Re: [Muscle] Remote connections to pcsc

Fri, 21 Sep 2007 12:11:40 -0700 


Shawn Willden wrote:

On Friday 21 September 2007 09:11:14 am Douglas E. Engert wrote:

What are the security implications to doing this?



In this particular case, I don't care.  Both machines are to be deployed in a 
secure environment.


In general, though, I think it also doesn't matter that much. Any reasonable

secure smart card API (I'm talking about the APDU-level API) must assume that 
an attacker can get between the card and the reader, or the reader and the
application. 


Not the ones I have seen. The assumption is the user of the card has physical
control over the reader, and is using the machine in front of him.


Having a remote reader offers another avenue of attack, but 
it's not like there aren't plenty to begin with.


Yes there are, but not protecting the stream over the network just introduces 
another.




The case where it might matter is when the card is used for user 
authentication, but a remote reader wouldn't make any sense for that 
application anyway.




Yes it would, That is exactly what the Microsoft RDC can do, let you
login to a remote computer using your smart card.



How would the stream be protected? ssh?



I don't see any value in layering encryption on the stream.  If the data being 
transmitted is sensitive, it should be encrypted and/or MACed between 
application and card anyway.  Or are you suggesting that ssh authentication 
be used to prevent rogue connections to the card? 


Both.


That might be useful in 
the general case.  In my case it doesn't matter -- and I'm looking to hack 
pcsclite to make it suit my needs, not necessarily to add a feature to 
the "official" pcsclite.




Good luck.


There is an Open source version of RDC, rdesktop, but I don't know if it
does smart cards.



There has been some work done on smart card support in rdesktop, but I'm not 
sure where it is.  Even if it's functional, it doesn't address my situation.


Thanks,

        Shawn.




--

 Douglas E. Engert  <[EMAIL PROTECTED]>
 Argonne National Laboratory
 9700 South Cass Avenue
 Argonne, Illinois  60439
 (630) 252-5444
_______________________________________________
Muscle mailing list
Muscle@lists.musclecard.com
http://lists.drizzle.com/mailman/listinfo/muscle






















					Reply via email to