Re: how to read information from RFID equipped credit cards

2008-04-18 Thread Nicolas Williams
On Tue, Apr 01, 2008 at 12:47:45AM +1300, Peter Gutmann wrote:
 Ben Laurie [EMAIL PROTECTED] writes:
 
 And so we end up at the position that we have ended up at so many times
 before: the GTCYM has to have a decent processor, a keyboard and a screen,
 and must be portable and secure.
 
 One day we'll stop concluding this and actually do something about it.
 
 Actually there are already companies doing something like this, but they've
 run into a problem that no-one has ever considered so far: The GTCYM needs a
 (relatively) high-bandwidth connection to a remote server, and there's no easy
 way to do this.

Cell phones have that.

The bigger problem is pairing with the local POS (or whatever), which is
where NFC comes in -- the obvious thing to do here is to make this
pairing not-really-wireless (e.g., the cell phone could scan a barcode
from the POS, or the POS could scan a barcode displayed by the cell
phone, or both, or any number of variants of this).

 (Hint: You can't use anything involving USB because many corporates lock down
 USB ports to prevent data leaking onto other corporates' networks, or
 conversely to prevent other corporates' data leaking onto their networks. Same
 for Ethernet, Firewire, ...).

Right, it's got to be wireless :)

Nico
-- 

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: how to read information from RFID equipped credit cards

2008-04-16 Thread Peter Gutmann
Victor Duchovni [EMAIL PROTECTED] writes:

Lock USB down completely, or block most devices and allow approved ones?
There is a non-empty set folks doing the latter, which opens the possibility
of this type of device being permitted, while others are restricted.

Lock it down completely.  What really panicked the mgt. wasn't so much the
thought of their data appearing on other organisations' networks but cases
where other organisations' data had appeared on *their* network (due to, in
some cases, overzealous employees, in another case an outside contractor, and
in another someone who wanted to sell them commercially useful information).

Data leakage should not be a concern if the device is built/marketted
correctly.

You want to explain that to management terrified of criminal prosecution?  I
got the feeling from talking to the IT security guy in the case of the
suspected commercial espionage that the management really wanted to pour
quick-setting concrete into the USB ports just to be absolutely sure.

Peter.

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: how to read information from RFID equipped credit cards

2008-04-02 Thread Steven J. Murdoch
On Tue, Apr 01, 2008 at 12:47:45AM +1300, Peter Gutmann wrote:
 Actually there are already companies doing something like this, but they've
 run into a problem that no-one has ever considered so far: The GTCYM needs a
 (relatively) high-bandwidth connection to a remote server, and there's no easy
 way to do this.

You can get a fairly high-bandwidth channel with 2D barcodes. It's
uni-directional, but that's enough for many useful scenarios. The data
gets shown on the PC monitor and is captured by a ubiquitous
camera-phone or a dedicated locked-down device. This approach avoids
the problems you mentioned about USB/Firewire/Ethernet lockdown.

Disclosure: I work for a company, Cronto, which makes a product based
around this technology -- http://www.cronto.com/

Steven.

-- 
w: http://www.cl.cam.ac.uk/users/sjm217/

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: how to read information from RFID equipped credit cards

2008-04-02 Thread Peter Gutmann
Steven J. Murdoch [EMAIL PROTECTED] writes:

You can get a fairly high-bandwidth channel with 2D barcodes. It's uni-
directional, but that's enough for many useful scenarios. The data gets shown
on the PC monitor and is captured by a ubiquitous camera-phone or a dedicated
locked-down device. This approach avoids the problems you mentioned about
USB/Firewire/Ethernet lockdown.

That's what one company ended up using, not specifically 2D barcodes but a
visual channel via the PC monitor (actually nothing like 2D barcodes in this
particular case :-).  The problem is, as you point out, that the channel is
unidirectional and not very high-bandwidth.  This makes the crypto very hard
because you have to roll your own protocols and mechanisms and everything ends
up custom and nonstandard.

Here's an interesting crypto design problem, how do you do something like
S/MIME or PGP (to submit or receive an authenticated request/purchase order/
whatever) with a relatively low-bandwidth channel in one direction and almost
no channel (perhaps humans typing in a 4-digit number) in the other, and
without requiring huge amounts of oddball custom crypto mechanisms.

Peter.

