Bernhard Froehlich wrote: > David Irvine wrote: > [...] >> Many thanks for replying - your right I am a bit off topic (and I hope I >> don't need a surgeon for being so ;-) ) but I suppose it is slightly >> related to the securing of info. > Yes, I'll reply on the list till someone complains. >> I think you are correct in your >> assumption for some readers. I am thinking along the lines of a public >> reader i.e. one which anybody can finger swipe to get access to data and >> therefore the digitised stream may be sent somewhere. I am using the >> premise that any non encrypted data stream on a PC can be captured. >> >> My thoughts were that if it were possible to have an encrypted (PKI) >> copy of this stream that only the server could decrypt (if there was a >> server) or an application could decrypt, can such devices create a >> secure link between them and a server or application to transmit this, >> and if so can it be easily compromised (everything can to some degree I >> suppose). >> > If it's only the data between the reader and computer that can be > captured, the method outlined above (using the fingerprint as a PIN > for a smartcard chip) should be secure under the usual assumptions > concerning key size etc. > Just remember, most probably it's not really encryption you want, it's > authentication! Encryption can help but it's not the only way. > > The problems start if the bad guys start using screwdrivers or are > otherwise fiddeling around with the reader (see for example > http://ds.ccc.de/080/finger if you can read german) or the computer. > If computer and reader themselves are not considered secure you'll > probably have to go for something like TPM to increase the security. >> Apart from that what is the most effective way of entering a password to >> stop keyloggers I have been racking my brain thinking of a defeat for >> them but can't come up with one yet although I'm sure there is an answer >> somewhere. [...] > IMHO the most efficient way currently is to use a class 2 smartcard > reader. Whether to use a fingerprint sensor (integrated to the > reader!) or a PIN (entered on the pinpad of the reader!) to unlock > signature generation is more or less a matter of personal taste or > other circumstances of your application. For example I'd prefer a > fingerprint reader if it's easy for an attacker to install a web cam > to watch the pinpad. On the other hand, if you can enter the PIN in > some closet with no public access I'd prefer the pinpad. > > Of course both versions can still be defeated by installing > "keyloggers" inside the reader device or capturing the PIN/fingerprint > using known techniques, but you have better chances to defend against > this. >> My concern is that I have a p2p app which needs AES / RSA etc. and >> therefore a pass at some time - can't use a server so kerberos / single >> pass etc. is a no goer. >> > Hmm, maybe *encryption* should be handled between the peers using the > peer's keys and *authentication* can be done by a smartcard/class 2 > reader? This seems to take care of your problems if the peers > themselves are secure. > > Another approach I've seen with homebanking (less secure than a class > 2 reader/smartcard but probably easier to implement) is to use the > mouse to enter a PIN on a screen pinpad, which is at a random > position on the screen and/or the keys are randomly distributed. This > is still vulnerable to webcams but the image quality has to be much > better if you use a tiny cursor... > [...] >> So far >> >> 1: A bio reader that stores a pass seems to be quite good (although >> personalised) >> > No, a stored password is not really good, since the transmission can > be intercepted. > By the way, are you familliar with smartcard technology? >> 2: A bio reader that can encrypt and secure a link between it and >> authority mechanism (server or app) would be better - not personalised. >> 3: A passphrase - well this is the issue - we can make them stronger by >> running through pbkdf2 etc. but it's the entering that's not right >> (insecure). >> > 4. Biometric sensors can be fooled considerably easier than realized > in public perception (BTW, the same thing is probably true for > encryption in general). Biometric sensors are still to be considered > somewhat experimental, especially if the reader devices are cheap! > Pinpads have their own risks, but at least those are more publicly > known (or are they?). > >> Problem software or hardware loggers (think worst case - hardware) can >> read anything we input to screen mouse or keyboard so >> >> 1: Are they easy to detect (NO!) >> 2: Can they be fooled by cut paste etc. / NO many read clipboard >> > But cut'n paste is still vulnerable to webcams watching the screen! >> So >> >> assuming somebody can SEE everything we type or move the mouse to >> (images etc.) what can be done ? >> > 1. Use inputs that cannot be seen so easily (the biometric approach) > 2. Make sure the input cannot be seen (the pinpad reader approach) > > One very important thing to remember: There is *no* perfect security > in real life! Just forget what your insurance agent is always telling > you! ;) >> And that's the question - please tell me if there's a more suitable >> place to ask this and I will as this list os very very good and I don't >> want to be the cause of any pollution. >> > Like I wrote above I think we can risk continuing here till someone > complains... ;) > > Hope it helps. > Ted > ;) > It has all helped immensely I am off to do some lateral thinking on this one and try to see what can be done in the most secure manner in a distributed serverless network. It's an interesting issue and doubtless the weakest part of the whole cryptographic chain.
Thanks to everyone else for not complaining about this thread too :-) Tanks again Ted David
begin:vcard fn:David Irvine n:;David Irvine org:Ayrshire Business Consulting Ltd. adr:;;3 Wellington Square ;Ayr;Ayrshire;KA71EN;Scotland email;internet:[EMAIL PROTECTED] tel;cell:+44(0)7977583031 x-mozilla-html:TRUE url:http://www.open-source-consulting.org version:2.1 end:vcard
