Re: Financial identity is *dangerous*? (was re: Fake companies, real money)

[Ian Grigg]

Ben,

> Ian Grigg wrote:
>> It should be obvious.  But it's not.  A few billions
>> of investment in smart cards says that it is anything
>> but obvious.
>
> That assumes that the goal of smartcards is to increase security instead
> of to decrease liability.

On whether the goal of smart cards is to reduce
liability:

a)  Not with any systems I was familiar:  the major Dutch
systems were defensive, oriented to filling the space
that was potentially threatened by other parties.  The
trials were goaled to increase security, which they did
not by using smart cards, but by eliminating cash, which
had created an unacceptable risk of serious theft in
unattended petrol stations.  The same happened with UK
phone cards...  I'm unfamiliar with Mondex or the Belgium/
Proton based motives, but their structures indicate that
liability was not a question uppermost on their minds.

b)  Liability reduction cannot be a goal.  If it was, then
one could achieve the goal completely - eliminate liability -
by not doing the project.  Instead, liability and/or
reduction of same is a _limitation_ on the goal of the
system.

c)  Whether liability reduction entered into any smart
card system as a limitation on their goals is a little
uncertain.  I would say no, as all the systems were
early stage in the institutional model;  in which case
there was little or no liability.  Instead, the only
drivers in that vague area would have been future
running costs reduction, which would have included well
considered security models, and partially considered
user support models, to reduce over all costs.  Including
all forms of risks, of course.

d)  Liability reduction generally comes into play when a
system is mature and/or regulatory issues come into play.
That is, liability reduction is something often seen when
the desire is to avoid surprises, and to avoid any costs
cropping up that weren't well built into the costs model.
I.e., the risk models used by credit card operators are
one example, and the customer agreement models (or whatever
they are called) used by CAs are another example of liability
reduction.

e) Perversely, banks practice liability increase as well as
reduction.  In fact, a pure banking model is about the risk
of a loan, and they specialise in measuring and managing
the risk of that loan.  But, as we are talking about payment
systems, and loans are banking, and banking is not payment
systems, that would be a change in business, so out of
scope of the original topic.

f)  And, of course, all institutions will practice liability
increase if they can turn it into a barrier to entry, that
is, cartelise the industry so as to block new entrants.  See
the eMoney directive for the European barrier to entry, which
was effectively coordinated by the Bundesbank on behalf of
the banks, and resulted in the "like a bank, but not a bank,
and as costly as a bank" approach to digital cash.

All of which might or might not hit the target of liability
as you wrote it?

iang

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Financial identity is *dangerous*? (was re: Fake companies, real money)

[Ben Laurie]

Ian Grigg wrote:

Alan Barrett wrote:
On Sat, 23 Oct 2004, Aaron Whitehouse wrote:
Oh, and make it small enough to fit in the pocket,
put a display *and* a keypad on it, and tell the
user not to lose it.

How much difference is there, practically, between this and using a 
smartcard credit card in an external reader with a keypad? Aside from 
the weight of the 'computer' in your pocket...

The risks of using *somebody else's keypad* to type passwords or
instructions to your smartcard, or using *somebody else's display* to
view output that is intended to be private, should be obvious.

:-)
It should be obvious.  But it's not.  A few billions
of investment in smart cards says that it is anything
but obvious.
That assumes that the goal of smartcards is to increase security instead 
of to decrease liability.

--
ApacheCon! 13-17 November! http://www.apachecon.com/
http://www.apache-ssl.org/ben.html   http://www.thebunker.net/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Financial identity is *dangerous*? (was re: Fake companies, real money)

[Anne & Lynn Wheeler]

At 10:29
AM 10/28/2004, James A. Donald wrote:
Is there a phone that is
programmable enough to store secrets 
on and sign and decrypt stuff?
The ideal crypto device would be programmed by burning new 
proms, thus enabling easy reprogramming, while making it 
resistant to trojans and viruses. 
there are a couple different trust relationships ... the issue of the
user trusting the keyboard/terminal ... and the issue of the relying
party trusting the keyboard/terminal.
The FINREAD terminal ... misc. (EU) finread references:
http://www.garlic.com/~lynn/subpubkey.html#finread
supposedly is certified as an stand-alone external keypad and display
that can't (very difficult) in being hacked. the financial scenario is
that the display can be trusted to display the amount being approved 
the user puts in his card and enters their pin/password. The pin-pad is
certified as not being subject to virus keyloggers (that you might find
if a PC keyboard was being used). 
For the relying party (say an online financial institution) ... the user
putting their card into the reader ... and the card generating some
unique value ... would indicate to the relying party "something you
have" authentication. The user entering a PIN can both indicate
"something you know" authentication as well as implying that
the user aggrees/approves with the value in the display.
Note that the implied agreement/approval ... in not just dependent on the
user entering the PIN ... but also on the certification of the terminal
... that the terminal doesn't accept the PIN until after the certified
terminal displays the correct value (i.e. there is a certified business
process sequence).
The entering of the PIN can also involving transmitting some form of the
PIN to the relying party ... and/or the PIN is passed to the
smartcard/chip ... and the chip is known to only operate in the
appropriate manner when the correct PIN is entered. In this later case,
the relying party doesn't actually have knowledge of the "something
you know" authentication  but the relying party can infer it
based on knowing the certified business process operation of all of the
components.
Lets say the unique value provided by the smartcard is some form of
digital signature ... and the relying party infers from the correct
digitial signature "something you have" authentication. There
is still the trust issue between the relying party and the terminal used
by the user  which may also require that the (certified eu finread)
terminal also performs a digital signature  in order for the relying
party to be able to trust that it really was a terminal of specific
characteristics ... as opposed to some counterfeit or lower-trusted
terminal.
There is still the issue of the user trusting such a terminal. If the
terminal belongs to the user  in the user physical home space 
then there isn't as much of a trust issue regarding the user trusting the
terminal.
The problem arises for the user if they are faced with using a terminal
in some random, unsecured location some place in the world. Even in the
situation where a relying party receives a valid transaction with a valid
digital signature from a certified, known finread terminal ... there are
still a number of MITM attacks on finread terminals that might be located
in unsecured locations (various kinds of overlays and/or intermediate
boxes capable of performing keylogging and/or modified display
presentation).
The personal cellphone and/or PDA ... with user "owned" display
and key entry  is a countermeasure to various kinds of MITM attacks
on terminals in public &/or unsecured locations
(user has no way of easily proofing that they aren't faced with some form
of compromised terminal environment).


--
Anne & Lynn Wheeler   
http://www.garlic.com/~lynn/
 

RE: Financial identity is *dangerous*? (was re: Fake companies, real money)

[Trei, Peter]

James A. Donald wrote:

> R.A. Hettinga wrote:
> > [The mobile phone is] certainly getting to be like Chaum's
> > ideal crypto device. You own it, it has its own I/O, and it
> > never leaves your sight.
> 
> Is there a phone that is programmable enough to store secrets 
> on and sign and decrypt stuff?

I've been programming phones and PDAs for several years.
They are certainly powerful enough for symmetric operations.
Some at the higher end can to public key operations at a
reasonable speed. The lower end ones can't. Try taking a
look at the new Treos, the newer PocketPC devices, and
phones such as the Motorola A760.

> The ideal crypto device would be programmed by burning new 
> proms, thus enabling easy reprogramming, while making it 
> resistant to trojans and viruses. 

Some of the devices partition their storage, with portions
that are easily modified, and portions which are more
secure. The carriers generally want to prevent users from
modifying the SW in ways which could enable fraud or damage
the network, yet allow downloads of games, apps, etc.

Peter


-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Financial identity is *dangerous*? (was re: Fake companies, real money)

[Eugen Leitl]

On Thu, Oct 28, 2004 at 09:29:21AM -0700, James A. Donald wrote:

> Is there a phone that is programmable enough to store secrets 
> on and sign and decrypt stuff?

Er, it has been a while since you bought a new mobile, right?
About all of them have several MBytes memory, and run Java. Some Motorolas
run Linux. The better smart phones are pretty beefy PDAs.
 
> The ideal crypto device would be programmed by burning new 
> proms, thus enabling easy reprogramming, while making it 
> resistant to trojans and viruses. 

The problem with modern mobiles that their security is of the cargo
cult/snake oil variety. Only a question of time before the first MMS worm
wipes out all Nokias, or something.

-- 
Eugen* Leitl http://leitl.org";>leitl
__
ICBM: 48.07078, 11.61144http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE
http://moleculardevices.org http://nanomachines.net


pgp0TewpfHhVX.pgp
Description: PGP signature

Re: Financial identity is *dangerous*? (was re: Fake companies, real money)

[R.A. Hettinga]

At 9:29 AM -0700 10/28/04, James A. Donald wrote:
>Is there a phone that is programmable enough to store secrets
>on and sign and decrypt stuff?

I think we're getting there. We're going to need a, heh, killer ap, for it,
of course.

:-)

Cheers,
RAH

-- 
-
R. A. Hettinga 
The Internet Bearer Underwriting Corporation 
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Financial identity is *dangerous*? (was re: Fake companies, real money)

[Anne & Lynn Wheeler]

At 03:31
PM 10/25/2004, Ian Grigg wrote:
:-)
It should be obvious.  But it's not.  A few billions
of investment in smart cards says that it is anything
but obvious.
To be fair, the smart card investments I've been
familiar with have been at least very well aware of
the problem.  It didn't stop them proceeding with
papering over the symptoms, when they should have
gone for the underlying c
iang

my claim about the paradigm is that during the 80s, there was start of
lot of investment by all sorts of parties into smartcards ... targeted
for the portable computing market niche ... where the state of the art
would allow relatively powerful computing and memory in such chips ...
but the technology didn't exist for portable input/output technology 
as a result there also had to be ISO international standards for the
input/output stations that would interoperate with the smartcards. that
market niche started to disappear in the early 90s with the appearance of
portable input/output technology associated with cellphones and PDAs. by
this time, at least several billion dollars had been invested in the
technology.
somewhat to recoup (at least some portion of) the investment, there has
been some searching for alternative market niches for the 
technology. In the early 90s, my wife and I consulted to some agencies on
aspects of this. one such target was emergency medical information  a
person could carry their complete medical records in such a form factor
 and in a life&death emergency  the emergency crews could
pull out the victims card and insert it into their locak, offline,
portable display technology and have access to the victims complete
medical records. The problem in this scenario was that an emergency first
responder isn't likely to be able to make use of the victims medical
records in offline manner. First off, if it is a real emergency ... how
does a first responder do other than triage. Typically for anything that
involves anything more complicated ... the first responder has to go
online to "real" doctors at some remote location. If you have a
real online environment ... to real (remote) doctors ... then a much
better solution is to have something that authenticates the victim ...
and the consulting doctor then has some mechanism for locating and
retrieving the online medical records (as opposed to first responder
being able to make sense out of a victim's complete medical
records).
Another niche for the technology was offline financial transactions ...
for parts of the world where online connectivity was difficult,
non-existent and/or extremely expensive. the smartcard would contain the
business rules and logic for performing (offline) financial transaction
interacting with random merchant terminals. Two issues arise here 
there is a significant mutual suspicion (lack of trust) problem between
random merchant terminals anywhere in the world and random consumer
smartcards anywhere in the world; and the technology started to be
deployed at a time when online connectivity was starting to become
ubiquitous and easily available in most places in the world. An example
is the european deployed stored-value (offline) smartcards in the 90s
compared to the rapid market penetration of stored-value (online)
magstripe (gift, affinity, merchant, etc) cards in the US  making use
of the ubiquitous nature of online connectivity available in the US.
Again, which the availability of online  the problem changes from
requiring a very expensive and trusted distributed offline infrastructure
and offline distributed business rules   to the much more simple
problem of requiring (increasingly strong) authentication.
So the
financial oriented infrastructure has seen some amount of
"skimming" threats and exploits with the terminals and/or
networks. Even if the smartcard paradigm is just reduced to a (dumb)
chipcard that only provides strong authentication  the issue is does
the consumer completely provide their own environment ... or do they have
to depend on (and trust) randomly located terminals at random locations
around the world.
Part of the authentication issue ... is the 3-factor authentication
model
* something you have
* something you know
* something you are
the "card" (or chip) provides the "something you
have" piece. 
in order to add "something you know" ... requires the consumer
entering a pin or password; the issue then becomes does the consumer
trust some randomly located pin-pad. there is a similar issue with
whether the consumer trust their own biometric sensor or would they trust
somebody else's biometric sensor. 
a consumer owned cell phone  could presumably provide both a consumer
trusted pin-pad ... and w/o a whole lot of magic ... a consumer camera
cell phone could be used for sensor for various kinds of biometric info.

some part of the issue is that the original target market niche for
smartcards (portable computing with fixed interoperable input/output
stations) st

Re: Financial identity is *dangerous*? (was re: Fake companies, real money)

[James A. Donald]

--
R.A. Hettinga wrote:
> [The mobile phone is] certainly getting to be like Chaum's
> ideal crypto device. You own it, it has its own I/O, and it
> never leaves your sight.

Is there a phone that is programmable enough to store secrets 
on and sign and decrypt stuff?

The ideal crypto device would be programmed by burning new 
proms, thus enabling easy reprogramming, while making it 
resistant to trojans and viruses. 

--digsig
 James A. Donald
 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
 Fkc1LRTOk91ROlSR8FZ74DmqbH7hISIn+MSojROa
 4nrRtvxhCmqe2NdvICprDQBO78fHoQXljK45ROM2W



-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Financial identity is *dangerous*? (was re: Fake companies, real money)

[dan]

This is what I love about the Internet -- ask a question
and get silence but make a false claim and you get all the
advice you can possibly eat.

