21 December 2010

NFC feuding, Symmetric vs PKC

NFC feuding

NXP’s Gingerbread Coup Leaves Rivals With a Bitter Taste     Dec 20 2010 

If Gingerbread supports Mifare, the most popular technology used for transit ticketing, it would put Inside at a significant disadvantage to supply NFC chips with secure elements, since NXP has declined to grant Inside a Mifare license. Of course, Inside faces a problem supplying chips for any NFC phone that supports Mifare, unless it partners with a Mifare licensee. Any Mifare support in Gingerbread is also expected to favor suppliers of Mifare tags.
Many in the industry, including telcos and service providers, are disappointed with the few tag-reading commands that Gingerbread and the first handset using it, the Nexus S, so far supports. “This API is useless for us,” said one telco, according to a source. Many telcos want to support retail payment, either hosting applications from banks or running the payment scheme themselves.

future Symmetric Crypto should definitely be at least AES128
proprietary short keys are dangerous:
WikiPedia: "clone any MIFARE Classic card in not more than 10 seconds"

current 112 bit "triple DES" will surely be orphaned... will anyone continue to optimise DES chips?

With symmetric crypto algorithms, NFC payment schemes currently require secret keys on Card and Reader.

Something like this:
1) Card to reader send Random1, and requested $ amount.
2) Reader to Card send encrypted Random1, send Random2 Card trusts Reader
3) Card to Reader send Encrypted Random2 Reader trusts Card (constructs card session key
4) Reader to Card send Send Signed transaction Card sure that transaction is complete
"Tearaway" logic must be in place in the reader if this sequence is broken.

If PKC were adopted
1) Card sends signed Amount to Reader Reader trusts card
2) Reader sends signed Acceptance to Card Card trusts Reader and completes transaction

Some nonce with known structure would be included in the signature

PKC (eg RSA public key) would mean
No Common Secret Key would be loaded onto Card
Each card could generate its own secret key, which would never leave the card.

A certification structure wold be required, to guard public keys. Note this is a lower order cryptographic problem.
Fast Large Integer Hardware arithmetic would be required.
 A desktop can validate a PKC signature in < 10msec, not sure about NXP speed.

Is it is possible to use symmetric crypto in a 2 stage transaction?
1) card sends amount & random & encrypted random Reader trusts Card (based on shared secret key
this exposes known plaintext, whereas the 4-step allows for 'session' keys. which are calculated using CardID.
The Card's key is derived from its ID so breaking one card doesnt break all,
So in practice a 4 step transaction is used.

I expect that PKC will eventually replace symmetric crypto.

Initialising cards with Secret Keys is an arduous and anxious process.

08 December 2010


NSW smart cart in court Elisabeth Sexton December 8, 2010
THE NSW cabinet.. $300 million litigation over the abandonment of a transport smartcard developed by the former .. ERG Ltd.
The appeal, .. relates to a decision by Justice Clifford Einstein in June giving ERG access to most, but not all, documents relevant ..

The government is suing ERG for $77 m ... Tcard contract. ERG has countered $215 m..

ERG was delisted .. last year
Ingot Capital ..run by Duncan Saville, which was ERG's largest shareholder ..


London buses to go contactless (thought they already were?)
07 December, 2010 - 13:33
..from early 2012 and on the Underground around a year or so later,"
..visitors to London or occasional users to avoid the need to purchase an Oyster card,..
Barclaycard launched a combined contactless Oyster travel and debit card, OnePulse, in 2007.
..save TfL money on the commission it currently has to pay Oyster operators
...France, with Giesecke & Devrient, Infineon Technologies, Inside Secure and Oberthur Technologies announcing OSTP..
Google phone not so smart

The Open Standard for Public Transport (OSPT) Alliance, ...two new members: Watchdata Technologies Ltd. and the Open Ticketing Institute of the Netherlands.

...interoperable transit fare collection solutions based on open standard security.

Founded in Beijing in 1994, Watchdata provides a range of products including smart cards, USB tokens, readers, .....

The Open Ticketing Institute ...to advance The Netherland’s e-ticketing system, OV-chipkaart. As a separate not-for-profit foundation..

The new open security standard, Cipurse, defines an authentication scheme, a secure messaging protocol, four minimum mandatory file types and a minimum mandatory command set to access these files types. It also specifies encryption keys and access conditions, and includes a cryptographic protocol that protects against differential power analysis (DPA) and differential fault analysis (DFA).

waazaa 14443-3.pdf
2010 SESAMES winner unveiled
"SESAMES IT SECURITY: The winner is GEMALTO with eGo. eGo gives access to services in touching objects with any parts of your body. It has no defined form factor and may be any object you should carry close to your body. The message wakes up a secure element and a usual wireless communication means."
- if I understood this I believe I would be excited (italics NOT in original)

Odd Java Hints:...
private static void PreserveStackTrace(Exception exception)
MethodInfo preserveStackTrace = typeof(Exception).GetMethod("InternalPreserveStackTrace",
BindingFlags.Instance | BindingFlags.NonPublic);
preserveStackTrace.Invoke(exception, null);

since 2007, Kenya ... phone technology..
..M-Pesa ...those without a bank account to transfer funds .. a text message.
..Vodafone and Safaricom...Pesa is Swahili for money.
50% use the service to send money to..relatives, to pay for shopping..taxi ride ..
"The bank in my phone"
..register with Safaricom at an M-Pesa outlet... load money onto their phone. ..sent onto a third party by text message.
The recipient takes the phone to their nearest vendor,... pick up the cash.
..Mr Makusi says he no longer has to worry about being mugged while carrying cash.
..Seema Desai, director of the Mobile Money for the Unbanked (MMU)..
..Nick Hughes and Susie Lonie.. M-Pesa. .. Economist Innovation award..
...payment to the thousands of small one or two-cow milk producers.. decided to create a payment system using M-Pesa.
... Smart and Globe were active on a smaller scale in the Philippines in 2002
... March 2010 28.59bn (KES) $351m) was transferred using the service.
.. launched in Tanzania, Afghanistan and now South Africa, with trials underway in India.
.. One company that does let you pay with your mobile is Boku...buy virtual money..??? 65 countries..

The Bill and Melinda Gates Foundation has committed $500 million (Sh40 billion) over five years
..Global Savings Forum held in Seattle
.."In Kenya, M-Pesa is showing what storing and transferring money on mobile phones can do for poor people... at an enormous scale" Mrs Gates told the gathering.
.. $4.8 million (Sh384 million) will be used to expand M-Pesa into Tanzania
...mobile money transfer service had helped Kenyans cope with disasters better.
ShoreBank International..in Bangladesh will receive $10 million .. introducing bKash .. to be launched in .. March 2011.

Japan and South Korea ..in use for several years
Verizon, AT&T, and T-Mobile.. NFC system called Isis by 2012,
..Google Gingerbread smartphone, will have NFC technology
November 17, 2010