21st September 2005, New York. Comodo Inc., a global leader in Identity and Trust Assurance Management solutions announced today top line findings from the seventh annual CHES (Cryptographic Hardware and Embedded Systems) Conference in Edinburgh, Scotland. (See chesworkshop.org for details.) Comodo's Head of Cryptography, Dr. Colin Walter from Comodo's Digital Trust Lab was general chair for this year security conference under the umbrella of the International Association for Cryptographic Research, the IACR (www.iacr.org).
The conference was well attended by a mix of leading researchers from both academia and industry - representing prestigious companies and organizations such as IBM, Intel, Infineon, Siemens, Toshiba, Hitachi, Philips, NEC and Atmel. Delegates from key cryptography departments, such as Cambridge, Bristol, Louvain-la-Neuve and Leuven Universities, were also present.
With well over 200 delegates, CHES is probably the largest and most important forum for discussing the security and implementation aspects of the chips in credit and debit cards to ensure identity integrity. Three guest speakers gave a broader view of those topics within a secure and trusted global communication network. Thomas Wille from Philips Semiconductors talked about "Security of Identification Products: How to Manage", Ross Anderson from Cambridge University Computer Laboratory spoke on "What Identity Systems Can and Cannot Do" and Jim Ward from IBM, and president of the Trusted Computing Group, presented "Trusted Computing in Embedded Systems".
Summary of Conference Discussion
Overall, the main theme of the invited talks and surrounding discussion was how to balance freedom of information required for commerce with the equally demanding identity security needs of individuals and corporations.
So, for example, some challenging questions included whether "Douglas A MacKenzie" who bought a house twenty years ago is the same as the "Angus MacKenzie" that now wishes to sell the house? Will the same rules apply when this is applied to withdrawals from a bank account? Will economic or political pressures for secure solutions result in denial of personal rights?
These issues point to important new opportunities in protecting personal information as they "intersect" in the "open" commerce infrastructure.
Summary of Conference Conclusions
Exacerbating this challenging balancing act is the added reality that threats can come in ways and technologies not expected. For example, cloning of cards can be done using side channel attacks, which use variation in time, power or electro-magnetic radiation to determine the hidden secrets. When used internally, each bit of a secret key generates different EMR according to whether its value is 0 or 1. By interpreting these data correctly, fraudsters can obtain access to confidential information.
Some key conclusions and countermeasures were identified and included:
There was acknowledgement that the challenge remains to develop further protocols for more effective hiding of the secret keys to mitigate the vulnerability of cards to attack.
Comodo is a leading global provider of security, authentication and assurance services for the Internet. Today, more than 150,000 customers in over 100 countries rely on Comodo to create trust in online transactions through distinct solutions that address the digital ecommerce and infrastructure needs of enterprises. Powered by Comodo's Digital Trust Lab (DTL), Comodo is helping enterprises around the world improve customer relationships, enhance customer trust and create efficiencies across their digital ecommerce operations. Comodo's industry leading solutions include integrated Web Hosting Management Solutions, Infrastructure Services, digital ecommerce services, Digital Certificate, Identity Assurance, customer privacy and vulnerability management solutions. For more information, visit Comodo - Creating Trust Online® - Comodo.com.
Comodo can be reached on + 1.888.266.6361 or + 1.703.581.6361
Dr. Walter has made substantial progress in the discovery of implementation weaknesses of side channel attacks during his time at Comodo, and pioneered a number of solutions of which the Mist algorithm is a notable example, (randomizing the key processing for stronger security). Much of this work at the Comodo Digital Trust Research Laboratory has now been made public, and can be downloaded from comodo.com/resources/research/cryptography/publications.php