NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > MUSCLE Smartcard Development> 2008-q3

Re: [Muscle] PIN transfer within T0/T1 encrypted

From: Karsten Ohme (widerstandt-online.de)
Date: Fri Aug 15 2008 - 16:46:56 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Fabian Bertholm schrieb:
> > Would be cool if the "Transport Key" of those Cyberflex cards is doing
> > something like this.
>
> But: Some cards support the Global Platform specification. You can use
> the secure channel capability (called Runtime Messaging Support in GP
> 2.1.1) of a Security Domain. But to so it would
> be necessary This might be impossible.
>
>
> Which cards are those? I googled but on the fist search I don't find one.
> Does the G&D StarCos oder Siemens CardOS cards support something like this?

I quote here some cards taken from the GPShell README (see SourceForge)
file:

Oberthur CosmopoliC 32K (OP201)
CosmopoliC 64K V5.2 (GP211, SCP01, Impl05)
Axalto Cyberflex e-gate 32k
GemXpresso R3.2 E64
IBM JCOP v2.2 41 (GP211)
IBM JCOP 31 (36k)
Nokia 6131 NFC Phone (GP211)
Axalto Cyberflex Access 64k
Gemalto Generations Flexible
Palmera Protect V5

>
>
>
> Or create you own secure channel. Choose some standard.
>
>
> You mean I could modify the muscle applet one side and OpenSC on the
> other side?

Yes, for example this would be possible. But personally I think that if
you want to have a secure solution, you should never enter a PIN at PC
site. The are some many programs and operating system details you must
trust be sure to have no covert side channels which leak data (for
attackers and Trojans).

But practical: If the reader is directly attached to the PC and you can
assume that the PC is secure, there is a manageable amount of wire
between to examine it for sniffing devices.

There are class 3 card readers which have a display and keypad. This are
more appropriate for entering a PIN. Or is your reader far away?

Regards,
Karsten

>
> Greetings,
> Fabe
>
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Muscle mailing list
> Musclelists.musclecard.com
> http://lists.drizzle.com/mailman/listinfo/muscle

_______________________________________________
Muscle mailing list
Musclelists.musclecard.com
http://lists.drizzle.com/mailman/listinfo/muscle

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]