Mailing List Archive: GnuPG: users

OpenPGP smartcard, how vulnerable is it?

Index | Next | Previous | View Threaded

htd at fritha

Aug 15, 2012, 9:53 AM

Post #1 of 6 (228 views)
Permalink

OpenPGP smartcard, how vulnerable is it?

Hi,

if someone gets physical access to an openpgp smartcard, where is
the weakest spot in the whole scenario then? Can the contents of the card
be copied, e.g. to circumvent the limited possibilities entering
the correct PIN / admin-PIN? Can the secret key be extracted to
brute-force the PIN / passphrase? Reverse engineering?! What else??

Me thinking: using this smartcard and a 10-digits PIN should be more
than sufficient, because the attacker has only three chances to get
the PIN right, and in case of a 10 digits PIN will he/she be quite
unlikely to succeed. (The passphrase itself may be a 50 chars random
concatenating of numbers, letters and special chars).

What am I missing?

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users

david at systemoverlord

Aug 15, 2012, 11:20 AM

Post #2 of 6 (216 views)
Permalink

Re: OpenPGP smartcard, how vulnerable is it? [In reply to]

Smartcards (including the one the OpenPGP smartcard is based on) are
designed to be highly resistant to tampering. While you can remove
the chip, you should not be able to read the contents of the chip
without the PIN. A highly sophisticated attacker MIGHT be able to get
to the chip internals and read the memory directly, but at that point,
you're probably talking about the intelligence agency of a major state
actor. (Theoretical attack, I'm not aware of any open papers
discussing it.) That being said, what is your threat model? If you
do not anticipate being targeted by a state actor, I am personally
convinced that a smartcard with a good pin provides more than enough
security.

(Take my response with a grain of salt -- I'm just a user, not a developer.)

David

On Wed, Aug 15, 2012 at 9:53 AM, Heinz Diehl <htd [at] fritha> wrote:
> Hi,
>
> if someone gets physical access to an openpgp smartcard, where is
> the weakest spot in the whole scenario then? Can the contents of the card
> be copied, e.g. to circumvent the limited possibilities entering
> the correct PIN / admin-PIN? Can the secret key be extracted to
> brute-force the PIN / passphrase? Reverse engineering?! What else??
>
> Me thinking: using this smartcard and a 10-digits PIN should be more
> than sufficient, because the attacker has only three chances to get
> the PIN right, and in case of a 10 digits PIN will he/she be quite
> unlikely to succeed. (The passphrase itself may be a 50 chars random
> concatenating of numbers, letters and special chars).
>
> What am I missing?
>
>
>
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users [at] gnupg
> http://lists.gnupg.org/mailman/listinfo/gnupg-users

--
David Tomaschik
OpenPGP: 0x5DEA789B
http://systemoverlord.com
david [at] systemoverlord

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users

htd at fritha

Aug 15, 2012, 12:42 PM

Post #3 of 6 (215 views)
Permalink

Re: OpenPGP smartcard, how vulnerable is it? [In reply to]

Hi David,

On 15.08.2012, David Tomaschik wrote:

[....]

Thanks for answering. There's no thread model so far - and I'm quite
shure that I'm not a target for any security agency :-)

The background for my question is simply "what's in it for me if I use
such a card". Will the benefits outweight the drawbacks, and what are
in fact such drawbacks, if there are some?

Frankly, I find it very convenient to be able to use a simple PIN for
nearly all operations, and not the long and compilcated passphrase.

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users

adulau at foo

Aug 15, 2012, 12:46 PM

Post #4 of 6 (213 views)
Permalink

Re: OpenPGP smartcard, how vulnerable is it? [In reply to]

On Wed, Aug 15, 2012 at 8:20 PM, David Tomaschik
<david [at] systemoverlord> wrote:
> Smartcards (including the one the OpenPGP smartcard is based on) are
> designed to be highly resistant to tampering. While you can remove
> the chip, you should not be able to read the contents of the chip
> without the PIN. A highly sophisticated attacker MIGHT be able to get
> to the chip internals and read the memory directly, but at that point,
> you're probably talking about the intelligence agency of a major state
> actor. (Theoretical attack, I'm not aware of any open papers
> discussing it.)

It's more than a theoretical attack, the Sykipot Malware is proxying
access to the smartcard reader. And by so the attacker is able to
use the functionality of the card without requiring to tamper the card
itself.

For a complete analysis of the malware:

http://www.sans.org/reading_room/whitepapers/malicious/detailed-analysis-sykipot-smartcard-proxy-variant_33919

I hope this helps.