OK, I (quite happily) stand corrected about why Microsoft
bought Connectix --  it was cheaper given their extensive
dependence on the Virtual PC product, including redistribution
to outside parties.  That's fascinating, actually.

Now the reason I brought this up was it seemed like a Heaven-
sent bit of circumstantial evidence[1] to inference about a
larger business strategy question.  That question still stands,
but I'll have to look harder for corroborating evidence.

--dan, on the road


[1] "Some circumstantial evidence is very strong, like 
finding a trout in the milk." -- Henry David Thoreau


-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Financial identity is *dangerous*? (was re: Fake companies, real money)

[Peter Gutmann]

[EMAIL PROTECTED] writes:

>No need to buy a company just to use its product in your development shop.

They're not "using it in their development shop", that's their standard
development environment that they ship to all Windows CE, Pocket PC,
SmartPhone, and XP Embedded developers (and include free with every copy of
MSDN).  If an entire branch of my OS development was centered around a
particular technology, I'd want to make sure I owned both the technology and
the developers who created it and will be maintaining/updating it in the
future.  This isn't an optional add-on that MS uses internally, it's a core
component of their embedded OS effort that they push out to anyone who'll take
it in an attempt to dissuade them from going with QNX, embedded Linux,
VxWorks, etc etc.

Peter.

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Financial identity is *dangerous*? (was re: Fake companies, real money)

[Roy M. Silvernail]

On Sun, 2004-10-24 at 09:35 -0400, [EMAIL PROTECTED] wrote:
> |   [EMAIL PROTECTED] writes:
> |
> |   >I'm pretty sure that you are answering the question
> |   >"Why did Microsoft buy Connectix?"
> |
> |   The answer to that one is actually "To provide a
> |   development environment for Windows CE (and later XP
> |   Embedded)" (the emulator that's used for development
> |   in those environments is VirtualPC).  Thank you for
> |   playing.
> 
> TILT
> 
> No need to buy a company just to use its
> product in your development shop.
> 
> Please insert additional coins.

I'd thought it was so Microsoft could offer an emulation-based migration
path to all the apps that would be broken by Longhorn.  MS has since
backed off on the new filesystem proposal that would have been the
biggest source of breakage (if rumors of a single-rooted, more *nix-like
filesystem turned out to be true).
-- 
Roy M. Silvernail is [EMAIL PROTECTED], and you're not
"It's just this little chromium switch, here." - TFS
SpamAssassin->procmail->/dev/null->bliss
http://www.rant-central.com

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Financial identity is *dangerous*? (was re: Fake companies, real money)

[Ian Grigg]

Alan Barrett wrote:
On Sat, 23 Oct 2004, Aaron Whitehouse wrote:
Oh, and make it small enough to fit in the pocket,
put a display *and* a keypad on it, and tell the
user not to lose it.
How much difference is there, practically, between this and using a 
smartcard credit card in an external reader with a keypad? Aside from 
the weight of the 'computer' in your pocket...

The risks of using *somebody else's keypad* to type passwords or
instructions to your smartcard, or using *somebody else's display* to
view output that is intended to be private, should be obvious.
:-)
It should be obvious.  But it's not.  A few billions
of investment in smart cards says that it is anything
but obvious.
To be fair, the smart card investments I've been
familiar with have been at least very well aware of
the problem.  It didn't stop them proceeding with
papering over the symptoms, when they should have
gone for the underlying causes.
iang
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

RE: Financial identity is *dangerous*? (was re: Fake companies, real money)

[R.A. Hettinga]

At 9:30 AM -0400 10/25/04, Trei, Peter wrote:
>If we're going to insist on dedicated, trusted, physical
>devices for these bearer bonds, then how is this different
>than what Chaum proposed over 15 years ago?

I don't think that face to face will be necessary. It just means keeping
control of your keys, etc. You can stash bearer-bonds on the net in m-of-n
storage, where nobody knows what's what, paid by the bit, etc.

>If you just add a requirment for face to face transactions,
>then I already have one of these - its called a wallet
>containing cash.

Certainly bits are smaller. See above, though.

Cheers,
RAH


-- 
-
R. A. Hettinga 
The Internet Bearer Underwriting Corporation 
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Financial identity is *dangerous*? (was re: Fake companies, real money)

[R.A. Hettinga]

At 10:41 PM +0200 10/23/04, Eugen Leitl wrote:
>No, that's going to be the mobile phone.

Certainly getting to be like Chaum's ideal crypto device. You own it, it
has its own I/O, and it never leaves your sight.

