At 3:03 PM -0400 9/28/00, David Honig wrote:
One very common security model is that the security perimeter includes the PC and you're only concerned with transmission interception.
MS is swiss cheese but most OS have some weakness in many configs.
How many people actually look at the source of the code they install on *nix machines??? How many of those who do are actually qualified to do security reviews? Cf. recent PGP bugs.
If you're really worried you'd use a sealed PDA (that you can control at all times) to capture/render and the PC is just for transport. [This applies Tim's modularity argument to hardware.]
I'm somewhat surprised that this PDA approach is not more available..we talked about when some of us had Newtons, oh, six or seven years ago. Then the Palm came out, and a bunch of folks use that (I have a Visor, which is Palm OS-compatible). The Bluetooth wireless developments of the next few years should be interesting. It should be quite feasible for secure local transmissions to be used. (Yeah, IR is available now, and USB, and serial, whatever. But having a small PDA or WebPad communicate seamlessly with a "transport machine" (PC, workstation) opens up new options. An obvious niche product would be this: a wearable (necklace, wristwatch, etc.) security product with low-power processing and with Bluetooth links to nearby devices. Zero knowledge approaches, so that this dongle would authenticate without ever actually providing passwords. A small keypad could be included for the user to periodically punch in passwords; or a fingerprint (or retinal print, down the road) system. Probably a more realizable product would be incorporating this into a PDA like the Palm, Visor, iPAQ, etc. Then the user could read and compose messages on his PDA without ever using the local PC or workstation. (And, frankly, I expect that by the 2002 games nearly every athlete or journalist at the games will have his own wireless solutions with him, so the point is moot. Certainly any would-be terrorists will have thought about security issues and will have taken steps. Catching terrorists by tapping their public kiosk messages seems far-fetched.) There are several levels of physical security: 1. Secure PDA, or dongle, or necklace (with something like Dallas Semicon. chips). Ideally, running a zero knowledge authentication system (so keys are never in the transmission channel). 2. Less secure, but still common: PC or workstation under the control of one person. This is the model most of us, probably, are using. (I say "less secure" than #1 only because it is likely easier to surreptitiously install backdoored software or sniffers than with the more limited options for PDAs and dongles. Though even PDAs and dongles could be affected.) 3. Less secure still: PC or workstation is accessible to others. Others who could install keyboard sniffers, altered versions of software, etc. 4. Least secure: "Olympic Village Convenience Stations" and similar sorts of public access terminals and kiosks. That _anyone_ is blathering about how these Olympic Village kiosks will expose users to key and passphrase snatching is symptomatic of how people just don't get it. No doubt some are going to be pushing for "laws to protect users at public kiosks." (Which will be supported by Law Enforcement and their allies, as this plays right into their hands.) --Tim May -- ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, ComSec 3DES: 831-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, "Cyphernomicon" | black markets, collapse of governments.