Smartcards and tokens

NIIBE Yutaka gniibe at fsij.org
Fri Dec 16 01:25:05 CET 2016 

sivmu <sivmu at web.de> writes:
> it seems using those specific devices actually decreases
> security, assuming it is easy to manipulate specialised vendors of
> security hardware compared to manipulating electronic hardware in general.

Exactly, that's my point.  This is the reason why my approach of Gnuk
and NeuG tries to avoid specialized things.  Even, I avoid using crypto
accelerator, which (many of) experts say mandatory.

I think that an approach using commodity hardware makes sense.  My
theory is that if it's simpler and cheap enough, difficulty putting
backdoor would increase.  I don't know if this is true, but I considered
opposite must be likely; With enough space of silicon and enough
complexly in design, attackers can do something more.

> With nitrokey,  both the hardware design and the software is open source
> and both have been audited.

Is it audited?  I didn't know that.  For me, audit by an expert (or two)
is not enough.  It should be possible by anyone, or at least, by any
user who purchases it.  It's sad for me that Nitrokey is not easy to
open physically.  I mean, opening the device to examine the board.

> Bu I don't think that will keep some people from intercepting
> deliveries of such devices or mess with the production.

I don't know about the former, it depends on country.  For the latter,
it is real concern for me now.

I make the hardware design as simple as possible so that inspection by
human eye can be effective against replacing/adding chip.

Difficult part (for me) is to assure initial firmware flashing in
a factory.

In (most of) factory environment, proprietary operating system
dominates.  I'm not sure if this is the weakest link, but this could be
weaker point.  When an attacker replaces the firmware to be written,
it affects all devices to be shipped.

Perhaps, it would be good if an MCU has a feature of reporting hash of
its content of flash memory (even if flash is protected and it is not
possible to read out its content).  Then, an end user could examine
the hash code.

I think that the better current practice is: purchase commodity hardware
and flash at the user side.
--

More information about the Gnupg-users mailing list