OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Carlos Prados (cpradosyahoo.com)
Date: Tue Jan 22 2002 - 06:23:11 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Hi,

    --- Michael Gile <mgilemac.com> wrote:
    > The security problem with smart cards is not key recovery. It is the
    > fact
    > that the smart card must rely on a standard PC (or other insecure
    > host) for
    > input and output.
    >

    I consider this argument inaccurate. The smartcard does not necesary
    needs a PC to run. You attach the smartcard to a PC reader to allow
    some application on your PC to get benefit of the smartcard. But your
    smartcard system (PC application + smartcard) will never be more secure
    than your host PC alone. The smartcard system cannot replace good
    handling of the user access to the computer resources by the OS.

    > For example, say we have a smart card with a signing application that
    > will
    > sign arbitrary data from the host PC (an oracle). The attacker no
    > longer
    > needs access to the key, only an application that can send data to
    > the card.
    > Even when adding authorization to the key usage (for example a PIN),
    > an
    > attacker needs only access to the insecure host machine and can then
    > recover
    > the PIN itself or send bogus data to be signed.
    >

    IMHO this is a application design problem, and not a problem on the
    smartcard industry itself. You *must not* have an application signing
    arbitrary data from anybody that request that. Would you run a daemon
    that gets data from anybody and encrypts/signs this data with your
    private key "safely" stored on your hardisk? The same applies if the
    key was generated onboard on your smartcard.

    > The solution to the smart card attacks above is to add a secure
    > communication channel to some special purpose server through which
    > only
    > encrypted data is ever transmitted outside the card, or provide a
    > more
    > robust mechanism to the user that can be used for secure input and
    > allows
    > more storage and computing power on the card itself.
    >

    The smartcard must be managed by the OS like other normal device, lets
    say the printer or the harddisk. Once a user has logged into the
    system, he/she may or may not have access to the smartcard, depending
    on system priviledges of this user. Under UNIX this is perfectly
    handled by regular file permissions to read/write from the smartcard.

    Carlos.

    > Regards,
    >
    > Michael Gile
    > Wave Systems Corp.
    > mgilewavesys.com
    > mgilemac.com

    __________________________________________________
    Do You Yahoo!?
    Send FREE video emails in Yahoo! Mail!
    http://promo.yahoo.com/videomail/
    ***************************************************************
    Unix Smart Card Developers - M.U.S.C.L.E.
    (Movement for the Use of Smart Cards in a Linux Environment)
    http://www.linuxnet.com/
    To unsubscribe send an email to majordomolinuxnet.com with
    unsubscribe sclinux
    ***************************************************************