1 / 209

Electronic Cash and User Authentication using the Dallas Semiconductor / Maxim DS1963 S Monetary i Button

Electronic Cash and User Authentication using the Dallas Semiconductor / Maxim DS1963 S Monetary i Button. e-Cash - “Electronic Money”. The DS1963S eCash i Button. An Apology.

elani
Télécharger la présentation

Electronic Cash and User Authentication using the Dallas Semiconductor / Maxim DS1963 S Monetary i Button

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Electronic Cash andUser Authentication using the Dallas Semiconductor / Maxim DS1963S Monetary iButton

  2. e-Cash - “Electronic Money” • The DS1963S eCash iButton

  3. An Apology This presentation was intended for “interested lay-persons”. Apologies in advance for it’s extreme simplicity. It was also intended to make sense without the accompanying lecturer, to please excuse the detail (and length) of the presentation.

  4. What We Will Discuss • How money and credit are handled now • Why e-Cash is better • The Evolution of a Secure eCash iButton • The DS1963S Monetary iButton (MiB) • Why Security is Important • How the DS1963S features provide security

  5. We’ll Also Touch On... • iButtons in General • iButton Physical Security Issues • Various kinds of Cryptography • Attacks against e-Cash Schemes • Various e-Cash Applications

  6. Be Sure You Understand! • These slides indicate places where you should make sure that you are keeping up • If you missed something, SPEAK UP! • These slides will remind you

  7. What is “Cash Money” ? • A representation of value • Recognized and validated by look, feel, familiarity • Value is represented physically (ink on paper) • Can be stolen by anyone with a physical advantage

  8. What’s Good About Cash? • Anonymous - The seller doesn’t care who you are • Difficult to counterfeit (paper, printing methods, lots of new tricks) • Backed by the government • Trusted by everyone (We’re all used to it…) • A visible representation of funds (you can see what you’ve got)

  9. What’s New About Your Cash Serial Numbers Fine Line Printing Portrait Watermark Security Thread Micro-printing Color Shifting Ink

  10. What’s Bad About Cash? • Must be handled/observed by human eyesight or costly photo-scanner • Fixed denominations - requires making change • Not suitable for use on the Internet • Bills consume space, must be physically secured • No audit trail

  11. What’s REALLY Bad About Cash? • Carrier is in physical danger of being robbed of cash • Stolen cash may be freely used • Paper bills spread germs and disease

  12. A Warning! • “It is highly likely that an epidemic of global proportions - a serious threat to all human life - will be spread around the world quickly and efficiently on paper currency.” - From ajoint statement by the World Health Organization and the United States Centers for Disease Control in 1994.

  13. What is a Credit Card? • A representation of your responsibility • Really just an ID card • Backed by you - the individual • Recognized and validated by look, feel, familiarity

  14. What’s Good About Credit Cards? • Somewhat difficult to duplicate (embossed plastic, magnetic stripe data, holograms) • No denomination - No need to make change • Audit trail is owned by the card issuer and the user • Slightly more easily used over the Internet (only because number can be used w/o plastic card)

  15. What’s Bad About Credit Cards? • Notanonymous. Depends on knowing exactly who you are • Data stored magnetically, costly mechanical reader • Audit trail owned by the card issuer and who else? • No easy visual representation of funds

  16. What’s REALLY Bad about Credit Cards • Account number alone can be used if it is stolen or discovered (card is not required) • No PIN or Password required in most cases, allows anyone with the number to use it • Every vendor must be connected to the central server (via phone or network) • Vendor-end equipment is costly

  17. Why eCash is Like Cash? • A representation of value • Anonymous - The seller doesn’t care who you are i

  18. Why is eCash like a Credit Card? • No denomination - No need to make change • Information is electronic, access is simple and fast • Audit trail is optional and personal i

  19. Why is eCash Better than Cashor Credit Cards? • Perfectly suited for computers, the Internet • Validated using advanced cryptography (much more secure) • Almost impossible to counterfeit • Carrier is not in physical danger of robbery • It’s easier to obtain a visual, private representation of your funds

  20. Why Not e-Credit Cards? • Credit Cards require database lookups • Database lookups take time • Database currency is a problem • All vendors must have a telephone or network connection to access database • Not all recipients are connected or even “connectable” to the bank • Vending equipment is too expensive

  21. The Dallas SemiconductoriButton as an Electronic Token fore-Cash Applications

  22. What is an iButton? • Portable memory that doesn’t forget • Electronic circuits that can control or limit data access • It can keep secrets • Physically secure circuit assembly • Physically secure steel container ROM ID C O N T R O L RAM Battery

  23. Non-Volatile Memory • Random Access Memory (RAM) • Data is sustained by internal battery • Special mechanisms to assure good data despite intermittent connections • Memory organization using TMEX allows easy, efficient sharing of the memory area between users

  24. Very Simple Connection • Communicates 2-ways using one signal line • Much simpler than radio, magnetic, or infra-red communications • Very simple and inexpensive connection to electronic systems • A variety of ways to get into computers (serial ports, parallel ports, USB ports, etc..)

