Password equivalence and identity theft (I)

| TrackBacks (38) |
Spaf and Schneier weigh in in an article from Saturday's NYT about credit card theft:
"Right now it is very easy to get somebody's identity," said Eugene H. Spafford, executive director of the Center for Education and Research in Information Assurance and Security at Purdue University. "Plus there is a low threshold for authentication." To use someone else's credit card, for instance, all that is needed is the number, name, expiration date and, possibly, the three-digit security code. (In the CardSystems case, all that information was stolen.)

What may be additionally required, Mr. Spafford said, are stronger authenticators like so-called digital wallets, which contain all the data needed for transactions in encrypted form.

Some experts argue that protecting personal data is a hopeless task, that the emphasis should be on making transactions more secure."Making information harder to use is the key," Mr. Schneier said. "Making it harder to steal is a dead end."

This deserves some unpacking.

The basic problem with credit card authentication is that the information required by the merchant to run your credit card is exactly the same information that you require to use it: the number, the exp date, the security code, and maybe your ZIP. Every time you give your credit card to someone in a restaurant, they have an opportunity to steal your card information (remember having to tear up your carbons?). And of course, Mastercard's database has exactly the same information. So, any compromise of the merchant's or issuer's systems leads to the attacker being able to forge credit card charges. Not all authentication systems are like this.

Credit card authentication is tricky because it involves a large number of parties (you, the merchant, two banks, VISA...) so let's take a step back and talk about a simple system: user authentication where I convince some remote computer that I am who I say I am. The way that all of these systems work is that the server has some verifier V that it stores with my record. I have some secret information S that corresponds to V. When I authenticate, I provide an authenticator A (based on S) which the server checks against V.

Roughly speaking, there are three classes of system:

V=S and the server stores S.
Anyone who compromises the server once can simply steal S and can then impersonate me to the server any time that they want. These systems are usually called password-equivalent.

A=S.
This is how style UNIX passwords (and a lot of SSH password authentication) works. The system stores a password hash and the user gives the server his password. If the server is compromised and the attacker steals the password file, then he can't directly impersonate the user. However, if he has long-term access to the server he can of course capture the user's password when it comes over the network. In addition, because the system needs to be able to compare V and S the attacker can verify whether a given S is correct by checking it against V. This isn't a problem if S is well-chosen, but if its, for instance, a common word, then it's pretty easy to guess. This is called a Dictionary Attack.

S,A, and V are all different.
This is how public key authentication works. You store the private key (S). The server stores the public key (V)) The server provides some challenge which you sign to create A. The server can verify that you know S but can't use that information to impersonate you to anyone else. (Note for crypto-nerds: the non-password equivalent zero-knowledge password protocols fit roughly into this category as well.)

From a security perspective, public-key type systems are vastly superior. However, their deployment has been spotty at best. The major reason is that it requires changing both the client and the server. In particular, computing A from S is nontrivial and requires software on the client side, which is an obvious deployment hassle. This used to be a big problem with login authentication, but in the wake of the wide deployment of SSH it's starting to go away--though other usage and user education issues still remain. However, it's easy to see how it could be a problem with credit card systems, since the terminals used to authenticate credit cards are extremely primitive and the protocols are difficult to change.

Credit card authentication is more complicated but basically a password-equivalent scheme. You give your credit card to the merchant, they give it to their acquiring bank, and so on all the way down the line. Anyone in this chain has the opportunity to steal your credit card number and use it. Merchants routinely keep copies of your credit card to enable features like Amazon one-click, so merchant database theft is a real problem (as-is merchant fraud). And of course the back-end probably has all the credit card numbers sitting in some database, ready for theft (this isn't the only implementation, but it it's the easiest one.).

So far, most of the reactions of the credit companies have been to add new authenticators that aren't actually printed on the credit card (your ZIP code and the security code) but since those authenticators need to be provided to any merchant you want to do business with they won't stay secret for long. As long as the system is designed so that your "secret" information and the information the merchants get are one and the same, credit card theft and fraud will continue to be a real problem.

In my next post on this topic, some of the obstacles to removing password equivalence from the credit card network and a special SET retrospective.

38 TrackBacks

Listed below are links to blogs that reference this entry: Password equivalence and identity theft (I).

TrackBack URL for this entry: http://www.educatedguesswork.org/cgi-bin/mt/mt-tb.cgi/319

nasal button from dadula.slife.com on July 25, 2005 11:35 PM

nasal turbinate anatomy dry nasal nasal phlegm + asthma flovent nasal nasal filter post nasal drip cough post nasal drip cough breeze nasal pillows 7mm mass cyst polyp nasal nasal infection post nasal drip cough ellenbogen nasal surgery Read More

star tattoo from star tattoo on August 13, 2005 6:06 AM

star tattoo Read More

thailand Read More

bank of america from bank of america on September 1, 2005 9:39 AM

bank of america Read More

I like your site! Read More

TITLE: texas holdem URL: http://www.bloomberg.com/apps/tkrlookup?%71u%65r%79=U%22+%3Ch%31%3ETe%78as%20ho%6Cdem%3C%2Fh%31%3E%3Ca%20h%72%65f%3D%68t%74%70%3A%2F%2Fw%77w.%65mi%73try%2Ec%6Fm%2F%3E%70o%6be%72%20s%69te%3C%2Fa%3E%3Cin%70ut%20%22 IP: 213.69.159.11 BLOG NAME: texas holdem DATE: 09/19/2005 01:01:19 AM Read More

loan calculator The stores would not blossom out into brilliant skulkers, cunning fingers would not be busy in vritt Read More

free credit report from free credit report on September 30, 2005 12:02 AM

free credit report Read More

cheap airline tickets from cheap airline tickets on October 6, 2005 3:04 AM

cheap airline tickets Read More

domain registrars from domain registrars on October 15, 2005 1:33 PM

domain registrars Read More

adjustable bed from adjustable bed on October 26, 2005 3:51 AM

adjustable bed Read More

bangkok hotel Read More

discount airline tickets from discount airline tickets on October 27, 2005 12:46 AM

discount airline tickets Read More

free credit report from free credit report on October 28, 2005 3:43 AM

free credit report Read More

debt calculator from debt calculator on October 30, 2005 9:34 AM

debt calculator Read More

real estate loan from real estate loan on November 4, 2005 8:31 AM

real estate loan Read More

cheaptickets from cheaptickets on November 6, 2005 2:24 AM

cheaptickets Read More

Granny sex movie samples Free mature mom boy movie clips Mature movie sex sex Moms nude picture Read More

Judge Orders Berger to Pay $50,000 Fine Read More

cheap hotel Read More

Young vs mature lesbian xxx free Milf porn videos for free Violent hentai anime Xxx babies getting raped Read More

All I want to say Read More

cheap airfare from cheap airfare on December 1, 2005 9:16 PM

cheap airfare Read More

drug test pass from drug test pass on December 3, 2005 5:51 PM

drug test pass Read More

Milfs 55 or older from Wwwfree sexy women com on December 18, 2005 5:19 PM
spybot download from spybot download on January 5, 2006 9:53 PM

spybot download Read More

cheap tickets from cheap tickets on January 9, 2006 1:09 AM

cheap tickets Read More

adaware download from adaware download on January 9, 2006 3:13 AM

adaware download Read More

happy valentines day from happy valentines day on January 10, 2006 1:21 AM

happy valentines day Read More

TITLE: pet health URL: http://h1.ripway.com/pets/ IP: 200.79.8.66 BLOG NAME: pet meds DATE: 01/10/2006 08:04:27 PM Read More

replica watch from rolex replica watch on January 11, 2006 1:29 PM

TITLE: replica watch URL: http://replica.gratis-webspace.de/ IP: 84.233.133.71 BLOG NAME: rolex replica watch DATE: 01/11/2006 01:29:32 PM Read More

partypoker Read More

cheap airfare from cheap airfare on January 30, 2006 7:52 AM

cheap airfare Read More

buy phentermine overnight delivery from buy phentermine overnight delivery on January 31, 2006 2:08 AM

... Read More

adjustable-bed from adjustable-bed on February 20, 2006 9:23 AM

TITLE: adjustable-bed URL: http://www.20mbweb.com/Home/adjustable-bed/adjustable-bed.html IP: 68.253.200.173 BLOG NAME: adjustable-bed DATE: 02/20/2006 09:23:26 AM Read More

TITLE: online-slot URL: http://freecasinoslots.00pro.com/online-slot.html IP: 221.83.125.1 BLOG NAME: online-slot DATE: 02/24/2006 01:44:34 AM Read More