At 01:25 PM 12/13/99 -0800, Steve Reid wrote:
>On Mon, Dec 13, 1999 at 12:12:42PM -0800, David Honig wrote:
>> Wouldn't a thumbprint reader on the card (to authenticate the meat to the
>> smartcard) be a tougher thing to shoulder surf?
>> Does raise the cost over a PIN.
>
>I'm not sure if biometrics would help with the sort of attack this
>appears to be.
The attack is simply sniffing the data in the supposedly
trusted card reader. Biometrics don't help.
But we agree that a smartcard executing a non-replayable protocol might; my
only point about thumbreaders was that they are more private than pressing
keys.
>Any biometric information could also be recorded and replayed. I
No, the biometrics stay inside the smart card, which is part
of the customer's security boundary.
In this model, you trust your smartcard, which can identify
your thumbs and can display what it thinks is going on. And
the card uses a protocol with the rest of the world which
can't be replayed. For instance, if the smartcard holds
value and decrements itself. You get your gasoline, and
the smartcard adjusts the stored value, and you can't get
screwed by anything that happened with the vendor. In fact,
you could use a broadcast medium and eschew physical contact
entirely.
>Anything depending on a regular magnetic card and PIN would probably be
>vulnerable to whatever attack we're seeing here.
There is no solution for that weathered technology methinks.
>> Or would these exchanges require on-line connectivity, thereby defeating
>> the utility of smartcards some?
>
>I'm not sure if I'd trust a smartcard-based system that didn't require
>on-line connectivity.
Do you realize what you've just done? You've just unleased
Hettinga in his full glory...
From what little I've seen such things usually
>(always?) depend on the tamper resistance of the device for their
>security (eg. M*nd*x).
I'm not exploring the problems of keeping bank secrets in
Markus Kuhn's wallet. I'll assuming the smartcard is your
trusted friend; you would only trust its displays, not the
vendor's, you would only thumb your own card.
dh
