On 21/08/11 6:21 AM, Simon Josefsson wrote:
Thierry Moreau writes:
If there were devices meeting the stated goal (commercially available
with a reasonable cost structure), they would be a very useful
security solution element for high security contexts. The user
guidance would be: never enter the PIN anywhere else than on one of
these devices. Gone the phishing threat!
Not so fast -- that prevent the phisher from getting the PIN, but what
the phisher usually wants is to perform some private key operation using
your smartcard without you noticing.
Yes. A problem with smart cards is that they typically aren't secure by
themselves, they typically require a secure interface device.
(Unless we're talking about some of the more advanced digital cash
designs, but they have the advantage of a simplified security goal.)
All smartcard readers with PIN entry pads that I have used has had the
property that once you have entered the PIN, the host (which normally is
untrusted and can have a trojan running) will be able to perform
unlimited number of private key operations using your smartcard.
It all depends what you mean by "the host". Typically, the reader is
part of the hard security boundary, and it exports some safe high-level
API. In rollouts, the reader is also a heavily branded item that the
customer is supposed to learn, so as to avoid sticking the card into any
old slot.
Where you've got some pass-through reader connected to a PC, all bets
are off! That's a breach of the security model. Or a development kit.
Or a bankers' liability shifting model :P
So the trojan have to wait for someone to enter their PIN to do a normal
transaction, and then the trojan can ask the smartcard to do whatever it
wants. Bingo.
I'm surprised there aren't smartcard readers with a button to authorize
every private key operation. At least I haven't seen any. It is still
not perfect (the trojan can race the legitimate application and perform
its operation first) but it is an improvement.
There are. They're called cellphones. Problem is, until recently they
weren't hackable so easily. Apple then Google fixed that, so maybe
we'll see more use in the future.
iang
_______________________________________________
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
