On Monday, October 10 at 12:43PM, Anders Rundgren wrote: > > On 2011-10-10 12:05, Martin Paljak wrote: > > Hello, > > > > On Mon, Oct 10, 2011 at 12:27, Anders Rundgren > > <anders.rundg...@telia.com> wrote: > >> Is there any support for trusted (OS-level) PIN input in OpenSC? > > > Trusted path for me means guaranteed by tamper-proof mechanisms, which > > usually means separate hardware-guaranteed channel, which in turn > > would mean something like TPC, which generally does not play well in > > Linux world.
Do you mean TPM/MTM? There are some research project, that use it as trust anchor. And all of them are Linux-based. > There are (AFAICT) two variants of this: One which is tamper-proof. > This is primarily intended to protect against physical attacks > against the operating system etc. Although interesting from a > crypto-nerd perspective, I believe a scheme that protects against > Internet-scale attacks would be good-enough. Such a system should > withstand trojans (misbehaving "apps") that the user have downloaded > while the OS still is intact. Such a mechanism would probably only > require OS-level support to work. Android is not a hardened OS, which allows separation of compartments in a security related fashion. Although a VM (such as Dalvik) can be used to realize software separation, there are a lot of caveats... Note that for Google Wallet the critical stuff is done by "applications" running *in* the NFC module. Of course security of the NFC module's secure element (SE) can break when it depends on external input (such as the PIN). Google claims that only allowed applications can access the NFC module (and enter the PIN). If good revenues are expected, I doubt that this can hold for very long. The problem is that the SE cannot assure the integrity of the OS (which is what a TPM is for). > >> Or is this supposed to be catered for by separate PIN-pads only? > > > I think pinpads is the best we currently have. Having signatrue > > devices with dedicated display capabilities (like the SCM one with > > integrated Linux and ethernet) would be nice. > > This is feature that 0.1% of the market will buy into. I doubt that > the SCM mechanism has any use on the Internet or am I wrong here? > Didn't the Spanish EID-solution plot with embedded "secret" keys > in their middleware? Well, secure devices are simple. Complex devices will break, if rewarded with a lot of money (researchers could also be pleased with some sort of attention ;-) ). > >> I expect this feature will be standard in mobile devices. Where can I find more about this "standard"? Google doesn't say much. Cheers, Frank.
pgpGqa20AVY9Q.pgp
Description: PGP signature
_______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