Cheers,
RAH

-- 
-
R. A. Hettinga 
The Internet Bearer Underwriting Corporation 
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

RE: Financial identity is *dangerous*? (was re: Fake companies, real money)

[Trei, Peter]

> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Aaron Whitehouse
> Sent: Saturday, October 23, 2004 1:58 AM
> To: Ian Grigg
> Cc: [EMAIL PROTECTED]
> Subject: Re: Financial identity is *dangerous*? (was re: Fake 
> companies,
> real money)
> 
> 
> 
> 
> Ian Grigg wrote:
> 
> > James A. Donald wrote:
> >
> >>> we already have the answer, and have had it for a decade: 
> store it 
> >>> on a trusted machine. Just say no to Windows XP. It's easy, 
> >>> especially when he's storing a bearer bond worth a car.
> >>
> >>
> >>
> >> What machine, attached to a network, using a web browser, 
> and sending 
> >> and receiving mail, would you trust? 
> >
> >
> >
> > None. But a machine that had one purpose in life:
> > to manage the bearer bond, that could be trusted
> > to a reasonable degree. The trick is to stop
> > thinking of the machine as a general purpose
> > computer and think of it as a platform for one
> > single application. Then secure that machine/OS/
> > stack/application combination.
> >
> > Oh, and make it small enough to fit in the pocket,
> > put a display *and* a keypad on it, and tell the
> > user not to lose it.
> >
> > iang
> 
> How much difference is there, practically, between this and using a 
> smartcard credit card in an external reader with a keypad? Aside from 
> the weight of the 'computer' in your pocket...
> 
> That would seem to me a more realistic expectation on 
> consumers who are 
> going to have, before too long, credit cards that fit that 
> description 
> and quite possibly the readers to go with them.
> 
> Aaron

If we're going to insist on dedicated, trusted, physical 
devices for these bearer bonds, then how is this different
than what Chaum proposed over 15 years ago? 

If you just add a requirment for face to face transactions,
then I already have one of these - its called a wallet
containing cash.

Peter

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Financial identity is *dangerous*? (was re: Fake companies, real money)

[Ian Grigg]

http://www.financialcryptography.com/mt/archives/000219.html
[EMAIL PROTECTED] wrote:
... to break the conundrum Ballmer finds himself
in where the road forks towards (1) fix the security
problem but lose backward compatibility, or (2) keep
the backward compatibility but never fix the problem.
I think the recent decision by Microsoft to not upgrade
browsers indicates that they are plumbing for your choice
(1).  Backwards compatibility takes a back seat.  I wrote
more about it here:
http://www.financialcryptography.com/mt/archives/000219.html
His Board would prefer (2), the annuity of locked-in
users, but it forces a bet that software liability
never happens.  Fixing the problem, for which the
calls grow more strident daily, puts the desktop
platform into play even more than it is now as
it asks the users (who, having lost compatibility,
thus have nothing to lose) to marry Redmond a
second time.  A VM-cures-all strategy is then
an attempt to avoid having to choose between (1)
and (2) by breaking backward compatibility for
new things but bridging the old things with a
magic box that both preserves the annuity revenue
stream from locked-in users while it keeps the
liability bar at bay.
I have two questions:  Does he have a board?  I
never heard of anyone but Bill Gates telling Ballmer
what to do.  Just curious!
Secondly, is a VM strategy likely to work?  Assuming
that Microsoft can make it work nicely, it also opens
the door for other OSs to be added into the mix, something
that Microsoft wouldn't be that keen to promote.
(I don't disagree with your comments, though!)
iang
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Financial identity is *dangerous*? (was re: Fake companies, real money)

[dan]

|   [EMAIL PROTECTED] writes:
|
|   >I'm pretty sure that you are answering the question
|   >"Why did Microsoft buy Connectix?"
|
|   The answer to that one is actually "To provide a
|   development environment for Windows CE (and later XP
|   Embedded)" (the emulator that's used for development
|   in those environments is VirtualPC).  Thank you for
|   playing.

TILT

No need to buy a company just to use its
product in your development shop.

Please insert additional coins.

--dan


-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Financial identity is *dangerous*? (was re: Fake companies, real money)

[Peter Gutmann]

[EMAIL PROTECTED] writes:

>I'm pretty sure that you are answering the question "Why did Microsoft buy
>Connectix?"

The answer to that one is actually "To provide a development environment for
Windows CE (and later XP Embedded)" (the emulator that's used for development
in those environments is VirtualPC).  Thank you for playing.

Peter.


-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Financial identity is *dangerous*? (was re: Fake companies, real money)

[Eugen Leitl]

On Sat, Oct 23, 2004 at 06:58:26PM +1300, Aaron Whitehouse wrote:

> That would seem to me a more realistic expectation on consumers who are 
> going to have, before too long, credit cards that fit that description 
> and quite possibly the readers to go with them.

