Cryptanalysis of the security applications and protocols

Posted by Amit | Security | Sunday 21 September 2008 11:35 am

I recently read an article about “NFC to emerge as the next big change for the mobile market”. The article refers the analyst report from Juniper research titled “Mobile Payment Markets: Contactless NFC 2008-2013″. Highlights from the report are

  • Global mobile subscribers with NFC phones will reach 700 million by 2013.
  • The market is currently dominated by FeliCa-enabled phones on Japanese mobile networks, where about 50 million FeliCa-enabled phones have been shipped to date.
  • North America, Western Europe and Far East & China will be the leading regions by 2013, with each region having annual shipments in excess of 25% of total NFC phone shipments.

The analyst doesn’t miss out on quoting that the issues gating the commercial success of NFC are only the un-availability of NFC phones with users & NFC readers with merchants.

One of the most popular operators in Europe carried out NFC trails recently and expressed satisfaction and has decided to roll our NFC based services.

Sometime back I posted an article about attacking the NFC phones; this report brings me to another issue I would like to focus. Weather or not NFC technology becomes successful only time will tell. In the meanwhile, now that the standard is already frozen, my question is shouldn’t such standards go through an exhaustive Cryptanalysis phase to explore the weaknesses before wider deployment? If they do can someone provide more insight into how that is done. With a number of private players entering in the High Performance Computing domain; such systems could also be used to explore strengths and weaknesses of soon to be deployed or already deployed security protocols/ mechanisms.

I believe we have members on this forum who are experts in the security side of NFC and on the other hand also the members who are experts in using HPC Clusters for such Cryptanalysis. It would be nice to hear back from both sides about requirement and usefulness of Cryptanalysis in such application and information on how that can be achieved.


Posted by Amit | Launch | Monday 15 September 2008 8:59 am

A lot of members have wrote back to me asking if we are planning for any f-2-f meetings for CRYPTOcrats. I am calling this as CRYPTOmeet, this will be something on the lines of MobileMondays or BarCamps which is typically an informal gathering. We could extend the scope and make it more formal if there is demand of that nature. As I am based out of Pune (India) I am currently putting together a CRYTPOmeet for members in and around that area. Please provide your comments on your expectations from this meet.  The tentative time for this meeting will be last week of October or 1st week of November for providing sufficient time to members for blocking their calendars.
Apart from this we would also like to hear from the esteemed members in other geographies to share if they could organize similar events at their locations.

A discussion thread on this topic is started in the designated area of CRYPTOcrats LinkedIn group page. Here is the link for quick access.

Thanks you. Looking forward to hearing from you all.

soccerine Wordpress Theme