Crypto hardware
Arnold G. Reinhold
reinhold at world.std.com
Sun Jul 15 21:59:46 EDT 2001
At 11:09 AM -0700 7/12/2001, Jurgen Botz wrote:
...
>Set up a PC with CA software and a smart card reader and put
>your CA cert/key on a smart card and you have your tamperproof
>CA master... the only weak link in the certificate generation
>process is the CA's secret key, so that's really the only thing
>you need to protect. From a security standpoint everything
>else should be as transparent as possible, so ideally you want
>a box running open source software rather than a proprietary
>appliance and isolate the critical part of the process to
>something that can be made very tamperproof and has well known
>specs/intefaces... i.e. a smart card.
The CA's secret key is not the only weak link. There is also the the
software that submits certs to be signed to the "tamper proof" smart
card. If I can gain control of that software, it is a simple matter
to have your smart card sign any cert I want. And if I get root on
your off-the-shelf PC, such an attack would not be hard to mount.
At the very least, one needs some audit trail maintained inside the
tamper proof module and a tamper proof means to display that audit
trail.
Arnold Reinhold
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list