On Sun, Sep 23, 2012 at 12:52 PM, Andreas Jellinghaus <andr...@ionisiert.de> wrote: > 2012/9/22 NdK <ndk.cla...@gmail.com> >> >> Il 22/09/2012 12:41, Andreas Jellinghaus ha scritto: >> >> > In my mind keys could optionally contain application-oriented ACL >> > telling which >> > applications they trust so that even if you install a "bad" App, it >> > would for >> > example not be able to use your bank or eID-key in the background. >> In my mind, the SE should take over display and touch controller by >> hardware means, so absolutely no app can snoop user input or fake it. >> Too bad seems nobody really *needs* that level of security... > > > like "credsticks" from scifi novels decades ago? that owuld be a single use > appliance, and I think easy to hack, similar how it is trivial to have a > chip recording keystrokes placed inside a laptop etc. and I guess a multi > app would be extreme complex and unlikely to be secure either.
I don't know about credsticks but hardware-secured, sealed and intrusion-detecting&evident device (think: handheld HSM) is the only way to have a "reasonably assured" system. Talking about all the application and OS-layer things to make interception more difficult (binding apps to identities and checking hashes and signatures and whatnot) is nice to have, but eventually doomed, as you can run code alongside the semi-trusted code that implements it. Unless the path from SE to input-output devices (keypad, display) is physically separated, something can always go wrong (which does of course not mean that having them forbids something from going wrong :)) Mandatory link: http://news.cnet.com/obamas-new-blackberry-the-nsas-secure-pda/ There are cards out there that are ID1 size with a chip and a small display, unfortunatley the display is not connected to the "main cpu" but a separate OTP generator. Once those displays get hooked to JavaCard inputs, interesting (and secure) schemes can be built. But I've not heard of any serious players planning to come out with something like that. Hooking them up with either on-card keys or secure pinpad readers would be really nice. Martin _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