--
-- Alexandre Dulaunoy (adulau) -- http://www.foo.be/
-- http://www.foo.be/cgi-bin/wiki.pl/Diary
-- "Knowledge can create problems, it is not through ignorance
-- that we can solve them" Isaac Asimov

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users

gnupg at lists

Aug 16, 2012, 1:29 AM

Post #5 of 6 (212 views)
Permalink

Re: OpenPGP smartcard, how vulnerable is it? [In reply to]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 15/08/12 20:46, Alexandre Dulaunoy wrote:

> It's more than a theoretical attack, the Sykipot Malware is
> proxying access to the smartcard reader. And by so the attacker is
> able to use the functionality of the card without requiring to
> tamper the card itself.
>
> For a complete analysis of the malware:
>
> http://www.sans.org/reading_room/whitepapers/malicious/detailed-analysis-sykipot-smartcard-proxy-variant_33919
>
> I hope this helps.

Obviously, if malware is in control of your machine, one of the many
things it can do is talk to the smart card reader. It can't force you
to enter your card though, and it can't read the keys from the card
when it's inserted, and if you're using a hardware pin pad, it can't
intercept your pin either. It can attempt to initiate
decryption/signing, but it still requires the user to enter their pin,
so some sort of social engineering is also required. It could wait for
you to try to decrypt/sign something, and then send some alternative
data to sign/decrypt to the reader instead, but at least the user
would see that something went wrong, and that would only work for one
sign/decrypt operation.

So using a smartcard prevents an attacker from getting access to your
keys, and severely limits the amount of decryption/signing they can do
even if they completely own your machine. However, if they completely
own your machine, you're probably screwed anyway.

On the other hand, this is not what was originally asked. The question
is, can an attacker with physical access to the card, either use it,
or read the keys off it. And the answer is: With a lot of money, probably.

Personally, I think that remote attacks against my system are many
orders of magnitude more likely than physical attacks where an entity
with lots of money steals my card and reads the keys off it. So I'm
happy to put my keys on a smart card.

- --
Mike Cardwell https://grepular.com/ http://cardwellit.com/
OpenPGP Key 35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F
XMPP OTR Key 8924 B06A 7917 AAF3 DBB1 BF1B 295C 3C78 3EF1 46B4
-----BEGIN PGP SIGNATURE-----

iQGGBAEBCgBwBQJQLK99MBSAAAAAACAAB3ByZWZlcnJlZC1lbWFpbC1lbmNvZGlu
Z0BwZ3AuY29tcGdwbWltZTgUgAAAAAAVABpwa2EtYWRkcmVzc0BnbnVwZy5vcmdt
aWtlLmNhcmR3ZWxsQGdyZXB1bGFyLmNvbQAKCRCdJiMBwdHnBOTtCADF3g30Hrlh
dYGg2F1f91Dd3VJJMM6yHC/DCDYs/MwmaSiAleSXghbJkaDcLRFAsXCaD4a/fKrP
GptSt+fl3/G6QDtiIYoD55VqHNKm+gGafugkgfuLkgo3moEUmlMUITjqKo8NDQeo
//wy1Xln/cz9w7pjrXDvYgjthK3LgyDDRSy8JyjyNn7cW5qZ+9vgam7tBHZa1n2w
ZLSvKT5ROfk0Qwujnhha+SD2hc8xmlJi8GoyaWCqGVUCsLR2wB+sUzyLBdhwZAgR
GcrM0DV2lZ7hUd1KWGSxH8sXCGItBLMJV5vvmhcwTQt1k69bRZhIk2EUSzEjifvw
HvHyLpIJyZDX
=ZkzY
-----END PGP SIGNATURE-----

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users

peter at digitalbrains

Aug 18, 2012, 4:16 AM

Post #6 of 6 (213 views)
Permalink

Re: OpenPGP smartcard, how vulnerable is it? [In reply to]

On 16/08/12 10:29, gnupg [at] lists wrote:
> It can attempt to initiate decryption/signing, but it still requires the
> user to enter their pin, so some sort of social engineering is also
> required. It could wait for you to try to decrypt/sign something, and then
> send some alternative data to sign/decrypt to the reader instead, but at
> least the user would see that something went wrong, and that would only
> work for one sign/decrypt operation.

This is correct for signing, when using the "signature force PIN" flag.
Unfortunately, there is no equivalent flag for encryption (or authentication),
so once a user has entered the PIN, the malware can just request additional
decryptions and authentications. The user probably won't notice. A LED on the
reader might flash when accessing the card, but if you do those additional
encryptions and authentications directly after a user-initiated action, they
probably won't notice that it flashes for a little longer than normal.

Peter.

--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads