[11760] in cryptography@c2.net mail archive
Re: unforgeable optical tokens?
daemon@ATHENA.MIT.EDU (John Kelsey)
Thu Sep 26 10:19:48 2002
Date: Wed, 25 Sep 2002 14:50:21 -0400
To: Derek Atkins <derek@ihtfp.com>, eli+@cs.cmu.edu
From: John Kelsey <kelsey.j@ix.netcom.com>
Cc: crypto list <cryptography@wasabisystems.com>
In-Reply-To: <sjmbs6rwk4e.fsf@kikki.mit.edu>
At 09:24 AM 9/21/02 -0400, Derek Atkins wrote:
...
>This isn't security -- this is a small-form-factor physical ROM. This
>"read-only data crystal". The fact that they cannot be duplicated
>easily just means that you cannot use these tokens for real data
>storage. Imagine if they _were_ replicable.. Imagine keeping a
>terabyte of backup data on one of these tokens!
Well, you can get a nice (provable) level of security from a big memory
device like this, if the entries are random, and if there is a strict limit
on how quickly you can read information out of it. Bruce Schneier and I
did a paper on this several years ago. (Though I'm sure a bunch of other
people had used the same idea in their own systems before....) Let's
see...."Authenticating Secure Tokens Using Slow Memory Access," at the
USENIX workshop on smartcard technology in 1999.
The big question is under what conditions it's possible to read out a
significant fraction of the data. If you have a secure token that refuses
to respond to a memory query in less than a second, then the answer is
pretty simple. For this device, it's not so clear. It might be that the
device can't be read out by a compromised terminal (assuming there are one
day terminals for these devices), but it may still be readable by someone
who steals the device and takes it apart in a lab or something.
>-derek
--John Kelsey, kelsey.j@ix.netcom.com // jkelsey@certicom.com
--John Kelsey, kelsey.j@ix.netcom.com // jkelsey@certicom.com
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
