[Cryptography] Samsung Knox

Jerry Leichter leichter at lrw.com
Fri Oct 24 12:22:41 EDT 2014

On Oct 24, 2014, at 5:53 AM, Peter Gutmann <pgut001 at cs.auckland.ac.nz> wrote:
>> Samsung proudly announced that "Samsung Galaxy Devices based on KNOX platform are the First Consumer Mobile Devices NIAP-Validated and Approved for U.S. Government Classified Use"
> While this again much confirms my opinion of the value of security
> certification programs (although the fact that it was CC did surprise me
> slightly, I would have expected it from FIPS 140 but I thought CC was a bit better than that), I wonder what'll happen to the certification?
A big weakness with these certification programs is that you get to define the "box" that gets certified.  A reasonable bet is that "secure storage of the password" was simply not within the certification boundaries - it was just assumed to be secure.  Or, more likely, nothing in the certification boundaries had anything to do with storage of the password - it was written on the assumption that the password simply appears (presumably the user enters it) and then we go from there.

BTW, if you read the linked article, you realize how bad things really were.  The hole was found because the guy doing the analysis first figured out how to get at the "password hint" - which is automatically computed for you as the first and last characters, and the actual length, of your password!  (This alone is *already* a big security issue.)  He then wondered whether that was computed on the fly from the actual password - implying that it was somehow available in cleartext.  And, indeed - in some deeply buried and obfuscated, but ultimately reversible, code, it was.

>  Will it be withdrawn, or will the issue just be ignored.
If, indeed, my guess about how this slipped by is correct, then the validations are, according to the rules of the process, perfectly valid - which would put the validating agencies in an embarrassing position.  It's not as if those of us who've ever dealt with these processes don't already know that they have very, very limited worth - it's just that *most* users have no clue.

Defining the boundaries of the validation is important, of course - you don't want to fail a device because someone watching as its user enters the keystrokes can read the key.  But when I last had anything to do with these validations, there were basically no rules about where you put the boundaries.  Technically, you might only have certification for a low-level crypto module; but it was easy to describe things to imply to virtually everyone that it's the entire device that's been validated, all without violating the letter of any standards or regulations.

                                                        -- Jerry

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4813 bytes
Desc: not available
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20141024/87bc419d/attachment.bin>

More information about the cryptography mailing list