Kiran Kuppa's List: Smartcards,Security,Cryptography

Every natural implementation of ECDSA makes heavy use of secret branches and secret array indices. Eliminating these secrets makes the code much more complicated and much slower. (The theoreticians are blind to these problems: their notion of "efficient" uses an oversimplified cost metric.) The ECDSA designers are practically begging the implementors to create variable-time software, so it's not a surprise that the implementors oblige.

Do elliptic-curve signature systems have to be designed this way? No, they don't. There are other elliptic-curve signature systems that are much easier to implement in constant time.

The broader picture is that elliptic-curve signature systems vary considerably in simplicity, speed, and security. ECDSA does a bad job on all three axes. It's unnecessarily difficult to implement correctly. It's full of unnecessary traps that can compromise security. It's unnecessarily slow no matter how it's implemented, and it's even slower if it's implemented securely. These performance problems encourage implementors to downgrade to breakable security levels, or to disable signatures entirely.

In this blog post I'll review the choices made in designing elliptic-curve signature systems, and explain the consequences of those choices

With SQRL (Secure Quick Reliable Login) you either tap, snap, or click a login page's QR code and YOU are securely logged in.

The SQRL system (pronounced "squirrel") revolutionizes web site login and authentication. It eliminates many problems inherent in traditional login techniques.

This document is intended as a specification of the protocol used for the communication between clients and servers to perform certain management operations on objects stored and maintained by a key management system. These objects are referred to as Managed Objects in this specification. They include symmetric and asymmetric cryptographic keys, digital certificates, and templates used to simplify the creation of objects and control their use. Managed Objects are managed with operations that include the ability to generate cryptographic keys, register objects with the key management system, obtain objects from the system, destroy objects from the system, and search for objects maintained by the system. Managed Objects also have associated attributes, which are named values stored by the key management system and are obtained from the system via operations. Certain attributes are added, modified, or deleted by operations.

The protocol specified in this document includes several certificate-related functions for which there are a number of existing protocols - namely Validate (e.g., SCVP or XKMS), Certify (e.g. CMP, CMC, SCEP) and Re-certify (e.g. CMP, CMC, SCEP). The protocol does not attempt to define a comprehensive certificate management protocol, such as would be needed for a certification authority. However, it does include functions that are needed to allow a key server to provide a proxy for certificate management functions.

The RSA concerns started with documents leaked by Edward Snowden and published by the New York Times in December. These indicated that the NSA had worked with the National Institute of Standards and Technology to create a "backdoor" in the Dual Elliptic Curve Deterministic Random Bit Generator (Dual_EC_DRBG), a pseudorandom number generator designated as a standard for encryption. According to the documents, in 2004-even before NIST approved it as a standard-the NSA paid RSA $10 million to use Dual EC DRGB as part of its RSA BSAFE cryptographic library. This meant that much of the encryption software sold by RSA would allow the NSA to break the encryption using the known backdoor

"If you're a web developer, you've probably had to make a user account system. The most important aspect of a user account system is how user passwords are protected. User account databases are hacked frequently, so you absolutely must do something to protect your users' passwords if your website is ever breached. The best way to protect passwords is to employ salted password hashing. This page will explain how to do it properly"

" Many application technologies enable secure communication between two entities by means of Internet Public Key Infrastructure Using X.509 (PKIX) certificates in the context of Transport Layer Security (TLS). This document specifies procedures for representing and verifying the identity of application services in such interactions"

"Google engineers are experimenting with new ways to replace user passwords, including a tiny YubiKey cryptographic card that would automatically log people into Gmail, according to a report published Friday.

In the future, engineers at the search giant hope to find even easier ways for people to log in not just to Google properties, but to sites across the Web. They envision a single smartphone or smartcard device that would act like a house or car key, allowing people access to all the services they consume online. They see people authenticating with a single device and then using it everywhere."

"This article was written with several goals: to hurry along the process of getting Applied Cryptography off the go-to stack of developer references, to point out the right book to replace it with, and to spell out what you else you need to know even after reading that replacement. Finally, I wrote this as a sort of open letter to Schneier and his co-authors."

TLS or Transport Layer Security is one of the most widely used protocols on the Internet.  A replacement for SSL, when you visit a website by typing https:// in your browser, you are most likely using TLS to securely transmit your data to and from the web server. To most people TLS works like magic. This article takes a brief look at TLS internals.

