Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Cell phone tracking

Guido Witmond guido at witmond.nl
Sat Jun 1 03:58:19 PDT 2013


Dear mr Schoen,

On 01-06-13 02:57, Seth David Schoen wrote:

>
> Arvind Narayanan has just pushed a two-part paper in _IEEE Security&
> Privacy_ about exactly this point:
>
> http://randomwalker.info/publications/crypto-dream-part1.pdf
> http://randomwalker.info/publications/crypto-dream-part2.pdf
>
> Narayanan argues that "a mis-alignment of incentives frequently
> occurs" to discourage the use of cryptography to protect privacy
> (particularly in the strongest end-to-end sense) and that there is
> minimal demand for protecting data against intermediaries and service
> providers.
>
> (I find this paper extremely depressing, but it does describe actual
> events.  If I were writing this paper, I would continue to ask how we
> can increase demand for cryptographic privacy mechanisms rather than
> declaring defeat.)

I'm not so depressed by it. In fact the paper clearly outlines the
problems and the way out.

But there is the crypto-trap, it must be perfect or it is useless.
It doesn't have to be that way. Here is a simple way to start. We won't
start to solve the privacy problem. We attack other simpler problems
with crypto. From there we can venture into more privacy.

Here's how.

With anonymous client certificates, we can solve the password problem
when people sign up for an account. It eases the usability of websites
(no more hassle with passwords or email addresses) and it makes site
building easier as client side crypto is already part of every mature
web server.

By making it easier, time will come that passwords are considered more
expensive than client certificates. The push comes from companies that
need to pinch money.

Once we've replaced password authentication, the same client
certificates can be used to write authenticated messages. At first, it
could be used by banks to communicate with their clients. By using
client certificates as third-level authentication (in addition to
pin-based TAN-generators) it can defeat most phishing attempts. Even if
the customer falls for it and tries to log in at the phishers' site, the
bank detects it and blocks the account.

Here the demand for crypto comes from the financial pressure on banks to
solve the phishing problem.

The end user, although he has a privacy wish to protect him/herself
against advertisement networks, doesn't have a clue on how to get that
protection. He doesn't need it. He needs computers that do the
protection for him. The system above to end the password problem and
phising problem is aligned with the financial pressure.

The things we need to get there are pointed out by Arvind Narayanan in
his papers too:

1. We need completely automated key management, invisible to the user;

2. We need computers that are trustworthy.

The good news, is: there is light at the end of the tunnel.

I've been working on the first part with my eccentric-authentication
'protocol' [1]. It shows what we can do with anonymous client certificates.

And there are plenty of people working on the trustworthy computers.
Just like the drive to virtualisation on the server is a drive to
compartmentalization, we see a rise of operating systems that bring that
to client computers: genode.org, coyotos.org, qubes-os.org. Many more.

With the high speed of replacement in the mobile and tablet markets, it
offers opportunities that better not be wasted.


>
>
> * To pick up on Narayanan's argument, even if this kind of service
> is legal and even if carriers thought it was a reasonable service
> for them to offer, we might expect problems with demand for it.  One
> problem for the level of demand for blinded e-cash payments for
> telecommunications services is that if users lose their mobile
> devices and don't have suitable backups, they lose all of their
> prepaid account value (because it existed only in the form of e-cash
> on the devices).

To answer this with another current development: real time synchronization.

Many people already use dropbox to synchronize their phone with their
PC. Combine that with a fingerprint scanner (and pincode) at the phone
to identify yourself to the phone and the loss/theft of the phone won't
mean the loss of data nor e-cash.


Respectfully, Guido Witmond

[1]. http://eccentric-authentication.org/



More information about the liberationtech mailing list