[Cryptography] Ars Technica on the Taiwanese National ID smart card break
Weeks after the informal announcement, the Taiwanese National ID smartcard break is finally getting press. It is a great example of a piece of certified crypto hardware that works poorly because of bad random number generation. Good explanation for your technical but not security oriented friends in Ars Technica: http://arstechnica.com/security/2013/09/fatal-crypto-flaw-in-some-government-certified-smartcards-makes-forgery-a-snap/ -- Perry E. Metzgerpe...@piermont.com ___ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
Lamar Alexander: Much as I Hate It, We Need a National ID
http://www.washingtonpost.com/ac2/wp-dyn/A11307-2005Mar29?language=printer The Washington Post washingtonpost.com Much as I Hate It, We Need a National ID By Lamar Alexander Wednesday, March 30, 2005; Page A15 The House recently passed legislation requiring states to turn 190 million driver's licenses into national ID cards, with state taxpayers paying most of the cost. The first thing wrong here is that the House stuck the ID card proposal on the appropriations bill that supports troops in Iraq and sent it over to the Senate. We should not slow down money for our troops while we debate ID cards. The second problem is that states not only get to create these ID cards, they'll likely end up paying the bill. This is one more of the unfunded federal mandates that we Republicans promised to stop. Supporters argue that this is no mandate because states have a choice. True, states may refuse to conform to the proposed federal standards and issue licenses to whomever they choose, including illegal immigrants -- but if they do, that state's licenses will not be accepted for federal purposes, such as boarding an airplane. Some choice. What governor will deny his or her citizens the identification they need to travel by air and cash Social Security checks, or for other federal purposes? Of course, the ID card may still backfire on Congress. Some feisty governor may say, Who are these people in Washington telling us what to do with our drivers' licenses and making us pay for them, too? California will use its licenses for certifying drivers, and Congress can create its own ID card for people who want to fly and do other federally regulated things -- and if they do not, I will put on the Internet the home telephone numbers of all the congressmen. If just one state refused to do the federal government's ID work, Congress would be forced to create what it claims to oppose -- a federal ID card for citizens of that state. Finally, if we must have a better ID card for some federal purposes, then there are better ideas than turning state driver's license examiners into CIA agents. Congress might create an airline traveler's card. Or there could be an expanded use of U.S. passports. Since a motive here is to discourage illegal immigration, probably the most logical idea is to upgrade the Social Security card, which directly relates to the reason most immigrants come to the United States: to work. I have fought government ID cards as long and as hard as anyone. In 1983, when I was governor of Tennessee, our legislature voted to put photographs on driver's licenses. Merchants and policemen wanted a state ID card to discourage check fraud and teenage drinking. I vetoed this photo driver's license bill twice because I believed driver's licenses should be about driving and that state ID cards infringed on civil liberties. That same year, on a visit to the White House, when a guard asked for my photo ID, I said, We don't have them in Tennessee. I vetoed them. The guard said, You can't get in without one. The governor of Georgia, who had his photo ID driver's license, vouched for me. I was admitted to the White House, the legislature at home overrode my veto and I gave up my fight against a state ID card. For years state driver's licenses have served as de facto national ID cards. They have been unreliable. All but one of the Sept. 11 terrorists had a valid driver's license. Even today, when I board an airplane, security officials look at the front of my driver's license, which expired in 2000, and rarely turn it over to verify that it has been extended until 2005. I still detest the idea of a government ID card. South Africa's experience is a grim reminder of how such documents can be abused. But I'm afraid this is one of the ways Sept. 11 has changed our lives. Instead of pretending we are not creating national ID cards when we obviously are, Congress should carefully create an effective federal document that helps prevent terrorism -- with as much respect for privacy as possible. The writer is a Republican senator from Tennessee. He was chairman of the National Governors Association in 1985-86. -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Do We Need a National ID Card?