No, that's going to be the mobile phone. These already come with smartcards;
unfortunately their security is really lousy, so a secure pathway into the
secure crypto compartment for PIN entry is required.

In practice, no one is going to give a damn, until PIN-harvesting Bluetooth &
Co worms will result in palpable loss for the institutions.

-- 
Eugen* Leitl http://leitl.org";>leitl
__
ICBM: 48.07078, 11.61144http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE
http://moleculardevices.org http://nanomachines.net


pgp3osMYWdf71.pgp
Description: PGP signature

Re: Financial identity is *dangerous*? (was re: Fake companies, real money)

[Alan Barrett]

On Sat, 23 Oct 2004, Aaron Whitehouse wrote:
> >Oh, and make it small enough to fit in the pocket,
> >put a display *and* a keypad on it, and tell the
> >user not to lose it.
> 
> How much difference is there, practically, between this and using a 
> smartcard credit card in an external reader with a keypad? Aside from 
> the weight of the 'computer' in your pocket...

The risks of using *somebody else's keypad* to type passwords or
instructions to your smartcard, or using *somebody else's display* to
view output that is intended to be private, should be obvious.

--apb (Alan Barrett)

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Financial identity is *dangerous*? (was re: Fake companies, real money)

[Aaron Whitehouse]

Ian Grigg wrote:
James A. Donald wrote:
we already have the answer, and have had it for a decade: store it 
on a trusted machine. Just say no to Windows XP. It's easy, 
especially when he's storing a bearer bond worth a car.

What machine, attached to a network, using a web browser, and sending 
and receiving mail, would you trust? 

None. But a machine that had one purpose in life:
to manage the bearer bond, that could be trusted
to a reasonable degree. The trick is to stop
thinking of the machine as a general purpose
computer and think of it as a platform for one
single application. Then secure that machine/OS/
stack/application combination.
Oh, and make it small enough to fit in the pocket,
put a display *and* a keypad on it, and tell the
user not to lose it.
iang
How much difference is there, practically, between this and using a 
smartcard credit card in an external reader with a keypad? Aside from 
the weight of the 'computer' in your pocket...

That would seem to me a more realistic expectation on consumers who are 
going to have, before too long, credit cards that fit that description 
and quite possibly the readers to go with them.

Aaron
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Financial identity is *dangerous*? (was re: Fake companies, real money)

[dan]

|  > What machine, attached to a network, using a web browser, and 
|  > sending and receiving mail, would you trust? 
|  
|  I would suggest pursuing work along the lines of a Virtual Machine Monitor
|  (VMM) like VMWare.  This way you can run a legacy OS, even Windows,
|  alongside a high security simplified OS which handles your transactions.

Hal,

I'm pretty sure that you are answering the question
"Why did Microsoft buy Connectix?"[1]  -- the answer
was not, in other words, to screw Mac OS X users
but to break the conundrum Ballmer finds himself
in where the road forks towards (1) fix the security
problem but lose backward compatibility, or (2) keep
the backward compatibility but never fix the problem.
His Board would prefer (2), the annuity of locked-in
users, but it forces a bet that software liability
never happens.  Fixing the problem, for which the
calls grow more strident daily, puts the desktop
platform into play even more than it is now as
it asks the users (who, having lost compatibility,
thus have nothing to lose) to marry Redmond a
second time.  A VM-cures-all strategy is then
an attempt to avoid having to choose between (1)
and (2) by breaking backward compatibility for
new things but bridging the old things with a
magic box that both preserves the annuity revenue
stream from locked-in users while it keeps the
liability bar at bay.

Or so I think.

--dan


[1] http://www.microsoft.com/windows/virtualpc/previous/default.mspx


-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Financial identity is *dangerous*? (was re: Fake companies, real money)

["Hal Finney"]

James Donald writes:
> On 19 Oct 2004 at 21:30, Ian Grigg wrote:
> > we already have the answer, and have had it for a decade: 
> > store it on a trusted machine.  Just say no to Windows XP. 
> > It's easy, especially when he's storing a bearer bond worth a 
> > car.
>
> What machine, attached to a network, using a web browser, and 
> sending and receiving mail, would you trust? 

I would suggest pursuing work along the lines of a Virtual Machine Monitor
(VMM) like VMWare.  This way you can run a legacy OS, even Windows,
alongside a high security simplified OS which handles your transactions.
You run your regular buggy OS as usual, then hit a function key to
switch into secure mode, which enables access to your financial data.
The VMM does introduces some performance overhead but for typical web
browsing and email tasks it will not be significant.

