Thursday, December 8, 2016

A broader view of keys

Smart's book on encryption theory, its mathematical. I am plowing through it, doing my homework.

Security, of the set of these keys,
We have a unique key shared by any card and the top secret node.
We have a key personal to the card, not shared.
Then we have a variety of ways to load other sets of keys as needed by trading groups.

Making no claim abut all the key functionality, I think we can assert one security rule.  If no human sees the key, and no key sent over the network, and all keys established with biometric, person to person matching, then....Then the thieves have to take the card apart, mount the chip on the engineering table, start the long sequence of digital probing while the chip is powered.

What is the defense against this? Let there be one key, the hardware / bio ultimate check key.  This key encodes the command, perform hardware/bio check and respond at some specified time later.
Now, think about the relative transaction times needed for the hacker to probe this chip, keeping power on and off, state stable; and this card gets the super secret hardware / bio check. The hacker is not spending million unless he got his hands on a high limit secure card system. But a high limit secure card system is gonna get a lot of hardware / bio checks.  The bank CEO will be sitting in front of that thing ready to give blood.

So, unless the hackers are brilliant mathematicians, more than we imagine, the silicon money can be made just as secure as gold money.

No comments: