Increasing Public Key Crypto Security with Handhelds

Brian Ristuccia brianr at osiris.978.org
Sat Nov 27 15:38:49 CET 1999


On Sun, Nov 28, 1999 at 09:19:31AM +1300, Peter Gutmann wrote:
> Brian Ristuccia <brianr at osiris.978.org> writes:
> 
> >On Sun, Nov 28, 1999 at 08:13:52AM +1300, Peter Gutmann wrote:
> >>The easiest way to handle this would be to take gpkcs11,
> >>http://www.trustcenter.de/html/Produkte/TC_PKCS11/1494.htm, and port it to the
> >>Palm Pilot so it can act as a PKCS #11 token.  For handling the other side of
> >>things, I hope to release my general-purpose PKCS #11 interface code before the
> >>end of the year, this has been tested with a wide variety of tokens including
> >>smart cards, iButtons, crypto hardware, datakeys, and other bits and pieces,
> >>so you could use that to talk to the Palm Pilot.
> 
> >Would such an arrangement allow for a partial display of the encrypted
> >document before the session key is released to the PC? Would it offer the
> >display of a document summary before signing in a way that said document
> >summary would invalidate the signature if it was not actually a subset of the
> >document being signed?
> >
> >Otherwise, a compromised PC could trick the user into using their handheld to
> >decrypt or sign arbitrary documents.
> 
> This is a fairly common response to a security system of this type: "It's a
> nice system, but it won't stop Men in Black from hitting you with a stun ray
> just after you type in your password and stealing your secret key, therefore
> it's no good".  What you asked for originally was a means of protecting a
> secret key.  A PKCS #11 token gives you that (along with a general-purpose
> interface which will talk to a wide range of security software).  What it won't
> give you is a complete secure message processing and display environment, both
> because the programming interface can't handle it and because (when implemented
> on a Palm Pilot) the hardware isn't up to it (encrypting, say, a 1MB Word 
> document sent over an IR link to a slow CPU and sending the result back isn't 
> going to be quick, there's no way you can display the text because the Palm 
> doesn't run Word, and if it did you'd be vulnerable to an infinite array of 
> macro viruses and other problems).
> 
> What you're asking for now is a solution to a completely different problem
> which requires a lot more work:
> 
> - What's a "partial display of the decrypted document"?  What if it's non-ASCII
>   text?  What sort of display is meaningful?

This one's easy. If it's text, decrypt the first 1 or 2k and display it. If
it's some sort of binary file, identify the type from a short list of known
types (ala file(1)), and then display the first 1k or so of ascii strings
stored therein. 

It won't eliminate attacks, but it should reduce the possibility. For
example, if you're expecting a text-only email from your girlfriend and the
handheld says "Excel Document. Strings: Q3 Financial Results"

> - What's a "document summary"?  How do you generate it?  How do you tie it to
>   the document?  What data formats are used to encode it?  How is its validity
>   checked?
> 

This is a complicated question. I hope whoever answers it is nice enough to
let everyone use it instead of patenting it. 

> Whoever can solve those problems, in something selling for less than about
> $50, probably stands to make a lot of money.
> 

The palm computing devices, unfortunately, cost more than $50. The cheapest
model is made by handspring and costs $150. 

-- 
Brian Ristuccia
brianr at osiris.978.org
bristucc at nortelnetworks.com
bristucc at cs.uml.edu



More information about the Gnupg-devel mailing list