Making the case for smart cards for the average user

Joey Castillo jose.castillo at gmail.com
Sat Mar 14 22:00:08 CET 2015 

I'll concede the first point: some minority of people won't get it
even if we make it simpler. As to the second one: even with a password
manager, the security of that still depends on choosing and guarding a
complex password to secure the password store. It's passwords all the
way down.

>> With a smart card they can keep their secret keys in
>> one place, as opposed to creating multiple points of
>> potential compromise.
>
> It there not still potential compromise each time you use it, such as
> the possibility of malware substituting the message?

Certainly; if your system is compromised by malware it could
substitute the message, store session keys, or keylog your PIN for
that matter. If your system is compromised, all bets are off. The
difference is that with your keys on a smart card, at least such a
breach won't compromise your secret key material. And you can prevent
further unauthorized use by simply removing the card; this is not
possible if the attacker has stolen your keyring and passphrase.

Without smart cards, if I want to use GnuPG on my laptop, my iPhone
and my Nexus 7, I have to put my secret key on each of those devices
and enter my passphrase into each of those devices. This dramatically
increases the surface area available for an attack on my secret keys.

> How secure is the NFC communication? Could a situation be contrived
> where the person next to you in a crowd managed to get you to sign a
> message on their device instead of your own?

In practice, you have to more or less touch the card to the device
you're using it with; an attacker would have to generate an RF field
that overpowers the one generated by the device. But yes: with
specialized equipment and close proximity, an attacker could
theoretically modify data or eavesdrop. [1] It's a tradeoff: in
exchange for better security for my secret key material, I'm exposing
myself to a threat from a determined, active attacker that's able to
get specialized gear into the same room as me while I'm using my card.
For some minority of people, that may be a reasonable concern; for
most people, it really isn't.

Also, there's nothing preventing us from better securing the NFC
channel in a future card specification; in particular, NFC's
resistance to man in the middle attacks makes it easy to establish a
shared secret to secure the channel, as proposed in a 2010 standard.
[2]

[1]: http://events.iaik.tugraz.at/RFIDSec06/Program/papers/002%20-%20Security%20in%20NFC.pdf
[2]: http://www.ecma-international.org/publications/files/ECMA-ST/ECMA-386.pdf

-- 

Joey Castillo
www.joeycastillo.com

More information about the Gnupg-users mailing list