Re: [9fans] Re: secret stuff

Re: [9fans] Re: secret stuff

[Russ Cox]

I'm not sure Stephen Wolfram would agree
with your invocation of the Second Law of
Thermodynamics in this particular context.

Russ

[9fans] Re: secret stuff

[Jim Choate]

On Sun, 16 Jun 2002, Russ Cox wrote:

> I'm not sure Stephen Wolfram would agree
> with your invocation of the Second Law of
> Thermodynamics in this particular context.

Ask him. CA's are bound by the 2nd also (otherwise they wouldn't be
universal computing machines (ala TM's, re Rule 110). EVERYTHING is bound
by the three laws of thermodynamics. Everything. If you find a program
that isn't bound by the 2nd then you will have also solved the Halting
Problem and created a perpetual motion machine (or at least a machine that
pumps heat from cold to hot).

I have to say I had much higher hopes for CA's and his new book. For
example I was hoping he was going to extend them to non-adjacent
neighborhoods, expansion of Ruckers CVCA's, mixed rules, small world
networks, non-local neighborhoods, etc. I've been following his work since
the early 80's. He got too focused on the rules and ignored the geometry,
fatal mistake for this theory.

I first ran across him because he played Traveller and won the Trillion
Credit Squadron event (don't remember the exact date or value but this is
close enough for this discussion) by using 'swarm' tactics via small
ships.

There's a whole host of applications for CA's that Stephen missed. It's
ok, many others are working on them also. One of these days when it's far
enough along the results will be interesting (to say the least).

The basic idea is sound though, the cosmos is basically a bunch of agents
connected by geometry and network rules (ie particles and fields, Super
Symmetry, the favorit GUT candidate of the week).

As an aside, I use a CA model based on small world networks and non-local
neighborhoods to model Hangar 18's network.

And no, I didn't read the book. There was very little actually applicable
to the stuff I'm using CA's for.


 --
    ____________________________________________________________________

              When I die, I would like to be born again as me.

                                            Hugh Hefner
     ravage@ssz.com                                         www.ssz.com
     jchoate@open-forge.org                          www.open-forge.org

    --------------------------------------------------------------------

Re: [9fans] Re: secret stuff

[Douglas A. Gwyn]

Dan Cross wrote:
> One-time pads are in and of themselves `uncrackable;' they provide
> provably perfect semantic security.  The issues you (confusedly) raise
> are secondary, and related to correct use of the `system.'  Said use
> is independent of the system itself.

The *ideal* one-time pad system is uncrackable (other than that
one can determine the length of a message).  However, in the
real world ideal OTPs don't exist; actual OTPs can and have
been cracked.  The important theoretical point is that under
"ordinary" circumstances, if you have the means to convey the
pad (key) securely between parties, you don't need to further
encrypt; just use that channel capacity to send the message.

Re: [9fans] Re: secret stuff

[Dan Cross]

> > One-time pads
>
> If you have a secure channel to pass OTP's then you don't strictly need
> the smart card. The channel that the OTP is transfered to is the primary
> hole in OTP security, it's also why they are so seldom used in practice.
> OTP's are uncrackable ONLY to a naive MITM who has limited access to the
> channels of communications.
>
> So, no OTP's are not uncrackable.

One-time pads are in and of themselves `uncrackable;' they provide
provably perfect semantic security.  The issues you (confusedly) raise
are secondary, and related to correct use of the `system.'  Said use
is independent of the system itself.

Note that *I* never mentioned smart cards at all.

> > and hyper-encryption under the bounded storage model are
> > both `uncrackable.'
>
> I'll leave this one as a exercise for the student as to why it isn't
> uncrackable.

And then you write:

> Note commentary about the statical nature of the proof as well as the
> comments about 'pre-arrangement'...
>
> http://people.deas.harvard.edu/~zong/hyperenc

Note that part where I said, ``under the bounded storage model.''  Pre-
arrangement of keys is, once again, a secondary issue.

> >  Even under computational models beyond that of
> > Church et al, and with against adversaries with infinite resources.
>
> Uh huh...

I don't think you know what you're talking about.  What's more, spouting
off in the manner you do, you've completely blown your credability.

This is my last email on the subject.

	- Dan C.

Re: [9fans] Re: secret stuff

[Richard Miller]

Jim Choate <ravage@ssz.com> says:

> ...
> 'smart card' used in a generic sense like it was used in the original post
> is handwaving and nothing more, ...

My original post (for which I am humbly and heartily sorry) asked what I thought
to be an innocent question:

> For standalone Plan 9 users not served by an auth server, would
> it make sense to have a secstore server running on a smart card?

Presotto suggested an alternative:

> Running it on a hand held would also be a reasonable idea.

I followed with the claim which I think is the one being disputed:

> The advantage of a smart card is tamper-resistance.  How do you know someone
> hasn't borrowed your ipaq and installed a doctored version of secstored or
> secuser?

In this context, I did mean to make a generic reference to a class of devices
which tend to be called smartcards here in England, chipcards in the rest of
Europe, IC cards in Japan and so on.  Maybe there's another term in the US.
Anyway the implication (which I perhaps should have made more explicit) is that
any smart card is less susceptible to physical tampering than a normal general-
purpose PC, because there are fewer points of access for getting data out and
illicit programs in.  I expect most of us are aware of the principles if not
the details of physical attacks on smart cards, and it's commonsense to expect
that some cards are better hardened against these than others.  But if I want
to get at the data on a PC's disk or a bitsy's flash memory I wouldn't expect
to need a nitric acid bath and an electron microscope.  In my experience, if
you have physical access to a PC there are various ways to get it to load
privileged code of your choice, which are not authenticated or cryptographically
secured; and failing that you can generally get the storage devices out with
a humble screwdriver and move them to a more hospitable PC.  I'd be surprised
to hear of any smart card with comparable ease of access.  Like any security
measure it's a question of raising the cost of attack rather than eliminating
any possibility.

Now, let's look at Jim Choate's generic claims about smart cards:

> So the mount would be insecure, in that anyone who has the card could
> mount it (and make an image - probably in less than 10 minutes).

and

> Smart Cards have the same problem as PDA's, if you lose physical control
> you lose your security. If anybody ever gets the card for 10 or more
> minutes they can image the card and then at their leisure take a crack at
> it.

Even if we assume that "anybody ever" means a team of experienced smart card
engineers with a lab full of expensive equipment, I am curious to know where
the precise figure of 10 minutes comes from when nobody has said what
particular card they are referring to.  Is this handwaving too?

It wouldn't be helpful to identify the card I'm using because it's not on
the market yet.  But to be concrete, suppose we choose IBM's JCOP 20/16 as
a typical multiapplication card with a JavaCard 2.1.1 VM and a reasonable
security+crypto library.  If I load one up with a password file controlled
by a simple server applet, and send it to Mr Choate along with a description
of the protocol, will he volunteer to "image" the card and tell 9fans what's
in the file (I'll even store the passwords in cleartext) and how long it took?

-- Richard

Re: [9fans] Re: secret stuff

[Don]

> I'm not angry. I'm irritated at your attitude. Which the previous sentence
> exemplifies. Why are you running your mouth about something you don't know
> about? Why are YOU so confrontational?
>
geez, man, im no drug advocate but even i think u could use
some kind bud about now :|

Re: [9fans] Re: secret stuff

[ggm]

> I can't be the only one wishing this whole conversation
> would go off-list, can I?
>
> Sam


Bring back Mark V Shaney

-George

Re: [9fans] Re: secret stuff

[David Gordon Hogan]

> > I was obviously not alone in understanding your words
> > in this way, nor in finding it an interesting claim. The fact that
> > you also said other things is not something I recall denying.
>
> Simply because a majority interprets something doesn't make it so. The
> majority used to believe blacks and women were sub-male, don't make it
> right. I am completely unimpressed with pleas to authority or majority.
> If that's the best you got, you got nothing.

So what you're saying is that you don't want to be judged
by how some `majority' interprets you?

[9fans] Re: secret stuff

[Jim Choate]

On Mon, 17 Jun 2002, Andrew Simmons wrote:

> > Then you need to reread.
>
> What you initially said included exactly the words I quoted. I took
> this to mean that any smart card currently available could have
> sufficient information extracted in around 10 minutes to crack it at
> one's leisure.  I was obviously not alone in understanding your words
> in this way, nor in finding it an interesting claim. The fact that
> you also said other things is not something I recall denying.

Then again, go back and reread. I said that if one had a crack for a smart
card they would be able to read it (which is also different from actually
decoding what one reads). I also made it very clear that not all smart
cards are equal. When one 'cracks' a smart card this means you get an
image of the RAM and the registers. That doesn't end the show by a long
shot. Cracking H-H/U cards for example using power supply under-voltage
glitching (which was pretty much disabled recently with a code update) can
take hours, it usually takes about 15-30 minutes. Once glitched it takes
something like 30s to read the card. You then take that image and crank it
into the emulator (visit your friendly neighborhood DSS cracking site that
used to be in Canada - try Argentina, hacking is legal there) and then you
strart collecting streams from the real card and compare to the emulator
output (which by the way uses another H-H/U card to run the encryption
engine).

