exclusive vs. shared smart card access

Andreas Schwier andreas.schwier.ml at cardcontact.de
Tue Sep 1 09:29:16 CEST 2015 

This is what we are doing in the SmartCard-HSM. The application
authenticates the device using ECDH and establishes a secure
communication channel that binds user authentication. This way the
application and SmartCard-HSM pair.

An application intercepting the communication will force the
SmartCard-HSM to terminate the secure session and clear authentication
states.

Without such a mechanism an application must indicate to PC/SC to reset
the card at the end of a session, effectively clearing authentication
states.

The new version even implements public key authentication with a n-of-m
threshold scheme to allow shared control for very sensitive keys.

Andreas

On 09/01/2015 09:15 AM, Simon Josefsson wrote:
> Jacob Appelbaum <jacob at appelbaum.net> writes:
> 
>> It sounds like there is a problem with the authentication protocol for
>> the card, doesn't it?
> 
> Yes, smartcard authentication is comparable to 1980's Unix
> authentication: send a password in clear text.
> 
> It is the same with all major smartcard protocols that I'm aware of.
> 
> What you want is to have something that could be called
> "application-level pairing", where the application creates a secure
> channel to the smartcard instead of trusting intermediares to proxy
> cleartext data properly.  Then proof of the PIN can be proven over that
> secure channel (not necessarily by sending it over directly).  One
> advantage with this is that access to the smartcard is available only to
> the application that opened it, and not any random process on the host.
> Then shared access to the smartcard would not be a problem.  Earlier
> versions of the U2F protocol had this property, but it was removed.  I
> don't know of any published smartcard protocol with this feature.
> 
> It would be cool if future versions of the OpenPGP Card specification
> would support this.
> 
> /Simon
> 
> 
> 
> _______________________________________________
> Gnupg-devel mailing list
> Gnupg-devel at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-devel
> 


-- 

    ---------    CardContact Software & System Consulting
   |.##> <##.|   Andreas Schwier
   |#       #|   Schülerweg 38
   |#       #|   32429 Minden, Germany
   |'##> <##'|   Phone +49 571 56149
    ---------    http://www.cardcontact.de
                 http://www.tscons.de
                 http://www.openscdp.org
                 http://www.smartcard-hsm.com

More information about the Gnupg-devel mailing list