[cryptography] Smart card with external pinpad

Ian G iang at iang.org
Sat Aug 20 17:01:40 EDT 2011

On 21/08/11 6:21 AM, Simon Josefsson wrote:
> Thierry Moreau writes:
>> If there were devices meeting the stated goal (commercially available
>> with a reasonable cost structure), they would be a very useful
>> security solution element for high security contexts. The user
>> guidance would be: never enter the PIN anywhere else than on one of
>> these devices. Gone the phishing threat!
> Not so fast -- that prevent the phisher from getting the PIN, but what
> the phisher usually wants is to perform some private key operation using
> your smartcard without you noticing.

Yes.  A problem with smart cards is that they typically aren't secure by 
themselves, they typically require a secure interface device.

(Unless we're talking about some of the more advanced digital cash 
designs, but they have the advantage of a simplified security goal.)

> All smartcard readers with PIN entry pads that I have used has had the
> property that once you have entered the PIN, the host (which normally is
> untrusted and can have a trojan running) will be able to perform
> unlimited number of private key operations using your smartcard.

It all depends what you mean by "the host".  Typically, the reader is 
part of the hard security boundary, and it exports some safe high-level 
API.  In rollouts, the reader is also a heavily branded item that the 
customer is supposed to learn, so as to avoid sticking the card into any 
old slot.

Where you've got some pass-through reader connected to a PC, all bets 
are off!  That's a breach of the security model.  Or a development kit. 
  Or a bankers' liability shifting model :P

> So the trojan have to wait for someone to enter their PIN to do a normal
> transaction, and then the trojan can ask the smartcard to do whatever it
> wants.  Bingo.
> I'm surprised there aren't smartcard readers with a button to authorize
> every private key operation.  At least I haven't seen any.  It is still
> not perfect (the trojan can race the legitimate application and perform
> its operation first) but it is an improvement.

There are.  They're called cellphones.  Problem is, until recently they 
weren't hackable so easily.  Apple then Google fixed that, so maybe 
we'll see more use in the future.


More information about the cryptography mailing list