And that solution was what we were talking about at the very first Finread 'Workshop'. Somehow, it got lost along the way.
Peter T Bristol UK ----- Original Message ----- From: "Jason Barkeloo" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, March 06, 2002 3:47 AM Subject: MUSCLE So is that what the FinRead > specs are designed to do? > > jb > > > > From: Michael Gile ([EMAIL PROTECTED]) > Date: Mon Jan 21 2002 - 16:27:57 CST > > The security problem with smart cards is not key recovery. It is the fact > that the smart card must rely on a standard PC (or other insecure host) for > input and output. > > For example, say we have a smart card with a signing application that will > sign arbitrary data from the host PC (an oracle). The attacker no longer > needs access to the key, only an application that can send data to the card. > Even when adding authorization to the key usage (for example a PIN), an > attacker needs only access to the insecure host machine and can then recover > the PIN itself or send bogus data to be signed. > > The solution to the smart card attacks above is to add a secure > communication channel to some special purpose server through which only > encrypted data is ever transmitted outside the card, or provide a more > robust mechanism to the user that can be used for secure input and allows > more storage and computing power on the card itself. > > Regards, > > Michael Gile > Wave Systems Corp. > [EMAIL PROTECTED] > [EMAIL PROTECTED] > > On 1/21/02 12:39 PM, "Matthias Bruestle" <[EMAIL PROTECTED]> wrote: > > > On Sun, Jan 20, 2002 at 08:03:26PM -0800, David Corcoran wrote: > >> I've got Ben Laurie (yes, the famous Apache hacker) on another list > >> claiming that smart cards are weak storage for keying material. > >> e.g. that physical access to the card is all that is needed for a > >> motivated hacker to pry the key out of the card. > > > > I have never tried to crack a smart card or have much knowledge about > > the technical devices needed, but I have read quite a bit and had to > > do with cards, industry, etc.. > > > > My estimation of the situation: > > > > Smart card manufacturers try to make these as secure as possible, > > but smart cards are a cheap mass product. > > > > I do think, that cracking of smart cards is hard, but not impossible. > > And it is getting harder and harder, because there are are improvements > > in the smart card area regarding security, e.g. in the Infineon series > > 44 -> 66S -> 66P. (I'm most familiar with these ICs.) I do believe, > > that the 66P series from Infineon for at least some years secure against > > reading the content of the EEPROM by students and also more sophisticated > > hackers. This is because of the security features they have and because > > so many firms and government agencies do trust them. It would be very > > bad publicity for them if a card would be cracked. But I do not believe, > > that the 66P is secure against the laboratory and knowledge of e.g. Intel. > > > > For the 66S there seams to be not so much trust, e.g. the German > > signature cards from Telesec hat originally a 66S chip and were replaced > > by cards with a 66P. For the 44 there is, as it appears, even much less > > trust, thatn for the 66S. > > > > If you only want to read out a key, some form of power analysis would > > be enough. You need here not very expensive equipment. Card and OS > > manufacturers try als to be secure against this and they do apparently > > also try themself (or pay others to do so) to attack their cards with > > power analysis. My opinion is, that it is very difficult to do a power > > analysis attack with modern cards, but I am not convinced that it is > > impossible. What might make it impossible is to try to design a power > > analysis resitant protocol. E.g. with some sort of error counter. > > > > These are not definite answers. Here is probably a similar situation > > than in the cryptography area. but surrounded by non-openess. > > > > So my advice is to design a smart card application, that an attacker > > can not gain much value, and also to develop some plans what to do, > > if a card get's cracked. > > > > If there is interest, I can also write some about evaluation according to > > ITSEC/CC. > > > > > > Mahlzeit > > endergone Zwiebeltuete > > > > Jason Barkeloo > Director of Research > ACEtek Research > tele 513.225.8765 > http://metaskilled.tripod.com > > > *************************************************************** > Unix Smart Card Developers - M.U.S.C.L.E. > (Movement for the Use of Smart Cards in a Linux Environment) > http://www.linuxnet.com/ > To unsubscribe send an email to [EMAIL PROTECTED] with > unsubscribe sclinux > *************************************************************** > > *************************************************************** Unix Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/ To unsubscribe send an email to [EMAIL PROTECTED] with unsubscribe sclinux ***************************************************************