On Dec 22, 2004, at 8:53, R.A. Hettinga wrote: Do we need a national ID card? The comment period on NIST's draft FIPS-201 (written in very hasty response to Homeland Security Presidential Directive HSPD-12) ends tomorrow. The draft, as written, enables use of the card by Smart IEDs and for improved selection of kidnapping victims. One cabinet department's Associate CIO for Cybersecurity said of this project, Eventually this is going to lead to a national ID card. Refs: http://csrc.nist.gov/piv-project/ http://www.fas.org/irp/offdocs/nspd/hspd-12.html http://csrc.nist.gov/publications/drafts/draft-FIPS_201-110804- public1.pdf - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: A National ID: AAMVA's Unique ID
- Original Message - From: John Gilmore [EMAIL PROTECTED] [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Thursday, June 17, 2004 10:31 AM Subject: Re: A National ID: AAMVA's Unique ID The solution then is obvious, don't have a big central database. Instead use a distributed database. Our favorite civil servants, the Departments of Motor Vehicles, are about to do exactly this to us. They call it Unique ID and their credo is: One person, one license, one record. They swear that it isn't national ID, because national ID is disfavored by the public. But it's the same thing in distributed-computing clothes. I think you misunderstood my point. My point was that it is actually _easier_, _cheaper_, and more _secure_ to eliminate all the silos. There is no reason for the various silos, and there is less reason to tie them together. My entire point was to put my entire record on my card, this allows faster look-up (O(1) time versus O(lg(n))), greater security (I control access to my record), it's cheaper (the cards have to be bought anyway), it's easier (I've already done most of the work on defining them), and administration is easier (no one has to care about duplication). This sure smells to me like national ID. I think they are drawing the line a bit finer than either of us would like. They don't call it a national ID because it being a national ID means that it would be run by the federal government, being instead run by state governments, it is a state ID, linked nationally. As I said in the prior one, I disagree with any efforts to create forced ID. This, like the MATRIX program, is the brainchild of the federal Department of inJustice. But those wolves are in the sheepskins of state DMV administrators, who are doing the grassroots politics and the actual administration. It is all coordinated in periodic meetings by AAMVA, the American Association of Motor Vehicle Administrators (http://aamva.org/). Draft bills to join the Unique ID Compact, the legally binding agreement among the states to do this, are already being circulated in the state legislatures by the heads of state DMVs. The idea is to sneak them past the public, and past the state legislators, before there's any serious public debate on the topic. They have lots of documents about exactly what they're up to. See http://aamva.org/IDSecurity/. Unfortunately for us, the real documents are only available to AAMVA members; the affected public is not invited. Robyn Wagner and I have tried to join AAMVA numerous times, as freetotravel.org. We think that we have something to say about the imposition of Unique ID on an unsuspecting public. They have rejected our application every time -- does this remind you of the Hollywood copy-prevention standards committees? Here is their recent rejection letter: Thank you for submitting an application for associate membership in AAMVA. Unfortunately, the application was denied again. The Board is not clear as to how FreeToTravel will further enhance AAMVA's mission and service to our membership. We will be crediting your American Express for the full amount charged. Please feel free to contact Linda Lewis at (703) 522-4200 if you would like to discuss this further. Dianne Dianne E. Graham Director, Member and Conference Services AAMVA 4301 Wilson Boulevard, Suite 400 Arlington, VA 22203 T: (703) 522-4200 | F: (703) 908-5868 www.aamva.org http://www.aamva.org/ At the same time, they let in a bunch of vendors of high security ID cards as associate members. Well then create a High-Security ID card company, build it on the technology I've talked about. It's fairly simple, file the paperwork to create an LLC with you and Robyn, the LLC acquires a website, it can be co-located at your current office location, the website talks about my technology, how it allows the unique and secure identification of every individual, blah, blah, blah, get a credit card issued in the correct name. They'll almost certainly let you in, you'll look and smell like a valid alternative (without lying because you could certainly offer the technology), if you really want to make it look really good I'm even willing to work with you on filing a patent, something that they'd almost certainly appreciate. AAMVA, the 'guardians' of our right to travel and of our identity records, doesn't see how listening to citizens concerned with the erosion of exactly those rights and records would enhance their mission and service. Of course it won't, their mission and service is to offer the strongest identity link possible in the ID cards issued nation-wide, as such the citizen's course of action has to be to govern the states issuing these identication papers. However, if you offer them technology to actually make their mission and service cheaper, more effective, and as a side-benefit better for their voters. Besides, if you can't beat them (you
