Hi Peter,
One way of doing this is through a cryptographic handshake... Some cards
(like the Schlumberger Cryptoflex sold in the US) can store a secret key
securely and also do signing on the card... Thus, one side of the
handshake could work like this:
1) reader (or host) gets an X.509v3 cert from the card (publicly available)
2) reader (or host) uses the cert to encrypt a random number and sends it
to the card
3) card decrypts the number and sends it back to the reader (or host)
4) card can optionally sign the number that is sent back
5) reader (or host) knows that the card is authentic
Of course, this devolves to the trustedness of the CA that certified the
public key, but that is what public key cryptography is all about....
You could reverse this handshake to confirm to the card that the reader
(or host) was authentic... Thus having a bi-directional authentication
handshake..... You most likely would be able to use the crypto capability
of the card to encrypt the channel once the handshake is completed
successfully.
Unfortunately, I believe that cards with strong crypto capability are
only available in the USA... but the new java cards (Cyberflex Access)
provide a way of sort of 'beating' the export regulations in that the
cards do not in themselves have crypto capability, but due to the fact
that they have a java runtime environment the crypto stuff may be able
to be done in software that is loaded by the user....
For more accurate information about the cards, you may want to contact
Danny Kumamoto <[EMAIL PROTECTED]> or Neville Pattinson
<[EMAIL PROTECTED]>
Dave Sims
**************************************************************************
From: SMTP%"[EMAIL PROTECTED]" 3-SEP-1999 13:35:08.15
To: SIMS
CC:
Subj: MUSCLE Can I distinguish real SC hardware from an emulator?
I'm thinking here about iButtons in particular, but the question is valid
for all authentication tokens, smart cards, etc. Sorry if it's off-topic
by not being Linux specific, but I've yet to find an answer anywhere.
Assuming that I do *not* have control of the hardware into which my SC is
currently plugged via a reader, how can a program (which, e.g. we have
licensed to a client) be sure that it is talking to the genuine SC, and
not an emulator? I really don't care how well tamper proofed the chip is
if, or if it self destructs after 30 days free trial, if I can simply
reproduce an unlimited number of copies in software which will have the
same supposedly "unique" serial number, or have electronic wallets
permanently charged up with credit which never decrements. Anything that
passes along the serial interface can be intercepted and replayed, right?
One answer is if a crypto based key system generates an asymmetric
key pair internally, and never reveals the private key or allows it to be
set I understand that the crypto Java iButton will does this). If the
only traffic out of the SC is signed responses by that key pair and all
the critical logic is internal, then any traffic on the serial line is
only useful exactly once, which defeats replays. The software must
contain code that checks for the smart card (and cannot easily by
bypassed, which is an art in itself) - and this will be identical for all
instances of the code.
But even if the private key never leaves the SC, the corresponding public
key must be stored *somewhere*, essentially in clear, though possibly
obfuscated, and will be different for each different SC - and clearly any
difference between otherwise identical distributions essentially *is* the
key, and can be replaced with something else that an emulator would
happily accept; back to square one.
I do appreciate that I'm being really *quite* paranoid here, and that
almost anything represents an improvement over current ways of
doing things - essentially nothing. Can come up with characteristics which
would be hard to beat, or is this a fundamentally insoluble problem?
Peter Lister [EMAIL PROTECTED] PGP (RSA): 0xE4D85541
Sychron Ltd http://www.sychron.com PGP (DSS): 0xBC1D7258
1 Cambridge Terrace Voice: +44 1865 200211
Oxford OX1 1UR UK FAX: +44 1865 249666
***************************************************************
Linux Smart Card Developers - M.U.S.C.L.E.
(Movement for the Use of Smart Cards in a Linux Environment)
http://www.linuxnet.com/smartcard/index.html
***************************************************************
***************************************************************
Linux Smart Card Developers - M.U.S.C.L.E.
(Movement for the Use of Smart Cards in a Linux Environment)
http://www.linuxnet.com/smartcard/index.html
***************************************************************
