Re: [opensc-devel] Technical Description - Android Embedded SE

2012-10-01 Thread Frank Cusack
On Sun, Sep 30, 2012 at 5:48 AM, NdK ndk.cla...@gmail.com wrote:

 Il 29/09/2012 09:01, Frank Cusack ha scritto:

  I knew something that didn't need trusted software (in the PC)
 should
  exist. And Finally I found it:
  http://www.ftsafe.com/product/epass/interpass
  Seems quite near to my idea of a really-smart card: big display to
  show transaction details and button to review/confirm/cancel (and, I
  hope, to insert a gesture that replaces the PIN...).
  Just evolve that a bit and it's perfect :)
  I agree, it's close.  Not that I've contacted them, but I doubt it's an
  actual shipping product.
 I've already seen a smartcard that hosts a battery, a display and a
 button in a standard ISO form factor (it uses the sc chip to henerate an
 OTP every time the key is pressed), so 'technically' we're quite near to
 a card that shows anamount to be authorized and a blinding factor for
 the PIN (5 digits, to be added one-to one to the actual PIN, so snooping
 the keyboard is useless), or even having an integrated pinpad to enter
 the PIN w/o relying on an external device.


Sure.  I built [prototypes of] such a card 6+ years ago, minus the PINpad.
There are at least 2 vendors of such cards today, and at least one vendor
of a card that includes a PINpad.  $$$ and very niche.  Also, no one really
wants to use such a card.

So there's no question it can be built in USB form factor.  But I don't
believe there are any customers and so the product is not actually
shipping.  It would take the first customer to commit, before they built it.

Someone here must be on a first-name-basis with someone at Feitian?
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] Technical Description - Android Embedded SE

2012-10-01 Thread Anders Rundgren
On 2012-10-02 06:36, Frank Cusack wrote:
.
 I've already seen a smartcard that hosts a battery, a display and a
 button in a standard ISO form factor (it uses the sc chip to henerate an
 OTP every time the key is pressed), so 'technically' we're quite near to
 a card that shows anamount to be authorized and a blinding factor for
 the PIN (5 digits, to be added one-to one to the actual PIN, so snooping
 the keyboard is useless), or even having an integrated pinpad to enter
 the PIN w/o relying on an external device.
 
 
 Sure.  I built [prototypes of] such a card 6+ years ago, minus the PINpad.  
 There are at least 2 vendors of such cards today, and at least one vendor of 
 a card that includes a PINpad.  $$$ and very niche.  Also, no one really 
 wants to use such a card.
 
 So there's no question it can be built in USB form factor.  But I don't 
 believe there are any customers and so the product is not actually shipping.  
 It would take the first customer to commit, before they built it.
 
 Someone here must be on a first-name-basis with someone at Feitian?

The lack of usable enrollment schemes for smart cards make them a poor choice 
for mass markets like phones.
It was fun as long as it lasted as I say :-)

Android 6 and iPhone 7 won't even have SIM-card slots.

Anders

 
 
 ___
 opensc-devel mailing list
 opensc-devel@lists.opensc-project.org
 http://www.opensc-project.org/mailman/listinfo/opensc-devel
 

___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel


Re: [opensc-devel] Technical Description - Android Embedded SE

2012-09-30 Thread NdK
Il 29/09/2012 09:01, Frank Cusack ha scritto:

 I knew something that didn't need trusted software (in the PC) should
 exist. And Finally I found it:
 http://www.ftsafe.com/product/epass/interpass
 Seems quite near to my idea of a really-smart card: big display to
 show transaction details and button to review/confirm/cancel (and, I
 hope, to insert a gesture that replaces the PIN...).
 Just evolve that a bit and it's perfect :)
 I agree, it's close.  Not that I've contacted them, but I doubt it's an
 actual shipping product.
I've already seen a smartcard that hosts a battery, a display and a
button in a standard ISO form factor (it uses the sc chip to henerate an
OTP every time the key is pressed), so 'technically' we're quite near to
a card that shows anamount to be authorized and a blinding factor for
the PIN (5 digits, to be added one-to one to the actual PIN, so snooping
the keyboard is useless), or even having an integrated pinpad to enter
the PIN w/o relying on an external device.

Too bad that producing such a card would require a big rethinking
(well, not too big, since something already exists along that lines),
and that costs quite a lot... EMV could surely do that, an hobbyist no
(unless his name is Bill Gates).

BYtE,
 Diego.
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel


Re: [opensc-devel] Technical Description - Android Embedded SE

2012-09-29 Thread Frank Cusack
On Fri, Sep 21, 2012 at 11:58 PM, Andreas Jellinghaus
andr...@ionisiert.dewrote:


 Am 20.09.2012 21:06 schrieb Anders Rundgren anders.rundg...@telia.com:

 
 
 http://nelenkov.blogspot.se/2012/08/accessing-embedded-secure-element-in.html
 
  Very interesting IMHO.

 Agree, thanks for sharing.

 
  According to the author SD-slots are becoming exceptions also for
 Android so this is
  probably what most people will be dealing with.

 I think he is also over optimistic with multi applications on a Java card
 SE, but we will see.

I didn't catch any references to that in the linked article, but if I
missed it or he discusses it elsewhere, I agree.  Certainly on an android
phone I don't believe we'll ever see the day when the user can install his
own application on the phone SE.

On Sat, Sep 22, 2012 at 1:18 AM, Anders Rundgren
anders.rundg...@telia.comwrote:

 I even wonder if the SE needs to host applications at all.  IMO, it
 would be enough
 if the SE hosts keys and associated attributes while the applications
 either rather run at OS-level
 as trusted processes like PIN input etc. or as standard applications.  As
 far as I understand
 the Wallet is just an Android App that is trusted by the SE.


Indeed, the SE need not host applications, but it depends on your
application.  For example a wallet (of the digital cash variety) needs to
run code, not just host keys.  The Google wallet isn't digital cash but
it's still an SE applet, not an Android app.  (So your understanding is
wrong.)

In my mind keys could optionally contain application-oriented ACL telling
 which
 applications they trust so that even if you install a bad App, it would
 for
 example not be able to use your bank or eID-key in the background.


ACL would however be at the mercy of the phone OS, so you've now expanded
the trust boundary so that kind of control defeats the purpose of an ACL.
Or perhaps you have confused me here with App: if you meant applet that
runs on the SE, then in that case ACLs are useful, however since you have
to interact via the phone you are still at the mercy of the phone OS.

On Sat, Sep 22, 2012 at 3:41 AM, Andreas Jellinghaus
andr...@ionisiert.dewrote:

 I must admit I don't know how many apps are managed and seperated. given
 the restricted resources a smart
 card has, I assume there is a master key that creates contain of specific
 sizes/dimensions/... and the app is
 loaded into such a container, limiting it and reserving the unallocated
 space for further applications/containers?


That's exactly right.

Is there a standard on doing this, or is it all JCOP magic under NDA?


It's part of Global Platform.

On Sat, Sep 22, 2012 at 8:27 AM, NdK ndk.cla...@gmail.com wrote:

 In my mind, the SE should take over display and touch controller by
 hardware means, so absolutely no app can snoop user input or fake it.


I agree.

Too bad seems nobody really *needs* that level of security...


I disagree, we all NEED that level of security.  It's just that security
isn't a mature thing yet so we're just not there yet.  Note that Intel and
ARM both have such technologies today.

On Sun, Sep 23, 2012 at 2:52 AM, Andreas Jellinghaus
andr...@ionisiert.dewrote:

  - cards were incompatible forever, but now mostly JCOP survives and
 everyone else stopped improving their cards? I haven't seen many new card
 operating systems released in the last years at least. and at least for
 small developers I'm not aware that you can buy other java cards than JCOP.


There are a small but reasonable number of smart card OSes you can buy
today.  There aren't any that small developers can work with, but that's
just a consequence of how that market works and it isn't going to change.

And JCOP again is a prime example of a NDA thing, not a standard, right? or
 did it improve?


