On Thu, 8 Jan 2004, Jesse I Pollard wrote:
> Not that fast - access to a serial interface will reduce your application > startup to a MAXIMUM of one every 2 to 3 seconds. A USB interface should > speed that up to about one every 1/2 second. Correct, but SmartK is modular, you can easily develop a IO module that supports the USB port instead of the serial port. On the other hand, the majority of readers communicate through the /dev/ttySBx devices, that are handled by means of the "USB-Serial converter" feature. > > I assume you are verifying the binary signature on every activation by > passing the signature to the card to use the private key [....] > > etc. etc. I simply cited the WLF project as an example of scenarios where SmartK is a suitable solution. In other words: SmartK is a general-purposed tool to develop kernel-level off-card applications. WLF could use it. WLF is an architecture that allows the Linux kernel to verify the integrity of executables at run-time, this verification is built on top of a sort of PKI (that is unspecified in the paper [1]). WLF constitutes a typical field of application for SmartK for at least three reasons: 1) This feature can be best implemented at kernel level, because it is the kernel that parses and runs executables. 2) The management of public and private keys is a critical issue as well as the security of keys repository. Smart cards are suitable to be a robust solution for the key storage. 3) The integration of a kernel-level architecture and a user-level smart card interface is unsafe and unpratical. Moreover, verification of trusted kernel at BIOS-level also requires a smart card framework necessaely smaller than the most widely used products ( e.g. PC/SC). William Arbaugh et al. proposed an architecture that features a chain of verification of the integrity of the several levels of a system starting from the BIOS [2] (including the system kernel). They also improved this architecture allowing the usage of a smart card as key storage [3]. Bye. [1] L. Catuogno, I. Visconti (2002) "A Format-Independent Architecture for Run-Time Integrity Checking of Executable Code", Lecture Notes in Computer Science, Volume 2576, pp. 219-233 [2] W. Arbaugh, D. Farber, J. Smith (1997) "A Secure and Reliable Bootstrap Architecture", Proceedings of 1997 IEEE Symposium on Security and Privacy, pp. 65--71 [3] N. Itoi, W. A. Arbaugh, S. J. Pollak, D. M. Reeves (2001), "Personal Secure Booting", Lecture Noter in Computer Science, volume 2119, pp. 130--144 _______________________________________________ Muscle mailing list [EMAIL PROTECTED] http://lists.musclecard.com/mailman/listinfo/muscle