Simply because a majority interprets something doesn't make it so. The
majority used to believe blacks and women were sub-male, don't make it
right. I am completely unimpressed with pleas to authority or majority.
If that's the best you got, you got nothing.

Bottem line, as 'rude' or 'insulting' as it may be, is that you folks
don't crack smart cards, have a hard time understanding that the term
'smart card' used in a generic sense like it was used in the original post
is handwaving and nothing more, that being a programmer doesn't make you
an expert on cracking/hacking, and have a hard time admitting your
ignorance of the technology infrastructure the card exists in (the
comments about OTP's being uncrackable is evidence of this).

Take it or leave it. If you're insulted it says more about you than me.

Have a nice day.


 --
    ____________________________________________________________________

              When I die, I would like to be born again as me.

                                            Hugh Hefner
     ravage@ssz.com                                         www.ssz.com
     jchoate@open-forge.org                          www.open-forge.org

    --------------------------------------------------------------------

[9fans] Re: secret stuff

[Andrew Simmons]

> Stop writing in this insulting tone

No insult intended. I'm sorry you should take it that way.

> Then you need to reread.

What you initially said included exactly the words I quoted. I took
this to mean that any smart card currently available could have
sufficient information extracted in around 10 minutes to crack it at
one's leisure.  I was obviously not alone in understanding your words
in this way, nor in finding it an interesting claim. The fact that
you also said other things is not something I recall denying.

> That of course may explain why you folks are running around making
> statements about the security of crypto systems that are not >accurate.

I am not sure how I got to be "you folks". I am merely an interested
listener who knows very little about crypto systems, which explains
why I have never made a statement about their security, accurate or
otherwise.

Re: [9fans] Re: secret stuff

[Sam]

I can't be the only one wishing this whole conversation
would go off-list, can I?

Sam

On Sun, 16 Jun 2002, Jim Choate wrote:

>
> On Mon, 17 Jun 2002, Andrew Simmons wrote:
>
> > > Then you need to reread.
> >
> > What you initially said included exactly the words I quoted. I took
> > this to mean that any smart card currently available could have
> > sufficient information extracted in around 10 minutes to crack it at
> > one's leisure.  I was obviously not alone in understanding your words
> > in this way, nor in finding it an interesting claim. The fact that
> > you also said other things is not something I recall denying.
>
> Then again, go back and reread. I said that if one had a crack for a smart
> card they would be able to read it (which is also different from actually
> decoding what one reads). I also made it very clear that not all smart
> cards are equal. When one 'cracks' a smart card this means you get an
> image of the RAM and the registers. That doesn't end the show by a long
> shot. Cracking H-H/U cards for example using power supply under-voltage
> glitching (which was pretty much disabled recently with a code update) can
> take hours, it usually takes about 15-30 minutes. Once glitched it takes
> something like 30s to read the card. You then take that image and crank it
> into the emulator (visit your friendly neighborhood DSS cracking site that
> used to be in Canada - try Argentina, hacking is legal there) and then you
> strart collecting streams from the real card and compare to the emulator
> output (which by the way uses another H-H/U card to run the encryption
> engine).
>
> Simply because a majority interprets something doesn't make it so. The
> majority used to believe blacks and women were sub-male, don't make it
> right. I am completely unimpressed with pleas to authority or majority.
> If that's the best you got, you got nothing.
>
> Bottem line, as 'rude' or 'insulting' as it may be, is that you folks
> don't crack smart cards, have a hard time understanding that the term
> 'smart card' used in a generic sense like it was used in the original post
> is handwaving and nothing more, that being a programmer doesn't make you
> an expert on cracking/hacking, and have a hard time admitting your
> ignorance of the technology infrastructure the card exists in (the
> comments about OTP's being uncrackable is evidence of this).
>
> Take it or leave it. If you're insulted it says more about you than me.
>
> Have a nice day.
>
>
>  --
>     ____________________________________________________________________
>
>               When I die, I would like to be born again as me.
>
>                                             Hugh Hefner
>      ravage@ssz.com                                         www.ssz.com
>      jchoate@open-forge.org                          www.open-forge.org
>
>     --------------------------------------------------------------------
>
>

Re: [9fans] Re: secret stuff

[Jim Choate]

On Mon, 17 Jun 2002, Andrew Simmons wrote:

> Calm down, calm down.

