Comments: FC07 Preliminary Programme - Leaving Room for the Bad Guys

i would contend that a lot of vulnerabiilties raised by "yes card" exploit ... misc. past posts
http://www.garlic.com/~lynn/subintegrity.html#yescard

was looking at a very narrow set of threats ... specifically lost/stolen card threats ... and concentrating on countermeasures for attacks on the cards. the "yes card" exploits effectively turn out to be attacks on the terminals, not attacks on the cards.

the basis for the "yes" in the "yes card" reference comes somewhat from the standpoint that once it was assumed that the card had been secured, then a system could be deployed where the terminal could rely on business rules implemented in the card.

the issue was that skimming type of attacks (typically a terminal attack) ... recent reference
http://www.garlic.com/~lynn/aadsm26.htm#20

predated work on infrastructure that gave rise to "yes cards". a (terminal) skimming attack then could be used to produce a counterfeit "yes card" ... and letting the terminal rely on "judgement" of the card for offline transactions severely aggrevated the risk exposure (somewhat blindly assuming that there wouldn't be countefeit cards). It wasn't even necessary to skim the PIN ... since the terminal would asked the (potentially counterfeit) card, if the entered PIN was correct, and of course, a counterfeit "yes card" would always answer "YES".

So, another maxim would be to include the full end-to-end analysis of all the components when designing high integrity infrastructure..

However, the guideline that there is always possibility that something has been overlooked (the bad guys are so ingenious), either purposefully or not ... would promote design of security in-depth with multiple layers/levels of countermeasures (even when you may have otherwised believed all basis have been covered).

Posted by Lynn Wheeler at January 8, 2007 09:59 AM

http://www.ddj.com/dept/security/196802528 has this comment that echoes the above:

[Bruce Schneier's] latest work is on brain heuristics and perceptions of security, and he'll be doing a presentation on that topic at the RSA Conference next month. "I'm looking at the differences between the feeling and reality of security," he says. "I want to talk about why our perceptions of risk don't match reality, and there's a lot of brain science that can help explain this."

Posted by DDJ interview with Bruce Schneier at January 12, 2007 02:57 PM
Post a comment









Remember personal info?






Hit Preview to see your comment. 
MT::App::Comments=HASH(0x55b4cff87c88) Subroutine MT::Blog::SUPER::site_url redefined at /home/iang/www/fc/cgi-bin/mt/lib/MT/Object.pm line 125.