[hcs-d] Fwd: New Harvard ID Card Announcement

Keito Uchiyama keito at hcs.harvard.edu
Thu Jul 10 11:08:31 EDT 2008


On Jul 10, 2008, at 12:45, Joshua Kroll wrote:

> And there are
> plenty of applications where it might not be sensible to have an
> RF-emitting and power hungry prox sensor. For example, it would be
> useful on vending machines, which might not support such newfangled
> gadgetry, or in dining halls.

Well I don't think it's impossible to completely retire the magnetic  
strip--many universities in Japan have done so, and many vending  
machines in stations in Tokyo now have IC card payment options. IC  
card readers are relatively inexpensive (around 20 USD retail), so it  
wouldn't be a complete dream for Domna to start, well, touching cards  
instead of swiping them. (In fact, it would likely reduce queues at  
Annenberg, though that's probably not such an issue in house dining  
halls.)

> I think the plan is to go to a tiered security model in which
> different applications are secured by different aspects of the card
> (this came from our Scott Bradner talk in the spring - if you missed
> it, well, now you know what you missed (we also discussed DNSSec, so
> it all really comes together)). It would be advantageous for them to
> continue to use the unsecured strip for certain things (assuming the
> other strip is in fact more secure) on the theory that it segments
> attacker classes. Of course, this is somewhat stupid since magstripe
> is magstripe and phasing out the less secure strip is almost certainly
> a good idea across the board.

I didn't attend the talk, but could you fill us in on why a tiered  
security model is more secure? I would think that having one secure  
method of authentication on the card (e.g., the IC chip) that does  
everything is more secure than having several different systems with  
differing levels of security on the card (unless you rely on the fact  
that an attacker will waste time trying to crack all the different  
authentication systems on the card). The universities in Japan that I  
mentioned above don't seem to use this tiered security model. Maybe  
they're doing something wrong, but I'm sure they've each done their  
research.

> Who wants to be that the 1D barcode on the front has been supplimented
> by a 2D barcode? Recall that they can't eliminate the 1D barcode, or
> they'd have to replace all of the library hardware.

I'm sure the Harvard University library system has enough money to buy  
card readers for each library in the system...? Even if that purchase  
comes much later on, what would be the benefit of having a 2D barcode  
on the card, if the current scanners can't read them? I feel like 2D  
barcodes are only useful in situations where the code has to be  
printed on some disposable medium (e.g., boxes in the postal system,  
temporary tickets, printouts from web pages).

Beyond all the authentication stuff, I'm looking forward to what new  
design (if any) they have in store for the new cards. The current  
design is pretty crappy compared to other universities :) I feel like  
the space that currently says "STUDENT" will be put to better use,  
since they phased out putting anything there for staff, and their  
cards look pretty blank now.

Keito U.

> On Wed, Jul 9, 2008 at 8:38 PM, Keito Uchiyama  
> <keito at hcs.harvard.edu> wrote:
>> I also read this e-mail with great interest. Personally, I'm  
>> wondering what
>> the second, thinner magnetic strip will do; if it's for future use,  
>> why
>> wouldn't said future uses use the IC card system also? Presumably  
>> the second
>> strip contains information not in the original strip, but what  
>> information
>> would it contain besides the HUID or other unique identifier? (Or  
>> maybe it
>> just means they'll phase out the older strip in later iterations of  
>> the
>> card, and the newer strip is more secure.)
>>
>> Keito U.
>>
>> On Jul 10, 2008, at 12:29, Joshua Kroll wrote:
>>
>>> This seems worth a discussion. Notably, I'm guessing these use some
>>> sort of pseudo-secret easy-to-cryptanalyze cipher like most cards of
>>> their ilk. Still, I suppose attacks aren't quite as point-and- 
>>> click as
>>> we observed with the last design. Of course, if they're retaining  
>>> the
>>> legacy magstripe then they're just carrying forward old risks.
>>>
>>> Any thoughts?
>>>
>>> Josh
>>
>> -----
>> Keito Uchiyama
>> keito at hcs.harvard.edu
>>
>>

-----
Keito Uchiyama
uchiyama at fas.harvard.edu

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.hcs.harvard.edu/pipermail/hcs-discuss/attachments/20080711/eec663a2/attachment.htm


More information about the hcs-discuss mailing list