Hi, --- Michael Gile <[EMAIL PROTECTED]> wrote: > The security problem with smart cards is not key recovery. It is the > fact > that the smart card must rely on a standard PC (or other insecure > host) for > input and output. >
I consider this argument inaccurate. The smartcard does not necesary needs a PC to run. You attach the smartcard to a PC reader to allow some application on your PC to get benefit of the smartcard. But your smartcard system (PC application + smartcard) will never be more secure than your host PC alone. The smartcard system cannot replace good handling of the user access to the computer resources by the OS. > For example, say we have a smart card with a signing application that > will > sign arbitrary data from the host PC (an oracle). The attacker no > longer > needs access to the key, only an application that can send data to > the card. > Even when adding authorization to the key usage (for example a PIN), > an > attacker needs only access to the insecure host machine and can then > recover > the PIN itself or send bogus data to be signed. > IMHO this is a application design problem, and not a problem on the smartcard industry itself. You *must not* have an application signing arbitrary data from anybody that request that. Would you run a daemon that gets data from anybody and encrypts/signs this data with your private key "safely" stored on your hardisk? The same applies if the key was generated onboard on your smartcard. > The solution to the smart card attacks above is to add a secure > communication channel to some special purpose server through which > only > encrypted data is ever transmitted outside the card, or provide a > more > robust mechanism to the user that can be used for secure input and > allows > more storage and computing power on the card itself. > The smartcard must be managed by the OS like other normal device, lets say the printer or the harddisk. Once a user has logged into the system, he/she may or may not have access to the smartcard, depending on system priviledges of this user. Under UNIX this is perfectly handled by regular file permissions to read/write from the smartcard. Carlos. > Regards, > > Michael Gile > Wave Systems Corp. > [EMAIL PROTECTED] > [EMAIL PROTECTED] __________________________________________________ Do You Yahoo!? Send FREE video emails in Yahoo! Mail! http://promo.yahoo.com/videomail/ *************************************************************** Unix Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/ To unsubscribe send an email to [EMAIL PROTECTED] with unsubscribe sclinux ***************************************************************
