Is there any future for smartcards?

Dave Howe DaveHowe at gmx.co.uk
Mon Sep 12 15:43:43 EDT 2005 

Eugen Leitl wrote:
> On Sun, Sep 11, 2005 at 06:49:58PM -0400, Scott Guthery wrote:
>>1) GSM/3G handsets are networked card readers that are pretty
>>successful.  They are I'd wager about as secure as an ATM or a POS,
>>particularly with respect to social attacks.
> The smartphones not secure at all, because anything you enter
> on the keypad and see on the display can be compromised, so
> the tamper-proof cryptographic goodness locked inside the SIM
> smartcard will cheerfully approve whatever the code running
> on the smartphone will tell it to approve, regardless of
> what is being displayed to the user.
  TBH I don't think the smartcard approach will work - really, everything needed
to verify what you are signing or encrypting needs to be within your secure
boundary, so the only sensible approach is for a mobile-sized cryptographic
device to be autonomous, but accept *dumb* storage cards for reading and
writing; that dumb card can then be used to transfer a unsigned document to the
cryptographic device, which when inserted uses a relay or switch to assume
control of the keyboard and screen; person wishing a digital signature stores
the document to be signed onto the card; signer inserts into his device, uses
the device's display to assure himself this is really what he wants to sign and
then keys his access code. The device then produces a digital signature
certificate (possibly deliberately adding some harmless salt value to the end
before signing, which is noted in the detached certificate's details) and copies
that to the dumb card, retaining a copy for the user's own records.
  by using a switch controlled by the cryptographic module, the display can be
then used by an alternate system when not in use - for example, a mobile phone -
while providing an airgap between the secure module and the insecure (and yes,
this would mean if you received a contract via email, you would have to write it
to a card, remove that card from a slot, insert it into a different slot, then
check it. I can't see how the system can be expected to work otherwise....)

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list