📄 24-11.html
字号:
<option value="/reference/dir.security1.html">Security <!-- <option value="/reference/dir.ewtraining1.html">Training Guides --> <option value="/reference/dir.userinterfaces.html">UI <option value="/reference/dir.webservices.html">Web Services <option value="/reference/dir.webmasterskills1.html">Webmaster <option value="/reference/dir.y2k1.html">Y2K <option value="">----------- <option value="/reference/whatsnew.html">New Titles <option value="">----------- <option value="/reference/dir.archive1.html">Free Archive </SELECT> </font></td> </tr> </table> </form><!-- LEFT NAV SEARCH END --> </td> <!-- PUB PARTNERS END --><!-- END LEFT NAV --><td rowspan="8" align="right" valign="top"><img src="/images/iswbls.gif" width=1 height=400 alt="" border="0"></td><td><img src="/images/white.gif" width="5" height="1" alt="" border="0"></td><!-- end of ITK left NAV --><!-- begin main content --><td width="100%" valign="top" align="left"><!-- END SUB HEADER -->
<!--Begin Content Column -->
<FONT FACE="Arial,Helvetica" SIZE="-1">
To access the contents, click the chapter and section titles.
</FONT>
<P>
<B>Applied Cryptography, Second Edition: Protocols, Algorthms, and Source Code in C (cloth)</B>
<FONT SIZE="-1">
<BR>
<I>(Publisher: John Wiley & Sons, Inc.)</I>
<BR>
Author(s): Bruce Schneier
<BR>
ISBN: 0471128457
<BR>
Publication Date: 01/01/96
</FONT>
<P>
<form name="Search" method="GET" action="http://search.earthweb.com/search97/search_redir.cgi">
<INPUT TYPE="hidden" NAME="Action" VALUE="Search">
<INPUT TYPE="hidden" NAME="SearchPage" VALUE="http://search.earthweb.com/search97/samples/forms/srchdemo.htm">
<INPUT TYPE="hidden" NAME="Collection" VALUE="ITK">
<INPUT TYPE="hidden" NAME="ResultTemplate" VALUE="itk-full.hts">
<INPUT TYPE="hidden" NAME="ViewTemplate" VALUE="view.hts">
<font face="arial, helvetica" size=2><b>Search this book:</b></font><br>
<INPUT NAME="queryText" size=50 VALUE=""> <input type="submit" name="submitbutton" value="Go!">
<INPUT type=hidden NAME="section_on" VALUE="on">
<INPUT type=hidden NAME="section" VALUE="http://www.itknowledge.com/reference/standard/0471128457/">
</form>
<!-- Empty Reference Subhead -->
<!--ISBN=0471128457//-->
<!--TITLE=APPLIED CRYPTOGRAPHY, SECOND EDITION: Protocols, Algorithms, and Source Code in C//-->
<!--AUTHOR=Bruce Schneier//-->
<!--PUBLISHER=Wiley Computer Publishing//-->
<!--CHAPTER=24//-->
<!--PAGES=589-592//-->
<!--UNASSIGNED1//-->
<!--UNASSIGNED2//-->
<CENTER>
<TABLE BORDER>
<TR>
<TD><A HREF="24-10.html">Previous</A></TD>
<TD><A HREF="../ewtoc.html">Table of Contents</A></TD>
<TD><A HREF="24-12.html">Next</A></TD>
</TR>
</TABLE>
</CENTER>
<P><BR></P>
<H3><A NAME="Heading16"></A><FONT COLOR="#000077">24.15 Universal Electronic Payment System (UEPS)</FONT></H3>
<P>The UEPS is a smart-card banking application initially developed for rural South Africa, but later adopted by all of that country’s major banking groups. About 2 million cards were issued in that country by early 1995. It has also been adopted in Namibia, and is also being deployed by at least one bank in Russia.
</P>
<P>The system provides a secure debit card suitable for regions where poor telephone service make on-line verification impossible. Both customers and merchants have cards; customers can use their cards to transfer money to merchants. Merchants can then take their cards to a telephone and deposit the money in their bank account; customers can take their cards to a telephone and have money moved onto their card. There is no intention to provide anonymity, only to prevent fraud.</P>
<P>Here is the communications protocol between customer Alice and merchant Bob. (Actually, Alice and Bob just plug their cards into a machine and wait for it to complete the transaction.) When Alice first gets her card, she is given a key pair, <I>K<SUB>1</SUB></I> and <I>K<SUB>2</SUB></I>; the bank calculates them from her name and some secret function. Only the merchant cards have the secrets necessary to work out these customer keys.</P>
<DL>
<DD><B>(1)</B> Alice sends Bob her name, <I>A</I>, his name, <I>B</I>, and a random number, <I>R<SUB>A</SUB></I>, encrypted using DES: first with <I>K<SUB>2</SUB></I> and then with <I>K<SUB>1</SUB></I>. She also sends her name in the clear.
<DL>
<DD><I>A, E<SUB><SMALL>K</SMALL></I><SUB>1</SUB></SUB>(<I>E<SUB><SMALL>K</SMALL><SUB>2</SUB></SUB>(A, B, R<SUB>A</SUB></I>))
</DL>
<DD><B>(2)</B> Bob calculates <I>K<SUB>1</SUB></I> and <I>K<SUB>2</SUB></I> from Alice’s name. He decrypts the message, confirms that <I>A</I> and <I>B</I> are correct, then encrypts Alice’s unencrypted second message with <I>K<SUB>2</SUB></I>.
<DL>
<DD><I>E<SUB><SMALL>K</SMALL><SUB>2</SUB></SUB>(A, B, R<SUB>A</SUB></I>)
</DL>
<BR>Bob does not send this message to Alice; 56 bits of the ciphertext become <I>K<SUB>3</SUB></I>. Bob then sends Alice his name, her name, and another random number, <I>R<SUB>B</SUB></I>, encrypted using DES: first with <I>K<SUB>3</SUB></I> and then with <I>K<SUB>1</SUB></I>.
<DL>
<DD><I>E<SUB><SMALL>K</SMALL><SUB></I>1</SUB></SUB>(E<SUB><SMALL>K</SMALL><SUB>3</SUB></SUB>(<I>B, A, R<SUB>B</SUB></I>))
</DL>
<DD><B>(3)</B> Alice computes <I>K<SUB>3</SUB></I> in the same manner Bob did. She decrypts Bob’s message, confirms that <I>B</I> and <I>A</I> are correct, then encrypts Bob’s unencrypted message with <I>K<SUB>3</SUB></I>.
<DL>
<DD><I>E<SUB><SMALL>K</SMALL><SUB>3</SUB></SUB>(B, A, R<SUB>B</SUB></I>)
</DL>
<BR>Alice does not send this message to Bob; 56 bits of the ciphertext become <I>K<SUB>4</SUB></I>. Alice then sends Bob her name, his name, and the digital check, <I>C.</I> This check contains the names of the sender and recipient, a date, a check number, an amount, and two MACs, all encrypted using DES: first with <I>K<SUB>4</SUB></I> and then with <I>K<SUB>1</SUB></I>. One of the MACs can be verified by Alice’s bank, and the other can only be verified by the clearing center. Alice debits her account by the correct amount.
<DL>
<DD><I>E<SUB><SMALL>K</SMALL><SUB></I>1</SUB></SUB>(E<SUB><SMALL>K</SMALL><SUB>4</SUB></SUB>(<I>A, B, C</I>))
</DL>
<DD><B>(4)</B> Bob computes <I>K<SUB>4</SUB></I> in the same manner Alice did. Assuming all the names match and the check is correctly formed, he accepts it for payment.
</DL>
<P>A really clever thing about this protocol is that the encryption key for each message depends on the previous message. Each message doubles as an authenticator for <I>all</I> previous messages. This means that someone can’t replay an old message; the receiver could never decrypt it. I am impressed with this idea and expect that it will see wider use once it becomes widely known.</P>
<P>Another clever thing about this protocol is that it enforces correct implementation. If the application developer doesn’t implement this protocol correctly, it just won’t work.</P>
<P>Both cards store records of every transaction. When the cards eventually go online to communicate with the bank—the merchant to deposit his money and the customer to get more money—the bank uploads these records for auditing purposes.</P>
<P>Tamperproof hardware prevents either participant from messing with the data; Alice cannot change the value of her card. Extensive audit trails provide data to identify and prosecute fraudulent transactions. There are universal secrets in the cards—MAC keys in the customer cards, functions to convert customer names to <I>K<SUB>1</SUB></I> and <I>K<SUB>2</SUB></I> in the merchant cards—but these are assumed to be difficult to reverse-engineer.</P>
<P>This scheme is not meant to be perfect, only more secure than either paper checks or traditional debit cards. The threat of fraud is not from rival militaries, but from opportunistic customers and merchants. UEPS protects against that kind of abuse.</P>
<P>The message exchange is an excellent example of a robust protocol: Every message names both parties, includes unique information to ensure freshness, and depends explicitly on all the messages that came before it.</P>
<H3><A NAME="Heading17"></A><FONT COLOR="#000077">24.16 Clipper</FONT></H3>
<P>The Clipper chip (also known as the MYK-78T) is an NSA-designed, tamper-resistant VLSI chip designed for encrypting voice conversations; it is one of the two chips that implements the U.S. government’s Escrowed Encryption Standard (EES) [1153]. VLSI Technologies, Inc. manufactures the chip, and Mykotronx, Inc. programs it. Initially, the Clipper chip will be available in the AT&T Model 3600 Telephone Security Device (see Section 24.18). The chip implements the Skipjack encryption algorithm (see Section 13.12), an NSA-designed classified secret-key encryption algorithm, in OFB only.
</P>
<P>The most controversial aspect of the Clipper chip, and the entire EES, is the key-escrow protocol (see Section 4.14). Each chip has a special key, not needed for messages. This key is used to encrypt a copy of each user’s message key. As part of the synchronization process, the sending Clipper chip generates and sends a <B>Law Enforcement Access Field</B> (<B>LEAF</B>) to the receiving Clipper chip. The LEAF contains a copy of the current session key, encrypted with a special key (called the <B>unit key</B>). This allows a government eavesdropper to recover the session key, and then recover the plaintext of the conversation.</P>
<P>According to the director of NIST [812]:</P>
<BLOCKQUOTE><P>A “key-escrow” system is envisioned that would ensure that the “Clipper Chip” is used to protect the privacy of law-abiding Americans. Each device containing the chip will have two unique “keys, ” numbers that will be needed by authorized government agencies to decode messages encoded by the device. When the device is manufactured, the two keys would be deposited separately in two “key-escrow” databases established by the attorney general. Access to these keys would be limited to government officials with legal authorization to conduct a wiretap.
</P>
</BLOCKQUOTE><P>The government also wants to encourage the sale of telephones with these devices abroad; no one knows what might happen to those key-escrow databases.
</P><P><BR></P>
<CENTER>
<TABLE BORDER>
<TR>
<TD><A HREF="24-10.html">Previous</A></TD>
<TD><A HREF="../ewtoc.html">Table of Contents</A></TD>
<TD><A HREF="24-12.html">Next</A></TD>
</TR>
</TABLE>
</CENTER>
[an error occurred while processing this directive]
<!-- all of the reference materials (books) have the footer and subfoot reveresed --><!-- reference_subfoot = footer --><!-- reference_footer = subfoot --><!-- BEGIN SUB FOOTER --> <br><br> </TD> </TR> </TABLE> <table width="640" border=0 cellpadding=0 cellspacing=0> <tr> <td align="left" width=135><img src="/images/white.gif" width=100 height="1" alt="" border="0"></td> <!-- END SUB FOOTER -->
<!-- all of the books have the footer and subfoot reveresed --><!-- reference_subfoot = footer --><!-- reference_footer = subfoot --><!-- FOOTER --> <td width="515" align="left" bgcolor="#FFFFFF"><font face="arial, helvetica" size="1"><b><a href="/products.html"><font color="#006666">Products</font></a> | <a href="/contactus.html"><font color="#006666">Contact Us</font></a> | <a href="/aboutus.html"><font color="#006666">About Us</font></a> | <a href="http://www.earthweb.com/corporate/privacy.html" target="_blank"><font color="#006666">Privacy</font></a> | <a href="http://www.itmarketer.com/" target="_blank"><font color="#006666">Ad Info</font></a> | <a href="/"><font color="#006666">Home</font></a></b> <br><br> Use of this site is subject to certain <a href="/agreement.html">Terms & Conditions</a>, <a href="/copyright.html">Copyright © 1996-1999 EarthWeb Inc.</a><br> All rights reserved. Reproduction whole or in part in any form or medium without express written permision of EarthWeb is prohibited.</font><p></td> </tr></table></BODY></HTML><!-- END FOOTER -->
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -