The FINREAD smart card reader was a European run at moving trust-bearing
transactions to an outboard device. It was a full Java VM in a
tamper-resistant box with a modest GUI, biometrics, lots of security on the
I/O ports and much attention to application isolation. FINREAD readers were
Another useful piece of research on the topic:
V. Griffith and M. Jakobsson.
Messin' with Texas, Deriving Mother's Maiden Names Using Public Records.
ACNS '05, 2005 and CryptoBytes Winter '07
2008, Scott Guthery wrote:
One useful application of the Katz/Sahai/Waters work is a counter to
traffic analysis. One can send the same message to everyone but
ensure that only a defined subset can read the message by proper key
management. What is less clear is how to ensure that decrytion
but also a proof that the source code one has is the source of the
This is an unsolved problem for code in tamper-resistant devices. There are
precious few procedures to, for example, determine that the CAC card that
was issued to Pfc. Sally Green this morning bears any
A group member asked me to elaborate on:
- No knowledge of which groups can be successfully authenticated is
known to the verifier
What this tries to say is that the verifier doesn't need to have a list of
all authenticable groups nor can the verifier draw any conclusions about
Those interested in predicate encryption might also enjoy
Group Authentication Using The Naccache-Stern Public-Key Cryptosystem
which takes a different approach and handles negation.
A group authentication protocol authenticates pre-defined groups of
Adding a backdoor to chips is a different story, though, since that would
require cutting a second set of masks.
I am assuming that there must be no backdoor in the legitimately produced
chips since the client would detect
it as a slight violation of some of their timing simulations. The
1) GSM/3G handsets are networked card readers that are pretty
successful. They are I'd wager about as secure as an ATM or a POS,
particularly with respect to social attacks.
2) ISO is currently writing a standard for a secure home card reader.
The starting point is FINREAD. See
Amex Blue was a market success in the sense that its ROI exceeded
expectations, rational and otherwise. It yielded thousands of new
accounts at a cost of acquisition far less than average, even when
taking into account the Windows driver support calls and the discarded
readers. That said, you
Isn't this what Rivest's Chaffing and Winnowing is all about?
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Hadmut Danisch
Sent: Thursday, May 26, 2005 5:51 PM
Ah, the joys of diversity. Implementations
of all your favorite protocols in all your
favorite programming languages by all your
favorite programmers in all your favorite
countries on all your favorite operating
systems for all your favorite chips.
Continuous debugging certainly is the path
There are roughly 1B GSM/3GPP/3GPP2
SIMs in daily use and the number of
keys extracted from them is diminishingly
From: bear [mailto:[EMAIL PROTECTED]
Sent: Thursday, September 11, 2003 3:43 AM
To: Sean Smith
Cc: [EMAIL PROTECTED]
Subject: Re: fyi:
Mail list logo