On Sat, May 27, 2000 at 11:19:44AM -0500, David Corcoran wrote:
> I think Jim is concerned with having the card present and having a hacker
> maliciously query the smartcard subsystem for information. With the card
> removed this is not possible.
That can happen no matter what- the attacker can install s/w
that waits for card insertion, grabs the connection
to the card before the legitimate s/w does, and then has
it's way with it.
This is a danger unless you have a smart card reader with a
PIN pad and a display and the right sort of API interface.
I wrote a paper on a design for such a secure reader:
http://slack.lne.com/ericm/nable-threat-model.html
Fortunately (sort of) with the PAM login, the security model doesn't need
to protect you against this sort of attack, because the smartcard login
is only to prevent unauthorized access to your host. You have already
lost when the attacker can put the card snooping s/w on your host.
This is not true of say a banking application.
--
Eric Murray www.lne.com/~ericm ericm at the site lne.com PGP keyid:E03F65E5
***************************************************************
Linux Smart Card Developers - M.U.S.C.L.E.
(Movement for the Use of Smart Cards in a Linux Environment)
http://www.linuxnet.com/smartcard/index.html
***************************************************************
