NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > MUSCLE Smartcard Development> 2009-q3

Re: [Muscle] Protecting a PIN with keyed hashing?

From: Joao Pedro (countzerosapo.pt)
Date: Fri Jul 17 2009 - 07:31:02 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Replying to myself here to leave a note:

This mechanism if susceptible to offline attacks, i.e. if an attacker
can sniff the challenge and response messages, he/she can try to brute
force the PIN.

The level of protection offered by this mechanism is directly related
with the strength of the PIN, e.g. a PIN like '1234' would be quickly
cracked - so a strong password should be selected as the PIN. This, of
course, would cause problems with numeric only pinpad readers...

Joao Pedro <countzerosapo.pt> wrote:

> Hi all,
>
> Recently, I've been wondering about ways to mitigate the problem of
> the PINs, in the Muscle applet, being transmitted in clear text from
> the terminal to the card. The reason is we are seeing more and more
> wireless smart card readers and sniffing is a threat that can not be
> dismissed.
>
> A obvious way would be implementing secure messaging and I think one
> should look into it, but that solution requires a bigger effort...
>
> So, what do you think about the idea of protecting PINs in the
> Muscle applet using keyed hashing, something along the lines of
> HMAC-SHA1, or any other derivative. I think that, in a way, the
> External Authentication code in the applet is supposed to do this,
> but using keys (DES, 3DES, RSA, etc.).
>
> The idea is the following:
>
> If a user wishes to verify its PIN, instead of just using sending a
> INS_VERIFY_PIN APDU with the PIN clear text, the following would
> happen:
>
> Pre-condition: The card has the PIN stored in clear text.
>
> 1. [Terminal] Sends a INS_GET_CHALLENGE message to the card.
> 2. [Card] Sends a NONCE to the terminal.
> 3. [Terminal] Computes RT = HMAC-SHA1(PIN, NONCE); sends RT to the card.
> 4. [Card] Computes RC = HMAC-SHA(PIN, NONCE); RT == RC ? OK : Fail.
>
> What do you think of it? Is it stupid/flawed/insecure/reinventing
> the wheel and serves no purpose at all. Or could it be used in real
> life?
>
> Thank you.
>
> Regards,
> Joao
>
> _______________________________________________
> Muscle mailing list
> Musclelists.musclecard.com
> http://lists.drizzle.com/mailman/listinfo/muscle
>

_______________________________________________
Muscle mailing list
Musclelists.musclecard.com
http://lists.drizzle.com/mailman/listinfo/muscle

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]