List Info

Thread: Communication between Smart Card and PC
Communication between Smart Card and PC
country flaguser name
Brazil		 2008-04-24 09:00:21 

  


  

    Hi all,

Talking about digital certification, i would like to ask if the communication between the Smart Card and PC is encrypt.

Thanks.


Miguel Silva
2;


      
Abra sua conta no Yahoo! Mail, o único sem limite de espaço para armazenamento! 


  

  
  
   
     
    

  

    Re:  Communication between Smart Card
and PC
  


  

     user name

     2008-04-25 04:33:51
  


  

    
On Thu, Apr 24, 2008 at 4:00 PM, Miguel Silva
<megs_rsyahoo.com.br> wrote:
> Hi all,

Hello,

> Talking about digital certification, i would like to
ask if the
> communication between the Smart Card and PC is
encrypt.

Why would you want to do that?
What is the threat?

Bye

-- 
 Dr. Ludovic Rousseau
_______________________________________________
opensc-user mailing list
opensc-userlists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-
user



  


  

    
  

  
  
   
     
    

  

    Re:  Communication between Smart Card
and PC
  


  

     user name

     2008-04-25 07:10:03
  


  

    
Hi Miguel,

here in Germany we get a new Typ of Smartcard
(Telesec/Netkey v3.0) 
communicating with the PC by an encrypted channel. 

On Thursday 24 April 2008 16:00:21 Miguel Silva wrote:
> Hi all,
>
> Talking about digital certification, i would like to
ask if the
> communication between the Smart Card and PC is
encrypt.
>

On Friday 25 April 2008 11:33:51 Ludovic Rousseau wrote:
> Why would you want to do that?
> What is the threat?
The cardreader could be tampered, so the communication
between PC and 
smardcard can be traced. 

-- 
Frank Fitzke

--
MailScanner
Email Virus Scanner
http://www.mailscanner.in
fo

_______________________________________________
opensc-user mailing list
opensc-userlists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-
user



  


  

    
  

  
  
   
     
    

  

    Re:  Communication between Smart Card
and PC
  


  

     user name

     2008-04-25 07:58:56
  


  

    
On 4/25/08, Fitzke, Frank <frank.fitzkeglobolog.com> wrote:
> Hi Miguel,
>
>  here in Germany we get a new Typ of Smartcard
(Telesec/Netkey v3.0)
>  communicating with the PC by an encrypted channel.

This is egg and chicken issue...
There are tree components which may be tampered:
1. The PC.
2. The wire between the PC and the reader.
3. The reader.

Let's say you want to deal with a situation in which only
one was tempered.

If the PC is tampered, and you don't use a reader with PIN
Pad, your
PIN is exposed, and may be used in order to sign/decrypt.

If the wire between the PC and the reader is tampered, the
question is
how you encrypt the communication to the reader, if you use
symmetric
key, the question is if it is random or constant, if it is
random, the
question is how you derive it from a master key, it it is
static, it
is as there is no encryption at all.

If the reader is tampered, it is similar to the wire issue,
but you
also need to take the PIN pad into account.

If the encryption is derived from public/private key, what
forbit from
attacker to provide a different pubic key? If encryption is
derived
from a master key, this master key should be known to PC
which is much
weaker from the reader.

If the encryption is derived from PIN, it is relative
secured, but
forced the user to enter the PIN at the PC, which is weak
anyway.

So it is difficult to implement secure channel, I hope you
know a good
way to deal with this.

Alon.
_______________________________________________
opensc-user mailing list
opensc-userlists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-
user



  


  

    
  

  
  
   
     
    






 [1-4]











   
 





about | contact  Other archives ( Real Estate discussion Medical topics )