The Friday Fry-up
@IDG'a weekly dose of cholesterol with the rich and famous
"We can argue that we're fully accounted, because in every transaction, the two people who are involved have a full audit trail of their account history. So it's all playing with words - and the final analysis is, is the system robust, will it work, is it economic?"by Russell Brown
-- Mondex's John Beric
John Beric is head of security for Mondex International, the UK-based company whose smartcard-based electronic cash system is in public trial in two centres - Swindon in the UK and Guelph in Canada - and has been franchised in many different countries, including here, where the major banks have formed a Mondex consortium.
There are other, competing e-cash and stored value card systems, but only Mondex allows exchange of value offline, between individual cards, without reconciliation to a deposit account. This gives the system a very appealing cost structure. It has also given rise to criticism of the Mondex security model, from a consultant for the New Zealand banks, and from security and crypto expert Ross Anderson, of the University of Cambridge Computer Laboratory.
Computerworld first asked Mondex New Zealand for comment on doubts about Mondex security three weeks ago. Eventually, an interview was arranged with Mondex International's security chief, John Beric, who spoke freely and at some length to Russell Brown on the issues raised in recent Computerworld stories.
Intriguingly, although Beric and Anderson have never spoken to each other about Mondex, though they did lock horns several years ago, when Beric was fraud advisor to the Association of Payment and Clearing Services (APACS) the entity which operates payment systems on behalf of UK retail banks and building societies. The two were on opposite sides of disputes about phantom withdrawals from ATM machines, which led to court cases and, ultimately, Anderson's 1993 case study, Why Cryptosystems Fail.
It is my understanding that Mondex's Australian member banks, and possibly others, have placed great emphasis on a report on tamper-resistance from Cambridge University, which was due Q1 of this year. Has this been delivered?
First of all, I think Mondex concentrates on having a complete security strategy - that means prevent, detect, recover. And in the prevention, we're under illusions. We know that the barriers to penetrating our system are the tamper-resistance and the cryptography. And we've known this every since Mondex was conceived in late 1989, early 1990. So we've been conducting extensive research on what makes chips tamper-resistance ever since then. I wasn't Mondex at the time, but I think we started our relationship with Cambridge in 1993, and at the time we had a strategy.
We looked at what makes a chip tamper-resistant. And the most fundamental aspect of a chip is the physics. If the physics doesn't enable tamper-resistance barriers to be sufficiently high, it doesn't matter what you do with the circuitry, it doesn't matter what you do with the logic, or with your software. If the physics can't support a certain level of tamper resistance, you're lost. So at the time we split our tamper-resistance strategy into three different areas of work.
And we realised that the basic physics is important and so we picked a lab that has won 26 Nobel prizes in physics to tell us about the physics of microcircuits - that is, the one run by Haroun Ahmed at Cambridge University. And I don't think we could have picked a better lab to tell us about the physics of electrons dancing down wires, about the physics of electrons representing data.
Ross Anderson of the same university told me that the evaluation was unlikely to be of value if there were no security experts involved.
Security isn't solely the preserve of security gurus. A criminal doesn't attack you along known frontiers - it's a street fight. He's going to find the weakest path of attack. Again, we're under no illusions. Chips can only ever be tamper-resistant - what one man can make, another man can unmake. But our research says that the best chips are ahead of the best attack techniques.
But what happens is that the best chips age. So I wouldn't use a chip that was designed six years ago today. So what you need in your strategy is a renewal strategy. So what you've got to be doing is looking ahead to the next design. So what we do is use labs all over the world, with the aim of finding out what are the weakest attack points today, then go to the suppliers and say 'fix this in the next generation'.
So we're in am arms race. We're never going to get to a point where we can fold our arms and say, right, that's the chip, we can go home tonight. It's a constant race. We're under no illusions - it's a bit like steel girders twist and break. It doesn't mean you can't make a bridge. You've got to know what stresses and tensions cause your girder to break and then you've got to build the bridge to take the load that's commensurate with that.
Okay, I wouldn't agree with Ross's assessment of the work function to break our chip, but we both agree it's getting harder.
I know that you've had risk reports done - what would be your assessment of the time and money equation?
We've got a completely different view of it. We might say, I can become a millionaire in seconds if I get the six digits of the lottery dead right. Now what's the probability of doing that? It's so difficult - and again it's multidisciplinary. It takes an enormous amount of effort to get bits out of a chip. It takes an even greater intellectual effort to appreciate what they mean. So Ross's assessments are woefully inadequate I just do not agree with them.
The thing is, it's not just me saying this. You might say there's a big conspiracy and I get soft people to audit us, but a lot of banks have put up a lot of money and I've had to jump through some really testing hoops. I've been examined by external auditors who are experts in this area. So there is an element of a lot of people having put a lot of money behind us - and they're not going to do it on a near-show.
I would have to say the Australian banks' report I obtained was by no means a ringing endorsement of your security model.
So what are we looking for? Is the core okay? We've got a prevention strategy - we take tamper-resistance very seriously. I don't know what the other [e-cash] schemes have invested in it, but we've invested an enormous sum. Quite possibly more than they have.
And we realise that there's never a complete answer and you've got to have a renewal strategy. So Mondex from the start has built in this migration strategy, which is a seamless renewal, so it allows us to take on the newest and best technology as it becomes available. So that within two years we've retired a generation of silicon.
That sounds to me like BSkyB - who are onto their tenth card in five years, trying to keep ahead of card pirates.
The big difference between us and BSkyB is that they're hooked to a decoder in your house that doesn't change. Whereas, my security resides in the chip. So there's a chip in the terminal and a chip in your hand. Every two years, both have changed.
Two years would seem ample time to compromise the system quite considerably.
But because I'm using the very best chips available, the best attack techniques don't get them. But I know the best attack techniques are moving forward, and it's it bit like, if you're a cliff, the sea's going to erode you. So if I use the same circuitry, it's going to get beat - of course it's going to get beaten.
The thing is, how long is it going to take and how much is it going to cost?
Again, back to the point - steel girders twist and bend, can I build a bridge? So in Mondex we've always been very careful to use both cryptography and tamper-resistance that are appropriate to the assets we're protecting. When we were in pilot mode it was appropriate to use symmetric cryptography and a particular chip. Now we've moved to an asymmetric cryptography and a better chip. And in a year's time, we're going to have more assets to protect, we've got a better chip.
Which chip will you be moving to in a year's time?
Well in fact we'll be moving to lots. Hitachi are developing a new one for us. Siemens and Motorola are developing chips for us ... the point I'm trying to drive home is that you've got to keep moving. You can't stand still. And if you haven't planned how you're going to keep moving, you're going to get caught in a timewarp. Now we're not going to get caught in a timewarp, we're going to keep moving.
We still have to come back to Ross Anderson's original conclusion in Tamper Resistance - A Cautionary Note. Which is that the problem here is that your secure device, the card, is out in the wild in great numbers ...
Absolutely. And you've got to believe in it and you've got to know what its weaknesses are ....
... and that bad people have unimpeded access to it, which makes it very hard to protect your key material.
Yeah, I don't doubt that. And unusually for a product, the guy you give it to is your enemy as well, in a way. You're right, you can't trust anyone. Everyone is going to have a go at your system. So what do you do? In terms of where we are, off the cuff I would guess that the US government could break us. I don't think Iran or Iraq could do it. I don't think a third-world country could do it.
Could a commercial reverse-engineering firm do it?
I think with time and effort the very best could. As I say, what one man can do, another man can undo. But it's a case of, are the rewards there? What makes a system secure? It's not that you've got perfect barriers. What makes it secure is that the criminal won't get his money back.
That's the point of having an integrated package. So we've got our prevention mechanism, which sets the height of the wall. And then you've got to make sure that your detection works so that your recovery mechanism cuts in before the guy's got his money back.
Another misconception about Mondex is that we're entirely offline. Not true. It's a hybrid online-offline system. So every time you go to the bank to make a withdrawal or deposit, that will be a fully accounted transaction. It will be booked. And all our chips have limits on them, in terms of their activity, in terms of their balance, which eventually drive them back to the bank. Now obviously, the more active a card is, the more likely it is to be driven back to the bank.
At that point we will run statistical sampling. I'm sure you're aware of the power of statistics. The recent UK election was predicted to within half a percent on the basis of asking 1300 people what they thought.
And there were other polls which said the election would be neck-and-neck. The basis of that model, surely, is the purse classes and transaction records, which are both carried on the card, and are both, in theory vulnerable to rewriting by an attacker. What's to prevent that?
Nothing, but you see to exploit that you've got to convert your ill-gotten gains. You've got to go to some legitimate place somewhere, because at that point you don't want Mondex value, you want liquor or fags or you want to gamble, you want to buy a car. So what happens is that money washes up somewhere and it sends a statistical sample to us that something is not right in the Mondex economy.
Now, if you try to drip-feed small amounts in, you will never get your money back. So that doesn't make a good business case for you. What you've got to do is push in big amounts and you've got to do it quickly before we change the technology underneath you. But if you try and push big amounts, you're almost certain to get caught by the statistical sampling.
So the logic with us is that full accounting doesn't make sense. What you need is an appropriate resolution. It's a bit like aeroplanes. They don't come in at the height of grass when they attack you - there's a certain minimum level that planes will come at to attack you. There's a certain minimum investment that a criminal has to recover.
And obviously we've got simulation models and things, so we test out what happens if this guy does this, and work out how he's going to spread the value, how he's going to fence it. Is he going to drip-feed it through a thousand confederates? Is he going to try and find a friendly retailer? We run through all these scenarios and we see how the statistical signal will come to us. So we've got a resolution which enables us to spot that a criminal is at work before he's got even a small percentage of his investment back. And at that point, we change the ground underneath him.
That criminal is going make it very difficult for you to find him if he falsifies his transaction records, isn't he?
Don't forget, I'm an online-offline system. So I can turn up the amount of data I'm collecting. In the Mondex system, as long as things are hunky-dory, you collect enough to keep checking that it's hunky-dory. If you start finding a problem, you start getting the retailers to return more and more of their data. You as an individual, if you so choose, can fully account all of your transactions. As you know, your card carries a rolling log of 10 transactions - you can go back home and dump that onto your PC. And what's more, those logs will be digitally signed - people recognise the signature and they are in some sense a legal receipt. So you as an individual can see an entire log of all your transactions. This is true of retailers, if they so wish.
The unique proposition of Mondex is that we don't need a central database, not one running all the time. But if we think something is going wrong, the recover mechanisms are to turn up the heat on the data that's being collected, and to wind down the activity limits that cause people to come back to the bank.
And if there's a real meltdown - mass counterfeiting of chip-cards - what we'd do is what's called a cut-off. We'd bring down that particular generation of Mondex and in parallel bring up a new generation, with completely different silicon and completely different cryptography. The basic message is: you've got to prevent, you've got to detect, you've got to recover. And you've got to have levers in your recovery mechanism by which you're only marginally degrading the service that your customers are getting, but the criminal is finding big brakes on the rate at which he can convert his ill-gotten gains.
One of things is that the purse can be cut, which then forces your criminal to go directly to a retailer. I don't know what it's like in New Zealand, but in the UK, most retailers have closed circuit TV over a point of sale. Once you've kicked that in, you've removed a lot of the Mondex proposition, but the criminal is severely inconvenienced. Now, if you're a criminal and you know we can do all of this, are you going to invest the huge sum required to break us, on the risk that you might not get your money back?
We keep coming back to this. How "huge" is the sum we're talking about?
Well, it varies, doesn't it? At the moment, with the very best chips there's not enough money to do it. But in four years' time those chips will fail. That's the whole point about reviewing and staying ahead of the curve.
The Australian banks' due diligence report states plainly that their security people were unable to satisfy themselves that your risk management database actually worked as advertised.
You've got an advantage over me, because I never saw that report. I've seen the simulation models, and it's been audited by other people. The danger in this game is that you fool yourself. But there's been enough people through the doors of Mondex, really kicking the tyres. Okay, there's a danger that we're deluding ourselves, but I don't believe so. There's been enough external input and audit that I believe the process is robust.
And we're doing nothing unusual - if you look at today's banking systems, they sample the transactions according to the risk. I'm sure you're aware of the concept of floor limits - you hit a certain value, you go online. The Mondex system is no different to that. Very small value transactions, we'll sample a very few percent. But as the transaction value gets more and more, we'll sample more and more - until with the big transactions you'll see 100% sampling.
So the big transactions in Mondex are still a reality? I keep hearing that rumours to the contrary.
Well, if you're a retailer for instance, you'll be collecting a lot of value. But almost certainly the retailer purse will have to disgorge its value into a bank. And that will always been an online transaction. And it'll be tracked in a database and you'll compare that retailer against the average for the sector nationally or locally. So you're looking for statistical signals that someone, somewhere is behaving out of kilter.
Are you disappointed then that the US Federal Deposit Insurance Corporation has ruled that e-cash not tied to a deposit account will not be insurable?
I'm responsible for the prevention barriers ...
Well, this is a security issue. The FDIC appears to have limited trust in any system which doesn't reconcile to a deposit account. That would seem to imply some problems for the deployment of Mondex in the US.
Well, as far as I know we're still going great guns in the States. One mustn't confuse prevention with detection. If you're sampling 50% or 100%, it doesn't alter how good your prevention barrier is. What stops a criminal getting there in the first place is that the walls are high enough. And then the trick after that is to make sure you capture the right data to make the right decisions. So it's short-sighted to assume that because you fully account, your prevention mechanisms are better.
What you have to have to do is examine the piece as a whole. Do these guys' prevention barriers stack up? Do they actually know what makes a chip good or bad? I would argue we certainly do know what makes a chip good or bad.
Are there any territories where the central bank has said that Mondex will have to reconcile all transactions?
I can't say that I've spoken to every central bank, but I've made presentations to many of them. And no one's said the philosophy is flawed. No one's said that that, if it's done correctly, sampling isn't the right strategy.
Because if you look at the business case, if you have a fully accounted transaction system, you've got a flaw. You're maintaining a central database, and I don't know what the cost of that is, but let's argue it's 10 cents a transaction. What that means is that when you come to buy a newspaper with your electronic purse card, the poor newsagent has to recover 10 cents over and above the cost of the newspaper to make the transaction economic. Now there are some transactions on the Net where you'll look at 100 pages and it's going to cost you two cents. How are you going to service those transactions?
There's no doubting the appeal of the business proposition - I can see that clearly enough.
Yes. And at Mondex we're trying to engineer a solution. It's exactly like building a bridge. You accept that the components themselves might not be as good as you want them to be, but if you integrate them correctly, you'll make something that's workable, where the risk is manageable.
Let's be honest - no system is fraud-proof. If I were to claim Mondex is fraud-proof, you'd say I was an idiot. And you'd be right. We don't claim that. The system has to be built to tolerate a loss. If you don't design your system like that, you've had it. We've designed a system that will tolerate loss. I hope that we never suffer it, but professionally we've got to expect it and be prepared. Only Mondex can tolerate loss.
So what happens in the case of a Mondex card emulator for the PC, which I'm sure is something we can expect?
That's a very favourite scenario in our simulations. You assume someone somewhere has got an emulator. So what he's got to do is fence out value. What you don't do, of course, is dial up your bank and dump a million pounds. Clearly, that's a bit of a give-away. So you're forced into this strategy where you've got to fence the stuff off. Well, immediately your costs go up because you've got intermediaries in the chain. You've got to feed them.
It's not going to cost too much to feed intermediaries, even unwitting intermediaries, over the Internet, is it?
Hold on. If you're doing things over the Internet, you've got to get the goods somehow. And when you're fencing goods, there's always an informer. The head of security in the French banking system said that every counterfeiting gang that had more than 10 people in it had an informer. So once you start increasing the number of people involved, you have a risk of an informer. So all sorts of other dynamics start entering the equation.
So anyway, back to the emulator. You've got this PC and you make lots of value which you can't directly exploit because you immediately send a signal. So what you've got to do is fence the value off. And ideally what you'd like is someone who's got a big appetite for money - like a retailer. Unfortunately, retailers who deposit their money out of pattern are being caught today through the money-laundering regulations that banks have to observe. So it's very difficult to wash value.
Sure, but once it's out there in the system, you can't tell good value from bad value.
I could say the same of counterfeit dollar bill.
No you couldn't. They won't just look the same - they will be the same thing.
