Tamper Resistance of SmartCards -- NitroKey Pro/ KernelConcepts

NIIBE Yutaka gniibe at fsij.org
Mon Jun 27 10:47:28 CEST 2016

On 06/24/2016 06:21 PM, Andreas Fenkart wrote:
> I'm only interested in creating signatures for FW releases. What
> confuses me is the claim made by NitroKey that it is "tamper
> resistant". I guess kernelconcepts card being a BasicCard[1] should be
> "tamper resistant" as well.

IIUC, NitroKey Pro uses ZeitControl smartcard for crypto computation.
So, it is same as a chip.

I think that the term "tamper resistance" is usually used for a chip,
if it has some counter measure against some sort of physical attacks.

Please note that it doesn't directly mean it can be safe device as a
whole.  I think that we also need some "tamper resistance" in
different level(s).

Well, the combination of smatcard chip + USB MCU (which works as a
card reader) is a kind of practice for a token.  And people discuss it
is good as it's has "tamper resistance" feature (in the chip level).

I think that the combo is generally good thing, but we also know that
this could have a different type of attack vector.

Suppose that an attacker has enough time&budget to manufacture similar
looking device, and it is possible for the attacker to access to my
device multiple times (say, at nights).  Then, there is a scenario

(1) he steals my device when I sleep.

(2) he extracts the smartcard chip from my device.  Then, using the
    chip, he makes a token replacing MCU or MCU's firmware.  The card
    reader part will have a special malicious feature recording PIN of
    mine in the communication.  And he puts back the device to me,
    before I wake.

(3) I just keep using my device.  I don't notice the change because
    "it just works".

(4) he again steals my device, at another night.

(5) Since PIN is recorded in the MCU, my private keys are under
    control by him now (even if the chip itself is "secure").

I usually recommend implementing some counter measure as a device by
customizing your own device.  Here are examples:


I don't know if it's an effective counter measure or not.  Anyway, I

If it's an effective counter measure, do we need chip level counter
measure?  That's my question.

Already, I know that an effective counter measure is never sleeping.
Please don't suggest this method. :-)

More information about the Gnupg-users mailing list