On Thu, Oct 05, 2000 at 09:31:29AM -0500, David Corcoran wrote:
> I would like to see a new kind of channel management where the card is sent
> a command to establish a connection and receive a handle for a particular
> application. The card would do a key exchange with the application and the
> card and application/card driver would share this secret key as a handle.
> This key would be used to encrypt commands to the card and decrypt
> responses and to also send a symmetric digital signature of each command
> for verification. The card would be responsible for checking this
> symmetric digital signature and use that channel to establish state again
> such as file pointers, authentication, etc.
This is what I thought you were talking about in the initial message
mainly because I never heard of ISO 4 Channel management in smartcards
(ignorance actually is bliss in certain cases :)
Here's where I'm coming from with over complicating the whole issue.
Why can't we just use the user's context to allow access to the open
card? If we are going to do this without additional user interaction,
I think anything beyond this does not add much value. If we are
worried about malicious applications accessing the card, if the
malicious application is attempting to access the card in the user
context or the superuser context, then what is to stop them from
stealing the key from the application that has it since its memory is
accessible by that user. If they are attempting to access the card
under another user ID, using a strictly keyed approach just opens the
door to new attacks.
Again, I think that too much will just complicate implementation. I
don't think we gain any noticeable benefits. The threats in this case
are malicious code or session hijacking mainly. If those are the
threats, any kind of keying on the untrusted host is just more
complicated with little additional security. In most cases, the
attacker will just deal with the data after it's been processed.
Stephen
***************************************************************
Linux Smart Card Developers - M.U.S.C.L.E.
(Movement for the Use of Smart Cards in a Linux Environment)
http://www.linuxnet.com/smartcard/index.html
***************************************************************