"If you don't know the combination to a Master Lock combination lock, you have a few options. If your lock is attached to something, you can break the lock, call a locksmith or use a shim. However, these options could put a dent in your wallet. Sometimes, your cheapest option is to figure out the combination."

Germany-based smart card company Giesecke & Devrient and Taiwan-based flash memory chip supplier Phison Electronics have dissolved their joint venture that had targeted the market for microSD cards to store mobile-payment applications.

To enable mobile payment, the venture had originally intended to produce microSDs with an embedded antenna that could give non-NFC phones a contactless interface. It later switched its development to microSDs that could connect via a single-wire protocol, or SWP, connection to NFC chips and antennas in full NFC phones.

While the joint venture was small, its liquidation casts some doubt on the market for microSDs that work in full NFC phones. But in disclosing that the companies had dissolved the joint venture, effective at the end of 2012, G&D said it might continue to supply secure flash memory products.

"Though companies like Visa and Device Fidelity have already come up with a way to make NFC payments via microSD card, the SD Association (the standardization body for SD cards) has introduced a spec that opens up that ability to others. It essentially adds the single wire protocol (SWP) as a Secure Element to enable NFC authorizations like mobile payments and identity verification."

"This article provides an overview of GlobalPlatform (GP) Key Management and includes a proposed architecture for an efficient GP Key Management System (KMS) based on the Cryptomathic Key Management System (CKMS)."

What amazes me though is how many patents I encounter that have been granted for some of the most obvious, well-known and ordinary techniques we use in the authentication process. In fact, every imaginable aspect of password selection, authentication, storage, and recovery seems to be covered by one or more patents.As the title says, the process of checking for common or weak passwords is patented. In fact, it is covered by quite a few patents:

1.System for controlling access to a secure system by verifying acceptability
2.Specifying a set of forbidden passwords
3.Preventing trivial character combinations
4.Password strength checking method and apparatus…
5.Method and system for proactive password validation
6.Method, system, and storage medium for determining trivial keyboard sequences of proposed passwords
7.Apparatus and method for indicating password quality and variety

"Zerocoin is a new cryptographic extension to Bitcoin that (if adopted) would bring true cryptographic anonymity to Bitcoin. It works at the protocol level and doesn't require new trusted parties or services. With some engineering, it might (someday) turn Bitcoin into a completely untraceable, anonymous electronic currency."

In cryptography, Derived Unique Key Per Transaction (DUKPT) is a key management scheme in which for every transaction, a unique key is used which is derived from a fixed key. Therefore, if a derived key is compromised, future and past transaction data are still protected since the next or prior keys cannot be determined easily. DUKPT is specified in ANSI X9.24 part 1.DUKPT is not itself an encryption standard; rather it is a key management technique

Retrieving information from an EMV compliant chip is not an inherently difficult task. I personally believe it’s daunting to many programmers because the mechanism of talking to a smart card is something quite different from the higher-level programming we’re used to.In this example I’ll break down a sample Jaccal script line-by-line in its raw APDU format to show exactly how information is retrieved from the chip card. I’ll show the script twice — the first one in pure APDU, and the second, a higher-level Jaccal script using Jaccal APIs to do the job for you. In this example, I’ll be showing you snippets from the official EMV4.1 specification, which I’ll mention in passing but not in details

"The new CredenSE products can be used as an external secure element in NFC phones as well as to add NFC functionality to both smartphones and feature phones, without the need for a separate signal booster"

"The smart card specifies various data transmission parameters in the interface characters of the ATR, such as the transmission protocol and the character waiting time. If a terminal wants to modify one or more of these parameters, it must perform a protocol parameter selection (PPS) procedure in accordance with ISO/IEC 7816-3 before the transmission protocol is actually used. This allows the terminal to modify certain protocol parameters if this is permitted by the card."

There are several flavors of MiFare memory cards. This article addresses the so-called MiFare classic, which are shipped in two sizes: 1 kilobytes and 4 kilobytes.In Mifare 4k,there are 40 sectors. The first 32 sectors have 4 datablocks, the remaining 8 have 16 datablocks. The first datablock of sector 0 stores some read-only manufacturer information. The other 2 datablocks in sector 0 store the MiFare application directory (MAD). An application directory says which application used each sector on the card. The application is identified by a unique identifier registered to a Mifare authority. MAD in sector 0 handles applications in sectors from 1 to 15. There is another MAD (called MAD2) stored in sector 16 that handle sectors from 17 to 39