Hi,
Joao Pedro ha scritto:
I was hoping to hear better (and more general) solution than the one
proposed :) The idea was to know if there is any mechanism that
doesn't depend on pre-shared keys such as Secure Messaging.
I think what you actually didn't provide is *what problem* you want to
solve.
It seems from the discussion that you are exclusively concerned about
security
of the PIN, but in the case the PC/Reader/SC communication may be spied
upon,
I think there should be greater concerns around:
1. what about security of the exchanged data: such data might range from
public-key certificates or personal prefs (no issue at all) to
sensitive data
like passwords, or even cryptographic keys (think of the ImportKey
APDU);
2. if the attacker may also inject its own messages inside the communication
(as I actually think it would be possible), then there are plenty of
problems,
because no matter spying on the PIN: once the legitimate user has
authenticated,
the attacker has the (unlocked) card at its own disposal for doing
whatever
with it (i.e., reading sensitive data, using cryptographic keys, etc...;
with proper equipment, authenticating to a second physical terminal
not too
far from the other one where the legitimate user is entering, if your
use-case is control to physical access to systems)
Secure Messaging is more complex because it does not aim to protect the PIN,
but it aims to protect the valuables inside the smart-card
(cryptographic keys
and sensitive user data), and for such purposes you need not only to
authenticate,
but also to establish a session key and encrypt all of the the
subsequent messages
inside the session.
Please, provide details about the typical use-case (scenario/story)
where the
mechanism you are looking for is needed, and what security properties
(i.e.,
requirements) you would need from such a mechanism.
Regards,
T.
--
Tommaso Cucinotta, Computer Engineering PhD, Researcher
ReTiS Lab, Scuola Superiore Sant'Anna, Pisa, Italy
Tel +39 050 882 024, Fax +39 050 882 003
http://feanor.sssup.it/~tommaso
_______________________________________________
Muscle mailing list
[email protected]
http://lists.drizzle.com/mailman/listinfo/muscle
