking Ombudsman case where the cardholder had
been grossly negligent about her PIN security, but her liability was still
limited to £50 (which is a statutory limit and applies to credit cards, but
not to debit cards - although it is in practice applied to them too).
Usually the £50 limit is not charged by the issuing bank.





 However the customer eventually pays for fraud anyway, in the form of
higher prices, so the issuer - merchant liability split is not of immediate
relevance to the customer. It should be tilted firmly against the banks IMO
though, as they are responsible for the system, not the merchants, who have
no say, as EMV + AmEx is an effective monopoly.



 BTW, one of my banks recently sent me a leaflet which said Chip n' PIN was
going to be introduced worldwide. Anyone know more about that?


-- 
Peter Fairbrother


-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Why Blockbuster looks at your ID.

2005-07-09 Thread Perry E. Metzger

Peter Fairbrother [EMAIL PROTECTED] writes:
 Perry E. Metzger wrote:
 A system in which the credit card was replaced by a small, calculator
 style token with a smartcard style connector could effectively
 eliminate most of the in person and over the net fraud we experience,
 and thus get rid of large costs in the system and get rid of the need
 for every Tom, Dick and Harry to see your drivers license when you
 make a purchase. It would both improve personal privacy and help the
 economy by massively reducing transaction costs.

 I agree that it might well reduce costs and fraud - but how will it improve
 privacy? Your name is already on the card ... and the issuer will still have
 a list of your transactions.

 Not having to show ID may save annoyance, but it doesn't significantly
 improve privacy.

If you have a sufficiently good token, you may no longer need to have
identification information presented to the merchant, even by the
token, to reduce misuse. It is true that the issuer will still know
what transactions took place. However, you have at least reduced the
number of entities that require proof of your identity and the number
that have logs of your activity.

Perry

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: the limits of crypto and authentication

2005-07-09 Thread James A. Donald
--
Ian Grigg [EMAIL PROTECTED]
 In the payments world we've known how to solve all 
 this for some time, since the early 90s to my
 knowledge. The only question really is, have you got a
 business model that will pay for it, because any form
 of token is very expensive, and the form of token that
 is needed - a trusted device to put the application,
 display, keypad and net connection on - is even more
 expensive than the stop-gap two-factor authentication
 units commonly sold.

Such a device sounds like a cell phone.


--digsig
 James A. Donald
 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
 5nMEZ3YWGEUKZWzEprv/E7vI+8j9jzBNX8GWiJiO
 4nb4BSDrVGLfq42fHktPRSAfFO3N0uGBnezGRNWrS


-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Why Blockbuster looks at your ID.

2005-07-09 Thread Adam Shostack
On Sun, Jul 10, 2005 at 12:13:42AM +0100, Peter Fairbrother wrote:
| Perry E. Metzger wrote:
|  
|  A system in which the credit card was replaced by a small, calculator
|  style token with a smartcard style connector could effectively
|  eliminate most of the in person and over the net fraud we experience,
|  and thus get rid of large costs in the system and get rid of the need
|  for every Tom, Dick and Harry to see your drivers license when you
|  make a purchase. It would both improve personal privacy and help the
|  economy by massively reducing transaction costs.
| 
| I agree that it might well reduce costs and fraud - but how will it improve
| privacy? Your name is already on the card ... and the issuer will still have
| a list of your transactions.
| 
| Not having to show ID may save annoyance, but it doesn't significantly
| improve privacy.

Most credit card issuers will happily give you extra cards, so your
friends can spend your money.  In whatever name you want.  If you need
to show ID, this can become, umm, complicated.




-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]