[1272] in cryptography@c2.net mail archive
Re: Fortezza dying on the vine?
daemon@ATHENA.MIT.EDU (Vin McLellan)
Mon Jul 28 21:37:22 1997
In-Reply-To: <87009152730237@cs26.cs.auckland.ac.nz>
Date: Mon, 28 Jul 1997 12:01:52 -0500
To: pgut001@cs.auckland.ac.nz
From: Vin McLellan <vin@shore.net>
Cc: cryptography@c2.net, PADGETT@hobbes.orl.mmc.com, rsalz@opengroup.org
With regard to smartcard readers, the inimitable Padgett
<PADGETT@hobbes.orl.mmc.com> opined:
>>Expect three flavors - direct, dedicated readers (but don't hold your
>>breath -
>>too many machines already have all IRQs in use). These will be the most
>>expensive - unless under $40-$50, forget it except for very very nervous.
>>
>>Second flavor would be a PCMCIA (PCCARD) carrier. Most notebooks today have
>>more than one slot.
>>
>>Third (and I think essential for mass market) is a 3.5" floppy carrier. Saw
>>one over a year ago from Fischer but cost is a problem - must be under
>>U$10.00
>>to be sucessful.
Peter Guttman <pgut001@cs.auckland.ac.nz> interjected:
>There's a fourth kind which you haven't mentioned: Readers built into
>keyboards. These are starting to appear (mainly in Europe), require no extra
>IRQ's or slots or serial ports or whatever, and only a small change in the
>keyboard driver software. Most of the components (case, lead, connector to
>computer, power source, interface circuitry) are already present, so the cost
>is relatively low. It remains to be seen how popular they'll become though.
This, IMNSHO, is where the big bets have been placed.
I expect to see three or four major US players offering
keyboard-based readers within six months. The additonal cost, for good or
ill, will be defined by how large a committment each of these vendors will
make to these keyboards -- but there will clearly be price competition, a
very good thing.
(Padgett, can you tell us anything about the normal pace of
keyboard replacement in a big corporate environment? I presume PC and
workstation CPUs are being upgraded, typically, every 18-months to two
years. Do keyboards get upgraded with this, or are the peripherals rolled
over and plugged into the new box?)
Padgett also cautioned:
>>Once the readers are available, then the cards *may* proliferate - problem
>>would be IMNSHO if "soft cards" spread first. People may then resist
>>more hardware at home & only POS devices will have readers.
Right on target, as usual, Padgett! The millions of unprotected
browser-based PKC key-pairs already supporting SSL have framed the issue,
but few (beyond the professional security mavens) even noticed. Software
versions of Fortezza will explode it right in front of everyone.
User identification and authentication (I&A) for PKI may well
standardize on password-protected (encrypted) PKC key-pairs sitting in the
user's PC: "soft smartcards." Bit of a horror -- but then, we live daily
surrounded by little infosec horrors (e.g., the 60-70 percent of the hosts
on the Internet with no firewall, no effective security beyond that
inherent in the OS.)
Everyone knows a removable hardware repository (a smartcard; even a
PCMCIA) card is more secure -- but then there is the cost; the lack of
cheap and available readers; and the incontrovertable reality of scale:
world-wide, there is an installed base of tens of millions of corporate and
government PCs (with simple standard keyboards.)
The Smarty, Fisher's (patented?) smartcard reader built into a 3.5"
floppy form-factor, could make a big difference it the price drops quickly
enough -- but "software smartcard-emulators" -- given the scope of PKI --
are inevitable. They exist today in every browser's RSA key-pairs.
Nothing, I'm afraid, will offer security comparable to that of a
removable hand-held hardware device which can contain the user's PKC
key-pairs and certificates (maybe even a crypto engine) -- but lacking
that, what alternatives exist?
For the corporate environment which already has two-factor I&A,
there might be a way to use OTP tokens like SecurID or it's C/R cousins (no
readers necessary) to unlock/decrypt/validate the software smartcard's keys
and certs..
Like software Fortezza, this is a jerry-rig that has been seen
largely as a transition technology, but -- as Padgett implies -- it could
be a looooong transition if it seems to deliver the needed functionality,
whatever the relative security risks.
One saving grace, X509v3 extensions (and its successor certs) could
have a indicator of how trustworthy a registered key-pair is -- depending
upon whether the PKC keys were installed in a secured hardware repository,
some lesser secured environment, or a naked password-protected web browser
or similar app.
This might be another interesting arena for key and cert
management: a rudmentary multi-level system environment. <groan>
Perhaps some level of authorization or network privilege will
_require_ a hardware-based repository for the user's PKC private keys
(validated by a cert or cert extension?)... while the same user could use
another key-pair (held is a less secure medium) for reading and signing
mail?
Multiple key-pairs per user are almost certain to be common, in any
case, even in a smartcard PKI environment. (Anyone else get the sense that
we are not drawing upon the financial community's long history of credit
card system management so much as we could in designing PKI? I keep
thinking that all the worry about revocation lists and such is reinventing
the wheel;-)
I don't doubt that Peter and other X509 pros have thought about
securing keys (and the relative-trustworthiness of various PKC keys) more
than I. But in the US, if DoD plans to field even a few tens of thousand
of software implementations of Fortezza, the questions about I&A become
stark.
Suerte,
_Vin
"Cryptography is like literacy in the Dark Ages. Infinitely potent, for
good and ill... yet basically an intellectual construct, an idea, which by
its nature will resist efforts to restrict it to bureaucrats and others who
deem only themselves worthy of such Privilege."
_ A thinking man's Creed for Crypto/ vbm.
* Vin McLellan + The Privacy Guild + <vin@shore.net> *
53 Nichols St., Chelsea, MA 02150 USA <617> 884-5548
