Re: MUSCLE Linux Login with RSA SmartCards
On Mon, Jun 04, 2001 at 12:57:20PM -0700, David Corcoran wrote: Hello, You can't use pcsc-lite-0.9.1 for remote use of the resource manager. I wanted to create the core package as local only. I'm working on an RPC like service that sits atop the local service which will export the PC/SC interface . To the apps it will be identical to the older versions that used RPC. I don't think using RPC is a good idea. You use a smartcard to provide security in a unsecure environment. I don't want to send my PIN code in clear over RPC. You need to have authentication, integrity and confidentiality of your networks communications. You could use 'secure RPC' but it will be hard to find implementations of it outside SUN. If you send your PIN code in clear over the network why not just use telnet ? :-( I want a secure channel between my smartcard and the program sending commands to it. -- Ludovic Rousseau [EMAIL PROTECTED] - Gemplus/Information Security Team O ascii ribbon campaign against html |\email and Microsoft attachments. *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
Re: MUSCLE Linux Login with RSA SmartCards
On Wed, 6 Jun 2001, Ludovic Rousseau wrote: On Mon, Jun 04, 2001 at 12:57:20PM -0700, David Corcoran wrote: Hello, You can't use pcsc-lite-0.9.1 for remote use of the resource manager. I wanted to create the core package as local only. I'm working on an RPC like service that sits atop the local service which will export the PC/SC interface . To the apps it will be identical to the older versions that used RPC. I don't think using RPC is a good idea. You use a smartcard to provide security in a unsecure environment. I don't want to send my PIN code in clear over RPC. You need to have authentication, integrity and confidentiality of your networks communications. You could use 'secure RPC' but it will be hard to find implementations of it outside SUN. Or maybe provide some kind of key exchange, and send the PIN code (and all the card commands) hidden in an opaque data blob, simply encrypted. That's surely difficult to design and implement correctly, but I agree with Ludovic, it's not a good idea to transmit everything in clear. If you send your PIN code in clear over the network why not just use telnet ? :-( I want a secure channel between my smartcard and the program sending commands to it. -- Erwann ABALEA [EMAIL PROTECTED] RSA PGP Key ID: 0x2D0EABD5 - Two most common elements in the universe: Hydrogen and Stupidity. *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
Re: MUSCLE Linux Login with RSA SmartCards
For accessing remote computers (which the original query was about) something like ssh or secure telnet using smart card based keys for authentication would be more appropriate. Of course what you really want is for the session to be secure all the way to the card, not just to the terminal. And since you can't use the PIN as an encryption key, you need something like a diffie-hellman exchange. And since the terminal makes a perfect man-in-the-middle, you need to add some more protocol and use something like EKE, SPEKE, or OKE. We did all this and wrote a paper: N. Itoi, T. Fukuzawa, and P. Honeyman, Secure Internet Smartcards, August 2000. Java Card Workshop, Cannes (September 2000). http://www.citi.umich.edu/projects/smartcard/scpapers.html *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
Re: MUSCLE Linux Login with RSA SmartCards
Hi, I think the PCSC is good enough if it enables access to the local smartcard to local proceses, and verifies that the user has UNIX permission to use the smartcard reader (for instance if /tmp/.pcsctx anc /tmp/.pcscrx are accessibe to the user). For remote authentication, a client/server application would need to implement the client/server dialog for authentication. For instance if a user in Computer A needs to connect via ssh to Computer B, the user is authenticated to Computer A OS and has UNIX priviledges to access to the smartcard reader on Computer A: 1) When the ssh client connects to the ssh server, the ssh server sends some random challenge to the ssh client 2) The ssh client encrypts the challenge with the private key stored in the smartcard and sends the result back to the server. 3) The ssh server that has the public key of the user on his local filesystem, decrypts the data and checks that is the same challenge that was sent to the client. 4) If the verification is OK, then the server has the security that the client is the owner of the smartcard which conveys the private key, and so it has access to the server host. The ssh client and server source code would neeed to be modified, but I guess there is more chance if you want to use improved security. Said this, the Secure Internet Smartcards model looks fine to me, and could be implemented to help client/server applications to use smartcards for authentication. --- Jim Rees [EMAIL PROTECTED] wrote: For accessing remote computers (which the original query was about) something like ssh or secure telnet using smart card based keys for authentication would be more appropriate. Of course what you really want is for the session to be secure all the way to the card, not just to the terminal. And since you can't use the PIN as an encryption key, you need something like a diffie-hellman exchange. And since the terminal makes a perfect man-in-the-middle, you need to add some more protocol and use something like EKE, SPEKE, or OKE. We did all this and wrote a paper: N. Itoi, T. Fukuzawa, and P. Honeyman, Secure Internet Smartcards, August 2000. Java Card Workshop, Cannes (September 2000). http://www.citi.umich.edu/projects/smartcard/scpapers.html *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html *** __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/ *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
Re: MUSCLE Linux Login with RSA SmartCards
Definitely. The interface exported must be a subset of the available functionality or else someone could write a worm which does a Verify Key function incorrectly and blocks cards where services are available. A signature function must be carefully exported and authenticated to so it does not perform signature operations for undesired applications. Currently this is protected by a PIN number so secure PIN transfer is a must. Also, blocking the PIN is a concern Dave *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