Re: A National ID: AAMVA's Unique ID
The solution then is obvious, don't have a big central database. Instead use a distributed database. Our favorite civil servants, the Departments of Motor Vehicles, are about to do exactly this to us. They call it Unique ID and their credo is: One person, one license, one record. They swear that it isn't national ID, because national ID is disfavored by the public. But it's the same thing in distributed-computing clothes. The reason they say it isn't a national ID is because it's 50 state IDs (plus US territories and Canadian provinces and Mexican states) -- but the new part is that they will all be linked by a continent-wide network. Any official who looks up your record from anywhere on the continent will be able to pull up that record. Anyplace you apply for a state license or ID card, they will search the network, find your old record (if you have one) and transfer it to that state. So there's no way to escape your past record, and no way to get two cards (in the absence of successful fraud, either by citizens or DMV employees). This sure smells to me like national ID. This, like the MATRIX program, is the brainchild of the federal Department of inJustice. But those wolves are in the sheepskins of state DMV administrators, who are doing the grassroots politics and the actual administration. It is all coordinated in periodic meetings by AAMVA, the American Association of Motor Vehicle Administrators (http://aamva.org/). Draft bills to join the Unique ID Compact, the legally binding agreement among the states to do this, are already being circulated in the state legislatures by the heads of state DMVs. The idea is to sneak them past the public, and past the state legislators, before there's any serious public debate on the topic. They have lots of documents about exactly what they're up to. See http://aamva.org/IDSecurity/. Unfortunately for us, the real documents are only available to AAMVA members; the affected public is not invited. Robyn Wagner and I have tried to join AAMVA numerous times, as freetotravel.org. We think that we have something to say about the imposition of Unique ID on an unsuspecting public. They have rejected our application every time -- does this remind you of the Hollywood copy-prevention standards committees? Here is their recent rejection letter: Thank you for submitting an application for associate membership in AAMVA. Unfortunately, the application was denied again. The Board is not clear as to how FreeToTravel will further enhance AAMVA's mission and service to our membership. We will be crediting your American Express for the full amount charged. Please feel free to contact Linda Lewis at (703) 522-4200 if you would like to discuss this further. Dianne Dianne E. Graham Director, Member and Conference Services AAMVA 4301 Wilson Boulevard, Suite 400 Arlington, VA 22203 T: (703) 522-4200 | F: (703) 908-5868 www.aamva.org http://www.aamva.org/ At the same time, they let in a bunch of vendors of high security ID cards as associate members. AAMVA, the 'guardians' of our right to travel and of our identity records, doesn't see how listening to citizens concerned with the erosion of exactly those rights and records would enhance their mission and service. Their mission appears to be to ram their secret policy down our throats. Their service is to take our tax money, use it to label all of us like cattle with ear-tags, and deny us our constitutional right to travel unless we submit to being tagged. We protest. Do you? John Gilmore - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: A National ID
Although I am against any national ID, at least as far terrorist identification goes (note that the Social Security Number that every American has IS a national ID card), I feel that a discussion on how to do it properly is a worthwhile endeavor. - Original Message - From: Peter Clay [EMAIL PROTECTED] Subject: Re: A National ID [T]he real danger is not the cards but the database for which they are a unique key. See just about every issue of RISKS for ways in which big national databases can go wrong. The solution then is obvious, don't have a big central database. Instead use a distributed database. I first suggested this concept some time ago on sci.crypt. It's very simple, use cryptography so we don't have to be concerned about duplication (although fraudulent acquisition of valid id would be an issue). Issue each person a Flash RAM card, on the card is biometric information, name, birthdate, etc, a Law Enforcement Only Field, and a signature across all the information, most importantly DO NOT print anything resembling what we currently see as an ID card (no picture, no drivers license number, etc) just print a name on the card for ease of card identification. At this point (assuming the cryptography is good) people can make as many copies as they'd like, it's not going to make any difference. The Law Enforcement Only Field (which I'll call LEAF for historical reasons) serves a unique purpose, it is either a random number, or an encrypted old identity. There are several possible reasons for the old identity; undercover police, witness protection, support for pseudo-nyms, etc. This field allows the police and only the police to identify undercover officers, and provides tracability back through the process to identify granting a new identity to someone. The most important part though is the search time required for verifying an ID. In the case of a giant central database it is O(log(n)) time, with the cryptographic ID it is O(1). This reduces the cost of the national overhead, while a database is still necessay for reissuing, and a new signing setup is required, the access requirements are reduced by several orders of magnitude. Further reduction comes from the ability of each police precinct to have their own local known database, as well as every bar/nightclub having their own banned list without the possibility of cross-corruption, because there is no direct link. This further increases the security because access to the main database can even be restricted to key personnel. This personnel access reduction will again lower the speed requirements for the central database, probably down to the point where a single Oracle server with a few Terabytes of disk space could easily handle the load (I come up with a horrible case size of about 300 Terabytes, and a minimum size of 70 gigabytes for storing only the signature and LEAF because everything else can be reconstructed). (Sizes assume 1MB maximum data set, and DSA/ECDSA with SHA-512) This would also have a knock-on effect of creating a small ID customization industry, because the ID can take any form-factor within certain reasonable bounds there is no reason that it cannot be as customizable as a cell-phone. As for security, this would put the citizen in general control of their information, and with the minimum database size used would give the citizen complete control over their own data. The additional overhead for the current law enforcement databases would be minimal, each entry would only be expanded by the size of the signature to mark the ID card. The invasiveness for your average citizen would be minimized because there is no chance of leakage between the big central database (which could be very small) and the corner market, because the central database does not have to be online. Now as to the level of cryptographic security that would be necessary for this. It is important to realize that the potential market for fraudulent ID of this caliber would be massive, so a multi-decade multi-trillion dollar effort to break the key is not unreasonable. This poses a risk of a magnitude that cryptanalysts really haven't dealt with. Even at the level of protecting the drivel from Shrub II, the possibility of a multi-decade, multi-trillion dollar is simply inconceivable, and it is important to remember that this signature has to remain secure not for a few years, or even a couple of decades, it has to remain secure for longer than the longest concievable lifespan for a human, which means 150 years (I've rounded up from the record), which is a timeframe that we cannot even conceive of at this time. A 100 trillion dollar, 150 year effort to break the security is simply beyond our ability to predict cryptographically, with Celerons at about $35 per GHz right now, that timeframe works out to approximately 2^95 (again being generous to the attacker), that already means that SHA-1 cannot be used simply because the workload is available
Re: A National ID
R. A. Hettinga wrote: If we're going to move to a national identification card, we can't afford to do it badly. Now is the time to figure out how to create a card that helps identify people but doesn't rob them of a huge swath of their civil liberties in the process. Just watch how the british do it - then don't do it that way. I am still trying to figure out how over a decade of terrorist bombings in mainland UK didn't justify introducing a national ID card - but the americans wanting biometric passports for visitors does. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: A National ID
On Mon, 31 May 2004, R. A. Hettinga wrote: in most European countries, people carry national ID's as a matter of course. And pressure is mounting in America for some kind of security card. Similarly, there is a push for ID cards in the UK at the moment. See http://www.stand.org.uk/ and http://www.no2id.net/ for more detail. No doubt the same arguments for and against apply on both sides of the Atlantic, and it would be good if activists were to share information. Note that the real danger is not the cards but the database for which they are a unique key. See just about every issue of RISKS for ways in which big national databases can go wrong. Pete -- Peter Clay | Campaign for _ _| .__ | Digital / / | | | Rights! \_ \_| | | http://www.ukcdr.org - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]