[107595] in Cypherpunks
Re: ArcotSign Software Smartcard
daemon@ATHENA.MIT.EDU (Martin Minow)
Tue Jan 19 02:08:08 1999
In-Reply-To: <19990118213419.E12860@arianrhod.systemics.ai>
Date: Mon, 18 Jan 1999 22:45:28 -0800
To: Ryan Lackey <ryan@venona.com>, Robert Hettinga <rah@shipwright.com>,
dbs@philodox.com, cypherpunks@algebra.com, marlin@arcot.com
From: Martin Minow <minow@pobox.com>
Reply-To: Martin Minow <minow@pobox.com>
I was at the Cypherpunks meeting where the ArcotSign system was
presented. The major objection I recall was that the system will
be deployed on a standard personal computer. Hence, irregardless
of the quality of the cryptography, the system is exposed to
the insecure environment of the user's computer. There are
no feasable protections against Trojan Horse attacks (in general:
I don't know what ArcotSign-specific protections are provided.
At the same meeting, Ian Goldberg previewed his talk to the
RSA conference. His approach relies on a Palm Pilot to hold
the secret information. The advantage is that the Palm Pilot
is small enough to be portable, of limited functionality (hence
presumably less sensitive to external hacking), and provides
a user interface (so the user doesn't sign rogue messages.
Ian's approach, however, is vulnerable to attacks through the
Palm Pilot's backup mechanism: If I can put my Trojan Horse on
the computer you use for backup, The Pilot's own backup utility
will install it on the end-user's PDA.
At the Cypherpunks meeting, I gave an overview of the Dallas
Semiconductor Java iButton <http://www.ibutton.com/>. This
provides a SmartCard (with Java and a hardware implementation
of the modular exponentiation function) enclosed in a
tamper-resistant container. While I haven't implmented anything
significant on the iButton, you should be able to do PGP-style
key-signing without the risk of your key "leaking" out of the
secure environment.
My opinion, for whatever it's worth, is that each approach has
both advantages and disadvantages, and that calling one of them
"Snake Oil" doesn't help advance the discussion.
Martin Minow
minow@pobox.com
