Re: [9fans] secret stuff

Re: [9fans] secret stuff

[presotto]

I'm interested.  I've seen the power jitter attacks and they
generally had prettty good success over a fair amount of time on some
cards.  IBM claimed that they were not susceptible, since they disable
the card (permanently) if the power gets too wonky.  On the other hand,
the last I saw of their secure engine, it didn't look like my wallet
was big enough (either in volume or contents).

So is this just all a bunch of PR hooey and if I lend my card to someone
for 10 minutes I might as well kiss my data goodbye?

[9fans] Re: secret stuff

[Jim Choate]

On Sat, 15 Jun 2002 presotto@plan9.bell-labs.com wrote:

> I'm interested.  I've seen the power jitter attacks and they
> generally had prettty good success over a fair amount of time on some
> cards.  IBM claimed that they were not susceptible, since they disable
> the card (permanently) if the power gets too wonky.

That only protects against amplitude jitters related to reductions. One of
the attacks on DSS cards (H & HU are 68H11 cards w/ 4k of RAM and a crypto
engine) are pretty easy using this approach. This is one of the reasons
that the folks are changing the cards used. In about two years you'll need
to buy a new receiver as they phase the old systems out. I believe those
cards, as compared to the current DSS cards, will be made internally and
not contracted out. Turns out the folks who did the contract work were a
major leak for inside info.

There are other ways to attack the power supply. One for example is to
'chop' the supply voltage, another is to inject hi-frequency hi-voltage
pulses (the idea being you can glitche the card using skin effect from the
hi-freq aspect of the attack).

Just a month or so ago the 'flash attack' was released. Turns out a lot of
the card makers knew of the attack. Then you've got SQUID and other sorts
of 'analytical' approaches to figuring out what is going on the card. All
expensive and time consuming.

That's the 'security'.

> On the other hand, the last I saw of their secure engine, it didn't look
> like my wallet was big enough (either in volume or contents).

:)

> So is this just all a bunch of PR hooey and if I lend my card to someone
> for 10 minutes I might as well kiss my data goodbye?

No, depends on the card and the system they are a part of and who is
trying to break it. Not all situations are reducable to some ur-situation.

The vast majority of systems are at risk of breach if you lose the card.
Others are more secure. These systems tend to put the an entire block of
'process' on the card. As compared to say DSS cards which only do the key
management and crypto engine on the card. The rf decode and such is all
done in the receiver.

However, even these 'block' smart cards are not completely secure if one
can grab enough data stream (both in and out) to reverse engineer. This is
where the 'security' of the cards come from. The time and effort required
to crack them from direct reverse engineering. However, one can then turn
to inside sources (and there are always inside sources if you have the
resources).

What I -am- saying is there is no simple answer to this problem. In the
vast majority of cases losing the card isn't a problem as long as they
don't have access to the rest of your system. If they got both the card
and access to your system (presumably w/o your consent)...


 --
    ____________________________________________________________________

              When I die, I would like to be born again as me.

                                            Hugh Hefner
     ravage@ssz.com                                         www.ssz.com
     jchoate@open-forge.org                          www.open-forge.org

    --------------------------------------------------------------------

Re: [9fans] secret stuff

[Jim Choate]

On Sat, 15 Jun 2002 presotto@plan9.bell-labs.com wrote:

> That's not really true.  We've had numerous smart cards come through with
> tamper protection.  You couldn't get at the image without tearing it
> apart, filing down the chips, and probing the memory physicaly.  IBM
> made that even hard to do.  Certainly not something you did in 10
> minutes.

There are a variety of ways to get to the data on the card. There is even
a 'strobe attack' whereby one can flash extremely bright light on the
card. You can 'jitter' the power supply and clocks, etc.

The 'tamper proof' mechanisms are there to prevent PHYSICAL attacks only.
There are other attacks.

ps I work for IBM.


 --
    ____________________________________________________________________

              When I die, I would like to be born again as me.

                                            Hugh Hefner
     ravage@ssz.com                                         www.ssz.com
     jchoate@open-forge.org                          www.open-forge.org

    --------------------------------------------------------------------

Re: [9fans] secret stuff

[presotto]

[-- Attachment #1: Type: text/plain, Size: 412 bytes --]

That's not really true.  We've had numerous smart cards come through with
tamper protection.  You couldn't get at the image without tearing it
apart, filing down the chips, and probing the memory physicaly.  IBM
made that even hard to do.  Certainly not something you did in 10
minutes.

Granted many of the smart cards on the market are just memories
that you cryptographicly store into but many are not.

[-- Attachment #2: Type: message/rfc822, Size: 2369 bytes --]

From: Jim Choate <ravage@ssz.com>
To: 9fans@cse.psu.edu
Cc: hangar18-general@open-forge.org, plan9-system-admin@open-forge.org
Subject: Re: [9fans] secret stuff
Date: Sat, 15 Jun 2002 07:49:24 -0500 (CDT)
Message-ID: <Pine.LNX.3.96.1020615074753.1158x-100000@einstein.ssz.com>


On Fri, 14 Jun 2002 presotto@plan9.bell-labs.com wrote:

> I don't.  I'ld use a smart card if I had one that I could get at most
> of the time.  As is we've made our secstore accessible from the outside
> of our firewall so I can use it even when I'm not at home.

Smart Cards have the same problem as PDA's, if you lose physical control
you lose your security. If anybody ever gets the card for 10 or more
minutes they can image the card and then at their leisure take a crack at
it.


 --
    ____________________________________________________________________

              When I die, I would like to be born again as me.

                                            Hugh Hefner
     ravage@ssz.com                                         www.ssz.com
     jchoate@open-forge.org                          www.open-forge.org

    --------------------------------------------------------------------

Re: [9fans] secret stuff

[Jim Choate]

On Fri, 14 Jun 2002 presotto@plan9.bell-labs.com wrote:

> I don't.  I'ld use a smart card if I had one that I could get at most
> of the time.  As is we've made our secstore accessible from the outside
> of our firewall so I can use it even when I'm not at home.

Smart Cards have the same problem as PDA's, if you lose physical control
you lose your security. If anybody ever gets the card for 10 or more
minutes they can image the card and then at their leisure take a crack at
it.


 --
    ____________________________________________________________________

              When I die, I would like to be born again as me.

                                            Hugh Hefner
     ravage@ssz.com                                         www.ssz.com
     jchoate@open-forge.org                          www.open-forge.org

    --------------------------------------------------------------------

Re: [9fans] secret stuff

[presotto]

I don't.  I'ld use a smart card if I had one that I could get at most
of the time.  As is we've made our secstore accessible from the outside
of our firewall so I can use it even when I'm not at home.

Re: [9fans] secret stuff

[Richard Miller]

> Running it on a hand held would also be a reasonable idea.  I considered just
> keeping my secstore on an ipaq with a wavelan in it.  At least then I have the
> stuff on the road.

The advantage of a smart card is tamper-resistance.  How do you know someone
hasn't borrowed your ipaq and installed a doctored version of secstored or
secuser?

-- Richard

Re: [9fans] secret stuff

[presotto]

[-- Attachment #1: Type: text/plain, Size: 177 bytes --]

Running it on a hand held would also be a reasonable idea.  I considered just
keeping my secstore on an ipaq with a wavelan in it.  At least then I have the
stuff on the road.

[-- Attachment #2: Type: message/rfc822, Size: 1497 bytes --]

From: Richard Miller <miller@hamnavoe.demon.co.uk>
To: 9fans@cse.psu.edu
Subject: Re: [9fans] secret stuff
Date: Fri, 14 Jun 2002 09:02:58 0100
Message-ID: <20020614080309.7589D19AA8@mail.cse.psu.edu>

> ... However, you should talk
> the Plan 9 file system messages and have some want make a pipe twixt
> the smart card and a process.

My intention is to have the smart card itself talking 9P (like the
inferno styx-on-a-brick) so you can access its services directly via
mount.

-- Richard

Re: [9fans] secret stuff

[Richard Miller]

> ... However, you should talk
> the Plan 9 file system messages and have some want make a pipe twixt
> the smart card and a process.

My intention is to have the smart card itself talking 9P (like the
inferno styx-on-a-brick) so you can access its services directly via
mount.

-- Richard

Re: [9fans] secret stuff

[presotto]

[-- Attachment #1: Type: text/plain, Size: 174 bytes --]

yes and no.  The PAK stuff doesn't need plan 9.  However, you should talk
the Plan 9 file system messages and have some want make a pipe twixt
the smart card and a process.

[-- Attachment #2: Type: message/rfc822, Size: 1571 bytes --]

From: Richard Miller <miller@hamnavoe.demon.co.uk>
To: 9fans@cse.psu.edu
Subject: Re: [9fans] secret stuff
Date: Thu, 13 Jun 2002 20:41:03 0100
Message-ID: <20020613194113.E61F519A9F@mail.cse.psu.edu>

> Hah. And Secstore lives on the auth server for safety.
> Perhaps I'll get an auth server.

For standalone Plan 9 users not served by an auth server, would
it make sense to have a secstore server running on a smart card?
Would I have to implement all of Plan 9 on my smart card in order
to be allowed to use the patented key-exchange protocol?

-- Richard Miller

Re: [9fans] secret stuff

[Richard Miller]

> Hah. And Secstore lives on the auth server for safety.
> Perhaps I'll get an auth server.

For standalone Plan 9 users not served by an auth server, would
it make sense to have a secstore server running on a smart card?
Would I have to implement all of Plan 9 on my smart card in order
to be allowed to use the patented key-exchange protocol?

-- Richard Miller

Re: [9fans] secret stuff

[nigel]

Hah. And Secstore lives on the auth server for safety.
Perhaps I'll get an auth server.

Re: [9fans] secret stuff

[Russ Cox]

We set up a secstore account for bootes.
The nvram contains bootes's secstore password,
which is used to initialize factotum.

Russ

[9fans] secret stuff

[nigel]

How do I keep the secret key for the tls/ssl certificate safe?
It must be present on the cpu server (or file server) since it needs
to be loaded into factotum some time. I guess it could be done from
a floppy (or similar removeable device) after oboot, and then removed.

However, this prevents unattended reboot. Is making the key owned by
bootes and inaccessible by group and other enough?