(a) CCID uses interrupt msgs to signal "hardware problems". It also uses the control channel to abort packet/transaction transfers on the bulk-data endpoint.
Given the way compliant USB stacks must handle the scheduling of these packet types, we have one or more ideal covert channels, either timing channels or data channels. If you are wiretapping the bus communications, the timing of the error packet generation, the power-drain on the bus, etc are all bearers for backdoor signalling of bits fragments, communicated via error codes. If one signals USB packets over an AT&T phone's wi-fi radio link, rather than over signal the differential signalling proeprties of of USB, the data can induce the radio (not the wifi layer) signals to act as bearer for covert data bit fragments, similarly.
You might want to think how one might address covert channel threats in the design of the driver. Then, assuming the driver has countermeasures by default, what are the rules for driver cooperation for removing the countermeasures: I refuse! I cooperate regardless! I need local government consent! I just dont care!
In writing driver work for secure protocols, always look carefully at the PDUs for error handling and control - see which conditions fall within the secure messaging envelopes, and which do not. Ensure you use the secure messaging not only for data confidentiality/integrity, but for covert channel exploitation. There is a consistent design pattern in most ISO communication standards for use in public networks, particularly those exploiting the well-known HDLC-feature of "supervisory" frames. T1 and CCID use many features of HDLC class protocol designs, note. If you have paraonid tendencies, one could view the name "control channel" in a new light.
(b) It would be interesting to see how Microsoft's CCID- class driver handles this. Strangely, unlike the PS2 driver for PC/SC signals, the "standard" CCID driver doesnt actually seem to come with Windows... each CCID driver version seems to come bundled with the smartcard reader. Any info on whats going on here? What are the issues?
Will Linux and Apples using BSD that install PCSC-lite come with a standard CCID-class driver, or will it only be distributed via the smartcard manufacturer, per the Microsoft case?
Are there design issues in making a CCID driver that preclude standardized distribution of a raw CCID-class driver for the transasctions addressed by PC/SC?
What issues force a different policy for raw CCID driver distribution, compared to the case of the raw PS2 driver (for PC/SC) ?
>From: Ludovic Rousseau <[EMAIL PROTECTED]>
MSN Toolbar provides one-click access to Hotmail from any Web page � FREE download!
_______________________________________________ Muscle mailing list [EMAIL PROTECTED] http://lists.drizzle.com/mailman/listinfo/muscle
