[Cryptography] Ars Technica on the Taiwanese National ID smart card break

[Perry E. Metzger]

Weeks after the informal announcement, the Taiwanese National ID
smartcard break is finally getting press. It is a great example of
a piece of certified crypto hardware that works poorly because
of bad random number generation.

Good explanation for your technical but not security oriented friends
in Ars Technica:

http://arstechnica.com/security/2013/09/fatal-crypto-flaw-in-some-government-certified-smartcards-makes-forgery-a-snap/

-- 
Perry E. Metzgerpe...@piermont.com
___
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography

Lamar Alexander: Much as I Hate It, We Need a National ID

[R.A. Hettinga]

http://www.washingtonpost.com/ac2/wp-dyn/A11307-2005Mar29?language=printer

The Washington Post
washingtonpost.com
Much as I Hate It, We Need a National ID


By Lamar Alexander

 Wednesday, March 30, 2005; Page A15

 The House recently passed legislation requiring states to turn 190 million
driver's licenses into national ID cards, with state taxpayers paying most
of the cost.

 The first thing wrong here is that the House stuck the ID card proposal on
the appropriations bill that supports troops in Iraq and sent it over to
the Senate. We should not slow down money for our troops while we debate ID
cards.

 The second problem is that states not only get to create these ID cards,
they'll likely end up paying the bill. This is one more of the unfunded
federal mandates that we Republicans promised to stop.

 Supporters argue that this is no mandate because states have a choice.
True, states may refuse to conform to the proposed federal standards and
issue licenses to whomever they choose, including illegal immigrants -- but
if they do, that state's licenses will not be accepted for federal
purposes, such as boarding an airplane. Some choice. What governor will
deny his or her citizens the identification they need to travel by air and
cash Social Security checks, or for other federal purposes?

Of course, the ID card may still backfire on Congress. Some feisty governor
may say, Who are these people in Washington telling us what to do with our
drivers' licenses and making us pay for them, too? California will use its
licenses for certifying drivers, and Congress can create its own ID card
for people who want to fly and do other federally regulated things -- and
if they do not, I will put on the Internet the home telephone numbers of
all the congressmen.

 If just one state refused to do the federal government's ID work, Congress
would be forced to create what it claims to oppose -- a federal ID card for
citizens of that state.

 Finally, if we must have a better ID card for some federal purposes, then
there are better ideas than turning state driver's license examiners into
CIA agents. Congress might create an airline traveler's card. Or there
could be an expanded use of U.S. passports. Since a motive here is to
discourage illegal immigration, probably the most logical idea is to
upgrade the Social Security card, which directly relates to the reason most
immigrants come to the United States: to work.

I have fought government ID cards as long and as hard as anyone. In 1983,
when I was governor of Tennessee, our legislature voted to put photographs
on driver's licenses. Merchants and policemen wanted a state ID card to
discourage check fraud and teenage drinking. I vetoed this photo driver's
license bill twice because I believed driver's licenses should be about
driving and that state ID cards infringed on civil liberties.

 That same year, on a visit to the White House, when a guard asked for my
photo ID, I said, We don't have them in Tennessee. I vetoed them. The
guard said, You can't get in without one. The governor of Georgia, who
had his photo ID driver's license, vouched for me. I was admitted to the
White House, the legislature at home overrode my veto and I gave up my
fight against a state ID card.

 For years state driver's licenses have served as de facto national ID
cards. They have been unreliable. All but one of the Sept. 11 terrorists
had a valid driver's license. Even today, when I board an airplane,
security officials look at the front of my driver's license, which expired
in 2000, and rarely turn it over to verify that it has been extended until
2005.

 I still detest the idea of a government ID card. South Africa's experience
is a grim reminder of how such documents can be abused. But I'm afraid this
is one of the ways Sept. 11 has changed our lives. Instead of pretending we
are not creating national ID cards when we obviously are, Congress should
carefully create an effective federal document that helps prevent terrorism
-- with as much respect for privacy as possible.

The writer is a Republican senator from Tennessee. He was chairman of the
National Governors Association in 1985-86.

-- 
-
R. A. Hettinga mailto: [EMAIL PROTECTED]
The Internet Bearer Underwriting Corporation http://www.ibuc.com/
44 Farquhar Street, Boston, MA 02131 USA
... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: Do We Need a National ID Card?

