On Tuesday, August 19, 2003, at 12:43 AM, John McCormac wrote:
There will always be a certain element of distrust as regards commercial smartcard products. The reason for this is simple - the government of a particular country where a smartcard is manufactured would be unlikely to permit the release of a smartcard which its technical intelligence services could not defeat or compromise.
I maybe very na�ve but I think that there are other ways for intelligence services to access data even if they do not know how to break the card. I would consider it easier to put a keystroke tracker device or install a Trojan on the machine targeted by the Intelligence Services than lobby a card manufacturer to add a trapdoor. If you consider that accessing the machine is not possible (the target of the Intelligence services hides his computer in a bunker and it is not networked) than accessing the card could also be impossible (leave it with the computer). If the deciphered e-mail has been handled on the computer, there is probably a copy of the clear text in some cache somewhere.
With one valid set of keys (even an old set) and a simple implementation of the hashing algorithm, the whole card memory was dumped. (This happened about nine years ago.)
As you mentioned, this is not a trapdoor but a faulty design. I am only talking about intentional trapdoors maliciously and willingly inserted in the code.
The comparison of Microsoft with an SC manufacturer is not a good one. The user can always reinstall a Microsoft operating system. Unless a card is completely reprogrammable, then the OS cannot be reinstalled.
But can you easily re-install (or at least check) the firmware of your CPU or your HD? There could be a very nasty virus looming in there. This is probably science fiction at the moment but could exists at some point (the HD firmware that patches the kernel file on the fly before giving it to the CPU would be a nice one).
The disclosure of the source code by Microsoft is one of sheer desperation as more governments consider switching to more robust and more trustworthy (due to their Open Source natures) *nix based operating systems.
I agree with you. The disclosure of source code allows peer review and can help tracking nasty security bugs. The bad side of the Open Source is that if it is easier to find security issues in the code for an honest reviewer, it also makes it easier for a cracker...
What's your view on development using formal methods?
Without full disclosure, any smartcard operating system developer is at the mercy of the smartcard manufacturer.
Do you mean the smart card isssuer instead of smartcard operating system developer or chip manufacturer instead of smartcard manufacturer?
I guess the best way to design a system is so that it can recover easily from security failure instead of trying to design a totally secure system.
I completely agree with this: keep in mind that your system will be broken one day and make sure that it can be fixed easily.
Cheers, JLuc.
_______________________________________________ Muscle mailing list [EMAIL PROTECTED] http://lists.musclecard.com/mailman/listinfo/muscle