This seems more promising than waiting for Windows to become secure,
or for everyone to switch to Linux.  I believe there are a number of
academic projects along these lines, for example the Terra project,
http://www.stanford.edu/~talg/papers/SOSP03/abstract.html , which uses
a hardware security chip to try to protect one VM's data from another.
I don't know if the extra complexity buys you much in this application
though.

Hal Finney

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Financial identity is *dangerous*? (was re: Fake companies, real money)

[Ian Grigg]

James A. Donald wrote:
we already have the answer, and have had it for a decade: 
store it on a trusted machine.  Just say no to Windows XP. 
It's easy, especially when he's storing a bearer bond worth a 
car.

What machine, attached to a network, using a web browser, and 
sending and receiving mail, would you trust? 

None.  But a machine that had one purpose in life:
to manage the bearer bond, that could be trusted
to a reasonable degree.  The trick is to stop
thinking of the machine as a general purpose
computer and think of it as a platform for one
single application.  Then secure that machine/OS/
stack/application combination.
Oh, and make it small enough to fit in the pocket,
put a display *and* a keypad on it, and tell the
user not to lose it.
iang
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Financial identity is *dangerous*? (was re: Fake companies, real money)

[James A. Donald]

--
On 19 Oct 2004 at 21:30, Ian Grigg wrote:
> (In fact, one seems to have failed in the last few days - 
> EvoCash -  and another is on the watch list for failure - 
> DMT/Alta.  Both of them suffered from business style attacks 
> it seemed, rather than what we would call security hacks.)

To clarify, EvoCash was subjected to DDoS attacks, and 
persistent attack upon its reputation, both of these seemingly 
originating from the operator of a ponzi scheme, presumably for 
the purposes of extortion.

> we already have the answer, and have had it for a decade: 
> store it on a trusted machine.  Just say no to Windows XP. 
> It's easy, especially when he's storing a bearer bond worth a 
> car.

What machine, attached to a network, using a web browser, and 
sending and receiving mail, would you trust? 

--digsig
 James A. Donald
 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
 hrZ6lTrAZYICXnGqF8vLx7tZ1wcjKkoF7d/jKJbF
 4WFPME/Dy9Losvs1g9ZsxwxI0oIYThq0dwJCNpLX9



-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Financial identity is *dangerous*? (was re: Fake companies, real money)

[Ian Grigg]

Hi John,
John Kelsey wrote:
Today, most of what I'm trying to defend myself from online is done as either a kind of hobby (most viruses), or as fairly low-end scams that probably net the criminals reasonable amounts of money, but probably don't make them rich.  Imagine a world where there are a few hundred million dollars in untraceable assets waiting to be stolen, but only on Windows XP boxes with the latest patches, firewalls and scanners installed, and reasonable security settings.  IMO, that's a world where every day is day zero.  All bugs are shallow, given enough qualified eyeballs, and with that kind of money on the table, there would be plenty of eyeballs looking.  
We are way way past that point in security,
phishing is happening on an industrial scale, and
the virus, phish and spam people are united, or
at least working together.  Internet payment
systems are being DDOS/extorted on a regular
basis, and hack attempts are routine.
We literally already have that world.
And once it's done, several thousand early adopters are out thousands of dollars each.  This isn't much of an advertisement for the payment system.  It's anonymous and based on bearer instruments, so there's no way to run the fraudulent transactions back.  The money's gone, and the attackers are richer, and the next, more demanding round of attacks has been capitalized.  
Again, we're well past that point.  There have been
hundreds and hundreds of payment systems out there,
and maybe order of a thousand have failed by now,
mostly due to business reasons.  Some simply due
to hacks and attacks, but it is rare, because:
What happens is that beyond a certain threshold, the
payment system delivers valuable payments.  At that
point, it starts getting attacked.  If those attacks
are survived, then it moves on to the next phase.
Which would be more attacks of a different nature...
(In fact, one seems to have failed in the last few
days - EvoCash -  and another is on the watch list
for failure - DMT/Alta.  Both of them suffered from
business style attacks it seemed, rather than what
we would call security hacks.)
The notion that suddenly it's all over isn't what
happens.  It's a trickle, then it builds up to a
flood.  Some small hacks come in, and people either
look at them or they don't.  Those that are diligent
and keep an eye on these things respond.  Those that
don't go out of business.  There are more dead
payment systems than people on this list, I'd guess,
we do have plenty of experience in this.
In practice, we've also seen what happens when
money that gets stolen can't be traced or stopped.
Even though not "bearer", systems like e-gold are
plenty anon enough, and they don't easily reverse.
I doubt bearer systems would necessarily face a
problem because of users losing their bearer tokens
(but there are plenty of other problems out there
like the rather hard insider theft problem).
They also have to be able to do something about it.  What would you tell a reasonably bright computer programmer with no particular expertise in security about how to keep a bearer asset as valuable as his car stored securely on a networked computer?  If you can't give him an answer that will really work in a world where these bearer assets are  common, you're just not going to get a widespread bearer payment system working, for the same reason that there's probably nobody jogging with an iPod through random the streets of Sadr City, no matter how careful they're being.
When we get to that point, we will have an answer
for him.  I can assert that with a fair degree of
confidence, because a) we can't ever get to that
point until we have an answer, and b) we already
have the answer, and have had it for a decade:
store it on a trusted machine.  Just say no to
Windows XP.  It's easy, especially when he's
storing a bearer bond worth a car.
iang
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Financial identity is *dangerous*? (was re: Fake companies, real money)

