From: Jim Thompson <[EMAIL PROTECTED]> Date: Sun, 20 Jan 2002 19:17:54 -0600 To: [EMAIL PROTECTED] Subject: Security of Smartcards X-Mailer: VM 7.00 under 21.4 (patch 1) "Copyleft" XEmacs Lucid
So, We're building SIM cards into 802.11 wireless gear. We've got plans to store RSA private keys on the SIM cards, and run signing operations (as signed DH exchanges) as part of IPSEC and IKE for a wireless wide-are network. There are also interesting possibilities for securing access to wireless AP infrastrcutures. I'll try to keep this non-commercial, so thats all I'll say about that. I've got Ben Laurie (yes, the famous Apache hacker) on another list claiming that smart cards are weak storage for keying material. e.g. that physical access to the card is all that is needed for a motivated hacker to pry the key out of the card. To quote: > > Umm ... at the Cambridge University Security Labs a standard exercise > > for students is to read out private keys from supposedly secure devices. > > Admittedly they have access to somewhat fancy equipment, but then, so do > > I, and I'm not _that_ unusual. Now, it seems to me that smart cards (and SIM cards) have withstood their share of probing. They secure all GSM traffic, and probably the lions share of sat broadcast TV, to say nothing of the various financial government (read: military) applications. Anyone here care to help me defend the security of SIM cards against these types of physical attacks? Were the Cambridge papers only valid against previous (memory-only) cards? Is there a good place I should look for other papers on the topic? Thanks, jim *************************************************************** Unix Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/ To unsubscribe send an email to [EMAIL PROTECTED] with unsubscribe sclinux ***************************************************************