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: how to read information from RFID equipped credit cards

2008-04-02 Thread Victor Duchovni
On Tue, Apr 01, 2008 at 12:47:45AM +1300, Peter Gutmann wrote:

 Actually there are already companies doing something like this

Which ones do you think are doing a decent job of this?

 but they've
 run into a problem that no-one has ever considered so far: The GTCYM needs a
 (relatively) high-bandwidth connection to a remote server, and there's no easy
 way to do this.
 
 (Hint: You can't use anything involving USB because many corporates lock down
 USB ports to prevent data leaking onto other corporates' networks, or
 conversely to prevent other corporates' data leaking onto their networks. Same
 for Ethernet, Firewire, ...).

Lock USB down completely, or block most devices and allow approved
ones?  There is a non-empty set folks doing the latter, which opens
the possibility of this type of device being permitted, while others
are restricted.

Since *all* it needs is the ability to call home to its server, and
register to send/receive messages, it will not look like mass-storage,
and should not look like a network interface. Data leakage should not
be a concern if the device is built/marketted correctly.

-- 
Viktor.

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: how to read information from RFID equipped credit cards

2008-03-31 Thread Peter Gutmann
Ben Laurie [EMAIL PROTECTED] writes:

And so we end up at the position that we have ended up at so many times
before: the GTCYM has to have a decent processor, a keyboard and a screen,
and must be portable and secure.

One day we'll stop concluding this and actually do something about it.

Actually there are already companies doing something like this, but they've
run into a problem that no-one has ever considered so far: The GTCYM needs a
(relatively) high-bandwidth connection to a remote server, and there's no easy
way to do this.

(Hint: You can't use anything involving USB because many corporates lock down
USB ports to prevent data leaking onto other corporates' networks, or
conversely to prevent other corporates' data leaking onto their networks. Same
for Ethernet, Firewire, ...).

Peter.

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: how to read information from RFID equipped credit cards

2008-03-28 Thread James A. Donald

Ben Laurie wrote:
 Then we get to the next problem: we don't trust the
 device with the keypad and display. So, we need to add
 that to the GTCYM (Gadget That Controls Your Money).

 And so we end up at the position that we have ended up
 at so many times before: the GTCYM has to have a
 decent processor, a keyboard and a screen, and must be
 portable and secure.

Sounds remarkably like a cell phone with an NFC

 One day we'll stop concluding this and actually do
 something about it.

Some of the poorest third world countries and some ex
communist countries are adopting mobile phone banking,
for example https://www.mpay.pl/en/, perhaps because
they are not weighed down with twentieth century
infrastructure, but until cell phones come routinely
equipped with NFC, you cannot use a cell phone to pay
for groceries.

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: how to read information from RFID equipped credit cards

2008-03-27 Thread Allen



Ben Laurie wrote:

[snip]

And so we end up at the position that we have ended up at so many times 
before: the GTCYM has to have a decent processor, a keyboard and a 
screen, and must be portable and secure.


One day we'll stop concluding this and actually do something about it.


And it can almost certainly be done with the current technology. 
Arnnei Speiser at http://www.megaas.co.nz/ has a two factor one 
time password application that runs on a java enabled cellphone. 
If he can do this I suspect it is but short hop to what you suggest.


He has a bank demo that is worth looking at as a potential model.

Best,

Allen

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: how to read information from RFID equipped credit cards

2008-03-26 Thread Ben Laurie

Perry E. Metzger wrote:

Nothing terribly new here -- short interview with someone who bought
an RFID credit card reader on ebay for $8 and demonstrates getting
people's credit card information at short distances using it. Still,
it is interesting to see how trivial it is to do.

http://www.boingboing.net/2008/03/19/bbtv-how-to-hack-an.html


Yeah, but...

He's talking bollocks when he says that the decryption should be done in 
some secure datacentre. That wouldn't save you unless there was some 
kind of handshake with the card - and the trouble is, those cards don't 
have the power to do any real crypto.


In the absence of something to prevent MitM, you would just intercept 
the encrypted contents of the card, and then use that. So why bother to 
encrypt it?


So, the bottom line is you need more horsepower in the gadget that 
controls your money, so you can do real crypto.


Then we get to the next problem: we don't trust the device with the 
keypad and display. So, we need to add that to the GTCYM (Gadget That 
Controls Your Money).


And so we end up at the position that we have ended up at so many times 
before: the GTCYM has to have a decent processor, a keyboard and a 
screen, and must be portable and secure.


One day we'll stop concluding this and actually do something about it.

Cheers,

Ben.

--
http://www.apache-ssl.org/ben.html   http://www.links.org/

There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit. - Robert Woodruff

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]