Tamper Resistance of SmartCards -- NitroKey Pro/ KernelConcepts

Andreas Fenkart afenkart at gmail.com
Fri Jun 24 11:21:15 CEST 2016


I'm comparing NitroKey Pro and KernelConcepts OpenPGP card.


I'm only interested in creating signatures for FW releases. What
confuses me is the claim made by NitroKey that it is "tamper
resistant". I guess kernelconcepts card being a BasicCard[1] should be
"tamper resistant" as well.

I did a bit of googling:

- uses STM32F103TB
- the chip supports JTAG
- no special counter measures, or security section in the specification

- http://www.basiccard.com/
- didn't find the exact BOM, but probably it's there

Probably either cards resist hardware attacks, "side-channel", etc...
- http://www.wrankl.de/SCH/Attacks.pdf

-  "What is the attack scenario you’re most worried about — a backdoor
or bug, accessible via the standard interface over the network,
someone owning your computer while extracting sensitive information
from your security token, or that someone in possession of your key
could retrieve such information?"

I'm okay with number one. I don't want anybody to extract the key
while it's connected to a computer that I don't trust. I'm not so much
concerned about the smartcard being stolen and the key extracted, by
observing heat ouput or JTAG. But I have to make sure the key never
leaves the hands of people I fully trust,

that means:
- don't send it via postal service
- if it's lost/found key must be revoked

Nonetheless, what are the low hanging fruit, to improve its tamper resistance?
- kernelconcepts / NitroKey are they equivalent?
- of course change admin/user pin
- what is the card manager key mentionned in the yubic link? Do I need
to change something?


[1]  Manufacturer: ZeitControl
reported by gpg2 --card-status

[2] discussion discussing internals of various vendors

More information about the Gnupg-users mailing list