[Matt Crawford]

On Dec 22, 2004, at 8:53, R.A. Hettinga wrote:
Do we need a national ID card?
The comment period on NIST's draft FIPS-201 (written in very hasty  
response to Homeland Security Presidential Directive HSPD-12) ends  
tomorrow.  The draft, as written, enables use of the card by Smart  
IEDs and for improved selection of kidnapping victims.

One cabinet department's Associate CIO for Cybersecurity said of this  
project, Eventually this is going to lead to a national ID card.

Refs:
http://csrc.nist.gov/piv-project/
http://www.fas.org/irp/offdocs/nspd/hspd-12.html
http://csrc.nist.gov/publications/drafts/draft-FIPS_201-110804- 
public1.pdf

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: A National ID: AAMVA's Unique ID

[Joseph Ashwood]

- Original Message - 
From: John Gilmore [EMAIL PROTECTED]
[EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Thursday, June 17, 2004 10:31 AM
Subject: Re: A National ID: AAMVA's Unique ID


  The solution then is obvious, don't have a big central database. Instead
use
  a distributed database.

 Our favorite civil servants, the Departments of Motor Vehicles, are about
 to do exactly this to us.

 They call it Unique ID and their credo is: One person, one license,
 one record.  They swear that it isn't national ID, because national
 ID is disfavored by the public.  But it's the same thing in
 distributed-computing clothes.

I think you misunderstood my point. My point was that it is actually
_easier_, _cheaper_, and more _secure_ to eliminate all the silos. There is
no reason for the various silos, and there is less reason to tie them
together. My entire point was to put my entire record on my card, this
allows faster look-up (O(1) time versus O(lg(n))), greater security (I
control access to my record), it's cheaper (the cards have to be bought
anyway), it's easier (I've already done most of the work on defining them),
and administration is easier (no one has to care about duplication).

 This sure smells to me like national ID.

I think they are drawing the line a bit finer than either of us would like.
They don't call it a national ID because it being a national ID means that
it would be run by the federal government, being instead run by state
governments, it is a state ID, linked nationally.

As I said in the prior one, I disagree with any efforts to create forced ID.

 This, like the MATRIX program, is the brainchild of the federal
 Department of inJustice.  But those wolves are in the sheepskins of
 state DMV administrators, who are doing the grassroots politics and
 the actual administration.  It is all coordinated in periodic meetings
 by AAMVA, the American Association of Motor Vehicle Administrators
 (http://aamva.org/).  Draft bills to join the Unique ID Compact, the
 legally binding agreement among the states to do this, are already
 being circulated in the state legislatures by the heads of state DMVs.
 The idea is to sneak them past the public, and past the state
 legislators, before there's any serious public debate on the topic.

 They have lots of documents about exactly what they're up to.  See
 http://aamva.org/IDSecurity/.  Unfortunately for us, the real
 documents are only available to AAMVA members; the affected public is
 not invited.

 Robyn Wagner and I have tried to join AAMVA numerous times, as
 freetotravel.org.  We think that we have something to say about the
 imposition of Unique ID on an unsuspecting public.  They have rejected
 our application every time -- does this remind you of the Hollywood
 copy-prevention standards committees?  Here is their recent
 rejection letter:

   Thank you for submitting an application for associate membership in
AAMVA.
   Unfortunately, the application was denied again. The Board is not clear
as
   to how FreeToTravel will further enhance AAMVA's mission and service to
our
   membership. We will be crediting your American Express for the full
amount
   charged.

   Please feel free to contact Linda Lewis at (703) 522-4200 if you would
like
   to discuss this further.

   Dianne
   Dianne E. Graham
   Director, Member and Conference Services
   AAMVA
   4301 Wilson Boulevard, Suite 400
   Arlington, VA 22203
   T: (703) 522-4200 | F: (703) 908-5868
   www.aamva.org http://www.aamva.org/

 At the same time, they let in a bunch of vendors of high security ID
 cards as associate members.

Well then create a High-Security ID card company, build it on the technology
I've talked about. It's fairly simple, file the paperwork to create an LLC
with you and Robyn, the LLC acquires a website, it can be co-located at your
current office location, the website talks about my technology, how it
allows the unique and secure identification of every individual, blah, blah,
blah, get a credit card issued in the correct name. They'll almost certainly
let you in, you'll look and smell like a valid alternative (without lying
because you could certainly offer the technology), if you really want to
make it look really good I'm even willing to work with you on filing a
patent, something that they'd almost certainly appreciate.

