Thursday, April 28, 2005
When does a key become an identifier?
Is a passport an "identifier"?
Is a drivers licence an identifier?
Is a credit card an identifier?
Is a professional membership card an identifier?
Is a building access card an identifier?
Is a house key an identifier?
Is a car key an identifier?
Or putting the questions another way ...
Is a car key a "key"?
Is a house key a key?
Is a building access card a key?
Is a professional membership card a key [to access an association]?
Is a credit card a key [to a payments system]?
Is a drivers licence a key [to access the privileges of road usage]?
Is a passport a key [to enter another country]?
Monday, January 17, 2005
Yet it is a worrying gimmick, closely equivalent to writing the PIN on the back of your credit card!
A majority of commercial fingerprint detectors can be fooled by replica prints. In 2002, Japanese cryptographer Tsutomu Matsumoto devised the infamous "Gummi Bear Attack", in which a gelatin candy moulded with latent fingerprints transferred from a drinking glass proved effective against 80 per cent of readers tested (see www.schneier.com/crypto-gram-0205.html).
So if you lose your fancy phone, a clever thief will find your biometric security information very conveniently left behind all over the keypad.
One wonders whether disposable latex gloves will become the next weapon in the war on identity theft?
If we're going to do biometrics -- and many of us urge caution in any case -- and if we're going to store templates within devices, then let's use any method other than fingerprinting.
Wednesday, December 22, 2004
X.509 Certificate Suspension is such a bad idea
1. "I might have compromised by private key but I am not sure. If I can just have a day to sort it out, and get suspended in the meantime, that would be great".
2. "I'm going on leave for six weeks and I'd like to be sure nobody can use my private key while I'm away".
The first reason is not something that credit card companies support. I actually tried it once; I mislaid my wallet, was optimistic it would turn up, and rang the card company to ask for a 'suspension'. They said there was only the option to cancel the card, and if my wallet did in fact turn up, well that was nice but I'd need to get a new card. You can see their position; who would take the liability if a 'suspended' credit card was in fact abused?
The second reason is really poor security practice. If you have to leave any valuable asset unattended for some time, then you must make efforts to ensure they're protected. Either that or take them with you. It would be pretty slack to leave a private key lying around on the basis that it couldn't be misused while suspended. What if an attacker simply copied the key and waited till you unsuspended?
No, suspension is a really bad idea. And finally a technicality. The standard form of words in almost any CP/CPS is that revocation is required in the event of compromise or suspected compromise of your private key. How on earth should we re-word this clause if we were to permit suspension for reason 1 above? "You can suspend if you think your private key might turn up; but if you are really sure it won't, then you must revoke".