The thing is, if you're going to get some value for a dud, you don't have to make a perfect counterfeit bill today. Because the detection isn't good enough. But if there was some feature which wouldn't allow slipshod counterfeits through, the counterfeiter would be forced to make a perfect copy. And then all you'd see is two bills with the same serial number and the central bank couldn't tell the difference.
In theory, there's nothing to stop me making the perfect counterfeit dollar bill, but I don't have to do that to get the return. With Mondex, you can't go part of the way. You've got to climb to whole wall. And that's what makes our prevention barrier significant.
Once again, once that value is in the system, it's as good as real value, it's untraceable ...
That's not true because of the way we migrate things, we can age value.
Can you explain that to me?
Well, it's really quite complex to do over the phone ...
So value can be date-marked?
Well, no ... yeah it can. Yes it can. What we can do is at periods of cut-off, we can do an audit. What we would do in that situation is that we see the system looks unhealthy. Our statistical sampling has said there's more money in the Mondex economy than we've printed, and depending on how bad or how serious it is, we'd move to the final stage which is a cut-off. We'd say, we're drawing a line on this technology and this cryptography. Then we'd bring the system up with a new chip, new cryptography. And that enables us to find out precisely what happened in the old system.
What's the cost likely to be of such an event?
Again, we do that in our simulation model. And you're right, that's a very interesting point.
I presume any kind of migration or cut-off would have to be global.
Indeed. And in time we're looking at how we might segment that. But currently, yes, it would be global. You're right, these are very important points.
Onto a smaller matter, what happens in the town of Swindon when people's Mondex cards fail, as I'm told smartcards do? What happens if I walk into a bank with a dead card and say, I had £1,000 on this and I want it back?
You're right, this is a very important issue, consumer relations. Reliability is the most critical factor of an electronic purse. It's got to work, all the time. And if your card fails with some money on it, you've got to be reliably reimbursed. And what we've found in Swindon is some failures happen where bond wires break and things like that. So some failures we can actually repair. And where we've done that, we've found that what the customer said they wanted and what was on the card have agreed totally. But we don't always do that, because that's a cost. As I understand it, there's no quibble in Swindon - you just get your money back.
What happens if you're particularly unlucky and it happens twice to you? You can be unlucky. There are some failures that are clearly accidental. Obviously, we don't want to be a free ride. We don't want people hitting their chips with hammers and coming in and saying they had a full balance on them. In practice what we've done is we've erred totally on the side of paying the consumer back. I've never seen a press report of a customer in Swindon complaining that they haven't had their value reimbursed. Of the cards that have been returned, some have obviously been tampered with, some have obviously had 240 volts put through them, and some have obviously just spontaneously failed. There is an issue here, but the banking industry is getting better at handling consumer relations.
I notice that in the AT&T trial which has just launched in the US, transactions anywhere in the system have been limited to a maximum of $1000. Is that likely to be the reality in future real world implementations - that whatever the potential, limits will be set fairly low?
I don't know how the product will evolve, but it was always designed be economic to capture the low-value transactions. But I believe the design is good enough to support higher-value transactions as well. Whether you do that is a commercial issue, but the technology clearly can support high-value transactions.
Getting back to Ross Anderson at Cambridge - why is he so implacably opposed to Mondex? Why haven't you been able to convince him it its merits?
I've never spoken to him - well, I have, but never on the subject of Mondex. The problem is a bit of a mismatch. I think I've been very open - for instance the Mondex Value Transfer Protocol is in a European standard - the tyres have been kicked for years by probably hundreds of experts. And we talk about migration and we talk about cut-off and about statistical sampling.
So I've convinced myself - I believe the detection strategy is appropriate. You don't really need to see every ha'penny to know what the system's doing. It doesn't make sense to track a ha'penny transaction. So there's an appropriate level of resolution and sampling that you have to do to know what's going.
If you look at industrial processes, very rarely do you have a hundred percent sample. To me it seems what we're doing is reasonable. You might argue that we're not doing enough, but it's reasonable not to capture every transaction. And then you might say, will the purse class mechanisms do what you want them to do, which is to funnel all the high-risk transactions back to the online system quickly. Okay, that's a tuning issue - we've got a simulation model and we've practised different limits and strategies and so on, and we'll see which one defeats different fraud exploitation strategies.
I keep coming back to this, it's an arms race. It's a battle of wits and as long as we maintain the value system of constant change, we'll be okay. If we ever become complacent and say we've tamper-proofed, well then we're dead. I hope we never get there and as long as I'm in charge we won't.
So ... if your sampling indicates something is amiss in the system, what in escalating order are the measures at your disposal?
Each chip has activity measures - so we can start winding down the activity limits that cause online interaction. So for instance, a retailer might have a $10,000 pot on his terminal. We'll wind that down to say $2500, so he has to come online more often.
As soon as he comes online, we know there's a problem. Don't forget, you have to come back eventually. Then we wind down the parameters that cause him to come online. We can also cut links in how purses transact, so we can cut the purse-to-purse limit. Let's say that doesn't work and we're still in trouble, we flip a migration to new cryptography. If that doesn't do enough, ultimately the coup de grace is a cut-off.
So firstly we try and do painless things that slow the rate of ingress down. If the rate of ingress is still too painful, we do a bit more - which is migration. If the rate of ingress is still bad, we ultimately do a cut-off.
So we've got a range of progressive measures that hurt the customer more and more. Obviously, we don't want to do that, we don't want to inconvenience genuine people.
Have you come across the concept of "false acceptance, false rejection"? The idea there is that what you don't want to do is wrongly hurt the good guys and mistakenly let the bad guys in, thinking they're good guys. You can never have any system tuned so that only the good guys get through and only the bad guys never do. You always make the two possible mistakes - falsely recognising a bad guy as good, and false recognising a good guy as bad. So in your control system, you want to not hurt the good guys, while keeping the majority of bad guys at bay.
If it's not a big enough inconvenience to the bad guys, we keep upping the ante. And unfortunately, a side effect of that is that you're hurting the good guys more and more.
So it's a finely balanced judgement as to how and when you do things. But we do have mechanisms to say ultimately we freeze the system and bring it up in a different incarnation. That's the meltdown.
That's pretty serious. Yeah, it is, we accept that. But it shows that we've thought about it.
The level of data you're going to get from sampling isn't going to tell you enough about where fraud is going in the system, especially if an attacker has managed to gain sufficient access to the card to change things like purse classes and transaction records.
Don't forget, he's only changing it on his card, which is a dud anyway. And he's got to interact with the genuine world, so he's leaving a trace behind of his interaction. So I'm not interrogating him, I'm interrogating the people he deals with. So when he goes to a retailer to buy something, he will leave a trace - the identity of the card he's cloned will be there. And that's when my online systems will pick him up. So I'm not looking at him, I'm looking at the trail he leaves as he walks round the Mondex world.
Are you going to be able to find him quickly enough? He'll have the ability to make a lot of online transactions very quickly.
Yeah, but what will he be getting online? As far as I know, the software world is not a big game. What are the big value items you want in your life. Fast car, nice house, these sort of things. Well, I need an address to deliver them to. We still live in a material world. And if you're converting this value, it's got to leave a trace in the physical world of where the things you're exchanging the Mondex value for get delivered to. You either go and pick them up personally, or they're delivered to you. Either way, you're leaving a forensic trail.
And this is not a new problem. If you look at how counterfeit cash gangs are broken up, they leave a signature in their spending patterns that allows the law enforcement people to track them down. So we're not introducing a new class of problem.
So why in that case is no one else doing a Mondex-style system?
Well, I think maybe if you scratch beneath the surface you might find that they're not as diligent as they might be in collecting all transactions. We live in a very competitive world, and people are trying to position themselves contra-Mondex. Many years ago I was involved in electronic purse standardisation in Europe. And in the first meeting all the designers said that their plan was to truncate data. So in this game there's convergence.
Watch this space - I think a lot of people are setting themselves up to be different from Mondex and are saying, 'we fully account'. Okay, they might collect all the data. But where does it go, how is it truncated? We can argue that we're fully accounted, because in every transaction, the two people who are involved have a full audit trail of their account history. So it's all playing with words - and the final analysis is, is the system robust, will it work, is it economic?
And the designers of Mondex have gone with a particular portfolio of prevent-detect-recover, which they believe is economically efficient and meets the market needs. And if we're right, all the others are going to converge on us.