Howard Brazee wrote:
As with all security needs, the technology will need to improve to
match the moving target of criminals. We don't know far behind the
8-ball our credit cards technologies or our currency technologies are
- but we trust them enough so they work for our current needs. I
suspect we are more vulnerable than we would like to admit here.
We know passwords are failing though. And the primary reason is we
need too many passwords all over the place - security needs to work
the way people work.
collection of posts over the past year about deployment of hardware tokens in
that market segment ... and some of the related vulnerabilities and exploits
http://www.garlic.com/~lynn/subintegrity.html#yescard
recent thread in crypto list
http://www.garlic.com/~lynn/aadsm26.htm#32 Failure of PKI in messaging
http://www.garlic.com/~lynn/aadsm26.htm#33 Failure of PKI in messaging
http://www.garlic.com/~lynn/aadsm26.htm#34 Failure of PKI in messaging
and somewhat related thread that preceeded it
http://www.garlic.com/~lynn/aadsm26.htm#26 man in the middle, SSL
http://www.garlic.com/~lynn/aadsm26.htm#27 man in the middle, SSL
http://www.garlic.com/~lynn/aadsm26.htm#28 man in the middle, SSL
http://www.garlic.com/~lynn/aadsm26.htm#30 man in the middle, SSL
http://www.garlic.com/~lynn/aadsm26.htm#31 man in the middle, SSL
as repeatedly mentioned in the above ... (SSL) encryption involved "hiding" the
account number while it moved thru the internet ... for what came to be called electronic
commerce.
in the mid-90s, the x9a10 financial standard working group had been given the
requirement to preserve the integrity of the financial infrastructure for all
retail payments. this resulted in the x9.59 financial standard
http://www.garlic.com/~lynn/x959.html#x959
http://www.garlic.com/~lynn/subpubkey.html#x959
if you look at the security PAIN acronym
P - privacy (or somethings CAIN for confidentiality, i.e. security by hiding
information)
A - authentication
I - integrity
N - non-repudiation
in effect, x9.59 financial standard substituted "authentication" and "integrity" for
"privacy". part of this was the diametrically opposing requirements placed on account numbers. at
one end, the requirement to keep account numbers confidential and never allowed to be divulged. at the other
end, dozens of business processes that require ready and general access to the account number. this led to my
periodic comment that even if the planet was buried under miles of (information hiding) encryption, it still
wouldn't be able to prevent account number leakage.
now, part of the password paradigm analysis is from the standpoint of 3-factor
authentication:
http://www.garlic.com/~lynn/subintegrity.html#3factor
* something you know (i.e. pins and passwords)
* something you have (i.e. hardware tokens)
* something you are (i.e. biometrics)
pins and passwords ... have commoningly been deployed as "shared secrets". This
has resulted in a security requirement for a unique shared secret for every unique
security domain (as countermeasure to cross domain attacks). Other security requirements
have required passwords to be impossible to guess (as countermeasure to guessing
attacks) ... which also tends to have the side-effect that they are impossible to
remember.
40-50 years ago, when a person was possibly involved in only a single security domain ... and only
had a single password to remember ... the password ("shared-secret" "something you
know") paradigm was somewhat tolerable. However, as typical number of unique security domain
participation by individuals has grown to scores ... the scores of related passwords have become
unmanageable.
http://www.garlic.com/~lynn/subintegrity.html#secrets
now, one of the assumptions in the domain of "multi-factor" authentication ...
is the security is better based on (frequently implicit) assumption that the different
factors are subject to independent vulnerabilities. however, there are a number of
technology attacks that can invalidate such a assumption ... being able to compromise
multi-factor authentication in a single exploit.
For instance, in the previously mentioned "yes card" exploit, there is an assumption about multi-factor authentication
... with a chip-token as a "something you have" authentication in conjunction with a PIN as "something you
know". However, part of the "yes card" exploit is being able to counterfeit the "YES" in response to
query whether the correct PIN was entered
(i.e. "YES" is the response regardless of what PIN is entered, negating any
requirement for actually needing to know the correct PIN).
http://www.garlic.com/~lynn/subintegrity.html#yescard
and a recent somewhat long running general thread
http://www.garlic.com/~lynn/2007.html#0 Securing financial transactions a high
priority for 2007
http://www.garlic.com/~lynn/2007.html#5 Securing financial transactions a high
priority for 2007
http://www.garlic.com/~lynn/2007.html#6 Securing financial transactions a high
priority for 2007
http://www.garlic.com/~lynn/2007.html#27 Securing financial transactions a high
priority for 2007
http://www.garlic.com/~lynn/2007.html#28 Securing financial transactions a high
priority for 2007
http://www.garlic.com/~lynn/2007b.html#60 Securing financial transactions a
high priority for 2007
http://www.garlic.com/~lynn/2007b.html#61 Securing financial transactions a
high priority for 2007
http://www.garlic.com/~lynn/2007b.html#62 Securing financial transactions a
high priority for 2007
http://www.garlic.com/~lynn/2007b.html#64 Securing financial transactions a
high priority for 2007
http://www.garlic.com/~lynn/2007c.html#6 Securing financial transactions a high
priority for 2007
http://www.garlic.com/~lynn/2007c.html#8 Securing financial transactions a high
priority for 2007
http://www.garlic.com/~lynn/2007c.html#10 Securing financial transactions a
high priority for 2007
http://www.garlic.com/~lynn/2007c.html#15 Securing financial transactions a
high priority for 2007
http://www.garlic.com/~lynn/2007c.html#17 Securing financial transactions a
high priority for 2007
http://www.garlic.com/~lynn/2007c.html#18 Securing financial transactions a
high priority for 2007
http://www.garlic.com/~lynn/2007c.html#22 Securing financial transactions a
high priority for 2007
http://www.garlic.com/~lynn/2007c.html#26 Securing financial transactions a
high priority for 2007
http://www.garlic.com/~lynn/2007c.html#27 Securing financial transactions a
high priority for 2007
http://www.garlic.com/~lynn/2007c.html#28 Securing financial transactions a
high priority for 2007
http://www.garlic.com/~lynn/2007c.html#30 Securing financial transactions a
high priority for 2007
http://www.garlic.com/~lynn/2007c.html#31 Securing financial transactions a
high priority for 2007
http://www.garlic.com/~lynn/2007c.html#32 Securing financial transactions a
high priority for 2007
http://www.garlic.com/~lynn/2007c.html#33 Securing financial transactions a
high priority for 2007
http://www.garlic.com/~lynn/2007c.html#35 Securing financial transactions a
high priority for 2007
http://www.garlic.com/~lynn/2007c.html#36 Securing financial transactions a
high priority for 2007
http://www.garlic.com/~lynn/2007c.html#37 Securing financial transactions a
high priority for 2007
http://www.garlic.com/~lynn/2007c.html#38 Securing financial transactions a
high priority for 2007
http://www.garlic.com/~lynn/2007c.html#39 Securing financial transactions a
high priority for 2007
http://www.garlic.com/~lynn/2007c.html#40 Point-of-Sale security
http://www.garlic.com/~lynn/2007c.html#43 Securing financial transactions a
high priority for 2007
http://www.garlic.com/~lynn/2007c.html#44 Securing financial transactions a
high priority for 2007
http://www.garlic.com/~lynn/2007c.html#46 Securing financial transactions a
high priority for 2007
http://www.garlic.com/~lynn/2007c.html#51 Securing financial transactions a
high priority for 2007
http://www.garlic.com/~lynn/2007c.html#52 Securing financial transactions a
high priority for 2007
http://www.garlic.com/~lynn/2007c.html#53 Securing financial transactions a
high priority for 2007
http://www.garlic.com/~lynn/2007d.html#0 Securing financial transactions a high
priority for 2007
http://www.garlic.com/~lynn/2007d.html#5 Securing financial transactions a high
priority for 2007
http://www.garlic.com/~lynn/2007d.html#11 Securing financial transactions a
high priority for 2007
http://www.garlic.com/~lynn/2007d.html#26 Securing financial transactions a
high priority for 2007
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html