JavaCard is a standard.  JCOP is an implementation of that standard.

On Thu, Sep 27, 2012 at 12:37 PM, NdK ndk.cla...@gmail.com wrote:

 I knew something that didn't need trusted software (in the PC) should
 exist. And Finally I found it:
 http://www.ftsafe.com/product/epass/interpass
 Seems quite near to my idea of a really-smart card: big display to
 show transaction details and button to review/confirm/cancel (and, I
 hope, to insert a gesture that replaces the PIN...).
 Just evolve that a bit and it's perfect :)


I agree, it's close.  Not that I've contacted them, but I doubt it's an
actual shipping product.
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] Technical Description - Android Embedded SE

2012-09-29 Thread Anders Rundgren
On 2012-09-29 09:01, Frank Cusack wrote:
 On Fri, Sep 21, 2012 at 11:58 PM, Andreas Jellinghaus andr...@ionisiert.de 
 mailto:andr...@ionisiert.de wrote:


 Am 20.09.2012 21:06 schrieb Anders Rundgren anders.rundg...@telia.com 
 mailto:anders.rundg...@telia.com:


 
  
 http://nelenkov.blogspot.se/2012/08/accessing-embedded-secure-element-in.html
 
  Very interesting IMHO.

 Agree, thanks for sharing.


 
  According to the author SD-slots are becoming exceptions also for 
 Android so this is
  probably what most people will be dealing with.

 I think he is also over optimistic with multi applications on a Java card 
 SE, but we will see.

 I didn't catch any references to that in the linked article, but if I missed 
 it or he discusses it elsewhere, I agree.  Certainly on an android phone I 
 don't believe we'll ever see the day when the user can install his own 
 application on the phone SE.

Right.  There is no point in installing applications in the SE; applications 
are installed on top of the OS.
The SE only needs to keep keys (like smart cards in reality do ..) .  Keys OTOH 
will presumably be possible to deploy by anybody the day Google dumps 
GlobalPlatform.

Anders



 On Sat, Sep 22, 2012 at 1:18 AM, Anders Rundgren anders.rundg...@telia.com 
 mailto:anders.rundg...@telia.com wrote:

 I even wonder if the SE needs to host applications at all.  IMO, it 
 would be enough
 if the SE hosts keys and associated attributes while the applications 
 either rather run at OS-level
 as trusted processes like PIN input etc. or as standard applications.  As 
 far as I understand
 the Wallet is just an Android App that is trusted by the SE.


 Indeed, the SE need not host applications, but it depends on your 
 application.  For example a wallet (of the digital cash variety) needs to run 
 code, not just host keys.  The Google wallet isn't digital cash but it's 
 still an SE applet, not an Android app.  (So your understanding is wrong.)

 In my mind keys could optionally contain application-oriented ACL telling 
 which
 applications they trust so that even if you install a bad App, it would 
 for
 example not be able to use your bank or eID-key in the background.


 ACL would however be at the mercy of the phone OS, so you've now expanded the 
 trust boundary so that kind of control defeats the purpose of an ACL.  Or 
 perhaps you have confused me here with App: if you meant applet that runs 
 on the SE, then in that case ACLs are useful, however since you have to 
 interact via the phone you are still at the mercy of the phone OS.

 On Sat, Sep 22, 2012 at 3:41 AM, Andreas Jellinghaus andr...@ionisiert.de 
 mailto:andr...@ionisiert.de wrote:

 I must admit I don't know how many apps are managed and seperated. given 
 the restricted resources a smart
 card has, I assume there is a master key that creates contain of specific 
 sizes/dimensions/... and the app is
 loaded into such a container, limiting it and reserving the unallocated 
 space for further applications/containers?


 That's exactly right.

 Is there a standard on doing this, or is it all JCOP magic under NDA?


 It's part of Global Platform.

 On Sat, Sep 22, 2012 at 8:27 AM, NdK ndk.cla...@gmail.com 
 mailto:ndk.cla...@gmail.com wrote:

 In my mind, the SE should take over display and touch controller by
 hardware means, so absolutely no app can snoop user input or fake it.


 I agree.

 Too bad seems nobody really *needs* that level of security...


 I disagree, we all NEED that level of security.  It's just that security 
 isn't a mature thing yet so we're just not there yet.  Note that Intel and 
 ARM both have such technologies today.

 On Sun, Sep 23, 2012 at 2:52 AM, Andreas Jellinghaus andr...@ionisiert.de 
 mailto:andr...@ionisiert.de wrote:

  - cards were incompatible forever, but now mostly JCOP survives and 
 everyone else stopped improving their cards? I haven't seen many new card 
 operating systems released in the last years at least. and at least for small 
 developers I'm not aware that you can buy other java cards than JCOP.


 There are a small but reasonable number of smart card OSes you can buy today. 
  There aren't any that small developers can work with, but that's just a 
 consequence of how that market works and it isn't going to change.

 And JCOP again is a prime example of a NDA thing, not a standard, right? 
 or did it improve?


 JavaCard is a standard.  JCOP is an implementation of that standard.

 On Thu, Sep 27, 2012 at 12:37 PM, NdK ndk.cla...@gmail.com 
 mailto:ndk.cla...@gmail.com wrote:

 I knew something that didn't need trusted software (in the PC) should
 exist. And Finally I found it:
 http://www.ftsafe.com/product/epass/interpass
 Seems quite near to my idea of a really-smart card: big display to
 show transaction details and button to review/confirm/cancel (and, I
 hope, to 

Re: [opensc-devel] Technical Description - Android Embedded SE

2012-09-29 Thread Frank Cusack
On Sat, Sep 29, 2012 at 12:40 AM, Anders Rundgren anders.rundg...@telia.com
 wrote:

 Right.  There is no point in installing applications in the SE;
 applications are installed on top of the OS.
 The SE only needs to keep keys (like smart cards in reality do ..) .


That's a very limited use of the SE.

 Keys OTOH will presumably be possible to deploy by anybody the day Google
 dumps GlobalPlatform.


Global Platform is completely orthogonal.  Keys could be deployed today
with or without GP if Google wanted to allow it.
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] Technical Description - Android Embedded SE

2012-09-29 Thread Anders Rundgren
On 2012-09-29 18:23, Frank Cusack wrote:
 On Sat, Sep 29, 2012 at 12:40 AM, Anders Rundgren anders.rundg...@telia.com 
 mailto:anders.rundg...@telia.com wrote:

 Right.  There is no point in installing applications in the SE; 
 applications are installed on top of the OS.
 The SE only needs to keep keys (like smart cards in reality do ..) .


 That's a very limited use of the SE.

There are other uses such a supporting secure boot but having things like 
payment applications in the SE looks to me like a moderately useful idea since 
the SE doesn't come with a GUI.


  Keys OTOH will presumably be possible to deploy by anybody the day 
 Google dumps GlobalPlatform.


 Global Platform is completely orthogonal.  Keys could be deployed today with 
 or without GP if Google wanted to allow it.
Is that so?  Since Google most likely use a symmetric management key an 
external party cannot use secure messaging and then the whole SE idea becomes 
very uninteresting.

Anders
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] Technical Description - Android Embedded SE

2012-09-27 Thread Andreas Jellinghaus
2012/9/27 Martin Paljak mar...@martinpaljak.net

 On Sat, Sep 22, 2012 at 1:41 PM, Andreas Jellinghaus
 andr...@ionisiert.de wrote:
  In my mind keys could optionally contain application-oriented ACL
 telling
  which
  applications they trust so that even if you install a bad App, it
 would
  for
  example not be able to use your bank or eID-key in the background.
 
 
  I must admit I don't know how many apps are managed and seperated. given
 the
  restricted resources a smart
  card has, I assume there is a master key that creates contain of specific
  sizes/dimensions/... and the app is
  loaded into such a container, limiting it and reserving the unallocated
  space for further applications/containers?
 
  Is there a standard on doing this, or is it all JCOP magic under NDA?

 Are you referring to GlobalPlatform? That's public, with docs and API
 references (when applicable) available on globalplatform.org.