I'm perfectly calm. Stop writing in this insulting tone and I'll stop
responsing that way.

> As far as I recall, you started this off by
> making the unqualified assertion that "If anybody ever gets the card
> for 10 or more minutes they can image the card and then at their
> leisure take a crack at it.",

Then you need to reread. What I did say is that smart cards are NOT a
perfect solution. That 'smart cards' is not a homogenous family of
products which seems to be a significant issue with the proposal. It made
over broad statements relating to security and smart cards.

I simply made the point that these assumptions were flawed.

> Mr Presotto expressed interest in a
> perfectly civil fashion,

And I answered in a perfectly civil fashion.

> At the risk of making you even angrier, what has physics in general &
> the second law of thermodynamics in particular got to do with the
> possibility of a completely uncrackable system?

??? Any system you build is a physical system. If you don't see the
connection then I can't help you, sorry. That of course may explain why
you folks are running around making statements about the security of
crypto systems that are not accurate.


 --
    ____________________________________________________________________

              When I die, I would like to be born again as me.

                                            Hugh Hefner
     ravage@ssz.com                                         www.ssz.com
     jchoate@open-forge.org                          www.open-forge.org

    --------------------------------------------------------------------

Re: [9fans] Re: secret stuff

[Jim Choate]

On Sun, 16 Jun 2002, Dan Cross wrote:

> > Nobody designed the system to be crackable, but we have a 2nd Law of
> > Thermodynamics to contend with. There is no such thing as a uncrackable
> > system.
>
> One-time pads

If you have a secure channel to pass OTP's then you don't strictly need
the smart card. The channel that the OTP is transfered to is the primary
hole in OTP security, it's also why they are so seldom used in practice.
OTP's are uncrackable ONLY to a naive MITM who has limited access to the
channels of communications.

So, no OTP's are not uncrackable.

> and hyper-encryption under the bounded storage model are
> both `uncrackable.'

I'll leave this one as a exercise for the student as to why it isn't
uncrackable.

>  Even under computational models beyond that of
> Church et al, and with against adversaries with infinite resources.

Uh huh...


 --
    ____________________________________________________________________

              When I die, I would like to be born again as me.

                                            Hugh Hefner
     ravage@ssz.com                                         www.ssz.com
     jchoate@open-forge.org                          www.open-forge.org

    --------------------------------------------------------------------

Re: [9fans] Re: secret stuff

[Andrew Simmons]

On 16 Jun 2002 at 12:00, 9fans-request@cse.psu.edu wrote:

> I'm not angry. I'm irritated at your attitude. Which the previous sentence
> exemplifies. Why are you running your mouth about something you don't know
> about? Why are YOU so confrontational?
>
> There is a considerable faction on this list who believe their press
> releases. I think you're one of them.
>
> Have a nice day.
>

Calm down, calm down. As far as I recall, you started this off by
making the unqualified assertion that "If anybody ever gets the card
for 10 or more minutes they can image the card and then at their
leisure take a crack at it.", Mr Presotto expressed interest in a
perfectly civil fashion, and a discussion ensued which I for one was
following, or attempting to follow, with interest until you got the
hump over something.

At the risk of making you even angrier, what has physics in general &
the second law of thermodynamics in particular got to do with the
possibility of a completely uncrackable system?

Re: [9fans] Re: secret stuff

[Dan Cross]

> Nobody designed the system to be crackable, but we have a 2nd Law of
> Thermodynamics to contend with. There is no such thing as a uncrackable
> system.

One-time pads and hyper-encryption under the bounded storage model are
both `uncrackable.'  Even under computational models beyond that of
Church et al, and with against adversaries with infinite resources.

	- Dan C.

Re: [9fans] Re: secret stuff

[Jim Choate]

On Sun, 16 Jun 2002, Richard Miller wrote:

> Wow.  This is what happens when you think out loud in 9fans.
>
> I think I was careful to say that smart cards were tamper-resistant
> not tamper-proof.  If my secstore lives on a PC it can be compromised
> by anyone who happens along with a boot disk.  If I keep it on a smart
> card it will take a bit more work to get into.

Depends on the smart card. They are -not- all equivalent. As to the extra
work, agreed.


 --
    ____________________________________________________________________

              When I die, I would like to be born again as me.

                                            Hugh Hefner
     ravage@ssz.com                                         www.ssz.com
     jchoate@open-forge.org                          www.open-forge.org

    --------------------------------------------------------------------

Re: [9fans] Re: secret stuff

[Richard Miller]

Wow.  This is what happens when you think out loud in 9fans.

I think I was careful to say that smart cards were tamper-resistant
not tamper-proof.  If my secstore lives on a PC it can be compromised
by anyone who happens along with a boot disk.  If I keep it on a smart
card it will take a bit more work to get into.  That seems to me like
an incremental improvement.  I mentioned the idea in 9fans to see if
anyone else would think so too.

The idea of using 9P is to have something at a higher level than
ISO 7816-3 APDU protocol for talking to multiple services on a card.
This seems a simpler approach than implementing a subset of IP on
the card (as, for example, Andy Tanenbaum's group have done).  The
files which appear when the card is mounted are channels to
active programs rather than passive chunks of memory; individual
channels can be authenticated and encrypted as appropriate for
each service.  In particular the secstore channel would use the
pak protocol, exactly as before.

If you're going to mount a physical attack on the card, I can't
see that the communication protocol with the host is likely to make
much difference.  Patterns of computation and memory access in
the applet on the card are much more vulnerable to side-channel
leakage of information.

I'm sorry I haven't got a "system" to describe and defend.  It's
just a notion for a project -- partly to build something that I
think might be useful, and partly to demonstrate some of the ideas
of Plan 9 to my colleagues.

-- Richard

Re: [9fans] Re: secret stuff

[Jim Choate]

On Sun, 16 Jun 2002 presotto@plan9.bell-labs.com wrote:

> Of course not.  All systems are crackable. I didn't see anyone say that
> his won't be.  The only question is how hard.

Ah, I see you agree with me. Pitty you didn't say this way back there in
the beginning. Then we wouldn't have wasted this bandwidth.

> I haven't heard enough about Miller's system to say how hard.  So far
> all I've heard is that he wants to put secstore on a smart card.

The point is there is no such thing as 'a smart card', there is a class of
cards which have computers in them; smart cards. Outside of that they are
as different as day and night. The example I used was the H-H/U and the
new class replacing them. I also used a more traditional PC style 'smart
card' with 'tamper resistance' built in (my particular example used WORAM
which is a very commen protection mechanism, very hard to defeat).

> You've been building strawmen and burning them down.

I haven't been building strawmen, you have; in claiming 'miller' and
'smart cards are too hard to crack'.

> You may be right but without more about the system, I have no idea.

Duh....how many times have I said that now...

> Why are you so angry?

I'm not angry. I'm irritated at your attitude. Which the previous sentence
exemplifies. Why are you running your mouth about something you don't know
about? Why are YOU so confrontational?

There is a considerable faction on this list who believe their press
releases. I think you're one of them.

Have a nice day.

 --
    ____________________________________________________________________

              When I die, I would like to be born again as me.

                                            Hugh Hefner
     ravage@ssz.com                                         www.ssz.com
     jchoate@open-forge.org                          www.open-forge.org

    --------------------------------------------------------------------

Re: [9fans] Re: secret stuff

[presotto]

[-- Attachment #1: Type: text/plain, Size: 407 bytes --]

Of course not.  All systems are crackable. I didn't see anyone say that
his won't be.  The only question is how hard.

I haven't heard enough about Miller's system to say how hard.  So far
all I've heard is that he wants to put secstore on a smart card.

You've been building strawmen and burning them down.  You may be right
but without more about the system, I have no idea.  Why are you so
angry?

[-- Attachment #2: Type: message/rfc822, Size: 2511 bytes --]

From: Jim Choate <ravage@ssz.com>
To: 9fans@cse.psu.edu
Subject: [9fans] Re: secret stuff
Date: Sun, 16 Jun 2002 09:19:39 -0500 (CDT)
Message-ID: <Pine.LNX.3.96.1020616091658.1158A-100000@einstein.ssz.com>



On Sun, 16 Jun 2002 presotto@plan9.bell-labs.com wrote:

> I'll wait till miller says something.  If you
> design his system for him to be crackable, then
> you're guaranteed to be right.

Nobody designed the system to be crackable, but we have a 2nd Law of
Thermodynamics to contend with. There is no such thing as a uncrackable
system.

It isn't a question of 'right', it isn't a pissing contest. It's just a
question of physics. That's the problem with this list, too many people
worrying about pissing rights and not the facts. If 'miller' says so it
must be so...Ever hear the one about a plea to authority and the liklihood
they are correct? Nah, didn't think so.


 --
    ____________________________________________________________________

              When I die, I would like to be born again as me.

                                            Hugh Hefner
     ravage@ssz.com                                         www.ssz.com
     jchoate@open-forge.org                          www.open-forge.org

    --------------------------------------------------------------------

[9fans] Re: secret stuff

[Jim Choate]

On Sun, 16 Jun 2002 presotto@plan9.bell-labs.com wrote:

> I'll wait till miller says something.  If you
> design his system for him to be crackable, then
> you're guaranteed to be right.

Nobody designed the system to be crackable, but we have a 2nd Law of
Thermodynamics to contend with. There is no such thing as a uncrackable
system.

It isn't a question of 'right', it isn't a pissing contest. It's just a
question of physics. That's the problem with this list, too many people
worrying about pissing rights and not the facts. If 'miller' says so it
must be so...Ever hear the one about a plea to authority and the liklihood
they are correct? Nah, didn't think so.


 --
    ____________________________________________________________________

              When I die, I would like to be born again as me.

                                            Hugh Hefner
     ravage@ssz.com                                         www.ssz.com
     jchoate@open-forge.org                          www.open-forge.org

    --------------------------------------------------------------------

Re: [9fans] Re: secret stuff

[presotto]

[-- Attachment #1: Type: text/plain, Size: 126 bytes --]

I'll wait till miller says something.  If you
design his system for him to be crackable, then
you're guaranteed to be right.

[-- Attachment #2: Type: message/rfc822, Size: 4839 bytes --]

From: Jim Choate <ravage@ssz.com>
To: 9fans@cse.psu.edu
Subject: Re: [9fans] Re: secret stuff
Date: Sun, 16 Jun 2002 00:10:43 -0500 (CDT)
Message-ID: <Pine.LNX.3.96.1020615235612.1158y-100000@einstein.ssz.com>


On Sat, 15 Jun 2002 presotto@plan9.bell-labs.com wrote:

> Perhaps calling this a smart card is too charged?
>
> I don't know what miller meant but I thought
> the smart card would be running the same
> PAK protocol that a remote secstore server would.
> You'ld just be taking via 9P over a local bus rather than
> via TCP over the net.  You could
> snoop the conversation but it wouldn't be any different
> than snooping the conversation to a secstore running
> elsewhere on the network.  I really don't understand
> this ``mount it (and make an image - probably in less
> than 10 minutes).''  Was this predicated on the card
> just looking like a file system full of secrets?

Under Styx-in-a-Box my Minstorms robot shows up as a directory with
various devices listed as files. One can then use simple scripts and a
list of device commands/codes and with simple cat and pipe style features
create a quite interesting Lego based robot. I understood him to mean that
the card would provide some services exported from the smart cards memory
as a file system using something like Styx. This implies a deamon.

Such a deamon can be cracked or subverted. In fact, I don't even need the
smart card. All I need is a description of the protocol, a tap (ie MITM),
time, computing power, and luck (lots if the protocol is good) to attack
such a systems security. So it's really a poor example for what we're
talking about.

What I had in mind was such that we hood the smart card to a dumb terminal
via a short serial cable and a network cable. The entire system, network
stack, etc. is stored on the card. One uses some sort of mechanism to
prevent the card from being directly put into debug mode (eg have the card
disable the debug features through write only RAM). The point of the
exercise has two targets. Unless you hit both you've a hole in your
bucket; Data, Program. The question becomes "How does one get data out of
the card with enough coherence to understand what is being computed?"

The point is to 'glitch' the appropriate registers into a mode thay
normaly would not be in. There are other attacks based on the
architecture-geometry-geography relationship between the logical function
of a cpu and the physical arrangement of those components. That is where
high intensity optical attacks, voltage jitter (over, under, spike,
pulsed, whatever they think up next week), rf skin effect forcing a charge
bleed to occur, etc.

> The keystroke attack is certainly there both with and without the
> smartcard, they're unrelated.

It depends, does the card generate the various certificates or does it
take one and execute a process on it? The first is much more secure than
the second, but has a timing issue related to certificates at both ends
matching - a framing issue (ie consider a dropped packet w/ one
cert/packet).

> If you only type it in at boot time
> keystroke attacks are less likely, no app code running.

A keylogger isn't a program.


 --
    ____________________________________________________________________

              When I die, I would like to be born again as me.

                                            Hugh Hefner
     ravage@ssz.com                                         www.ssz.com
     jchoate@open-forge.org                          www.open-forge.org

    --------------------------------------------------------------------

Re: [9fans] Re: secret stuff

[Jim Choate]

On Sat, 15 Jun 2002 presotto@plan9.bell-labs.com wrote:

> Perhaps calling this a smart card is too charged?
>
> I don't know what miller meant but I thought
> the smart card would be running the same
> PAK protocol that a remote secstore server would.
> You'ld just be taking via 9P over a local bus rather than
> via TCP over the net.  You could
> snoop the conversation but it wouldn't be any different
> than snooping the conversation to a secstore running
> elsewhere on the network.  I really don't understand
> this ``mount it (and make an image - probably in less
> than 10 minutes).''  Was this predicated on the card
> just looking like a file system full of secrets?

Under Styx-in-a-Box my Minstorms robot shows up as a directory with
various devices listed as files. One can then use simple scripts and a
list of device commands/codes and with simple cat and pipe style features
create a quite interesting Lego based robot. I understood him to mean that
the card would provide some services exported from the smart cards memory
as a file system using something like Styx. This implies a deamon.

Such a deamon can be cracked or subverted. In fact, I don't even need the
smart card. All I need is a description of the protocol, a tap (ie MITM),
time, computing power, and luck (lots if the protocol is good) to attack
such a systems security. So it's really a poor example for what we're
talking about.

What I had in mind was such that we hood the smart card to a dumb terminal
via a short serial cable and a network cable. The entire system, network
stack, etc. is stored on the card. One uses some sort of mechanism to
prevent the card from being directly put into debug mode (eg have the card
disable the debug features through write only RAM). The point of the
exercise has two targets. Unless you hit both you've a hole in your
bucket; Data, Program. The question becomes "How does one get data out of
the card with enough coherence to understand what is being computed?"

The point is to 'glitch' the appropriate registers into a mode thay
normaly would not be in. There are other attacks based on the
architecture-geometry-geography relationship between the logical function
of a cpu and the physical arrangement of those components. That is where
high intensity optical attacks, voltage jitter (over, under, spike,
pulsed, whatever they think up next week), rf skin effect forcing a charge
bleed to occur, etc.

> The keystroke attack is certainly there both with and without the
> smartcard, they're unrelated.

It depends, does the card generate the various certificates or does it
take one and execute a process on it? The first is much more secure than
the second, but has a timing issue related to certificates at both ends
matching - a framing issue (ie consider a dropped packet w/ one
cert/packet).

> If you only type it in at boot time
> keystroke attacks are less likely, no app code running.

A keylogger isn't a program.


 --
    ____________________________________________________________________

              When I die, I would like to be born again as me.

                                            Hugh Hefner
     ravage@ssz.com                                         www.ssz.com
     jchoate@open-forge.org                          www.open-forge.org

    --------------------------------------------------------------------

Re: [9fans] Re: secret stuff

[presotto]

[-- Attachment #1: Type: text/plain, Size: 1571 bytes --]

Perhaps calling this a smart card is too charged?

I don't know what miller meant but I thought
the smart card would be running the same
PAK protocol that a remote secstore server would.
You'ld just be taking via 9P over a local bus rather than
via TCP over the net.  You could
snoop the conversation but it wouldn't be any different
than snooping the conversation to a secstore running
elsewhere on the network.  I really don't understand
this ``mount it (and make an image - probably in less
than 10 minutes).''  Was this predicated on the card
just looking like a file system full of secrets?

One question is whether or not you can get secstore (i.e.
PAK) onto a smart card.  I don't really see why not, it's not that
complicated though it might be slow.  However, you don't
use it very often, just to load up factotum and to save
new secrets.

The keystroke attack is certainly there both with and without the
smartcard, they're unrelated.  Factotum currently needs a
password to access the secstore.  That's independent of where
the secstore resides.  If you only type it in at boot time
keystroke attacks are less likely, no app code running.

The problems of physical security and environmental attacks
that you talked about are indeed still there.  The question is how
much you trust a card in someone else's hands.  I'm not sure
I would.  But a card that you use for getting at everything
is something you'ld notice lost or stolen pretty quickly,
perhaps soon enough to start changing all your secrets.
It would be a pain though.

