September 21, 2005

7thAnnual CHES Conference Findings

Comodo writes "Comodo leads key industry cryptography conference to establish new processes for security in smart cards and credit cards worldwide.

21st September 2005, New York.Comodo Inc., a global leader in Identity and Trust Assurance Management solutions announced today top line findings from the seventh annual CHES (Cryptographic Hardware and Embedded Systems) Conference in Edinburgh, Scotland. (See for details.) Comodo's Head of Cryptography, Dr. Colin Walter from Comodo's Digital Trust Lab was general chair for this year security conference under the umbrella of the International Association for Cryptographic Research, the IACR (

Conference Background

The conference was well attended by a mix of leading researchers from both academia and industry - representing prestigious companies and organizations such as IBM, Intel, Infineon, Siemens, Toshiba, Hitachi, Philips, NEC and Atmel. Delegates from key cryptography departments, such as Cambridge, Bristol, Louvain-la-Neuve and Leuven Universities, were also present.

With well over 200 delegates, CHES is probably the largest and most important forum for discussing the security and implementation aspects of the chips in credit and debit cards to ensure identity integrity. Three guest speakers gave a broader view of those topics within a secure and trusted global communication network. Thomas Wille from Philips Semiconductors talked about "Security of Identification Products: How to Manage", Ross Anderson from Cambridge University Computer Laboratory spoke on "What Identity Systems Can and Cannot Do" and Jim Ward from IBM, and president of the Trusted Computing Group, presented "Trusted Computing in Embedded Systems".

Summary of Conference Discussion

Overall, the main theme of the invited talks and surrounding discussion was how to balance freedom of information required for commerce with the equally demanding identity security needs of individuals and corporations.

So, for example, some challenging questions included whether "Douglas A MacKenzie" who bought a house twenty years ago is the same as the "Angus MacKenzie" that now wishes to sell the house? Will the same rules apply when this is applied to withdrawals from a bank account? Will economic or political pressures for secure solutions result in denial of personal rights?

These issues point to important new opportunities in protecting personal information as they "intersect" in the "open" commerce infrastructure.

Summary of Conference Conclusions

Exacerbating this challenging balancing act is the added reality that threats can come in ways and technologies not expected. For example, cloning of cards can be done using side channel attacks, which use variation in time, power or electro-magnetic radiation to determine the hidden secrets. When used internally, each bit of a secret key generates different EMR according to whether its value is 0 or 1. By interpreting these data correctly, fraudsters can obtain access to confidential information.

Some key conclusions and countermeasures were identified and included:

  • Investigation of new, potential side channel attacks, both against specific implementations and involving new concepts - so as to have remedial action in place.
  • Developing new algorithms to hide secret key bits to prevent the cloning of cards

There was acknowledgement that the challenge remains to develop further protocols for more effective hiding of the secret keys to mitigate the vulnerability of cards to attack.

About Comodo

Comodo is a leading global provider of security, authentication and assurance services for the Internet. Today, more than 150,000 customers in over 100 countries rely on Comodo to create trust in online transactions through distinct solutions that address the digital ecommerce and infrastructure needs of enterprises. Powered by Comodo's Digital Trust Lab (DTL), Comodo is helping enterprises around the world improve customer relationships, enhance customer trust and create efficiencies across their digital ecommerce operations. Comodo's industry leading solutions include integrated web hosting management solutions, infrastructure services, digital ecommerce services, digital certification, identity assurance, customer privacy and vulnerability management solutions. For more information, visit Comodo - Creating Trust Onlineā„¢ -

Comodo can be reached on (US) +1 800 772 5185 (Europe) +44 (0) 161 874 7070

About Dr. Colin Walter

Dr. Walter has made substantial progress in the discovery of implementation weaknesses of side channel attacks during his time at Comodo, and pioneered a number of solutions of which the Mist algorithm is a notable example, (randomizing the key processing for stronger security). Much of this work at the Comodo Digital Trust Research Laboratory has now been made public, and can be downloaded from tions.html"


Click Here!