From: Jim Thompson <jimmusenki.com>
Date: Sun, 20 Jan 2002 19:17:54 -0600
To: sclinuxlinuxnet.com
Subject: Security of Smartcards
X-Mailer: VM 7.00 under 21.4 (patch 1) "Copyleft" XEmacs Lucid

So,

We're building SIM cards into 802.11 wireless gear. We've got plans
to store RSA private keys on the SIM cards, and run signing operations
(as signed DH exchanges) as part of IPSEC and IKE for a wireless
wide-are network. There are also interesting possibilities for
securing access to wireless AP infrastrcutures.

I'll try to keep this non-commercial, so thats all I'll say about that.

I've got Ben Laurie (yes, the famous Apache hacker) on another list
claiming that smart cards are weak storage for keying material.
e.g. that physical access to the card is all that is needed for a
motivated hacker to pry the key out of the card.

To quote:

> > Umm ... at the Cambridge University Security Labs a standard exercise
> > for students is to read out private keys from supposedly secure devices.
> > Admittedly they have access to somewhat fancy equipment, but then, so do
> > I, and I'm not _that_ unusual.

Now, it seems to me that smart cards (and SIM cards) have withstood
their share of probing. They secure all GSM traffic, and probably the
lions share of sat broadcast TV, to say nothing of the various
financial government (read: military) applications.

Anyone here care to help me defend the security of SIM cards against
these types of physical attacks? Were the Cambridge papers only valid
against previous (memory-only) cards? Is there a good place I should
look for other papers on the topic?

Thanks,

jim

***************************************************************
Unix Smart Card Developers - M.U.S.C.L.E.
(Movement for the Use of Smart Cards in a Linux Environment)
http://www.linuxnet.com/
To unsubscribe send an email to majordomolinuxnet.com with
unsubscribe sclinux
***************************************************************

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]