 AAMVA, the 'guardians' of our right to travel and of our identity
 records, doesn't see how listening to citizens concerned with the
 erosion of exactly those rights and records would enhance their
 mission and service.

Of course it won't, their mission and service is to offer the strongest
identity link possible in the ID cards issued nation-wide, as such the
citizen's course of action has to be to govern the states issuing these
identication papers. However, if you offer them technology to actually make
their mission and service cheaper, more effective, and as a side-benefit
better for their voters. Besides, if you can't beat them (you

Re: A National ID: AAMVA's Unique ID

[John Gilmore]

 The solution then is obvious, don't have a big central database. Instead use
 a distributed database.

Our favorite civil servants, the Departments of Motor Vehicles, are about
to do exactly this to us.

They call it Unique ID and their credo is: One person, one license,
one record.  They swear that it isn't national ID, because national
ID is disfavored by the public.  But it's the same thing in
distributed-computing clothes.

The reason they say it isn't a national ID is because it's 50 state
IDs (plus US territories and Canadian provinces and Mexican states) --
but the new part is that they will all be linked by a continent-wide
network.  Any official who looks up your record from anywhere on the
continent will be able to pull up that record.  Anyplace you apply for
a state license or ID card, they will search the network, find your
old record (if you have one) and transfer it to that state.  So
there's no way to escape your past record, and no way to get two cards
(in the absence of successful fraud, either by citizens or DMV
employees).

This sure smells to me like national ID.

This, like the MATRIX program, is the brainchild of the federal
Department of inJustice.  But those wolves are in the sheepskins of
state DMV administrators, who are doing the grassroots politics and
the actual administration.  It is all coordinated in periodic meetings
by AAMVA, the American Association of Motor Vehicle Administrators
(http://aamva.org/).  Draft bills to join the Unique ID Compact, the
legally binding agreement among the states to do this, are already
being circulated in the state legislatures by the heads of state DMVs.
The idea is to sneak them past the public, and past the state
legislators, before there's any serious public debate on the topic.

They have lots of documents about exactly what they're up to.  See
http://aamva.org/IDSecurity/.  Unfortunately for us, the real
documents are only available to AAMVA members; the affected public is
not invited.

Robyn Wagner and I have tried to join AAMVA numerous times, as
freetotravel.org.  We think that we have something to say about the
imposition of Unique ID on an unsuspecting public.  They have rejected
our application every time -- does this remind you of the Hollywood
copy-prevention standards committees?  Here is their recent
rejection letter:

  Thank you for submitting an application for associate membership in AAMVA.
  Unfortunately, the application was denied again. The Board is not clear as
  to how FreeToTravel will further enhance AAMVA's mission and service to our
  membership. We will be crediting your American Express for the full amount
  charged.

  Please feel free to contact Linda Lewis at (703) 522-4200 if you would like
  to discuss this further.

  Dianne 
  Dianne E. Graham 
  Director, Member and Conference Services 
  AAMVA 
  4301 Wilson Boulevard, Suite 400 
  Arlington, VA 22203 
  T: (703) 522-4200 | F: (703) 908-5868 
  www.aamva.org http://www.aamva.org/  

At the same time, they let in a bunch of vendors of high security ID
cards as associate members.

AAMVA, the 'guardians' of our right to travel and of our identity
records, doesn't see how listening to citizens concerned with the
erosion of exactly those rights and records would enhance their
mission and service.  Their mission appears to be to ram their
secret policy down our throats.  Their service is to take our tax
money, use it to label all of us like cattle with ear-tags, and deny
us our constitutional right to travel unless we submit to being
tagged.

We protest.  Do you?

John Gilmore

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: A National ID

[Joseph Ashwood]

Although I am against any national ID, at least as far terrorist
identification goes (note that the Social Security Number that every
American has IS a national ID card), I feel that a discussion on how to do
it properly is a worthwhile endeavor.

- Original Message - 
From: Peter Clay [EMAIL PROTECTED]
Subject: Re: A National ID


 [T]he real danger is not the cards but the database for which they
 are a unique key. See just about every issue of RISKS for ways in which
 big national databases can go wrong.

The solution then is obvious, don't have a big central database. Instead use
a distributed database. I first suggested this concept some time ago on
sci.crypt. It's very simple, use cryptography so we don't have to be
concerned about duplication (although fraudulent acquisition of valid id
would be an issue). Issue each person a Flash RAM card, on the card is
biometric information, name, birthdate, etc, a Law Enforcement Only Field,
and a signature across all the information, most importantly DO NOT print
anything resembling what we currently see as an ID card (no picture, no
drivers license number, etc) just print a name on the card for ease of card
identification. At this point (assuming the cryptography is good) people can
make as many copies as they'd like, it's not going to make any difference.

The Law Enforcement Only Field (which I'll call LEAF for historical reasons)
serves a unique purpose, it is either a random number, or an encrypted old
identity. There are several possible reasons for the old identity;
undercover police, witness protection, support for pseudo-nyms, etc. This
field allows the police and only the police to identify undercover officers,
and provides tracability back through the process to identify granting a new
identity to someone.

The most important part though is the search time required for verifying an
ID. In the case of a giant central database it is O(log(n)) time, with the
cryptographic ID it is O(1). This reduces the cost of the national overhead,
while a database is still necessay for reissuing, and a new signing setup is
required, the access requirements are reduced by several orders of
magnitude. Further reduction comes from the ability of each police precinct
to have their own local known database, as well as every bar/nightclub
having their own banned list without the possibility of cross-corruption,
because there is no direct link. This further increases the security because
access to the main database can even be restricted to key personnel. This
personnel access reduction will again lower the speed requirements for the
central database, probably down to the point where a single Oracle server
with a few Terabytes of disk space could easily handle the load (I come up
with a horrible case size of about 300 Terabytes, and a minimum size of 70
gigabytes for storing only the signature and LEAF because everything else
can be reconstructed). (Sizes assume 1MB maximum data set, and DSA/ECDSA
with SHA-512)

This would also have a knock-on effect of creating a small ID customization
industry, because the ID can take any form-factor within certain reasonable
bounds there is no reason that it cannot be as customizable as a cell-phone.

As for security, this would put the citizen in general control of their
information, and with the minimum database size used would give the citizen
complete control over their own data. The additional overhead for the
current law enforcement databases would be minimal, each entry would only be
expanded by the size of the signature to mark the ID card.

The invasiveness for your average citizen would be minimized because there
is no chance of leakage between the big central database (which could be
very small) and the corner market, because the central database does not
have to be online.

Now as to the level of cryptographic security that would be necessary for
this. It is important to realize that the potential market for fraudulent ID
of this caliber would be massive, so a multi-decade multi-trillion dollar
effort to break the key is not unreasonable. This poses a risk of a
magnitude that cryptanalysts really haven't dealt with. Even at the level of
protecting the drivel from Shrub II, the possibility of a multi-decade,
multi-trillion dollar is simply inconceivable, and it is important to
remember that this signature has to remain secure not for a few years, or
even a couple of decades, it has to remain secure for longer than the
longest concievable lifespan for a human, which means 150 years (I've
rounded up from the record), which is a timeframe that we cannot even
conceive of at this time. A 100 trillion dollar, 150 year effort to break
the security is simply beyond our ability to predict cryptographically, with
Celerons at about $35 per GHz right now, that timeframe works out to
approximately 2^95 (again being generous to the attacker), that already
means that SHA-1 cannot be used simply because the workload is available

Re: A National ID

[Dave Howe]

R. A. Hettinga wrote:
If we're going to move to a national identification card, we can't afford
to do it badly. Now is the time to figure out how to create a card that
helps identify people but doesn't rob them of a huge swath of their civil
liberties in the process.
Just watch how the british do it - then don't do it that way.
I am still trying to figure out how over a decade of terrorist bombings 
in mainland UK didn't justify introducing a national ID card - but the 
americans wanting biometric passports for visitors does.

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: A National ID

[Peter Clay]

On Mon, 31 May 2004, R. A. Hettinga wrote:

 in most European countries, people carry national ID's as a matter of
 course. And pressure is mounting in America for some kind of security card.

Similarly, there is a push for ID cards in the UK at the moment. See
http://www.stand.org.uk/ and http://www.no2id.net/ for more detail. No
doubt the same arguments for and against apply on both sides of the
Atlantic, and it would be good if activists were to share information.

Note that the real danger is not the cards but the database for which they
are a unique key. See just about every issue of RISKS for ways in which
big national databases can go wrong.

Pete
-- 
Peter Clay | Campaign for   _  _| .__
   | Digital   /  / | |
   | Rights!   \_ \_| |
   | http://www.ukcdr.org

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]