[John Kelsey]

>From: Chris Kuethe <[EMAIL PROTECTED]>
>Sent: Oct 13, 2004 1:15 PM
>To: "James A. Donald" <[EMAIL PROTECTED]>
>Cc: [EMAIL PROTECTED], 
>   "[EMAIL PROTECTED]" <[EMAIL PROTECTED]>
>Subject: Re: Financial identity is *dangerous*? (was re: Fake companies, real money)

On Wed, 13 Oct 2004 09:27:20 -0700, James A. Donald <[EMAIL PROTECTED]> wrote:
> Two problems:
...

>> It is clear that the world needs a fully cashlike form of
>> internet money, that there is real demand for this, but the low
>> security of personal computers makes it insecure from thieves,
>> and the hostility of national governments make it insecure from
>> governments.

>Agreed. I would hope that users of "iCash" get fully educated on what
>that entails: that that blob of bits is just as much $20 as that green
>piece of paper or that big pile of quarters. And if someone gets it
>and spends it, you may as well have been mugged.

Okay, but there's a problem:  If you want to mug me personally, you have to show up 
where I am, catch me unaware, take some personal risk that I'll fight back or shoot 
you or something, or that a cop will happen by at an inopportune moment, or that 
there's some surveilance camera you don't know about catching the whole thing on tape. 
 At the end of that, you've done one mugging, and made maybe $100 or so.  This is why 
mugging, armed robbery, etc., is basically a crime for people who don't think too far 
ahead.   

If you want to steal anonymous bearer assets from networked computers, you're going to 
contrive to do a whole lot of it at once, and you're going to have enormous incentives 
to develop new attacks to do so.  I have to care about attackers everywhere on Earth, 
and about the most capable getting past my defenses.  It's not like trying to keep 
random bored teenagers from breaking into your house by putting a proper lock on a 
properly installed door, it's like trying to keep a team of ex-SEALs, safecrackers, 
locksmiths, and demolition experts from breaking into your house.  

Today, most of what I'm trying to defend myself from online is done as either a kind 
of hobby (most viruses), or as fairly low-end scams that probably net the criminals 
reasonable amounts of money, but probably don't make them rich.  Imagine a world where 
there are a few hundred million dollars in untraceable assets waiting to be stolen, 
but only on Windows XP boxes with the latest patches, firewalls and scanners 
installed, and reasonable security settings.  IMO, that's a world where every day is 
day zero.  All bugs are shallow, given enough qualified eyeballs, and with that kind 
of money on the table, there would be plenty of eyeballs looking.  

And once it's done, several thousand early adopters are out thousands of dollars each. 
 This isn't much of an advertisement for the payment system.  It's anonymous and based 
on bearer instruments, so there's no way to run the fraudulent transactions back.  The 
money's gone, and the attackers are richer, and the next, more demanding round of 
attacks has been capitalized.  

>People do eventually learn when it costs them something out of pocket.
>Now that they've learned that the white headphones mean "I'm a target
>with an iPod, mug me!" I see a lot of iPod users with boring old sony
>or koss headphones. Right now, insecurity doesn't cost the end-user
>enough. As soon as some virus comes along and wipes out some new york
>times columnist's savings, and he screams about it, then and only then
>will the slightest nonzero percentage of the sheeple pay attention for
>a bit.

They also have to be able to do something about it.  What would you tell a reasonably 
bright computer programmer with no particular expertise in security about how to keep 
a bearer asset as valuable as his car stored securely on a networked computer?  If you 
can't give him an answer that will really work in a world where these bearer assets 
are  common, you're just not going to get a widespread bearer payment system working, 
for the same reason that there's probably nobody jogging with an iPod through random 
the streets of Sadr City, no matter how careful they're being.

...

--John Kelsey


-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]