On Wed September 23 2009 06:40:00 Ludovic Rousseau wrote: > Hello, > > 2009/9/23 Linux User <[email protected]>: > > When a contactless smart card transmits data stored on a smart card to a > > contactless smart card reader, is the wireless communication between the > > card and the reader encrypted? > > What is your threat model? > What do you want to avoid and why? I should mention first that my questions are from an end user perspective, not as a developer. I have not yet had any experience using smart cards, and am struggling to learn basic information about using smart cards before I buy a smart card reader. I want to use only already existing i586 and x86_64 Linux software to solve my problem, without modifying the software or writing any software. I do not know if the scenario below is possible, or if I selected the correct tool for the job when I chose contactless smart cards. My description below is my best guess at how to achieve the goal stated immediately below.
In simple, overview terms, I need to protect the data on a laptop from being accessed by anyone who is not me, in case the laptop is stolen or I die before I can destroy the data. I want to protect the confidentiality of the data stored on a laptop, ensure that in any case only I can access the data stored on the laptop, and do so using a method that is secure, fast, and convenient to use. If it is possible, I want to: * Use an encrypted filesystem to ensure data stored on a laptop hard drive remains confidential. * I want to securely store the password for the encrypted filesystem in a contactless smart card in such a manner that the smart card would be useless to an unauthorized person in physical possession of the smart card, for the purpose of decrypting the data stored on the laptop. * I want to position the contactless smart card within 10 cm of a contactless smart card reader connected to the laptop, without any physical connection between the smart card and the smart card reader or the laptop; then I want the LAPTOP to immediately and automatically execute the following actions such that it appears to me as a single step: the password on the smart card is wirelessly transmitted to the laptop, the password is automatically used to log into the laptop, the password automatically functions as the decryption key for the encrypted filesystem, and automatically the laptop decrypts the encrypted filesystem on the laptop. * I want to prevent the filesystem decryption key from being sniffed as it travels wirelessly from the contactless smart card to the contactless smart card reader; or, I want any sniffed data to be completely useless, jumbled nonsense. > You can have a look at Mifare [1]. The MIFARE DESFire EV1seems to fit my application. I am still quite ignorant about smart cards, so I do not really know if the MIFARE DESFire EV1 is appropriate for solving my problem. > You should define what exactly is "contactless" for you. Many smart > card technologies are contactless but are different. See [2]. contactless = usage of a smart card that transmits data via radio waves to a smart card reader for a distance of up to 10 cm, and never physically touches the smart card reader. > [1] http://en.wikipedia.org/wiki/MIFARE > [2] http://en.wikipedia.org/wiki/Radio-frequency_identification Thank you for those references and your assistance. --- "Max" _______________________________________________ Muscle mailing list [email protected] http://lists.drizzle.com/mailman/listinfo/muscle
