Identity theft is a possibility with todays Smartcard technology
"Side Channel" leakage offers a security flaw that can be addressed.
New York, 13th February 2004. Comodo, recognized as a leader for the creation of digital identity services and secure business critical infrastructure solutions will present some details of why today's Smartcard technology is susceptible to side channel leakage. There is a distinct possibility of identity theft of any individual or organisation – A major concern for the immediate future as the popularity of Smartcard related solutions gains momentum. Comodo's Research and Development facilities have extensively researched this issue and patented a solution. – the "Mist" algorithm. Metaphorically speaking the secret key is obscured from detection as vision would be when veiled by a mist.
Dr. Colin Walter, head of the cryptography at Comodo Research Lab, will discuss the issue in depth at the forthcoming RSA 2004 conference in San Francisco (23rd-27th February 2004 http://2004.rsaconference.com/ ). RSA is arguably the largest and most important conference and exhibition of computer security system research and products.
Dr. Walter will speak in the Cryptographers' Track on the subject "Issues of Security with the Oswald-Aigner Exponentiation Algorithm". His talk is concerned with the extraction of secret keys from smartcards using "side channel" leakage. When the classical exponentiation algorithms are used for encryption and signatures, there are data-dependent variations in the power consumption of the processor.
These minute variations can be used by an attacker to reconstruct the secret key without damaging the smartcard. This enables him to clone the card successfully and therefore impersonate the owner. Randomised algorithms have been proposed to overcome the problem of leakage, but Dr. Walter will show that the one described by Oswald and Aigner has some limitations. The "Mist" algorithm patented by Comodo is immune to this type of attack.
The Comodo companies provide the infrastructure that is essential in enabling e-merchants, other Internet-connected companies, software companies, and individual consumers to interact and conduct business via the Internet safely and securely. The Comodo companies offer PKI SSL, Code Signing, Content Verification and Email Certificate; award winning PC Security software; Vulnerability Scanning services for PCI Compliance; secure e-mail and fax services.
Continual innovation, a core competence in PKI, and a commitment to reversing the growth of Internet-crime distinguish the Comodo companies as vital players in the Internet's ongoing development. Comodo secures and authenticates online transactions and communications for over 200,000 business customers and 3,000,000 users of our desktop security products.
For additional information on Comodo – Creating Trust Online® visit Comodo.com
For more information, reporters and analysts may contact:
Office: +1 (888) 266-6361