CDR: Re: Lions and Tigers and Backdoors, oh, my...
Tim May
tcmay at got.net
Thu Sep 28 13:08:05 PDT 2000
At 3:03 PM -0400 9/28/00, David Honig wrote:
>
>One very common security model is that the security perimeter includes
>the PC and you're only concerned with transmission interception.
>
>MS is swiss cheese but most OS have some weakness in many configs.
>
>How many people actually look at the source of the code they
>install on *nix machines??? How many of those who do are actually qualified
>to do security reviews? Cf. recent PGP bugs.
>
>If you're really worried you'd use a sealed PDA (that you can control at
>all times) to capture/render and the PC is just for transport. [This
>applies Tim's modularity argument to hardware.]
I'm somewhat surprised that this PDA approach is not more
available..we talked about when some of us had Newtons, oh, six or
seven years ago. Then the Palm came out, and a bunch of folks use
that (I have a Visor, which is Palm OS-compatible).
The Bluetooth wireless developments of the next few years should be
interesting. It should be quite feasible for secure local
transmissions to be used. (Yeah, IR is available now, and USB, and
serial, whatever. But having a small PDA or WebPad communicate
seamlessly with a "transport machine" (PC, workstation) opens up new
options.
An obvious niche product would be this: a wearable (necklace,
wristwatch, etc.) security product with low-power processing and with
Bluetooth links to nearby devices. Zero knowledge approaches, so that
this dongle would authenticate without ever actually providing
passwords. A small keypad could be included for the user to
periodically punch in passwords; or a fingerprint (or retinal print,
down the road) system.
Probably a more realizable product would be incorporating this into a
PDA like the Palm, Visor, iPAQ, etc. Then the user could read and
compose messages on his PDA without ever using the local PC or
workstation.
(And, frankly, I expect that by the 2002 games nearly every athlete
or journalist at the games will have his own wireless solutions with
him, so the point is moot. Certainly any would-be terrorists will
have thought about security issues and will have taken steps.
Catching terrorists by tapping their public kiosk messages seems
far-fetched.)
There are several levels of physical security:
1. Secure PDA, or dongle, or necklace (with something like Dallas
Semicon. chips). Ideally, running a zero knowledge authentication
system (so keys are never in the transmission channel).
2. Less secure, but still common: PC or workstation under the control
of one person. This is the model most of us, probably, are using. (I
say "less secure" than #1 only because it is likely easier to
surreptitiously install backdoored software or sniffers than with the
more limited options for PDAs and dongles. Though even PDAs and
dongles could be affected.)
3. Less secure still: PC or workstation is accessible to others.
Others who could install keyboard sniffers, altered versions of
software, etc.
4. Least secure: "Olympic Village Convenience Stations" and similar
sorts of public access terminals and kiosks.
That _anyone_ is blathering about how these Olympic Village kiosks
will expose users to key and passphrase snatching is symptomatic of
how people just don't get it. No doubt some are going to be pushing
for "laws to protect users at public kiosks."
(Which will be supported by Law Enforcement and their allies, as this
plays right into their hands.)
--Tim May
--
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May | Crypto Anarchy: encryption, digital money,
ComSec 3DES: 831-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets,
"Cyphernomicon" | black markets, collapse of governments.
More information about the cypherpunks-legacy
mailing list