RE: Crypto dongles to secure online transactions

2009-11-25 Thread Scott Guthery
The FINREAD smart card reader was a European run at moving trust-bearing transactions to an outboard device. It was a full Java VM in a tamper-resistant box with a modest GUI, biometrics, lots of security on the I/O ports and much attention to application isolation. FINREAD readers were produced

RE: security questions

2008-08-07 Thread Scott Guthery
Another useful piece of research on the topic: V. Griffith and M. Jakobsson. Messin' with Texas, Deriving Mother's Maiden Names Using Public Records. ACNS '05, 2005 and CryptoBytes Winter '07 Cheers, Scott

RE: New result in predicate encryption: disjunction support

2008-05-05 Thread Scott Guthery
2008, Scott Guthery wrote: One useful application of the Katz/Sahai/Waters work is a counter to traffic analysis. One can send the same message to everyone but ensure that only a defined subset can read the message by proper key management. What is less clear is how to ensure that decrytion

RE: OpenSparc -- the open source chip (except for the crypto parts)

2008-05-05 Thread Scott Guthery
but also a proof that the source code one has is the source of the implementation. This is an unsolved problem for code in tamper-resistant devices. There are precious few procedures to, for example, determine that the CAC card that was issued to Pfc. Sally Green this morning bears any

RE: New result in predicate encryption: disjunction support

2008-05-04 Thread Scott Guthery
A group member asked me to elaborate on: - No knowledge of which groups can be successfully authenticated is known to the verifier What this tries to say is that the verifier doesn't need to have a list of all authenticable groups nor can the verifier draw any conclusions about other

RE: more on malicious hardware

2008-04-28 Thread Scott Guthery
Adding a backdoor to chips is a different story, though, since that would require cutting a second set of masks. I am assuming that there must be no backdoor in the legitimately produced chips since the client would detect it as a slight violation of some of their timing simulations. The

RE: Is there any future for smartcards?

2005-09-11 Thread Scott Guthery
1) GSM/3G handsets are networked card readers that are pretty successful. They are I'd wager about as secure as an ATM or a POS, particularly with respect to social attacks. 2) ISO is currently writing a standard for a secure home card reader. The starting point is FINREAD. See

RE: the limits of crypto and authentication

2005-07-11 Thread Scott Guthery
Amex Blue was a market success in the sense that its ROI exceeded expectations, rational and otherwise. It yielded thousands of new accounts at a cost of acquisition far less than average, even when taking into account the Windows driver support calls and the discarded readers. That said, you

RE: Papers about Algorithm hiding ?

2005-05-31 Thread Scott Guthery
Isn't this what Rivest's Chaffing and Winnowing is all about? Cheers, Scott -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Hadmut Danisch Sent: Thursday, May 26, 2005 5:51 PM To:

RE: Choosing an implementation language

2003-10-03 Thread Scott Guthery
Ah, the joys of diversity. Implementations of all your favorite protocols in all your favorite programming languages by all your favorite programmers in all your favorite countries on all your favorite operating systems for all your favorite chips. Continuous debugging certainly is the path

RE: fyi: bear/enforcer open-source TCPA project

2003-09-11 Thread Scott Guthery
There are roughly 1B GSM/3GPP/3GPP2 SIMs in daily use and the number of keys extracted from them is diminishingly small. -Original Message- From: bear [mailto:[EMAIL PROTECTED] Sent: Thursday, September 11, 2003 3:43 AM To: Sean Smith Cc: [EMAIL PROTECTED] Subject: Re: fyi: