DESIGNINGCRYPTOGRAPHICPOSTAGEINDICIA. NevinHEINTZE BellLaboratories 600MountainAve,MurrayHillNJ07974,USA



Similar documents
AT&Tsalesdataset:theneedistostoreamultiGiga-bytematrixon-line,withcustomersforrows,daysforcolumns,andamountspentineachcellofthematrix.

Inthispaper,weareinterestedinrandomgraphswithaxeddegree

User guide Locating pre-installed Avery Templates in Microsoft Word. English Version for


Volume XVII. Preventing & Handling Elder Abuse & Neglect In Nursing Homes. FACILITATOR GUIDE Training Program for Managers & Staff

BUSINESS MAIL 1 st CLASS AND BUSINESS MAIL

BUSINESS MAIL 1 st CLASS AND BUSINESS MAIL SUMMARY OF INFORMATION

Paying and Terms. Paying for your Mailing. Effective January 11, postescanada.ca/postalservices

Print-to-Mail Continuity Lessons Learned

I want to set up a biological recording website

Understanding Credit. UMassFive College Federal Credit Union

Direct Mail: 4 Counterintuitive envelope-opening strategies that could double or triple your response

Direct Marketing Audit

Understanding how people read your direct mail results in higher response rates

Pitney Bowes Mailstream Solutions

Monitoring and Reporting

TAX/EXCISE: Increases the state excise tax on certain tobacco products and reduces certain excise tax discounts AN ACT

Direct Mail Tips #3 Classes of Mail, Prices & Postage Payment

Every Door Direct Mail

TABLE OF CONTENTS Chapter 6

AM 300 Field Portable Leaf Area Meter. The World Wide Market Leader. World Class Precision. 40 years of experience in plant science

SURVEYING PROGRAM OVERVIEW & WORKBOOK

Contents. Mail Innovation. You want more from your mail. Better Value. To save you money. New improved indicia. Make your mail look better

ATTACHMENT B - MANAGED PRINT SERVICES PRICING SHEET

Improving the TOPEX/Poseidon calibration procedure by modeling and implementation of glacial isostatic adjustment. AMasterofSciencethesis

AP CALCULUS AB 2009 SCORING GUIDELINES

Fronius inverters named on the "Go Solar California Eligible Inverter listing

Meter Machine Processing Quiz

Helpful Mailing Tips

Balance Settlement. The following also applies to balance settlement: a) There must be a Balance Administrator for each trade in Dragör.

Avoiding Tree & Utility Conflicts

BIO 427 WAREHOUSE MANAGEMENT COURSE PARTICULARS COURSE INSTRUCTORS COURSE DESCRIPTION DEPARTMENT OF BIOLOGY

What is neoship? neoship is Neopost USA's IMpb-compliant online shipping solution that is launched from within myneopost.

United Nations International School Hanoi. Request for Proposals Pest Control Services. April 2015 C O N T E N T S

Energy Price Fact Sheet

ailing List A M e l i s s a D a t a W h i t e Pa p e r Saturation Mail: A Best Kept Secret No More

Recommended guidelines for. schools

EMERGENCY PLAN FOR TENANTS

European Code of Conduct on Data Centre Energy Efficiency

How To Print Mail From The Post Office

First Concept Asia Limited. Audio/ Video Door Phone System

Winnipeg Water Treatment Program

June 30, The identity, address, telephone number, and electronic mail address of the complaining party (or its authorized agent);

THE FIRST-DIGIT PHENOMENON

Installation, operation and maintenance manual TX 35A

Turbidity (cm) Using Dot # ph. Dissolved Oxygen (ppm or parts per million) Nitrate (ppm) Phosphate (ppm) Color

Request for Proposal RFP # Printing & Mailing Services

SupraWEB Guide for Agents

When preparing your Mail Plan there are a few key decisions that you must determine before you start.

Dos and Don ts of Direct Mail

Index A B C D E F G H I K L M N O P Q R S T U V W Z

Every connection is a new opportunity. Global Ecommerce, delivered

Shipping, Receiving, and Mail Services Procedure

FOR FURTHER INFORMATION CONTACT: Karen Key at or Richard Daigle at

EDDM. BusinessEtc Marketing Ideas & Solutions Armando Nargi

Authorised Supplier, who will either deal with Royal Mail on the User's behalf or instruct the User to apply for a Licence directly from Royal Mail.

2010 Online Account Opening Consumer Analysis and Vendor Ranking: How to Minimize Abandonment and Maximize Adoption

Availability Digest. Real-Time Fraud Detection December 2009

Effect of Light Colors on Bean Plant Growth

Microclimate in the Outdoor Classroom

State Mail Services: An Introduction Darbytown Road Richmond VA Mail Stop Code:

Student Activity: To investigate an ESB bill

European Code of Conduct on Data Centre Energy Efficiency

UNITED STATES DEPARTMENT OF AGRICULTURE FOOD SAFETY AND INSPECTION SERVICE WASHINGTON, DC MAIL MANAGEMENT PROGRAM

Integrating Mail Across Channels: A U.S. Postal Service Promotions Update

USPS Postal Rates AN EVERYDAY MAILING REFERENCE. Your guide to postage rates and common types of mail. Effective April 10, 2016

Section 1 Tools and Measurement

Pest Management Area # of ##

Cloud Demystified Day 2010

Commercially available Technology Test Data from Lab and Field Studies

Welcome to Microplan Ticket Support System

Orienteering Merit Badge Workbook

Interpreting Trap Capture Data. James F. Campbell USDA ARS GMPRC 1515 College Ave Manhattan, KS

UPDATED FEBRUARY 2015: After the IM pb deadline: Managing Requirements FAQ s

CITY OF ST. CLOUD LED LIGHTING

SUNON SPECIFICATION FOR APPROVAL DESCRIPTION : DC BRUSHLESS FAN. DIMENSIONS : 60X60X15 mm M O D E L : KD0506PHS2

Proposed 2013 Postal Changes and How They Could Affect Your Organization. Akron/Canton PCC Seminar 11/1/12

The Evolution of Auto Injury Fraud Detection. Monday, September 22, 2014

How Waves Helped Win the War: Radar and Sonar in WWII

programsitproduces.finally,weshowhowtoproduceecient,optimizingprogramgeneratorsby

Instructors Guide: Atoms and Their Isotopes

Welcome to the Political Campaign Mail and Official Election Mail webinar.

GETTING STARTED... 3 CREATING NEW USER ACCOUNTS... 3 LOGGING IN... 5

WHEREAS, the Salt Lake City Consolidated Fee Schedule is proposed to be amended as

1 Characteristics of Living Things

General Information Facility and Lease Identification Identification of the Landlord and Tenant Transferability of the Lease Paragraph 1 Lease Areas

ISLE OF MAN FIRE & RESCUE SERVICE FIRE PRECAUTIONS LOGBOOK. Website

±1,422-2,928 SF. Gardens Professional Arts Building 3365 Burns Road Palm Beach Gardens, Florida Call for more information!

AW20332 Rev. B. DM300c. Digital Mailing Systems. Quick Reference Guide Canada English Version. DM300c

Upd.Attachment B Effective 5/14/2012

ASTCEA04 Identify effective measures to reduce energy consumption and achieve carbon reduction

DATA MINING - 1DL105, 1DL025

UniversityofConnecticutIntegratedPestManagement Curriculum Alignment: Grades 2& 3

Editor: Alastair Nixon, 7 Bramblegate, Edgcumbe Park, Crowthorne, Berks, RG45 6JA. Tel: +44 (0)

Official Election Mail Training Webinar

SUNON SPECIFICATION FOR APPROVAL

DATA$CENTER$FIREWALL$PRODUCT$ANALYSIS$$

WHEREAS, the City of Burlington contains several structures which are vacant in whole or large part; and;

Direct Mail Reference Guide

Practice Questions 1: Scientific Method

Transcription:

DESIGNINGCRYPTOGRAPHICPOSTAGEINDICIA UniversityofCalifornia,SanDiego BennetYEE ComputerScienceDept,5000ForbesAve,PittsburghPA15213,USA J.D.TYGAR DeptofCompSciandEng,0114,LaJolla,CA92093,USA CarnegieMellonUniversity NevinHEINTZE BellLaboratories 600MountainAve,MurrayHillNJ07974,USA devices,andcryptographyinafully-integratedsecurefrankingsystem.thissystem providesprotectionagainst: describeamailsystemthatcombineso-the-shelfbarcodetechnology,tamper-proof 1.Tamperingwithpostagemeterstofraudulentlyobtainextrapostage; Weapplycryptographictechniquestotheproblemoffraudinmeteredmail.We Abstract scanningstrategies,encryptiontechnologyand2-dbarcodetechnology.theuspostal Weprovidedetailedjusticationforourdesign,anddiscussimportanttradeosinvolving Service'recentInformationBasedIndiciaProgram(IBIP)announcementadoptedthe 2.Forgingandcopyingofindicia; principaldesignfeaturesofourmodel. 4.Stolenpostagemeters. 3.Unauthorizeduseofpostagemeters;and

