The CCID specificaion supports various modes of CCID operation. Which mode(s) did you
implement in your device firmware?
- For example, does your CCID support TPDU, or APDU exchanges, or character exchanges?
- Did your CCID support T0, and did it operate in automatic mode - for features such as PPS?
For your muscle CCID driver, does it ccooperate with firmware that makes different assumptions? e.g. a character only t0 mode firmware, that does no automatic processing?
Best Peter.
From: Ludovic Rousseau <[EMAIL PROTECTED]>
Reply-To: MUSCLE <[EMAIL PROTECTED]>
To: MUSCLE <[EMAIL PROTECTED]>
Subject: Re: [Muscle] CCID driver distribution issues, security,covert channels
Date: Wed, 31 Mar 2004 00:37:50 +0200
Le Tuesday 30 March 2004 � 11:51:49, Peter Williams a �crit:
> <P>Given the way compliant USB stacks must handle the scheduling of these packet types, we have one or more ideal covert channels, either timing channels or data channels. If you are wiretapping the bus communications, the timing of the error packet generation, the power-drain on the bus, etc are all bearers for backdoor signalling of bits fragments, communicated via error codes. If one signals USB packets over an AT&T phone's wi-fi radio link, rather than over signal the differential signalling proeprties of of USB, the data can induce the radio (not the wifi layer) signals to act as bearer for covert data bit fragments, similarly.</P>
Can you be more specific? The covert channel will be used by who (the card OS? an applet on the card? the PC?) to communicate with who (someone wiretapping the USB cable?)
I don't see the attack scenario so can't provide any good solution.
Bye,
PS : please, do _not_ send mail in HTML! At least provide a text version if you really want to use HTML.
-- Dr. Ludovic Rousseau [EMAIL PROTECTED] -- Normaliser Unix c'est comme pasteuriser le camembert, L.R. -- _______________________________________________ Muscle mailing list [EMAIL PROTECTED] http://lists.drizzle.com/mailman/listinfo/muscle
_________________________________________________________________
All the action. All the drama. Get NCAA hoops coverage at MSN Sports by ESPN. http://msn.espn.go.com/index.html?partnersite=espn
_______________________________________________ Muscle mailing list [EMAIL PROTECTED] http://lists.drizzle.com/mailman/listinfo/muscle
