[Noisebridge-discuss] Prox Reader

travis+ml-noisebridge at subspacefield.org travis+ml-noisebridge at subspacefield.org
Sun Aug 15 00:23:28 UTC 2010 

On Fri, Aug 13, 2010 at 03:20:44PM -0700, Seth David Schoen wrote:
> There are designs for smart cards that resist replay attacks so that you
> can't just play an old response back

> One basic idea is that you could issue a challenge to the card in the
> form of a number that the card has to transform in some way using
> information known only to the card

No specific info from me on the clipper card but...

IIUC, the primary reason why this isn't often done is cost per unit
and power consumption on the device; RFID is powered by radio, so
doesn't have a lot of power to compute things.

If you DON'T do this, then it's just a simple ID number, and could
easily be replaced with a magstripe or barcode (which would be mildly
subject to being photographed, but who really worries about that?).
In other words, why bother with RFID?

> I guess there are other properties of radio signals that are somewhat
> hard to copy (like polarization) and other ideas for how the card could
> determine its own location to figure out if it's actually right near a
> faregate (or to figure out whether the user intended to use it to make
> a payment right at this moment),

Nearfield effects fall off with cube of distance and systems using
these would require the devices to be closer to gate and any target
card.  There was talk about using these for pairing bluetooth devices
on the cryptography mlist.

Other options include:
Switch (preferably a durable one)
Faraday wallet
Optical sensor (only respond to challenges if I'm getting light)

With passports, there's little reason to have RFID.  Customs has to
look at the picture and compare it to the person anyway, so they could
just use a barcode, magstripe, or QR code.  Make up your own reason
for why they chose RFID in this case.

It's also worth asking yourself why the fed is threatening to withhold
IH funds for states which don't have biometric IDs.  I was actually
told by a DMV worker that the fingerprint scanning was "to identify
bodies in the case of a crash" when they introduced it in my area
years back.  I love it when government employees brazenly lie to me.

> It's also true that in this scenario the verification information needs
> to be pretty widely distributed.  Each faregate can certainly make up
> its own challenges (if it has a good random number generator), but the
> faregate has to be in possession of whatever's needed to authenticate
> the responses.

And the cards themselves have to have what's necessary to create
the authenticators (responses).

HMAC causes problems here:

1) If everyone has same secret key, then you reverse one card and get
   the key that's used to authenticate every card.

2) If every clipper card has different keys, then you have a key
   management problem - every access point needs a key list.  In
   reality, they could probably fail open, potentially letting someone
   through, since the cost of unavailability and reliability is higher
   than the occasional free ride.

PK requires a lot more compute power.
-- 
A Weapon of Mass Construction
My emails do not have attachments; it's a digital signature that your mail
program doesn't understand. | http://www.subspacefield.org/~travis/ 
If you are a spammer, please email john at subspacefield.org to get blacklisted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.noisebridge.net/pipermail/noisebridge-discuss/attachments/20100814/927950e4/attachment-0003.sig>

More information about the Noisebridge-discuss mailing list