[geeks] Interesting: hardware security token for PayPal

Geoffrey S. Mendelson gsm at mendelson.com
Mon Apr 2 01:46:26 CDT 2007


On Mon, Apr 02, 2007 at 12:52:36AM -0400, Charles Shannon Hendrix wrote:
> I'm kind of curious how they garantee sync in the numbers. It seems like
> it would be trivial to get out of sync and make the whole batch useless.
> Or, does each number have a non-random serial?

It's done by time. Let's say the device produces 123456 at 10am today.
This is based on some displacement from an epoch. You enter 123456.
It matches, everything is in sync and off you go. 

If it fails, then the previous number is tried, If it matches, the
clock on the host system is "corrected" and everything is back in sync.
If not, one minute ahead is tried. If that fails, two behind and then
two ahead. Eventualy a match is found or the host gives up. 

If they are so far out of sync that the software has given up, they
get returned to the manufacturer.

The secret is to both test the unit for a very low difference between
clock times and real times. Usually done by a careful check of the master
oscilator. Assuming you can short two contacts on the circuit board
and get a clock reading to the second or better, then the unit can be
"aged" and tested in a month. It won't affect the marketable battery life,
and would give you an accurate picture of the clock. 

If I were manufacturing them, I would build a USB client connector
onto one end of the board. Then you plug it in when it is first produced,
which sets the serial number and the clock. A month later you plug it
in and check the serial number and the clock. If they are still good,
it gets put in a case and sold.

Since the unit is in a case, the user can not access the USB connector.
To prevent an experimentor from opening the unit and accessing it, it could
be locked with an encryption key based upon the serial number,


> Once broken or compromised, the increased level of trust in newer
> security systems makes it harder to get things fixed. Quite a few
> systems penalize the victims rather than the attackers. In fact, so far
> it seems to me that most of them do.

It depends upon the system. Obviously if this system is compromised then
the key needs to be replaced. If it is compromised at the host end
then all of the devices need to be replaced. 

If they had internal USB connectors, they could be opened up and reprogramed.
Changing the hidden key and clock epoch would be enough. Changing the
encryption and number generation algorythms would be even better.


> In fact, just like spammers attack filters by poisoning them, criminals
> will begin poisoning security systems. Not to break them, but to cause
> them to stop trusting the users.

It depends. If the user is an employee of a large company which is required
to maintain security by law, the company will do whatever they have to and
spend what is needed.

> The other big issue is biometrics, which is a disaster waiting to
> happen.

I'll agree with that and leave it for now. :-)

Geoff.
-- 
Geoffrey S. Mendelson, Jerusalem, Israel gsm at mendelson.com  N3OWJ/4X1GM
IL Voice: (07)-7424-1667  Fax ONLY: 972-2-648-1443 U.S. Voice: 1-215-821-1838 
Visit my 'blog at http://geoffstechno.livejournal.com/



More information about the geeks mailing list