I thought JCOP had more commands than GlobalPlattform, e.g. to manage
card specific settings (e.g. change the ATR and communication settings).


 I bet there are probably vendors who tweak/amend/change/molest the
 spec, but the general principles should be there and followed by many
 vendors.

 There is an interesting thing called Trusted Execution Environment
 that might come to existence some time in the future, called TEE:


 http://www.globalplatform.org/documents/GlobalPlatform_TEE_White_Paper_Feb2011.pdf

 But for a mobile solutions and experiences, I think the time now is as
 good as pre-CCID for smart card readers: wild-wild-west and with a
 *much* tougher competition situation. Who needs standards if you have
 an iPhone  :)

 Martin

___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] Technical Description - Android Embedded SE

2012-09-27 Thread NdK
Il 23/09/2012 12:04, Andreas Jellinghaus ha scritto:

  In my mind, the SE should take over display and touch controller by
  hardware means, so absolutely no app can snoop user input or fake it.
  Too bad seems nobody really *needs* that level of security...
 The problem with that is that is impossible for a user to distinguish
 between a real PIN dialog and a fake ditto.  The SKS' work-around to
 this particular issue is that there is an OS-based PIN dialog and that
 keys can specify that they only accepts PINs through the system PIN
 dialog
 (trusted path).
I knew something that didn't need trusted software (in the PC) should
exist. And Finally I found it:
http://www.ftsafe.com/product/epass/interpass
Seems quite near to my idea of a really-smart card: big display to
show transaction details and button to review/confirm/cancel (and, I
hope, to insert a gesture that replaces the PIN...).
Just evolve that a bit and it's perfect :)

BYtE,
 Diego.
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel


Re: [opensc-devel] Technical Description - Android Embedded SE

2012-09-25 Thread NdK
Il 25/09/2012 07:58, Andreas Jellinghaus ha scritto:

 EMV for sure: there's an unauthenticated bit that tells the card to
 authenticate the transaction without asking for the PIN...
 Thats ok, it is a valid feature. If people buy something for less than a
 dollar, and the transaction is authenticated with the
 signature of a rsa key in the smart card, and we haven't reached the
 consecutive lower boundary amount yet, then simply
 approving the transaction is perfectly fine - getting a PIN or doing an
 online transaction isn't worth doing for such a small
 amount of money.
IIUC that bit is not authenticated, so a MITM attack can force both the
reader and the card think the other party doesn't support PIN auth,
making the card sign the transaction anyway, regardless the amount
involved. So IMVHO it's quite serious...

 Most vending machines still use modems and dial up for every transaction
 and hang up again later.
The stupid thing is that it seems they do the same for cellular-based
readers too... What a waste!

 Thats why card transactions are so slow. Once the standard is to have a
 permanent internet connection,
that won't change anything: many banks still use *mainframes* ! Some
still backup to (and transfer data with) tape *wheels* ! (when we
dismissed our IBM 9000, I think one of the tape units got sold to the
bank...). As long as it works, they don't change it.

BYtE,
 Diego.
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel


Re: [opensc-devel] Technical Description - Android Embedded SE

2012-09-25 Thread Peter Stuge
NdK wrote:
 IIUC that bit is not authenticated, so a MITM attack can force both the
 reader and the card think the other party doesn't support PIN auth,
 making the card sign the transaction anyway, regardless the amount
 involved. So IMVHO it's quite serious...

http://www.cl.cam.ac.uk/~sjm217/papers/oakland10chipbroken.pdf
http://youtu.be/gv3dxjvqk7Y


//Peter
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel


Re: [opensc-devel] Technical Description - Android Embedded SE

2012-09-25 Thread NdK
Il 25/09/2012 11:50, Peter Stuge ha scritto:

 IIUC that bit is not authenticated, so a MITM attack can force both the
 reader and the card think the other party doesn't support PIN auth,
 making the card sign the transaction anyway, regardless the amount
 involved. So IMVHO it's quite serious...
 http://www.cl.cam.ac.uk/~sjm217/papers/oakland10chipbroken.pdf
Tks. That's the (or one of) article I remembered but couldn't find...

BYtE,
 Diego.
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel


Re: [opensc-devel] Technical Description - Android Embedded SE

2012-09-25 Thread Peter Stuge
NdK wrote:
  IIUC that bit is not authenticated, so a MITM attack can force both the
  reader and the card think the other party doesn't support PIN auth,
  making the card sign the transaction anyway, regardless the amount
  involved. So IMVHO it's quite serious...
  http://www.cl.cam.ac.uk/~sjm217/papers/oakland10chipbroken.pdf
 Tks. That's the (or one of) article I remembered but couldn't find...

http://google.com/search?q=chip+and+pin+broken
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel


Re: [opensc-devel] Technical Description - Android Embedded SE

2012-09-25 Thread Andreas Jellinghaus
2012/9/25 Peter Stuge pe...@stuge.se

 NdK wrote:
   IIUC that bit is not authenticated, so a MITM attack can force both
 the
   reader and the card think the other party doesn't support PIN auth,
   making the card sign the transaction anyway, regardless the amount
   involved. So IMVHO it's quite serious...
   http://www.cl.cam.ac.uk/~sjm217/papers/oakland10chipbroken.pdf
  Tks. That's the (or one of) article I remembered but couldn't find...

 http://google.com/search?q=chip+and+pin+broken


but the broken security demonstrated so far is related to misconfiguration,
and many other banks have correct card profiles and are not affected.

Regards, Andreas
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] Technical Description - Android Embedded SE

2012-09-24 Thread NdK
Il 22/09/2012 19:37, Anders Rundgren ha scritto:

 In my mind, the SE should take over display and touch controller by
 hardware means, so absolutely no app can snoop user input or fake it.
 Too bad seems nobody really *needs* that level of security...
 The problem with that is that is impossible for a user to distinguish
 between a real PIN dialog and a fake ditto.  The SKS' work-around to
 this particular issue is that there is an OS-based PIN dialog and that
 keys can specify that they only accepts PINs through the system PIN dialog
 (trusted path).
That's quite easy to avoid: once the SE takes over the display, it can
prompt the user with an user-supplied message . Visa is doing something
similar with securecode auth: when you're doing a payment, you get
redirected to their site, where you see a personalized prompt and have
to enter another password. If you don't see your own prompt, you don't
enter the password..

 If the user is presented a spoofed PIN dialog, the attacker may indeed get
 the PIN.  However, the attacker must also take the device as well in order
 to use it which makes the attack much less useful.
The only drawback would be that if the attacker, after stealing the
phone and hacking it to include the right message in the spoofer,
returns it to the legit user, waits for the spoof to intercept the PIN
and then steals it again... Quite unlikely :) and easily detectable: if
your phone disappeared, change the prompt before connecting again to
the payment service: if you still see the old prompt, better to reflash
the phone and change *all* your passwords.

 If the OS is hacked this doesn't help but it seems that this is not
 the biggest problem with mobile devices; it is rather determine what
 an app should be able to do or not.
If SE takes over HW access (this could include accelerometers, since
they could be used to infer where the user is tapping -- paranoid
enoug?), then it can be secure even if the OS got hacked.

BYtE,
 Diego.
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel


Re: [opensc-devel] Technical Description - Android Embedded SE

2012-09-24 Thread NdK
Il 23/09/2012 11:52, Andreas Jellinghaus ha scritto:

 In my mind, the SE should take over display and touch controller by
 hardware means, so absolutely no app can snoop user input or fake it.
 Too bad seems nobody really *needs* that level of security...
 like credsticks from scifi novels decades ago? that owuld be a single use
 appliance, and I think easy to hack, similar how it is trivial to have a
 chip recording keystrokes placed inside a laptop etc. and I guess a multi
 app would be extreme complex and unlikely to be secure either.
Nope. Speaking of SE in smartphones here :)
You don't have much space inside a phone... Hopefully not enough to add
a logger chip. And a phone is really much more tamper evident than a
laptop...

 hmm, a datasheat I found on smartmx for example does not mention a MMU.
 I guess it is onl a software implementation in the java interpreter, and
 that could be well faulty.
Software-emulated MMU, then. Since it's so simple, it could well be
worth the reduction in gates at the expense of a little longer run time
-- but you are already running java, not optimized asm...
 also how are things managed - how easy is it to setup things wrong?
That should be impossible, if the card only allows fixed-size apps and
went under throrought testing.