1Motivation aspecialmark(calledapostalindicia)onthemail.fraudisaseriousproblemforthe USPostalService: TheUSPostalService1handlesover165billionpiecesofmaileachyearthroughalmost themaildoesnothaveanordinarystampattachedtoit.instead,apostagemeterprints 40,000autonomouspostocefacilities.Muchofthismailismetered,whichmeansthat TheUSPostalServicerecentlycalculatedthatmeterfraudcheatstheagencyout Thereareover82,000postagemetersintheUSthatarecurrentlyreportedaslost ofsubstantiallymorethan$100millioneachyear[4]. printerandatamper-proofdevicetoproduceunforgeablepostageindicia.thispaper withcryptographicinformation.thissystemallowsapcorworkstationwithalaser describesthatdesign. TheUSPostalServiceisprosecutingtwocasesinNewYorkandBoston;each Toaddresstheseproblems,weproposeanewsystemforprintingpostageindicia involvesmorethan$4milliondollarsinpostagemeterfraud[11]. orstolen[14]. [13]adoptstheprincipaldesignfeaturesofourmodel. engineering.theuspostalservice'srecentinformationbasedindiciaprogram(ibip) 2PostalFraud Today'spostagemetersandindiciaarenotverysecure.Theyarevulnerabletoatleast Thedesignofcryptographicpostageindiciaisaninterestingexerciseinsecurity fourkindsoffraud: Thepostagemetermaybetamperedwithsothatitgeneratesfreepostage; developmentsindigitalbarcoding,wecannowuseo-the-shelftechnologytoreplace Theindiciaimprintproducedbyapostagemetermaybeforgedorcopied,using old-fashionedstampsbymachinereadableindicia.theseindiciacanbeprintedbylaser Avalidpostagemetermaybeusedbyanunauthorizedperson;and Apostagemetermaybestolen. Anumberoftheseissuescanbeaddressedbycryptography.Thankstorecent arubberstamp,acolorphotocopier,oracolorlaserprinter. postagedevice.moreover,wecanincludecryptographicallysignedinformationinthe indiciatoprovetheauthenticityoftheindicia.byincludinginformationsuchasthe printersorsimilardevices,underthecontrolofaworkstation,apc,oradedicated 1ThispaperaddressesmailintheUnitedStates,butthebasicdesigncanbegeneralizedtomailinothercountries. mailingdateandthezipcodeofthesenderandreceiver,wecanalsoguardagainst forgedorcopiedindicia.pastor[8]gavearoughoutlineofhowsuchasystemcould additionaltypesofattack: work. Unfortunately,Pastor'ssystemandsimilarproprietaryproposalsarevulnerableto

Cryptographictechniquesarevulnerabletomisuse,leadingtosystemsthatcanbe Postagemetercreditmaystillbetamperedwith,evenifcryptographictechniques successfullyattackedbyanadversary. nearly40,000postalfacilitiesandayearlyvolumeof165billionpiecesofmail,such masterlistcontainingallexaminedindiciaismaintained.thiswouldrequirealarge, distributeddatabaseonahighlyavailablenetworkconnectingpostocefacilities.with Apostagemetermaybeopenedandexaminedbyadversarieslookingforcryptographickeys,thusallowingtheadversarytobuildnewboguspostagemeters. Evenmoreproblematic,Pastor'sproposalreliesonanimplicitassumptionthata areused. anintegrated,real-time,distributed,highly-availabledatabasewouldbeunrealisticat presentwithoutdramaticallyincreasingthecostofpostage. ThissystemismostsuitableforaPCorworkstationprintingoutcryptographicindicia onastandardlaserprinter.aslightlylesssecuredesignalsoallowspostalmeters toprintoutcryptographicindicia.centraltoourdesignistheuseoftamper-proof computingdevices,suchasthoseinthespeciedintheusfips140-1standard[6]. Usingthistechnology,wecanproducesecure,unforgeablepostalindicia. Thispaperdescribesacompletepostalfrankingsystemaddressingtheseconcerns. 3TraditionalIndicia cryptographicindicia. Herewereviewthestructureoftraditionalindiciaanddenenecessarypropertiesfor postageaccountingmechanism,enclosedinasealedcase.eachpostagemeterisinitializedwithapostagecreditbyapostoce;aseachletterisstamped,thepostage postocesothatadditionalpostagecreditmaybetransferredtothem.although postagemetercasesarenottamper-resistantortamper-proof,theyaresupposedtobe tamper-evident.metersaresubjecttoperiodicinspectionbypostalauthorities.unfortunately,thetamper-evidentmechanismsfrequentlyfail.furtherproblemsarecreated Today'spostagemetersareportabledevicescontainingaprintmechanismanda valueisdeductedfromthemachine'scredit.metersareperiodicallyreturnedtothe postalemployeesoftenfailtorecognizesignsoftampering. ascendingregisterthemonetarytotalvalueofallindiciaeverproducedbythismeter. bystolenormissingmeters,whichcannotbeinspectedbutmaybeinuse.finally, descendingregistertheremainingcreditavailableinthemeter. piece-countregisterthenumberofindiciawithnon-zeropostageproducedbythe Traditionalpostagemetersmaintainthreeimportantregisters: 2Zeropostageindiciaaresometimesusedfortesting. isincrementedbyone.duringnormaloperation,theascendinganddescendingregisters theascendingregisterandsubtractedfromthedescendingregister,andthepiece-count sumtoaconstantvalue.whenthemeterisrelledandadditionalpostagecreditis Whenanewindiciaisprintedbyameter,thepostagevalueofthenewindiciaisaddedto transferredtoameter,thesumoftheascendinganddescendingregistersincreases. meter2.

Figure1:Traditionalindiciacanbeeasilyforgedorreproducedbyalaserprinter. ontheright-handendoftheindiciaisthepostagevalue(29cents). eagle,isameteridenticationmark(pbmeter6829680).thisindicatesthatthe imprintwasmadebyapitney-bowesmeter,serialnumber6829680.finally,inthebox thecity-statecircle,whichnotesthecity(pittsburgh),state(pennsylvania)andthedate (26thFebruary,1993)oftheindicia.Furthertotheright,anddirectlyunderneaththe Class"printedvertically,identifyingtheclassofthemail.Immediatelytotherightis postagevalue,date,etc.ontheleftsideoftheindiciaarethewords\presortedfirst Figure1showsanexampleofatraditionalindicia.Itcontainsinformationabout hasbeenpaid.tomakecopyingmoredicult,theindiciaisprintedusingspecial uorescentink.howeverinkuorescenceisrarelychecked,andinanycaseuorescent indiciacanbeeasilyspecialordered.so,littlesophisticationandlittleinvestmentis inkisopenlysoldwithoutrestriction.moreover,rubberstampsthatproducebogus requiredtodefeatthetraditionalpostalindiciasecuritymeasures. Thebasicfunctionofanindiciaistodemonstratestothepostalcarrierthatpostage 4CryptographicIndicia followingtwoproperties:(a)copiedindiciaaredetectableand(b)malicioususerscannot generatevalidnewindicia(evenbymodifyingexistingindicia). Usingcryptography,wecandesignpostageindiciathatsubstantiallyimproveupon thesecurityoftraditionalpostagemeterindicia.inparticular,wecanguaranteethe destination,sender,andreturnaddressofthemail,andthedate/timeofcreationofthe indicia,thecopiedindiciaisonlyvalidformailtothesameaddress.asweshalldiscuss indicia.suchindiciacanbecopied,butsincethedestinationaddressisincludedinthe later,thischeckcanbeautomated.theinclusionoftimestampsallowsustoseta maximum\lifetime"foranindicia.serialnumberstracethesourceoftheattacktoa uniquepostagemeterlicensee. Weachievetherstpropertybyincludingadditionalinformationinindicia:the value,andaddresses. 3Inadditiontothe2-Dbarcode,theenvelopewillcontainhuman-readableversionsofsomeinformation,suchasthepostage represented,cryptographicallysigned[12],andprintedonanenvelopeasa2-dbarcode3. Suchbarcodescanbeprintedusingcommoditylaserprinters,andtheycanbescanned Thesecondpropertyisachievedusingcryptography.Indiciainformationisdigitally

andre-digitizedatapostoce.several2-dbarcodetechnologiesexist;gure2shows 10].PDF417canstore400bytespersquareinch. Lincoln'sGettysburgAddressencodedinSymbolTechnologiesPDF417barcode[3,9, Centraltothesecurityofcryptographicindiciaischeckingindiciavalidity.Section Figure2:PDF417barcoderepresentationofTheGettysburgAddress signaturealgorithmsrequiredierentamountsoftimeforgeneratingthesignatureand 5addressesthisimportantissue. 5IndiciaDesign Whattypeofcryptographicsignaturealgorithmshouldweuse?Mostcryptographic verifyingthesignature.foracryptographicpostalindiciasystem,thebottleneckis signatureverication:atypicalpostocewillverifymanymoremailitemsthana typicalmailerwillgenerate.thisarguesthatweshoulduseasignaturemechanismwith fastvericationtime.thetwomostwidelyusedsignaturemechanismsarersa[12] anddsa[7];ofthesersaisbestsuitedforourpurposesbecauseitgivesthefastest ofcryptographytoday,werecommendthatuseofrsawith128byteblocks.smaller blocksizeswillnotbesafefortheexpectedlifetimeofoursystem.ifindiciainclude 0.6to1.0squareinches. signaturevericationtimes. acerticatecontainingthevericationpublickey(seesection6),thenbarcodeswill Dependingontheamountoferror-correctionrequired,such2-Dbarcodeswilloccupy contain256bytesofdata,ofwhich128byteswillbeformail-specicinformation. Forthebestsecurity,cryptographicpostageindiciashouldcontainthefollowing RSAisablockcipher;itsignsplaintextinxedlengthblocks.Giventhestate items: meternumber(4bytes)andtype(2bytes):thiseldidentiesthemanufacturer,modelnumber,individualmeternumber,andrevisionnumberforthemeter's

postage(2bytes):inadditiontothe2-dbarcode,thiseldshouldappearin date/time(7bytes):inadditiontothe2-dbarcode,thiseldshouldappearin itemcount(4bytes):thiseldcontainsapiececountforthisparticularmeter. software. ascendinganddescendingregisters(4byteseach):again,forprivacyreasons, Forprivacyreasons4,thisshouldnotbereadabletonon-USPSparties. entryaddress(5bytes)5:thisistheaddressfromwhichthemailisstamped humanreadableform. destinationaddress(5bytes):thedestinationaddressmustalsobefullywritten returnaddress(5bytes):thisistheaddresstowhichundeliverablemailshould addressmustalsobefullywrittenoutinhumanreadableform. outinhumanreadableform. bereturned.itmayormaynotbethesameastheentryaddress.thereturn andentersthemailsystem. availableforfutureadvancedservices. manuallyentertheaddressinformationintotheunit. useastand-alonesystemwiththeaboveindicia,theoperatorwouldneedtoscanor ofapostagemeterwhichaxesanindiciawithoutknowingthedestinationaddress.to theindicia.unfortunately,thisrequirementprecludesthetraditionalstand-alonemodel Theseitemsuseatotalof38bytesofour128bytedataeld,leaving90bytes couldomitdestinationaddressinformationfromtheindicia.(notethatentryaddress andreturnaddressinformationarelikelytobexed,sothatthesecanbereasonably Amoreconvenient,butlesssecuresystem,isalsopossible:astand-alonemeter Uptonow,wehavediscussedsystemswhichincorporatethedestinationaddressin includedinanindiciaproducedbyastand-alonedevice.)withoutthedestinationaddressinformation,ourindiciavaliditycheckingbecomesmoredicult;wediscussthis insection6. 6SamplingStrategiesandFraudDetection termsofscanningandvericationequipment)isunlikelytobeinplaceinnearfuture. Thealternativeistocheckonlyafractionofthemailstream. isobtainedifeveryindiciaisscannedandveried.howeverthesupportforthis(in Cryptographicindiciaprovidenosecurityunlessmailisinspected.Maximumsecurity (e.g.businesscompetitor)tondoutthesizeofamailinglistbycomparingtheitemcountsfromsuccessivemailings. 4Ifitemscountsorascending/descendingregistervaluescanbereadfromtheenvelope,thenitispossibleforanoutsider 5TheUSPS11digit\zip+4+2"addressrepresentationuniquelyidentiesalladdressesintheUSandtsin5bytes. usinghand-heldscannersanduniversalscanning.asthesystemevolves,weexpectthat importanttoadoptasystemthatsupportsallthree. eachstrategy(andperhapscombinationofstrategies)willhaveitsplace.itistherefore Wediscussthreeinspectionstrategies:randomsamplescanning,selectivescanning

6.1RandomSampling Inrandomsampling,somesmallsampleofthemailenteringthesystemisselectedand detectingfraud,butwealsoincreasethecostofscanning.animportantdesignissue scanned.asweincreasedtheproportionofscannedmail,weincreasethechancesof ishowtocheckonlyafractionofthemailstream,andstillprovideeectivefraud control.itisimportantthatsamplingbesucientlyrandomsothatthechancethatany particularitemissampledisboundedaboveandbelowbyaminimumandmaximum value. checksindicatedenitefraud,whileothersonlyindicatepossiblefraud.envelopesthat suspiciousmustremaininthesystem,butwillberecordedforfollow-upfraudinvestigation(forinstance,theenvelopecouldbephotocopiedordigitallyscanned).wenow Validity:Istheindiciavalid(doesithaveacorrectformatandsignature)? outlineeachcheckindetail: Eachscanneditemwillbesubjectedtoanumberofstaticchecks.Someofthese aredenitelyfraudulentcanbewithdrawnfromthemailstream.thosethatarejust ItemCounts:Arethesequencecount,ascendingregisteranddescendingregisterconsistent? MeterNumber:Isthemeteronalistofstolenorsuspiciousmeters? meters.) (Thetrustworthinessofthistestdependsontheintegrityofthelistofstolen/suspicious (Ifthischeckfails,thentheindiciaalmostcertainlyisfraudulent.) ItemCountLimits:Dotheitemcountsfallwithintheboundsspeciedinthemeter's (Ifthischeckfails,thentheindiciaislikelytobefraudulent.) EntryAddress:Dotheentryaddressontheindiciaandthemeter'sregisteredaddress Date:Isthedaterecent? meteraccountinginformation.) currentaccountinformation6? stampedbutnotpostedimmediately,orbecauseofpostocedelays.) (Thetrustworthinessofthistestdependsontheintegrityandtimelinessofthe themeterisregistered.currently,thisruleisnotstrictlyenforced.hence,a intothemailstream? correspond,andaretheyconsistentwiththeactualpointofentryofthemailitem (USpostalregulationsrequirethatmeteredmailbepostedatthepostocewhere (Thistestmayoccasionallyfailforlegitimatemailbecausethemailmaybe ReturnAddressDoesthereturnaddressontheenvelopecorrespondwiththatonthe DestinationAddressDoesthedestinationaddressontheenvelopecorrespondwith failureoftheentryaddresscheckindicatesasuspiciousmailitem,butitdoesnot checkcannotbeperformed.) thereliabilityofthischeckwouldcorrespondinglyincrease.) thatontheindicia?(ifthedestinationaddressisomittedfromtheindicia,this indicatedenitefraud.ifcompliancewiththeregulationbecomesmandatory,then sequencecount,andascendinganddescendingregisterscountsforaparticularperiod. 6Ameter'saccountspeciesthecurrentmetercreditandcountnumbers,andthissetsupperandlowerboundsonthe

ItemCounts:Datesshouldincreasewithitemcounts.Theaverageincrementbetween thesamemetershouldbecollectedandsubjectedtosomestatisticalchecks.todescribe thesechecks,supposethatoneineveryitemsisscanned. Inadditiontothesechecks,informationfromsampledmailitemsthatarestampedby AccountCheck:If,oversomeintervaloftime,nitemswithaspecicmeter(orPC (thatis,thecheckisdoneasthepieceofmailisbeingscanned).however,itislikelythat mostcheckswillhavetobedoneo-line(particularlythosethatinvolvelookingupa Dependingontheequipmentused,someofthesechecksmaybeperformedon-line itemsshouldbeabout.thesameitemcountshouldnotoccurtwice. letters,itisbettertoperformcheckson-line:ifwendasuspiciousletter,wecancapture databaseofpreviouslyscannedmaterial).fromthepointofviewofcatchingfraudulent postagesystem)numberarescanned,thentheaccountforthatmetershouldindicateaboutnitems. theparticularitem,ratherthanletitpassonthroughthesystem.notethatweonly suggestdelayingdeliveryofmailinthosecaseswherethereisclearfraud. 6.2SelectiveScanningwithHand-HeldScanners asmostpostagemeterusers. Thisstrategyinvolvesselectingsomeportionofthemailstreamforvalidationbasedon criteriasuchassuspiciousvisualindicators(forexample,theindiciamaylookunusual ortampered,thereturnaddressmaybeunusual,etc.).allofthestaticchecksdescribed Randomsamplescanningisparticularlyeectiveagainsthighvolumeviolators,such aboveforrandomsamplingareapplicable.(wepresumethathand-heldscannerswill laterbystoringthescannedindiciainthehand-heldunitandtransmittingthemtoa beperiodicallydownloadedwithlistsofsuspiciousmetersandrevokedcerticates;see Section7.)Thosechecksthatcannotbecarriedoutonthespotcouldbeperformed centralserverattheendoftheday. 6.3UniversalScanning Universalscanningmeansthateachmailitemisscanned.Herewecancheckforuniquenessofmeternumbersanditemcountnumbers.Wecanalsocheckfortheconsistency streamatadierentsortingcenter).thesearelikelytoberare. initialsortingcenters.mostcheckscanbeperformedbylookingupthelocaldatabase. Somecheckswillrequirecommunicationbetweendatabases(whenmailentersthemail wecantakeadvantageofthelocalitycharacteristicsofmail.sincemeteredmailtypically entersthemailstreamatasinglesortingcenter7,wecansetupalocalizeddatabaseatall ofpostageusedwithdescendingregistervalues.theimplementationofsuchasystem facestwochallenges.first,allenvelopesmustbescannedorrecordedinsomeform. becomecost-eectiveinthefuture.thesystemwehavedescribediscompatiblewith Universalscanningwillnotbecost-eectiveinthenextfewyears.However,itmay Second,universalscanninginvolvesconsiderabledatabaserequirements.Fortunately 7Asnotedearlier,USpostalregulationsrequirethatmeteredmailbepostedatthepostocewherethemeterisregistered. suchamove.allofthechecksdescribedforrandomsamplingareapplicable,andare

infactmoreeectiveinthissetting.inparticular,universalscanningwouldgreatly increasethechancesofdetectingviolatorswhopostalowvolumeofmail. 6.4FraudDetection Therearetwobasickindsofattacks:copyingofindiciaandforgingofindicia.Foreach ofthese,therearetwosubcases:thoseinvolvingindiciathatincludedestinationaddress information,andthoseinvolvingindiciathatomitit. Thetablebelowsummarizesourfrauddetectionmethods. DestinationAddressOmitted DestinationAddressIncluded ImmediatedetectionofchangedImmediate addressinformation; CopiedIndicia ForgedIndicia otherwiseusestatisticalmethods. entryorreturnaddress; detection. 7KeyManagementandProtection Fundamentalprotectionforourkeyswillbeprovidedbyatamper-proofdevicethatwill beableto: storeandmaintainascending,descending,anditemcountregisters; keepthedevice'sprivate/publickeypair,andacerticatesignedbyanauthority preparebytes(includingtheappropriatemessagedigitallysignedbythedevice's (typicallyamanufacturerorthepostalservice)attestingtothedevice'spublickey (theprivatekeyshouldneverbedisclosedoutsidethedevice); forcryptographicmodules.thehighestlevelsofsecurityareconsiderednearlyunbreakablesystems.theusnationalinstituteofstandardsandtechnologyhasalsorecently thefips140-1criteria.)someexamplesofpossibletechnologiesincludetheabyss announcedasystemforvalidatingandrankingproposedphysicaldevicesaccordingto [16]andCitadel[17]systemsfromIBM;theiPower[5]encryptioncardbyNational Cylink[1];andsometamper-proofsmartcardsystems[2].Therewillbeadditional Semiconductor;theCryptaPlus[15]encryptioncardbyTelequip;theCY512ichipfrom announcementsoftamper-proofdeviceswithincreasedprocessingpowerfrommajor InformationProcessingStandard140-1[6].(Thispublicationgivesfoursecuritylevels oftheseareverysecure,satisfyingthehighestsecuritylevelspeciedbyusfederal betamper-proofinthesensethatanyattempttopenetrateitwillresultinthe Severalappropriatetamper-proofplatformsexist,andmoreareforthcoming.Some privatekeyofthedevicebeingerased. publickey)fortransformationin2-dbarcodeformat;and vendorsinthenextfewmonths.manyofthesedevicesarehighlyportableandexist

inpcmciaorsmartcardformat.weproposethatusersleaseasecuredevice(private computer-generatedpostage. ownershipofpostalmetersorpostalequipmentisillegalintheus)fromanauthorized vendor.thesametypesofsecuredevicescouldbeusedforbothpostagemetersand tohaveitsownkeytoreducetheriskexposureshouldakeybecompromised.second,it isnotpracticaltomaintainmorethanasmallnumberofkeysineachhand-heldscanner. Keygenerationandmaintenancemustaddresstwoissues.First,wewanteachdevice indicia. tialization(typicallyperformedinasecurefacilitybythevendor).thedevicetransfers key:thepublickeyisrevealedtothevendorandtheprivatekeyisusedtoencrypt theprivatekeyisusedonlybythevendor.eachdevicehasadierentpublic/private vendorhasapublic/privatekeypair:thepublickeyisrevealedtothepostoce,and Weusevendor-specicanddevice-specicpublic/privatekeypairs.Specically,each Thetwogroupsofkeysareusedasfollows.Adevicegeneratesitskeypaironini- Thesetwoproblemscanbeelegantlysolvedbytheuseofpublickeycerticates. itspublickeytothevendorandthevendorgeneratesasimplepublickeycerticatefor thedevice'skey,signedusingthevendor'sprivatekey.thesecerticatesarefarsimpler anexpirationdate,andthepublickeycorrespondingtothelicense.thiscerticateis thanx.509orotherproposedpublickeycerticates;theycontainonlyalicensenumber, thentransferredbacktothedevice.thedeviceincludesthecerticate(alongwitha communicationsbetweentamper-proofdevicesandvendor'scerticategeneratorscan usesthevendor'spublickeytocheckthecerticateandobtainthedevicespecickey, onkeepingthepublickeyssecret thesekeyscouldbepublished,andinfactthe vendoridentier)inanyindiciaitgenerates.whenanindiciaisscanned,thepostoce secret,thenweobtainanadditionalbenet:cryptographicindiciacanonlyberead bepublic.however,ifboththedevicespecicandvendorspecicpublickeysarekept whichinturnisusedtoverifythesigneddatainthemainpartoftheindicia. bythepostoceandvendors.thiscouldbeusedtosatisfyprivacyrequirementsfor sensitiveinformationcontainedintheindicia. Notethatthesecurityofthesystem(fromafraudpointofview)doesnotdepend deviceswillbeabletoeasilystoreallvendorpublickeys.updatedlistsofvendorpublic keyscanbeperiodicallydownloadedintoeachscanningdevice. verypracticalmeasure. Sincemostexistingandproposedtamper-proofdevicesarehighlyportable,thisisa modem;orthephysicaldevicecouldbesentbacktothefactoryforcerticaterenewal. inspectionofequipment.newkeycerticatescouldbedownloadedthroughanetworkor Weanticipatearelativelysmallnumberofvendors,andwebelievethatallscanning possibilitythatsomeprivatekeymaybecomecompromisedbyanadversary.forthis reason,arevocationlistshouldbemaintainedofrevokedprivatekeys.thislistcan Althoughtamper-proofdevicesshouldbefreefromattack,onemustnotexcludethe Keycerticatesshouldberenewedinconjunctionwiththelegallyrequiredphysical stolenorlostequipment.) periodicallybedownloadedtoscanningdevices(alongwithalistoflicensenumbersof

8Conclusion Inthecomingmonths,theUSPostalServiceplanstobegintoexperimentwithcryptographicindiciathroughitsIBIPprogram[13].Thiswillprovideanexcitingopportunity toseepublickeycryptographytechniquesdeployedonawidescale(ifsuccessful,most peopleintheuswillbereceivingmailwithcryptographicindiciainthenearfuture).

References [2]LouisClaudeGuillou,MichelUgon,andJean-JacquesQuisquater.Thesmart [3]StuartItkinandJosephineMartell.APDF417primer:Aguidetounderstanding [1]CylinkCorp.CY512ipressrelease,February1995. Simmons,editor,Contemporarycryptology:Thescienceofinformationintegrity. card:astandardizedsecuritydevicededicatedtopubliccryptology.ingustavusj IEEEPress,Piscataway,NJ,1992. [6]U.S.NationalInstituteofStandardsandTechnology.Federalinformationpro- [5]NationalSemiconductor,Inc.iPowerchiptechnologypressrelease,February1994. [4]BillMcAllister.Postagemeterfraudestimatedat$100millionthisyear.WashingtonPost,September1993. 8,SymbolTechnologies,April1992. secondgenerationbarcodesandportabledatales.technicalreportmonograph cessingstandardspublication140-1:securityrequirementsforcryptographicmod- ules,january1994. [7]U.S.NationalInstituteofStandardsandTechnology.Federalinformationprocessingstandardspublication186:Digitalsignaturestandard,May1994. [8]JosePastor.CRYPTOPOSTTM:Auniversalinformationbasedfrankingsystemfor [9]TheoPavlidis,JeromeSwartz,andYnjiunP.Wang.Fundamentalsofbarcode automatedmailprocessing.u.s.p.s.advancedtechnologyconferenceproceedings, [12]R.Rivest,A.Shamir,andL.Adleman.Amethodforobtainingdigitalsignaturesandpublic-keycryptosystems.CommunicationsoftheACM,21(2):120{126, [11]JudyRakowsky.4menaccusedofpocketing$4millioninpostagefraudscheme. [10]TheoPavlidis,JeromeSwartz,andYnjiunP.Wang.Informationencodingwith BostonGlobe,February1995. informationtheory.computer,23(4):74{86,april1990. two-dimensionalbarcodes.computer,24(6):18{28,june1992. [15]Telequip,Inc.CryptaPluspressrelease,January1995. [13]U.S.PostalService.InformationBasedIndiciaProgram(IBIP)NewTechnology [14]U.S.PostalServiceandU.K.RoyalMail.Personalcommunications. MeteringDevices,May1995. [16]SteveH.Weingart.PhysicalsecurityfortheABYSSsystem.InProceedingsofthe February1978. [17]SteveR.White,SteveH.Weingart,WilliamC.Arnold,andElaineR.Palmer.IntroductiontotheCitadelarchitecture:Securityinphysicallyexposedenvironments. WatsonResearchCenter,March1991.Version1.3. TechnicalReportRC16672,Distributedsecuritysystemsgroup,IBMThomasJ. IEEEComputerSocietyConferenceonSecurityandPrivacy,pages52{58,1987.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information