  25. Just a Touch... • Communicating with an iButton requires a simple touch of the iButton to a reader • Positive action by the user is required • There is no doubt about the intent, no accidental communications take place

  26. The Most Important Feature • A unique Serial Number, sometimes called a “ROM ID” • A permanent identifier that cannot be re-programmed • No two iButtons EVER have the same serial number ROM ID C O N T R O L RAM Battery

  27. An iButton Serial Number 15 00 00 00 01 40 D6 0C Unique Serial Number Error Check Code Family Code Shown in Hexadecimal notation

  28. Facts about iButton Serial Numbers • Written by a laser when iButton is manufactured • Every iButton is unique. No two iButtons will ever have the same serial number • The biggest iButton serial number possible is 281,474,977,000,000 iButtons in each family • There can be 256 families, for a total of 18,010,000,000,000,000 iButtons in all! • We will NEVER run out of numbers

  29. iButtons with Special Functions • Temperature Sensors • Time/Temperature Histograms • Time clocks (DS1994) • Password-protected memories (DS1991) • Analog-to-Digital Converters

  30. Be Sure You Understand! • Do you know all about iButtons and their basic features? • Do you know how iButtons are carried and used in day to day applications? • Understand the Unique Serial Number?

  31. Evolving eCash... • We will walk through the evolution of an eCash iButton, starting at the simplest form, examining ways that it could be attacked, and then adding methods to protect against attacks, until we achieve a sound eCash solution.

  32. How We Can Put Money Into an iButton • Money is just a number (call it your “balance”) • The bank takes cash, writes money amount into your iButton memory • Seller reads the balance, subtracts the amount of the sale, writes the new balance back into the iButton $123.45 i

  33. Think of it as Money • The iButton contains a balance stored in the RAM by a monetary authority (like a bank) • The balance represents your money remaining; the funds that are left in your iButton “account”

  34. Is Money Stored in RAM Safe? NO!

  35. Let’s Make Ourselves Rich! • It’s EASY to change the numbers in RAM • We’ll just raise the balance amount to whatever we want • Instant money! • Who will know?

  36. Why is it So Easy to Cheat? • Access to the iButton data is very easy (our own data books tell you how) • The Bad Guy just writes in a bigger balance • There’s no protection against anyone altering the memory contents • There’s no easy way to detect that the fraud has been perpetrated

  37. A Memory iButton Alone isNot Enough for Secure eCash The Evolution of a Better e-Cash iButton

  38. To Make a Better eCash Token,We’ll Need Some Help... • Special Hardware Features and Functions • Special Secure Assembly Methods • Strong Cryptographic Techniques • Careful Analysis of All Possible Attacks

  39. Introducing Cryptography • From simple substitution ciphers to highly advanced mathematical algorithms • Cryptography is a science all its own! • It has its own language, symbols, and lingo Message Cryptogram CIPHER Plaintext Ciphertext

  40. Message Plaintext Ciphertext Cryptogram Cipher Algorithm Key Secret Encode, Encrypt Decode, Decrypt Attacker, or “Bad Guy” Cryptography Lingo

  41. “Message” • Simple enough: Your “message” is whatever you have that you wish to protect or hide from all but the intended recipient.

  42. Plaintext is the message that you wish to send It is clearly read and understood by anyone It is insecure Ciphertext is the encrypted message It makes no sense to anyone when they attempt to read it It is secure because the real contents cannot be read or understood Plaintext, Ciphertext

  43. “Cryptogram” • A Cryptogram is a Message that has been encrypted, or converted to a form that a person who does not have the secret “key” cannot understand. • An entire Message, converted to Ciphertext, is a Cryptogram.

  44. “Cipher” or Algorithm • A “Cipher” is the process by which PlainText is converted into CipherText • An Algoriothm is a series of operations that, when performed on the PlainText data, will turn it into Ciphertext. • “Cipher” is a catch-all term for a variety of encryption algorithms

  45. Key, Secret • The ingredient of the Cipher that is known only to the legitimate parties to the message is the “Secret” or “Key”. • Just as a mechanical key opens a lock, the cipher Key makes the data readable again. • The words Key and Secret are sometimes interchangeable, but not always (we’ll see why later on…)

  46. “Encrypt” < > “Decrypt” • Encrypt means to make Plaintext into Ciphertext • Decrypt is to make Ciphertext back into Plaintext once again • Sometimes “Encode” and “Decode” are used to mean the same thing.

  47. “Attacker”, “Bad Guy” • The person or organization who wants to break your crypto-system and find out what the secret message contains • Perhaps wants to alter the secret message before it gets to its rightful destination • Sometimes, its your own courier, or your own customer!

  48. A Little Bit About Ciphers...

  49. Single Key Ciphers Original message Hello • The old “Decoder Ring” • Both ends of the conversation must know the same secret key • Only one or a limited number of recipients • Recipient can also encrypt messages using the same secret key Cipher Key Cipher- text pjighqr Same Key Cipher Key Restored message Hello

  50. What Does It Tell You? • Only that whoever sent the message knows the secret key, because, • If they didn’t know the secret, they could not have made a valid encrypted message. • If more than one other person knows the secret, you can never be sure who sent you any given message.

More Related