Innovative and Flawed MintChip Challenge by The Royal Canadian Mint

Sunday, 22 April, 2012

Innovative and Flawed MintChip Challenge by The Royal Canadian Mint

It is refreshing to see the Royal Canadian Mint (RCM) innovatively create and launch the MintChip Challenge to solicit ideas, software apps submissions and discussions from the public. At the same time, I find it very troubling to see the core security basis of the MintChip system has not been released for public review and discussion. In fact, here is the official RCM line in this forum discussion thread,

While we appreciate your interest in the physical chip’s trusted hardware, public-key infrastructure and encryption methods, we are not in a position to release that information at this time.

Well “… not in a position to release that information …”, really? I can appreciate the “coolness” in seeing interesting apps and use cases, but security has to be the foundation of MintChip and other similar products, without a properly reviewed, fully inspected, time-tested cryptographic system as a solid foundation, the rest of the “cool apps” & interesting use cases will not be of use to anyone.

I’ve been a long time reader of security industry expert Bruce Schneier’s ideas and ground breaking book Applied Cryptography (1995) out of curiosity and interest. Bruce wrote this insightful warning signs “Snake Oil” post in 1999

The problem with bad security is that it looks just like good security. You can’t tell the difference by looking at the finished product. Both make the same security claims; both have the same functionality. Both might even use the same algorithms: triple-DES, 1024-bit RSA, etc. Both might use the same protocols, implement the same standards, and have been endorsed by the same industry groups. Yet one is secure and the other is insecure.

Many cryptographers have likened this situation to the pharmaceutical industry before regulation. The parallels are many: vendors can make any claims they want, consumers don’t have the expertise to judge the accuracy of those claims, and there’s no real liability on the part of the vendors (read the license you agree to when you buy a software security product).”

After rereading the listed nine snake-oil warning signs, I get very uncomfortable when I see these words in the MintChip Challenge,

“Using innovative technology, for which the Mint has prototypes and five patents pending, MintChip uses a secure chip to hold electronic value and a protocol to transfer it from one chip to another.

What are in these “prototypes”? How are they tested and verified? How much of the crypto system are kept in these pending patents and how much will remain part of the “trade secrets”? Security through obscurity is a very bad idea.

Of course, in the minds of RCM, they may think the $52,000+ MintChip Challenge prize money is totally worthwhile in exchange of the hundreds of developers’ time and effort. At the same time, if project MintChip fail due to flawed security in the crypto system, the credibility of Royal Canadian Mint will unfortunately be tarnished. So the price is the $52K and the Mint’s reputation!

I urge the Royal Canadian Mint to publish the technical details of the MintChip cryptographic system and invite the security community to properly review and inspect the whole system to ensure it has a solid foundation to avoid wasting people’s time and, more importantly, maintain the Mint‘s hard earned credibility.

MintChipChallenge promo video

[HT Dwayne L in the discussion thread for the link to Bruce's "Snake Oil"]


GSM Mobile phone security cracked, says German hacker

Tuesday, 29 December, 2009

UK Guardian is reporting (emphasis added),

A German computer scientist has cracked the codes used to encrypt calls made from more than 80% of the world’s mobile phones.

Karsten Nohl [K: Nohl's U of Virginia page] and his team of 24 hackers began working on the security algorithm for GSM (Global System for Mobiles) in August.

[...] Nohl claims that armed with the code, which has been published online, and a laptop with two network cards, an eavesdropper could be recording phone calls within 15 minutes.

“This shows that existing GSM security is inadequate,” Nohl told the Chaos Communication Congress, an international annual meeting of hackers taking place in Berlin this week.

Nohl insisted that he had deciphered the code to force the global telecommunications industry to upgrade its security.

Nohl told the Guardian that important negotiations involving politicians or business leaders could easily be intercepted and they should invest in further encryption software to protect their privacy. “If there is anything secret going on using GSM, this should be of concern.”

More report in NYT and The Register.

Anyone who cares about our communication security based on Cryptography should know that the only way to keep our communication secure is to conduct open and active research in the field where weakness and problems are dealt with in a prompt and appropriate manner. Security through obscurity is NOT an option, and if I were less diplomatic, I would say it is plain stupid to rely our treasured security on obscurity.


Follow

Get every new post delivered to your Inbox.

Join 694 other followers

%d bloggers like this: