Comments on: Recent talks: Chip & PIN, traffic analysis, and voting http://www.lightbluetouchpaper.org/2007/07/06/recent-talks-chip-pin-traffic-analysis-and-voting/ Security Research, Computer Laboratory, University of Cambridge Sun, 27 Jul 2008 09:30:57 +0000 http://wordpress.org/?v=2.5.1 By: Clive Robinson http://www.lightbluetouchpaper.org/2007/07/06/recent-talks-chip-pin-traffic-analysis-and-voting/#comment-22853 Clive Robinson Tue, 10 Jul 2007 13:30:34 +0000 http://www.lightbluetouchpaper.org/2007/07/06/recent-talks-chip-pin-traffic-analysis-and-voting/#comment-22853 @sskm, Steven J. Murdoch, "it might be possible to implement this on top of the NFC support on certain mobile phones" One point I have made before mobile phones like many many other devices cannot be considered in any way secure (functionality/software can be loaded at any time by the operator or others). Therefore it cannot be trusted (like 99.99% of re-programable/programable devices). For the "Electronic Attorney" to be trusted both it and it's audit trail would need to be efectivly tamper proof by both the person who owns it and others. I am not sure just how many electronic devices come under that description but I will make a small bet that if there are any they are not in an effective cost range... @sskm, Steven J. Murdoch,

“it might be possible to implement this on top of the NFC support on certain mobile phones”

One point I have made before mobile phones like many many other devices cannot be considered in any way secure (functionality/software can be loaded at any time by the operator or others).

Therefore it cannot be trusted (like 99.99% of re-programable/programable devices).

For the “Electronic Attorney” to be trusted both it and it’s audit trail would need to be efectivly tamper proof by both the person who owns it and others. I am not sure just how many electronic devices come under that description but I will make a small bet that if there are any they are not in an effective cost range…

]]> By: Steven J. Murdoch http://www.lightbluetouchpaper.org/2007/07/06/recent-talks-chip-pin-traffic-analysis-and-voting/#comment-22833 Steven J. Murdoch Mon, 09 Jul 2007 14:32:40 +0000 http://www.lightbluetouchpaper.org/2007/07/06/recent-talks-chip-pin-traffic-analysis-and-voting/#comment-22833 @sskm The electronic attorney was introduced in <a href="http://www.cl.cam.ac.uk/~mkb23/research/Man-in-the-Middle-Defence.pdf" rel="nofollow">The Man-in-the-Middle Defence</a> by Ross Anderson and Mike Bond. It can be any device trusted by the customer, but for EMV it would need to have special hardware for emulating and reading a smartcard, which is not commonly available on any current general-purpose device. For wireless payment cards, e.g. PayPass, it might be possible to implement this on top of the NFC support on certain mobile phones. @sskm

The electronic attorney was introduced in The Man-in-the-Middle Defence by Ross Anderson and Mike Bond.

It can be any device trusted by the customer, but for EMV it would need to have special hardware for emulating and reading a smartcard, which is not commonly available on any current general-purpose device.

For wireless payment cards, e.g. PayPass, it might be possible to implement this on top of the NFC support on certain mobile phones.

]]> By: sskm http://www.lightbluetouchpaper.org/2007/07/06/recent-talks-chip-pin-traffic-analysis-and-voting/#comment-22831 sskm Mon, 09 Jul 2007 13:53:50 +0000 http://www.lightbluetouchpaper.org/2007/07/06/recent-talks-chip-pin-traffic-analysis-and-voting/#comment-22831 Would you care to comment what you mean by "electronic attorney"? Could it be the customer's mobile phone? Would you care to comment what you mean by “electronic attorney”? Could it be the customer’s mobile phone?

]]>