Talking about Cryptodevices... which one?

Matthias-Christian Ott ott at mirix.org
Fri Feb 6 01:21:28 CET 2015


On 2015-02-05 10:38, Peter Lebbing wrote:
> On 04/02/15 23:12, Matthias-Christian Ott wrote:
>> You could protect against this scenario by signing the firmware.
> 
> Yes, you /could/. However, we were talking about Rainer smartcard readers, which
> /don't/.

Do you have evidence for this? If they provably don't sign their
firmware or incorrectly check the signature and are not responsive,
perhaps it would be helpful to talk to them through third parties like
BSI or S-CERT (Deutscher Sparkassen Verlag exclusively sells Reiner SCT
readers for HBCI and I'm sure that it would be in their interest to only
allow firmware updates that are signed) with Reiner SCT instead of
speculating about backdoors.

Moreover, why should the readers accept unsigned firmware if "the
government" requested the ability to install "modified" firmware? The
manufacturer could simply handover the keys.

At least the cyberJack RFID komfort conforms to BSI-TR 03119 [1,2] and
is in the reader category that requires signed firmware updates (see
sections 3.1 and A.8) and the certification report also mentions this.
You can of course speculate what "authorised persons or systems" means.
However, I think it is safe to assume that the German government is not
outright crazy and does not try to undermine the security of their eID
cards because fake eID cards are not in their interest and they can
issue themselves fake eID cards without the need to compromise a
smartcard reader. So at least for this particular model your statement
seems wrong and the fact that Werner Koch claimed this doesn't make it
right.

Of course without the source code it requires a major reverse
engineering effort to verify that the statements of the certification
companies are correct or that the code is bug-free. Moreover, the
certification report does not mention that the certification companies
verified the source code or even looked at it.

> I think I see some source of confusion. You wrote:
> 
>> You speculated that Rainer SCT might cooperate with the German intelligence
>> agency BND. You gave the following reason for your suspicion:
>> "microcontrollers are smaller and writing malware for them is harder".
> 
> I never read it that way. To me, it were two spearate arguments, one on how
> trustworthy Rainer appears in its dealings, and the other on the hackability of
> their hardware. So I might have misinterpreted what you wrote following that.

Only Werner Koch knows how this statement was meant. I read it the way I
described it and think that there is no contradiction between both aspects.

> Oh, by the way:
> 
>> But will a smartcard solve the problem that the host computer might be
>> infected with malware?
> 
> I'm absolutely sure nobody made that claim. More miscommunication galore? ;)

Werner Koch suggested it (<87y4oen5lx.fsf at vigenere.g10code.de>).

If I'm not mistaken the OpenPGP card is proprietary software and runs on
a proprietary operating system (BasicCard). If this is true, why should
you trust it and why does the FSFE distribute these cards even though
they conflict with their core values?

What is the threat model in which a smartcard is an effective defense
and what are attacks that smartcards protect against? How are smartcards
supposed to protect against malware on the host computer?

If somebody wants to discuss or answer these questions that I'm asking
myself for years, I will be happy to continue the discussion otherwise
I'm out of it.

Regards,
Matthias-Christian

[1]
https://www.bsi.bund.de/DE/Publikationen/TechnischeRichtlinien/tr03119/index_htm.html
[2]
https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Zertifizierung/Konformitaetsreporte/BSI-K-TR-0068-2011.pdf?__blob=publicationFile



More information about the Gnupg-users mailing list