 Another question: if the applet manager is secure, then why change
 master keys before giving a card to customers?
 cards go throug a pipeline of ~4 entities and everyone has his own secret
[...]
Uhm... Found. If the key was publicly known, a reseller could easily
remove an applet and replace it with another using the same app id and
the final user wouldn't be able to know.
If only the card manager would allow a per-app removal key...

 My new impression is I would only need to use a smart card keycert with
 one site only - my SSO provider. Thus a plugin for that communication
 only would work well with me.
 As long as you can import/export your cert (better if keeping it
 protected by a password) then you can have quite good security using
 openid and an identity provider like startssl that authenticates you
 using that cert.
 certs don't need protection, only keys do. and being able to export a key
 is always a bad idea.
Unless you either can set up a multi-party RSA system or have another
way to recover a damaged key.
If exporting keys is always such a bad idea, then why root-CAs export
theirs? Simply to have a backup and obtain business continuity in case
of HSM failure.

 it is much better to be able to get a new certkey whenever you want on
 demand. e.g. enter your credentials
 (password, pin, tan, fingerprint, retina scan, secret handshake, whatever
 you think is secure) and then get/generate
 a new keypair and CSR and get the signed cert.
Unless you run a CA. :)

 as for openid, I thought there was some discussion about it - v1 too
 complex, not much agreement on v2 or so?
Complex? Seems quite easy...

 Always too many things under NDA or plainly unavailable, too often
 starting from comm specs...
comm=communication , sorry.

 common specs? I rather wonder: everyone invented something on his own, and
 when a standard came around, any change would break compatibility and more
 important require new certification rounds, thus would be expensive, thus
 everyyone preferred to not implement the standard. after all who wants to
 give users the choice to switch vendors? very bad idea, vendor lockin is
 king,
I'm still waiting for ACS to tell me something about how can I use my
cryptomate64 token. I could have its reader recognized, but ACOS5
protocol is still unsupported (I found a project, but it seems still in
its early stages...).

 other java cards than JCOP. And JCOP again is a prime example of a NDA
 thing, not a standard, right? or did it improve?
I have some JCOP cards, but just lately I found how to authenticate with
the card manager using Alexander Petric's hints for gpshell.
If I have't to sign NDAs to develop my own applets and load'em on card,
then for me it's open enough.
But I still don't know if I have enough info (for example: how do I
handle RSA crypto? I hope there's a library with public API for that...).

BYtE,
 Diego.
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel


Re: [opensc-devel] Technical Description - Android Embedded SE

2012-09-24 Thread Andreas Jellinghaus
2012/9/23 Anders Rundgren anders.rundg...@telia.com

 On 2012-09-23 12:04, Andreas Jellinghaus wrote:
  2012/9/22 Anders Rundgren anders.rundg...@telia.com mailto:
 anders.rundg...@telia.com
 
  On 2012-09-22 17:27, NdK wrote:
   Il 22/09/2012 12:41, Andreas Jellinghaus ha scritto:
  
   In my mind keys could optionally contain application-oriented
 ACL
   telling which
   applications they trust so that even if you install a bad
 App, it
   would for
   example not be able to use your bank or eID-key in the
 background.
 
   In my mind, the SE should take over display and touch controller by
   hardware means, so absolutely no app can snoop user input or fake
 it.
   Too bad seems nobody really *needs* that level of security...
 
  The problem with that is that is impossible for a user to distinguish
  between a real PIN dialog and a fake ditto.  The SKS' work-around
 to
  this particular issue is that there is an OS-based PIN dialog and
 that
  keys can specify that they only accepts PINs through the system PIN
 dialog
  (trusted path).
 
  If the user is presented a spoofed PIN dialog, the attacker may
 indeed get
  the PIN.  However, the attacker must also take the device as well in
 order
  to use it which makes the attack much less useful.
 
  If the OS is hacked this doesn't help but it seems that this is not
  the biggest problem with mobile devices; it is rather determine what
  an app should be able to do or not.
 
  To get the proportions right, consumer security solutions should IMO
 be
  compared with the Gold Standard for Internet-payments where
 authorization
  is performed by a UserID (Card Number) and Password (CCV)
 printed in
  clear on plastic cards, which is all the Financial Industry have
 manged to
  roll out during the 15Y+ we have had with the Internet!
 
 
  actually I think the system was doing fine - if you can review
 transactions later
  and refute any bogus transaction and the money can be traced to the
 recipient,
  and the system provider has a huge interest to keep the money traceable
 and
  recall'able, that is a good system design, and protects everyone much
 better than
  technical adventures.

 I guess you refer to the Google Wallet or SKS as technical adventures?
  I don't
 see any conflicts between judicious logging and systems that [rightly or
 wrongly]
 are claimed to be more secure than passwords printed in clear on plastic
 cards.


no, I was refering to all the magic solutions that make things secure
suddenly.
Like sms-tan instead of pin+tan, or funny devices reading flickering info
on some banks online system,
or smart cards with biometrics on board, or
$government-identified-super-secure-signing-cards or
stupid de-mail (email with a postage cost of half an euro) which they try
to sell in germany, and
all this stuff.

switching from magstripe to EMV transactions (chip+pin) seams to be a
good idea though, as magstripe
is totaly unsecure. but the real foundation of the credit card business is
the middle man that vouches against
both user and shop for any loss, and runs a fraud prevention programm to
minimize risk and cost. this idea
is great, technical solutions are perfectly fine, if they keep this basic
system. I complain that they try to do not.

EMV is of course totaly bloated and thus far too complex, and the whole
idea of visa and mastercard keeping
paypass and paywave confidential, even partners under NDA only get to see
their bits, that is real stupid and insecure.

I wonder how many years we need until people are willing to build an online
only system. that won't work offline,
but could be soo much easier than the offline system. many banks have
already moved e.g. their PINs from the
card to the online system, as unblocking a PIN in a card was often not
working well, and having a central manged
IT is much easier. So banks are already willing to restrict at least
certain functions like debit (cash from ATM) to
online only.


  The downside from my perspective is rather that visa and master card are
 shifting the liability to the end user.
  if the only one in the system who can enforce security standards is no
 longer liable to carry the burdon of not having
  a good enough security, then the system is going bad. verified by VISA
 and the similar master card initiative require
  the end user to verify each transaction with an additional password. If
 it is a password, it can be sniffed by a trojan
  as easily. if it is a TAN send over a SMS to your mobile phone, then
 loosing you mobile phone means an empty
  bank account.

 3D Secure IMO combines the worst possible user-interface with questionable
 security.
 However, the concept is actually brilliant but it will rather be Google
 and Apple
 that will make it useful, not MasterCard and VISA.


well, no nfc in iphone5, thus no idea what plans Apple has, and I can't
comment on 

Re: [opensc-devel] Technical Description - Android Embedded SE

2012-09-24 Thread Andreas Jellinghaus
2012/9/24 NdK ndk.cla...@gmail.com

 Il 23/09/2012 11:52, Andreas Jellinghaus ha scritto:

  In my mind, the SE should take over display and touch controller by
  hardware means, so absolutely no app can snoop user input or fake it.
  Too bad seems nobody really *needs* that level of security...
  like credsticks from scifi novels decades ago? that owuld be a single
 use
  appliance, and I think easy to hack, similar how it is trivial to have a
  chip recording keystrokes placed inside a laptop etc. and I guess a multi
  app would be extreme complex and unlikely to be secure either.
 Nope. Speaking of SE in smartphones here :)


well, that is lots of software in the smart phone that can be hacked.
not a secure entry device from my point of view.


 You don't have much space inside a phone... Hopefully not enough to add
 a logger chip. And a phone is really much more tamper evident than a
 laptop...


hmm, not so sure about that. but even if that is true, the software is
easier
to hack anyway, and requires only installing the wrong app try this game,
thus has a much easier attack vector.


  hmm, a datasheat I found on smartmx for example does not mention a MMU.
  I guess it is onl a software implementation in the java interpreter, and
  that could be well faulty.
 Software-emulated MMU, then. Since it's so simple, it could well be
 worth the reduction in gates at the expense of a little longer run time
 -- but you are already running java, not optimized asm...


well, in the end your programm is pretty simple I guess, and the complex
operations like crypto are in a library in the chip and not java bytecode.


  also how are things managed - how easy is it to setup things wrong?
 That should be impossible, if the card only allows fixed-size apps and
 went under throrought testing.


well, we saw so many insecurities in smart cards in the last few years -
e.g. the hacks on mifare and legic, or the flaws found by ross anderson and
his team on EMV cards - I doubt things are really secure, if they are very
complex.


  Another question: if the applet manager is secure, then why change
  master keys before giving a card to customers?
  cards go throug a pipeline of ~4 entities and everyone has his own secret
 [...]
 Uhm... Found. If the key was publicly known, a reseller could easily
 remove an applet and replace it with another using the same app id and
 the final user wouldn't be able to know.
 If only the card manager would allow a per-app removal key...


well. who is the card manager. if I buy a phone without contract, is it the
vendor?
if I buy a phone with a contract, is it the mobile network operator? will
we have conflicts of interest?
we already have locked phones and preventing some functionality (voice over
ip, tethering, ...),
and I guess phone companies want you to pay with your phone - as long as it
ends up on the phone
bill and they get a share of each transaction?

thus who controls the SE has power, and it can't be you the end user, as
the bank won't trust you to do a secure deployment.


  My new impression is I would only need to use a smart card keycert
 with
  one site only - my SSO provider. Thus a plugin for that communication
  only would work well with me.
  As long as you can import/export your cert (better if keeping it
  protected by a password) then you can have quite good security using
  openid and an identity provider like startssl that authenticates you
  using that cert.
  certs don't need protection, only keys do. and being able to export a key
  is always a bad idea.
 Unless you either can set up a multi-party RSA system or have another
 way to recover a damaged key.


no one needs to recover keys. simply create a new one and create a new cert.


 If exporting keys is always such a bad idea, then why root-CAs export
 theirs? Simply to have a backup and obtain business continuity in case
 of HSM failure.


HSM have all keys stored on the normal windows disk - but encrypted. the
encryption is with AES or 3DES, and that is a master key that can be loaded
into several HSM. often it is an XOR of N master key parts, and 4*N
different persons have a copy of one part (two sites, two person each
site). Thus worst case any copy of the key database plus parts 1..N can be
used to setup a fresh HSM with the same master key and keep using those
keys. standard practice for IBM HSMs at least I believe.

 it is much better to be able to get a new certkey whenever you want on
  demand. e.g. enter your credentials
  (password, pin, tan, fingerprint, retina scan, secret handshake, whatever
  you think is secure) and then get/generate
  a new keypair and CSR and get the signed cert.
 Unless you run a CA. :)


no. if you run a CA creating new certificates costs you nothing, so the
best thing you can do for security is short lived certificates with fast
automated secure refresh cycles. the reason why people have long lived
certificates, is because it is such a hassle to create new ones and manage

Re: [opensc-devel] Technical Description - Android Embedded SE

2012-09-24 Thread NdK
Il 24/09/2012 21:37, Andreas Jellinghaus ha scritto:

 no, I was refering to all the magic solutions that make things secure
 suddenly.
there was a good comic strip I can't find just now...
Hackers view: oh, no, this laptop is protected by 4096-bit RSA... no way
we can recover it even with $100!
Grunt view: this laptop is locked... take this $5 wrench and beat off
the pass from the user.

Too bad it proves right... Here in Italy we've had many episodes of
people kidnapped to make their families let robbers enter well-protected
houses... :(

 Like sms-tan instead of pin+tan, or funny devices reading flickering
 info on some banks online system,
 or smart cards with biometrics on board, or
 $government-identified-super-secure-signing-cards or
 stupid de-mail (email with a postage cost of half an euro) which they
 try to sell in germany, and all this stuff.
Not to speak of italian posta certificata (certified mail, with
provable delivery so that it can have legal value)... :)

 EMV is of course totaly bloated and thus far too complex, and the whole
 idea of visa and mastercard keeping
 paypass and paywave confidential, even partners under NDA only get to
 see their bits, that is real stupid and insecure.
Maybe because they know it's not secure?
EMV for sure: there's an unauthenticated bit that tells the card to
authenticate the transaction without asking for the PIN...

BYtE,
 Diego.
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel


Re: [opensc-devel] Technical Description - Android Embedded SE

2012-09-24 Thread Andreas Jellinghaus
2012/9/25 NdK ndk.cla...@gmail.com

 Il 24/09/2012 21:37, Andreas Jellinghaus ha scritto:

  no, I was refering to all the magic solutions that make things secure
  suddenly.
 there was a good comic strip I can't find just now...
 Hackers view: oh, no, this laptop is protected by 4096-bit RSA... no way
 we can recover it even with $100!
 Grunt view: this laptop is locked... take this $5 wrench and beat off
 the pass from the user.

 Too bad it proves right... Here in Italy we've had many episodes of
 people kidnapped to make their families let robbers enter well-protected
 houses... :(

  Like sms-tan instead of pin+tan, or funny devices reading flickering
  info on some banks online system,
  or smart cards with biometrics on board, or
  $government-identified-super-secure-signing-cards or
  stupid de-mail (email with a postage cost of half an euro) which they
  try to sell in germany, and all this stuff.
 Not to speak of italian posta certificata (certified mail, with
 provable delivery so that it can have legal value)... :)

  EMV is of course totaly bloated and thus far too complex, and the whole
  idea of visa and mastercard keeping
  paypass and paywave confidential, even partners under NDA only get to
  see their bits, that is real stupid and insecure.
 Maybe because they know it's not secure?


No, I think it is well intended - try to be compatible with every old thing
and have all the features everyone wants in there.
Except the result of such a process is not good.


 EMV for sure: there's an unauthenticated bit that tells the card to
 authenticate the transaction without asking for the PIN...


Thats ok, it is a valid feature. If people buy something for less than a
dollar, and the transaction is authenticated with the
signature of a rsa key in the smart card, and we haven't reached the
consecutive lower boundary amount yet, then simply
approving the transaction is perfectly fine - getting a PIN or doing an
online transaction isn't worth doing for such a small
amount of money.

Most vending machines still use modems and dial up for every transaction
and hang up again later.
Thats why card transactions are so slow. Once the standard is to have a
permanent internet connection,
the cost of doing an online transaction is lower (less delay) and the
profile could be changed to do everything online.
But since the card doesn't know where it is, it can only have a world wide
setting, and people expect the card to
work in the remote places with the worst infrastructure. Maybe some day
banks want to give people two credit cards
with different settings?

Andreas


 BYtE,
  Diego.

___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] Technical Description - Android Embedded SE

2012-09-23 Thread Andreas Jellinghaus
2012/9/22 NdK ndk.cla...@gmail.com

 Il 22/09/2012 12:41, Andreas Jellinghaus ha scritto:

  In my mind keys could optionally contain application-oriented ACL
  telling which
  applications they trust so that even if you install a bad App, it
  would for
  example not be able to use your bank or eID-key in the background.
 In my mind, the SE should take over display and touch controller by
 hardware means, so absolutely no app can snoop user input or fake it.
 Too bad seems nobody really *needs* that level of security...


like credsticks from scifi novels decades ago? that owuld be a single use
appliance, and I think easy to hack, similar how it is trivial to have a
chip recording keystrokes placed inside a laptop etc. and I guess a multi
app would be extreme complex and unlikely to be secure either.


  I must admit I don't know how many apps are managed and seperated. given
  the restricted resources a smart card has,
 Think about how an MMU works: it keeps a table of pages assigned to an
 app, and maps 'em in app's address space. An app have no way to access a
 page outside its allowed address space. Nothing secret, here, and
 doesn't require great resources.


hmm, a datasheat I found on smartmx for example does not mention a MMU.
I guess it is onl a software implementation in the java interpreter, and
that could be well faulty.
also how are things managed - how easy is it to setup things wrong?

 I only remember seeing code that would change master keys and put one
  app into a card, thus never bothered how it works in detail or how to
  manage resource, secure apps against each other etc. Also I wonder: does
  the vendor claim to have the security thight enough to prevent a hostile
  app from accessing data of another app? Or is it the usual all is
  secure, but we don't tell how it works,
  how to use it, and make no real guaranties anyway?
 Another question: if the applet manager is secure, then why change
 master keys before giving a card to customers?


cards go throug a pipeline of ~4 entities and everyone has his own secret
key that he doesn't want to give out.
first there is the chip key by the cpu vendor. then the mask of the OS
vendor has a different master key, so from
serial and the mask a new key is set. then the OS manufacturer changes the
key again as soon as he gets the hand
on the chips, as the cpu manufacturer can see the master key in the mask.
then he wants to send the chips to some
perso unit, so he has a master key agreed on between the os vendor and the
perso provider, and changes the card
key to be derviced from this. the perso provider could change the key again
when receiving the cards, but he needs
to trust the card or provider anyway, and might be too lazy. but once he
manufacturers a card, he has a master
key agreed on with the customer, e.g. a bank. and now the card key is
changed again. in this step the old key
is derived from the card serial, as in all previous steps, but the new key
is derived from the number of e.g. the visa card,
not the chip. again the bank could then change the cards key later, e.g.
using an update procedure in an ATM.
which noone does, because it never works well, but in theory ...

this procedure is not entirely accurate, as e.g. os vendors move towards
hosting equipment directly at the CPU manufacturer,
so the cards are changed on site, and can be directly send to perso units,
which will safe them manual extra work and one security transport - those
are quite expensive.

so for SE in mobile phones we would have the same more or less - e.g. NXP
does the chip and the OS (if the two units trust each other they can skip
one change to the key here), then the sell the chip to samsung and change
the key to the nxp-samsung-$chip MK derived one first, samsung might want
to change the key again, and sell the device. but if banks need to trust
the device enough to upload a smart card into it, then the end user can't
have the key for his device - otherwise he could decrypt the communication
and create several copies of the credit card uploaded, great for fraud, but
security of those depends on single unique cards.


  My new impression is I would only need to use a smart card keycert with
  one site only - my SSO provider. Thus a plugin for that communication
  only would work well with me.
 As long as you can import/export your cert (better if keeping it
 protected by a password) then you can have quite good security using
 openid and an identity provider like startssl that authenticates you
 using that cert.


certs don't need protection, only keys do. and being able to export a key
is always a bad idea.
it is much better to be able to get a new certkey whenever you want on
demand. e.g. enter your credentials
(password, pin, tan, fingerprint, retina scan, secret handshake, whatever
you think is secure) and then get/generate
a new keypair and CSR and get the signed cert.

as for openid, I thought there was some discussion about it - 

Re: [opensc-devel] Technical Description - Android Embedded SE

2012-09-23 Thread Andreas Jellinghaus
2012/9/22 Anders Rundgren anders.rundg...@telia.com

 On 2012-09-22 17:27, NdK wrote:
  Il 22/09/2012 12:41, Andreas Jellinghaus ha scritto:
 
  In my mind keys could optionally contain application-oriented ACL
  telling which
  applications they trust so that even if you install a bad App, it
  would for
  example not be able to use your bank or eID-key in the background.

  In my mind, the SE should take over display and touch controller by
  hardware means, so absolutely no app can snoop user input or fake it.
  Too bad seems nobody really *needs* that level of security...

 The problem with that is that is impossible for a user to distinguish
 between a real PIN dialog and a fake ditto.  The SKS' work-around to
 this particular issue is that there is an OS-based PIN dialog and that
 keys can specify that they only accepts PINs through the system PIN dialog
 (trusted path).

 If the user is presented a spoofed PIN dialog, the attacker may indeed get
 the PIN.  However, the attacker must also take the device as well in order
 to use it which makes the attack much less useful.

 If the OS is hacked this doesn't help but it seems that this is not
 the biggest problem with mobile devices; it is rather determine what
 an app should be able to do or not.

 To get the proportions right, consumer security solutions should IMO be
 compared with the Gold Standard for Internet-payments where authorization
 is performed by a UserID (Card Number) and Password (CCV) printed in
 clear on plastic cards, which is all the Financial Industry have manged to
 roll out during the 15Y+ we have had with the Internet!


actually I think the system was doing fine - if you can review transactions
later
and refute any bogus transaction and the money can be traced to the
recipient,
and the system provider has a huge interest to keep the money traceable and
recall'able, that is a good system design, and protects everyone much
better than
technical adventures.

The downside from my perspective is rather that visa and master card are
shifting the liability to the end user.
if the only one in the system who can enforce security standards is no
longer liable to carry the burdon of not having
a good enough security, then the system is going bad. verified by VISA and
the similar master card initiative require
the end user to verify each transaction with an additional password. If it
is a password, it can be sniffed by a trojan
as easily. if it is a TAN send over a SMS to your mobile phone, then
loosing you mobile phone means an empty
bank account.

Lets be honest: you might have your mobile phone and wallet in your
hand-bag or backpack or whatever, and if
both are stolen the attacker has access to about everything and almost all
ways to identify you and authorize
transactions are in his hand. even the numbers you might need to know to
prevent fraud are no longer with you -
e.g. in germany I might remember the central hotline for reporting stolen
cards (116 116) and I remember my bank
account number. but if they require my visa card number, I wouldn't know
that. also I wouldn't have mobile phone
with me - it got stolen - and if I don't notice the issue I'm out of luck,
as everyone (banks, telco, ...) shift the liability
for every transaction until the theft gets reported to the customer.

the mobile phones have authentication of the customer (gesture, pin,
password or screen unlock), but those are not very good protections. so my
expectation is they won't stop attackers.

Andreas



 Anders


 
  I must admit I don't know how many apps are managed and seperated. given
  the restricted resources a smart card has,
  Think about how an MMU works: it keeps a table of pages assigned to an
  app, and maps 'em in app's address space. An app have no way to access a
  page outside its allowed address space. Nothing secret, here, and
  doesn't require great resources.
 
  I only remember seeing code that would change master keys and put one
  app into a card, thus never bothered how it works in detail or how to
  manage resource, secure apps against each other etc. Also I wonder: does
  the vendor claim to have the security thight enough to prevent a hostile
  app from accessing data of another app? Or is it the usual all is
  secure, but we don't tell how it works,
  how to use it, and make no real guaranties anyway?
  Another question: if the applet manager is secure, then why change
  master keys before giving a card to customers?
 
  My new impression is I would only need to use a smart card keycert with
  one site only - my SSO provider. Thus a plugin for that communication
  only would work well with me.
  As long as you can import/export your cert (better if keeping it
  protected by a password) then you can have quite good security using
  openid and an identity provider like startssl that authenticates you
  using that cert.
 
  Not sure what to do about phone theft though - I really fear putting all
  the access 

Re: [opensc-devel] Technical Description - Android Embedded SE

2012-09-23 Thread Anders Rundgren
On 2012-09-23 12:04, Andreas Jellinghaus wrote:
 2012/9/22 Anders Rundgren anders.rundg...@telia.com 
 mailto:anders.rundg...@telia.com
 
 On 2012-09-22 17:27, NdK wrote:
  Il 22/09/2012 12:41, Andreas Jellinghaus ha scritto:
 
  In my mind keys could optionally contain application-oriented ACL
  telling which
  applications they trust so that even if you install a bad App, it
  would for
  example not be able to use your bank or eID-key in the background.
 
  In my mind, the SE should take over display and touch controller by
  hardware means, so absolutely no app can snoop user input or fake it.
  Too bad seems nobody really *needs* that level of security...
 
 The problem with that is that is impossible for a user to distinguish
 between a real PIN dialog and a fake ditto.  The SKS' work-around to
 this particular issue is that there is an OS-based PIN dialog and that
 keys can specify that they only accepts PINs through the system PIN dialog
 (trusted path).
 
 If the user is presented a spoofed PIN dialog, the attacker may indeed get
 the PIN.  However, the attacker must also take the device as well in order
 to use it which makes the attack much less useful.
 
 If the OS is hacked this doesn't help but it seems that this is not
 the biggest problem with mobile devices; it is rather determine what
 an app should be able to do or not.
 
 To get the proportions right, consumer security solutions should IMO be
 compared with the Gold Standard for Internet-payments where 
 authorization
 is performed by a UserID (Card Number) and Password (CCV) printed in
 clear on plastic cards, which is all the Financial Industry have manged to
 roll out during the 15Y+ we have had with the Internet!
 
 
 actually I think the system was doing fine - if you can review transactions 
 later
 and refute any bogus transaction and the money can be traced to the recipient,
 and the system provider has a huge interest to keep the money traceable and
 recall'able, that is a good system design, and protects everyone much better 
 than
 technical adventures.

I guess you refer to the Google Wallet or SKS as technical adventures?  I 
don't
see any conflicts between judicious logging and systems that [rightly or 
wrongly]
are claimed to be more secure than passwords printed in clear on plastic cards.

 
 The downside from my perspective is rather that visa and master card are 
 shifting the liability to the end user.
 if the only one in the system who can enforce security standards is no longer 
 liable to carry the burdon of not having
 a good enough security, then the system is going bad. verified by VISA and 
 the similar master card initiative require
 the end user to verify each transaction with an additional password. If it is 
 a password, it can be sniffed by a trojan
 as easily. if it is a TAN send over a SMS to your mobile phone, then loosing 
 you mobile phone means an empty
 bank account.

3D Secure IMO combines the worst possible user-interface with questionable 
security.
However, the concept is actually brilliant but it will rather be Google and 
Apple
that will make it useful, not MasterCard and VISA.

 
 Lets be honest: you might have your mobile phone and wallet in your hand-bag 
 or backpack or whatever, and if
 both are stolen the attacker has access to about everything and almost all 
 ways to identify you and authorize
 transactions are in his hand. even the numbers you might need to know to 
 prevent fraud are no longer with you -
 e.g. in germany I might remember the central hotline for reporting stolen 
 cards (116 116) and I remember my bank
 account number. but if they require my visa card number, I wouldn't know 
 that. also I wouldn't have mobile phone
 with me - it got stolen - and if I don't notice the issue I'm out of luck, as 
 everyone (banks, telco, ...) shift the liability
 for every transaction until the theft gets reported to the customer.
 
 the mobile phones have authentication of the customer (gesture, pin, password 
 or screen unlock), but those are not
 very good protections. so my expectation is they won't stop attackers.

I expect another kind of protection to be more useful and that is that the 
owner will be able
to set it on hold or possibly even in wipe out mode through a cloud service 
that the phone will
interrogate every now and then.  If the cloud service isn't available you must 
issue a difficult
password before gaining access to the device.  From what I can deduct from the 
rather scarce
Wallet documents, this is more or less already in place.  If the device is 
subject to a shrewd
attack I guess only the traditional credential revocation will help.  The cloud 
service may
aid you with that as well.

I definitely believe that losing a mobile phone wallet will be less devastating 
than
losing a traditional one.  Naturally it has to be proved.  I 

Re: [opensc-devel] Technical Description - Android Embedded SE

2012-09-22 Thread Andreas Jellinghaus
Am 20.09.2012 21:06 schrieb Anders Rundgren anders.rundg...@telia.com:


http://nelenkov.blogspot.se/2012/08/accessing-embedded-secure-element-in.html

 Very interesting IMHO.

Agree, thanks for sharing.

 According to the author SD-slots are becoming exceptions also for Android
so this is
 probably what most people will be dealing with.

I think he is also over optimistic with multi applications on a Java card
SE, but we will see.

The NFC chip should be similar to what can be used with libnfc, so porting
all the mifare copy clone and fake tools would be awesome...

Andreas

 Anders

 ___
 opensc-devel mailing list
 opensc-devel@lists.opensc-project.org
 http://www.opensc-project.org/mailman/listinfo/opensc-devel
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] Technical Description - Android Embedded SE

2012-09-22 Thread Anders Rundgren
On 2012-09-22 08:58, Andreas Jellinghaus wrote:
 
 Am 20.09.2012 21:06 schrieb Anders Rundgren anders.rundg...@telia.com 
 mailto:anders.rundg...@telia.com:

 http://nelenkov.blogspot.se/2012/08/accessing-embedded-secure-element-in.html

 Very interesting IMHO.
 
 Agree, thanks for sharing.

 According to the author SD-slots are becoming exceptions also for Android so 
 this is
 probably what most people will be dealing with.
 
 I think he is also over optimistic with multi applications on a Java card SE, 
 but we will see.
Indeed.  I even wonder if the SE needs to host applications at all.  IMO, it 
would be enough
if the SE hosts keys and associated attributes while the applications either 
rather run at OS-level
as trusted processes like PIN input etc. or as standard applications.  As far 
as I understand
the Wallet is just an Android App that is trusted by the SE.

In my mind keys could optionally contain application-oriented ACL telling which
applications they trust so that even if you install a bad App, it would for
example not be able to use your bank or eID-key in the background.

Here is a write-up of a possible ACL-scheme that is intended for the Web and 
App:
http://webpki.org/papers/PKI/pki-webcrypto.pdf

Anders

 
 The NFC chip should be similar to what can be used with libnfc, so porting 
 all the mifare copy clone and fake tools would be awesome...
 
 Andreas

 Anders

 ___
 opensc-devel mailing list
 opensc-devel@lists.opensc-project.org 
 mailto:opensc-devel@lists.opensc-project.org
 http://www.opensc-project.org/mailman/listinfo/opensc-devel
 

___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel


Re: [opensc-devel] Technical Description - Android Embedded SE

2012-09-22 Thread Andreas Jellinghaus
2012/9/22 Anders Rundgren anders.rundg...@telia.com

 On 2012-09-22 08:58, Andreas Jellinghaus wrote:
 
  Am 20.09.2012 21:06 schrieb Anders Rundgren 
  anders.rundg...@telia.commailto:
 anders.rundg...@telia.com:
 
 
 http://nelenkov.blogspot.se/2012/08/accessing-embedded-secure-element-in.html
 
  Very interesting IMHO.
 
  Agree, thanks for sharing.
 
  According to the author SD-slots are becoming exceptions also for
 Android so this is
  probably what most people will be dealing with.
 
  I think he is also over optimistic with multi applications on a Java
 card SE, but we will see.
 Indeed.  I even wonder if the SE needs to host applications at all.
  IMO, it would be enough
 if the SE hosts keys and associated attributes while the applications
 either rather run at OS-level
 as trusted processes like PIN input etc. or as standard applications.  As
 far as I understand
 the Wallet is just an Android App that is trusted by the SE.


well, even if the battery of the mobile phone is empty, the secure element
can still be powered by any
reader and thus still work. Implementations can or cannot make use of this
- if the implementation prefers
the user to take the phone out of his bag, unlock it, open some app and
make the I approve gesture,
then disabling it is a good idea to prevent unauthorized usage.

In my mind keys could optionally contain application-oriented ACL telling
 which
 applications they trust so that even if you install a bad App, it would
 for
 example not be able to use your bank or eID-key in the background.


I must admit I don't know how many apps are managed and seperated. given
the restricted resources a smart
card has, I assume there is a master key that creates contain of specific
sizes/dimensions/... and the app is
loaded into such a container, limiting it and reserving the unallocated
space for further applications/containers?

Is there a standard on doing this, or is it all JCOP magic under NDA?

I only remember seeing code that would change master keys and put one app
into a card, thus never bothered how it works in detail or how to manage
resource, secure apps against each other etc. Also I wonder: does the
vendor claim to have the security thight enough to prevent a hostile app
from accessing data of another app? Or is it the usual all is secure, but
we don't tell how it works,
how to use it, and make no real guaranties anyway?


 Here is a write-up of a possible ACL-scheme that is intended for the Web
 and App:
 http://webpki.org/papers/PKI/pki-webcrypto.pdf


hmm, that link is configured as download :( a normal link would be easier
so chrome users can browse it
without a download to the filesystem (and another file kept around in
Dowload/ folder forever).

I haven't looked into this into very detailed.

My new impression is I would only need to use a smart card keycert with
one site only - my SSO provider. Thus a plugin for that communication only
would work well with me.

I use two browsers, thus could have a differnt plugin each time linked to a
different identity. Not sure if I wanted to share a card for that purpose,
that agains simplifies my requirements I would have for a smart card a lot.

Like many people I noticed that people have their mobile phone with them
all the time, and notice if they lost it right away.
Thus using a mobile phone for authenticating any other device seems to be
the right thing to do and works well for many people
in practice. Thus using the SE in such a phone can become interesting. Not
sure what to do about phone theft though - I really fear putting all the
access credentials into one basket (my phone), plus a lot of personal
information, so any thief would be able to
impersonate me and access my mail, documents, banks, and much more.

In summary: my old expectations how to secure communication and use smart
cards in them have gone many months ago, now I see the world very
differently. My adventures into smart card business also make me wonder if
trusting such an industry is a good thing.

Andreas




 Anders

 
  The NFC chip should be similar to what can be used with libnfc, so
 porting all the mifare copy clone and fake tools would be awesome...
 
  Andreas
 
  Anders
 
  ___
  opensc-devel mailing list
  opensc-devel@lists.opensc-project.org mailto:
 opensc-devel@lists.opensc-project.org
  http://www.opensc-project.org/mailman/listinfo/opensc-devel
 


___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] Technical Description - Android Embedded SE

2012-09-22 Thread NdK
Il 22/09/2012 12:41, Andreas Jellinghaus ha scritto:

 In my mind keys could optionally contain application-oriented ACL
 telling which
 applications they trust so that even if you install a bad App, it
 would for
 example not be able to use your bank or eID-key in the background.
In my mind, the SE should take over display and touch controller by
hardware means, so absolutely no app can snoop user input or fake it.
Too bad seems nobody really *needs* that level of security...

 I must admit I don't know how many apps are managed and seperated. given
 the restricted resources a smart card has,
Think about how an MMU works: it keeps a table of pages assigned to an
app, and maps 'em in app's address space. An app have no way to access a
page outside its allowed address space. Nothing secret, here, and
doesn't require great resources.

 I only remember seeing code that would change master keys and put one
 app into a card, thus never bothered how it works in detail or how to
 manage resource, secure apps against each other etc. Also I wonder: does
 the vendor claim to have the security thight enough to prevent a hostile
 app from accessing data of another app? Or is it the usual all is
 secure, but we don't tell how it works,
 how to use it, and make no real guaranties anyway?
Another question: if the applet manager is secure, then why change
master keys before giving a card to customers?

 My new impression is I would only need to use a smart card keycert with
 one site only - my SSO provider. Thus a plugin for that communication
 only would work well with me.
As long as you can import/export your cert (better if keeping it
protected by a password) then you can have quite good security using
openid and an identity provider like startssl that authenticates you
using that cert.

 Not sure what to do about phone theft though - I really fear putting all
 the access credentials into one basket (my phone), plus a lot of
 personal information, so any thief would be able to
 impersonate me and access my mail, documents, banks, and much more.
For this I simply use keepass w/ its db synced over dropbox (and backed
up offline in multiple places). Obviously a thief wouldn't have my
master password, so the access to the db would be useless.

 In summary: my old expectations how to secure communication and use
 smart cards in them have gone many months ago, now I see the world
 very differently. My adventures into smart card business also make me
 wonder if trusting such an industry is a good thing.
Always too many things under NDA or plainly unavailable, too often
starting from comm specs...

BYtE,
 Diego.
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel


Re: [opensc-devel] Technical Description - Android Embedded SE

2012-09-22 Thread Anders Rundgren
On 2012-09-22 17:27, NdK wrote:
 Il 22/09/2012 12:41, Andreas Jellinghaus ha scritto:
 
 In my mind keys could optionally contain application-oriented ACL
 telling which
 applications they trust so that even if you install a bad App, it
 would for
 example not be able to use your bank or eID-key in the background.

 In my mind, the SE should take over display and touch controller by
 hardware means, so absolutely no app can snoop user input or fake it.
 Too bad seems nobody really *needs* that level of security...

The problem with that is that is impossible for a user to distinguish
between a real PIN dialog and a fake ditto.  The SKS' work-around to
this particular issue is that there is an OS-based PIN dialog and that
keys can specify that they only accepts PINs through the system PIN dialog
(trusted path).

If the user is presented a spoofed PIN dialog, the attacker may indeed get
the PIN.  However, the attacker must also take the device as well in order
to use it which makes the attack much less useful.

If the OS is hacked this doesn't help but it seems that this is not
the biggest problem with mobile devices; it is rather determine what
an app should be able to do or not.

To get the proportions right, consumer security solutions should IMO be
compared with the Gold Standard for Internet-payments where authorization
is performed by a UserID (Card Number) and Password (CCV) printed in
clear on plastic cards, which is all the Financial Industry have manged to
roll out during the 15Y+ we have had with the Internet!

Anders


 
 I must admit I don't know how many apps are managed and seperated. given
 the restricted resources a smart card has,
 Think about how an MMU works: it keeps a table of pages assigned to an
 app, and maps 'em in app's address space. An app have no way to access a
 page outside its allowed address space. Nothing secret, here, and
 doesn't require great resources.
 
 I only remember seeing code that would change master keys and put one
 app into a card, thus never bothered how it works in detail or how to
 manage resource, secure apps against each other etc. Also I wonder: does
 the vendor claim to have the security thight enough to prevent a hostile
 app from accessing data of another app? Or is it the usual all is
 secure, but we don't tell how it works,
 how to use it, and make no real guaranties anyway?
 Another question: if the applet manager is secure, then why change
 master keys before giving a card to customers?
 
 My new impression is I would only need to use a smart card keycert with
 one site only - my SSO provider. Thus a plugin for that communication
 only would work well with me.
 As long as you can import/export your cert (better if keeping it
 protected by a password) then you can have quite good security using
 openid and an identity provider like startssl that authenticates you
 using that cert.
 
 Not sure what to do about phone theft though - I really fear putting all
 the access credentials into one basket (my phone), plus a lot of
 personal information, so any thief would be able to
 impersonate me and access my mail, documents, banks, and much more.
 For this I simply use keepass w/ its db synced over dropbox (and backed
 up offline in multiple places). Obviously a thief wouldn't have my
 master password, so the access to the db would be useless.
 
 In summary: my old expectations how to secure communication and use
 smart cards in them have gone many months ago, now I see the world
 very differently. My adventures into smart card business also make me
 wonder if trusting such an industry is a good thing.
 Always too many things under NDA or plainly unavailable, too often
 starting from comm specs...
 
 BYtE,
  Diego.
 ___
 opensc-devel mailing list
 opensc-devel@lists.opensc-project.org
 http://www.opensc-project.org/mailman/listinfo/opensc-devel
 

___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel


[opensc-devel] Technical Description - Android Embedded SE

2012-09-20 Thread Anders Rundgren
http://nelenkov.blogspot.se/2012/08/accessing-embedded-secure-element-in.html

Very interesting IMHO.

According to the author SD-slots are becoming exceptions also for Android so 
this is
probably what most people will be dealing with.

Anders

___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel