On Monday, July 29, 2002, at 11:07 , Curt Sampson wrote:
> So what you're saying is that you've just put a lot of effort into
> creating a device that does authentication and authorization via a
> public-key crypto system, and now you're going to protect that with a
> PIN number? What did you put in the crypto for in the first place, then?
With PGP, you protect your private key with a passphrase. Likewise on a
mobile, you would protect your private key with a PIN2 (despite the
name, yes, it should be longer than the typical 4 digits, so you may
call it a password -- I call it a PIN2 because it is an established
concept).
However, you do know that exhaustive search on a PIN will render the
phone unusable and you will need a PUK to unlock it (likewise PUK2 for
PIN2), don't you ?
> Now as far as the re-registration problem, assume the camera has a list
> of public keys that grant administrative access. You lose your private
> key.
I am not so sure I understand your scenario. First, I would not expect a
camera to have any keys that grant administrative access to another
device. In my book, a camera would have access to other devices only to
upload photos and perhaps a backup of preferences. Even then, I would
expect the camera to be jailed to its dedicated upload folder.
So if you loose the camera then you run the risk that the finder/thief
will be able to upload photos into your computer without asking your
permission, unless you remove the authorisation for the camera (based on
the camera's keys) from your computer. That would seem reasonable to me.
This is analog to the situation of a lost wallet with your house key in
it. If you want to be safe, then you change the locks on your
house/apartment.
Likewise if you loose your computer, you may want to remove the
authorisation for the computer from your camera, or else the
finder/thief who found/stole your computer may be able to snatch photos
from your camera without asking your permission.
> Who has another key that will allow this situation to be remedied
> so you can use the device again? How is this other key protected? What
> does the consumer have to do in this situation?
If you loose your camera and remove the authorisation for it from your
computer, then find the camera, you may simply start over and exchange
keys between camera and computer again, or if you are paranoid, generate
a new set of keys and exchange them.
>> Likewise, you could have a dialog on your camera "Device 'xyzxyzxyzxyz'
>> is trying to connect wirelessly. Allow ?"
>
> And how do you know what that device is? Remember, there's no physical
> connection here to verify.
Same situation as with beaming contacts from one Nokia to another via IR.
You initiate the connection from device A and at that moment device B
pops up a dialog telling you about the request and ask your explicit
permission. It is pretty obvious at that point which device it is that's
making the request. Of course, somebody could observe you when you are
about to press the button on device A to initiate the request and in
that very moment initiate a request from their own device C in the hope
that they'll get lucky and you authorise the request of device C in the
belief that it is device A that you give your OK to.
This is rather unlikely, but fair enough, it is a possibility. But this
would only fool you if you get no feedback on devices A and B about the
pending connection. So, if you introduce some feedback on devices A
*and* B you could get around accidentally accepting device C. This might
require yet another intermediary step, but it is absolutely feasible and
still relatively simple.
Your OK to the request could establish a connection in a low security
trial mode, then send some kind of feedback to device B and only when
you see that feedback will you give your final OK and the connection
will be 'upgraded' from trial mode to data exchange mode.
> I think you want to do a bit more reading on crypto, key management and
> PKI before you claim this is not a challenge. You've done a lot of arm
> waving, but you certainly have not described how any of this is going to
> work in a secure fashion.
And I am not going to describe any detailed scheme in public. IPR, prior
art and all the rest of it. So you have to take my word for it: It's no
rocket science.
What I can tell you is that your phone service provider plays a role in
the key management and the trust model need not be as complex as that of
PGP because of it. Enough said.
regards
benjamin
Received on Mon Jul 29 07:17:10 2002