[-- Attachment #2: Type: message/rfc822, Size: 2483 bytes --]

From: Jim Choate <ravage@ssz.com>
To: 9fans@cse.psu.edu
Subject: [9fans] Re: secret stuff
Date: Sat, 15 Jun 2002 19:49:33 -0500 (CDT)
Message-ID: <Pine.LNX.3.96.1020615194657.1158u-100000@einstein.ssz.com>


On Fri, 14 Jun 2002, Richard Miller wrote:

> > ... However, you should talk
> > the Plan 9 file system messages and have some want make a pipe twixt
> > the smart card and a process.
>
> My intention is to have the smart card itself talking 9P (like the
> inferno styx-on-a-brick) so you can access its services directly via
> mount.

So the mount would be insecure, in that anyone who has the card could
mount it (and make an image - probably in less than 10 minutes).

Or do you intend to have it ask for a password during the mount?...sort of
defeats the purpose of the smart card since this password process can be
subverted (eg keystroke sniffers).


 --
    ____________________________________________________________________

              When I die, I would like to be born again as me.

                                            Hugh Hefner
     ravage@ssz.com                                         www.ssz.com
     jchoate@open-forge.org                          www.open-forge.org

    --------------------------------------------------------------------

[9fans] Re: secret stuff

[Jim Choate]

On Fri, 14 Jun 2002, Richard Miller wrote:

> > ... However, you should talk
> > the Plan 9 file system messages and have some want make a pipe twixt
> > the smart card and a process.
>
> My intention is to have the smart card itself talking 9P (like the
> inferno styx-on-a-brick) so you can access its services directly via
> mount.

So the mount would be insecure, in that anyone who has the card could
mount it (and make an image - probably in less than 10 minutes).

Or do you intend to have it ask for a password during the mount?...sort of
defeats the purpose of the smart card since this password process can be
subverted (eg keystroke sniffers).


 --
    ____________________________________________________________________

              When I die, I would like to be born again as me.

                                            Hugh Hefner
     ravage@ssz.com                                         www.ssz.com
     jchoate@open-forge.org                          www.open-forge.org

    --------------------------------------------------------------------

[9fans] Re: secret stuff

[Jim Choate]

On Sat, 15 Jun 2002 presotto@plan9.bell-labs.com wrote:

> I'm interested.  I've seen the power jitter attacks and they
> generally had prettty good success over a fair amount of time on some
> cards.  IBM claimed that they were not susceptible, since they disable
> the card (permanently) if the power gets too wonky.

That only protects against amplitude jitters related to reductions. One of
the attacks on DSS cards (H & HU are 68H11 cards w/ 4k of RAM and a crypto
engine) are pretty easy using this approach. This is one of the reasons
that the folks are changing the cards used. In about two years you'll need
to buy a new receiver as they phase the old systems out. I believe those
cards, as compared to the current DSS cards, will be made internally and
not contracted out. Turns out the folks who did the contract work were a
major leak for inside info.

There are other ways to attack the power supply. One for example is to
'chop' the supply voltage, another is to inject hi-frequency hi-voltage
pulses (the idea being you can glitche the card using skin effect from the
hi-freq aspect of the attack).

Just a month or so ago the 'flash attack' was released. Turns out a lot of
the card makers knew of the attack. Then you've got SQUID and other sorts
of 'analytical' approaches to figuring out what is going on the card. All
expensive and time consuming.

That's the 'security'.

> On the other hand, the last I saw of their secure engine, it didn't look
> like my wallet was big enough (either in volume or contents).

:)

> So is this just all a bunch of PR hooey and if I lend my card to someone
> for 10 minutes I might as well kiss my data goodbye?

No, depends on the card and the system they are a part of and who is
trying to break it. Not all situations are reducable to some ur-situation.

The vast majority of systems are at risk of breach if you lose the card.
Others are more secure. These systems tend to put the an entire block of
'process' on the card. As compared to say DSS cards which only do the key
management and crypto engine on the card. The rf decode and such is all
done in the receiver.

However, even these 'block' smart cards are not completely secure if one
can grab enough data stream (both in and out) to reverse engineer. This is
where the 'security' of the cards come from. The time and effort required
to crack them from direct reverse engineering. However, one can then turn
to inside sources (and there are always inside sources if you have the
resources).

What I -am- saying is there is no simple answer to this problem. In the
vast majority of cases losing the card isn't a problem as long as they
don't have access to the rest of your system. If they got both the card
and access to your system (presumably w/o your consent)...


 --
    ____________________________________________________________________

              When I die, I would like to be born again as me.

                                            Hugh Hefner
     ravage@ssz.com                                         www.ssz.com
     jchoate@open-forge.org                          www.open-forge.org

    --------------------------------------------------------------------