open hw smart card reader: a good idea?

classic Classic list List threaded Threaded
10 messages Options
Reply | Threaded
Open this post in threaded view
|

open hw smart card reader: a good idea?

Bud P. Bruegger
This is somewhat off topic..

I talked to a friend the other day who makes hardware about smart card
readers.  He was suggesting that an open hardware implementation of the
reader may be interesting.  The base idea would be to have a single chip
that is programmed by firmware to be a card reader--and only a USB or
Serial connector and a connector to the card as other components (and maybe
a LED). The firmware and the HW design would be open sourced...

On a first quick look, my friend thought that with a serial connection (or
USB that emulates a serial connection) it would be quite straight forward
to do.  (CCID seems to require more work unless the reader side of the sw
is already available).

I was wondering what you guys think on whether this was a worth while thing
to do or just a waste of time...

cheers
-b


-------------------------------------------------------------------------------------------------
Ing. Bud P. Bruegger, Ph.D.                 +39-0564-488577
(voice),  -21139 (fax)
Servizio Elaborazione Dati                    e-mail:  [hidden email]
Comune di
Grosseto                            http://www.comune.grosseto.it/cie/
Via Ginori,
43                                      http://OpenPortalGuard.sf.net
58100 Grosseto (Tuscany, Italy)           jabber:  [hidden email]

Free Software in Public Administration:  not just a good idea, but a necessity

Perfection is attained, not when there is nothing more to be added, but
when there is nothing more to be taken away -- Antoine de Saint-Exupery

_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: open hw smart card reader: a good idea? [u]

Andreas Jellinghaus-2
the things I expect from a reader are pretty well defined.
less would make it unusable, more features: I don't see how
there is anything to add. and many readers have those features.
also I don't have a security problem or anything like that:
readers are dump enough pieces of hardware.

so honestly: I don't see any benefit an open hardware reader can
provide. It is unlikely it can compete with price.

so: no gain.
at least not for a dump reader where I can build a dumbmouse
or what it was called. and a towitoko is stupid, simply and cheap
and works.

once it has pinpad and a display, it could add a gui display and
display logos or something like that. but I could use a mini linux
computer with a ps2 pinpad and a lcs display to build that. but still:
why would I need that?

so I don't see much reason to have an open hw smart cards reader
either dump or pinpad or display+pinpad.

so what could be interesting is wireless reader. I don't know that
area well, but I guess most existing hardware couldn't be used well
for scanning for cards, tokens and tags and stuff like that, and
it would be very nice if you could do anything the hardware theoreticaly
allows, not only what some firmware offers.

Andreas
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: open hw smart card reader: a good idea? [u]

Peter Stuge
I like the reader idea..


On Sat, Jul 02, 2005 at 01:53:41AM +0200, Andreas Jellinghaus [c] wrote:
[..]
> also I don't have a security problem or anything like that:
> readers are dump enough pieces of hardware.

Specifically for security reasons.

With current state of smart card affairs I have to trust the host.
My understanding is that pinpad readers don't really change that,
since they just act as input devices connected to the host, never
communicating directly with the card. (Which is pretty useless..)

Ultimately I'd like to only have to trust the card, but given the
standards I doubt this will happen, although it would be nice.

Second best is to only have to trust the card and the reader. The
only way this will work is if I can enter my pin on the reader and
the reader sends the PIN directly to the card, not via the host, and
if the reader+card combo requires physical confirmation per key use.


> so honestly: I don't see any benefit an open hardware reader can
> provide. It is unlikely it can compete with price.

I'd pay extra for the above behavior.


> so what could be interesting is wireless reader.

As in RFID? RFID is pretty useless for security IMHO. But sure, a
cheap and open RFID reader would be nice, no doubt! :)


//Peter
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: open hw smart card reader: a good idea? [u]

Nils Larsch
Peter Stuge wrote:
...
> Specifically for security reasons.
>
> With current state of smart card affairs I have to trust the host.
> My understanding is that pinpad readers don't really change that,
> since they just act as input devices connected to the host, never
> communicating directly with the card. (Which is pretty useless..)
>
> Ultimately I'd like to only have to trust the card, but given the

this can't work as you never know what the host computer send
to the card (unless you supply whatever you want to sign
directly to the card but in this case the card os needs to
quite complex what undermines security of the card ...).

> standards I doubt this will happen, although it would be nice.
>
> Second best is to only have to trust the card and the reader. The
> only way this will work is if I can enter my pin on the reader and
> the reader sends the PIN directly to the card, not via the host, and
> if the reader+card combo requires physical confirmation per key use.

still you don't what you sign

>>so what could be interesting is wireless reader.

that would require secure messaging and opens a whole new can
of attacks ...

Nils
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: open hw smart card reader: a good idea? [u]

Peter Stuge
On Sat, Jul 02, 2005 at 10:36:27AM +0200, Nils Larsch wrote:
> >Ultimately I'd like to only have to trust the card, but given the
>
> this can't work as you never know what the host computer send
> to the card (unless you supply whatever you want to sign
> directly to the card but in this case the card os needs to
> quite complex what undermines security of the card ...).

Right,


> >Second best is to only have to trust the card and the reader.
>
> still you don't what you sign

..unless I can verify it on the reader before I enter the pin.


//Peter
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: open hw smart card reader: a good idea? [u]

Peter Stuge
(Please keep the discussion on the list.)

On Sat, Jul 02, 2005 at 07:15:16PM +0200, Jan Schermer wrote:
> >..unless I can verify it on the reader before I enter the pin.
>
> can you? AFAIK you only sign the hash of the data, not the data
> themselves... unless i misunderstood the thing :) and the hash is not
> computed on the card

That's right, that's how it works now. The host calculates the hash.

Perhaps the hash could be computed by the reader though? I think the
original poster was asking if an open hardware reader could improve
state of the art somehow and I know I would like to eliminate the
threat posed by untrusted hosts.


//Peter
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: open hw smart card reader: a good idea? [u]

Nils Larsch
Peter Stuge wrote:

> (Please keep the discussion on the list.)
>
> On Sat, Jul 02, 2005 at 07:15:16PM +0200, Jan Schermer wrote:
>
>>>..unless I can verify it on the reader before I enter the pin.
>>
>>can you? AFAIK you only sign the hash of the data, not the data
>>themselves... unless i misunderstood the thing :) and the hash is not
>>computed on the card
>
>
> That's right, that's how it works now. The host calculates the hash.

actually the card could calculate the hash as well but that's terrible
slow (and offers no advantage)

>
> Perhaps the hash could be computed by the reader though? I think the

the more features you shift from the host to the reader/card the more
complex the got (and hence more vulnerabler to attacks)

> original poster was asking if an open hardware reader could improve
> state of the art somehow and I know I would like to eliminate the
> threat posed by untrusted hosts.

still you don't what the host sends to the card

Nils
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: open hw smart card reader: a good idea? [u]

Bernhard Fröhlich-2
In reply to this post by Peter Stuge
Peter Stuge wrote:

>I like the reader idea..
>
>
>On Sat, Jul 02, 2005 at 01:53:41AM +0200, Andreas Jellinghaus [c] wrote:
>[..]
>  
>
>>also I don't have a security problem or anything like that:
>>readers are dump enough pieces of hardware.
>>    
>>
>
>Specifically for security reasons.
>
>With current state of smart card affairs I have to trust the host.
>My understanding is that pinpad readers don't really change that,
>since they just act as input devices connected to the host, never
>communicating directly with the card. (Which is pretty useless..)
>  
>
No, it is possible to let a pinpad reader talk directly with the card.
Of course you have to programm it correctly, but that's the whole idea
behind class 2 readers. If done correctly the PIN never reaches the
host, and most (though, as rumours go, not all) pinpad readers will not
allow to be used as input device for the host. And I hoe those that do
will clearly advertise if input goes to the host (by means of LEDs or so).
[...]

In other mails it has been said:

> That's right, that's how it works now. The host calculates the hash.
>
> actually the card could calculate the hash as well but that's terrible
> slow (and offers no advantage)
>
>>
>> Perhaps the hash could be computed by the reader though? I think the
>
AFAIK part of this idea is already used in german Geldkarte (CashCard?).
If you use a class 3 reader and Geldkarte to pay via the internet the
reader's display shows you how much money will be transfered before you
hit the OK button. Please note, this is theory, I still have not managed
to pay anything on the internet with Geldkarte. ;)

The problem with this is, that a open reader won't help you much since
you also need the card which tells the reader what to display. And a
hopefully widely supported protocol how the card talks with the reader.
And even a open reader only improves security if you build it yourself,
since if someone else does the soldering for you who will guarantee that
there is no tiny little device built between keyboard an reader which
sends every key hit somewhere by some wireless means? And, btw, who'll
guarantee that the reader-chip itself conforms to the published
specification?

Today, if I buy a class 2 or 3 reader at least it is certified by
someone (btw, who issues this certificate???) that the reader's design
is ok and the reader's case is sealed. So I know whom I have to trust,
and I'm afraid you can only shift trust if you don't do everything by
yourself.

Ted
;)


_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-devel

smime.p7s (4K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: open hw smart card reader: a good idea? [u]

Nils Larsch
Bernhard Froehlich wrote:
...

>> That's right, that's how it works now. The host calculates the hash.
>>
>> actually the card could calculate the hash as well but that's terrible
>> slow (and offers no advantage)
>>
>>>
>>> Perhaps the hash could be computed by the reader though? I think the
>>
>>
> AFAIK part of this idea is already used in german Geldkarte (CashCard?).
> If you use a class 3 reader and Geldkarte to pay via the internet the
> reader's display shows you how much money will be transfered before you
> hit the OK button. Please note, this is theory, I still have not managed
> to pay anything on the internet with Geldkarte. ;)
>
> The problem with this is, that a open reader won't help you much since
> you also need the card which tells the reader what to display.

the card should tell the reader what to display, how should this work ?
unless the whole protocol is implemented in the smartcard (rather
unlikely) the card only sees either a hash value (which has no pratical
use for the user) or the data to be hashed, but as this data is almost
never ascii plaintext hence not really helpful for the user either.

> And a
> hopefully widely supported protocol how the card talks with the reader.
> And even a open reader only improves security if you build it yourself,
> since if someone else does the soldering for you who will guarantee that
> there is no tiny little device built between keyboard an reader which
> sends every key hit somewhere by some wireless means? And, btw, who'll
> guarantee that the reader-chip itself conforms to the published
> specification?
>
> Today, if I buy a class 2 or 3 reader at least it is certified by
> someone (btw, who issues this certificate???) that the reader's design
> is ok and the reader's case is sealed.

I wouldn't overestimate the value of such a certification

Nils
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: open hw smart card reader: a good idea?

Bryce Hilton
In reply to this post by Bud P. Bruegger
How about designing an hardware implementation of a host module that
would be used by smartcard-terminal developers to implement the host
software.  The hardware "host module" would communicate with the card
reader as well as other peripherals, such as storage, copier, vending
machine, etc.  Maybe a Palm III device could be used as the platform,
since it has two serial ports, IR, storage, and a complete dev
environment.

For example, in a coke machine, something needs to debit the card and
send a signal to the machine to release the soda can.  Or, in a
copier, the host module would debit the card and send a signal to the
copier to complete the transaction by making a copy.

Working on projects where the company I worked for was responsible for
designing the smartcard application, we were always dependent on the
suppliers of terminal equipment to implement our smartcard
application, or to supply the tools, which were always proprietary and
quirky.  It would be so much quicker and less of a hassle if we could
implement the terminal application ourselves on some "open" platform.
My perspective on this may be a little naive; interested to hear what
other sc-developers have experienced.

BH

On 7/1/05, Bud P. Bruegger <[hidden email]> wrote:

> This is somewhat off topic..
>
> I talked to a friend the other day who makes hardware about smart card
> readers.  He was suggesting that an open hardware implementation of the
> reader may be interesting.  The base idea would be to have a single chip
> that is programmed by firmware to be a card reader--and only a USB or
> Serial connector and a connector to the card as other components (and maybe
> a LED). The firmware and the HW design would be open sourced...
>
> On a first quick look, my friend thought that with a serial connection (or
> USB that emulates a serial connection) it would be quite straight forward
> to do.  (CCID seems to require more work unless the reader side of the sw
> is already available).
>
> I was wondering what you guys think on whether this was a worth while thing
> to do or just a waste of time...
>
> cheers
> -b
>
>
> -------------------------------------------------------------------------------------------------
> Ing. Bud P. Bruegger, Ph.D.                 +39-0564-488577
> (voice),  -21139 (fax)
> Servizio Elaborazione Dati                    e-mail:  [hidden email]
> Comune di
> Grosseto                            http://www.comune.grosseto.it/cie/
> Via Ginori,
> 43                                      http://OpenPortalGuard.sf.net
> 58100 Grosseto (Tuscany, Italy)           jabber:  [hidden email]
>
> Free Software in Public Administration:  not just a good idea, but a necessity
>
> Perfection is attained, not when there is nothing more to be added, but
> when there is nothing more to be taken away -- Antoine de Saint-Exupery
>
> _______________________________________________
> opensc-devel mailing list
> [hidden email]
> http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-devel
>
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-devel