7

We all appreciate smartcards because they secure private keys so they don't get exposed to the world.

But in a production-environment it's often the case that smartcards are staying inserted for a long time (hours).

Now two scenarios before the question follows:

  1. The PIN is stored by the (attacked?) application (like Firefox).
  2. The PIN needs to be re-entered for every critical operation.

Further the assumption can be made that private keys are exportable from the card.

Now the question:
Is it possible for a professional (targeted) attacker to obtain the private keys from the smartcard in a remote-attack scenario?

SEJPM
  • 9,500
  • 5
  • 35
  • 66
  • 2
    The answer will differ depending on how much tamperproof the manufacturer has performed on the smartcard in question. You might want to consult FIPS 201 et. al. – MCW Jun 30 '15 at 19:04
  • This will really depend on the manufacturer, and the type of smartcard you're referring to. Can you give any more specific details? – RoraΖ Jun 30 '15 at 19:21
  • @raz, this isn't a specific question but rather a conceptual question. The device I had in mind when asking this was the [ePass2003](http://www.ftsafe.com/product/epass/epass2003). If you'd prefer something more common (and enterprise grade?) the [eToken Pro](http://www.safenet-inc.com/multi-factor-authentication/authenticators/pki-usb-authentication/etoken-pro/) looks reasonable as a sample for the question (although I don't know if it allows exporting the keys). – SEJPM Jun 30 '15 at 19:27

3 Answers3

3

The weak link in most smartcard applications is PIN entry. Extracting private keys directly from the card is nearly impossible. With some acid package destruction and electron microscope work, a skilled team, and enough time, money, and luck you can in theory extract keys but it involves not only physical access but a scenario where the card will be physically destroyed.

However if the host system is compromised and the user's input of the PIN is keylogged and later replayed the smartcard will gladly work just as well for the attacker as it does for the user. If you are concerned about the host system being compromised you should look at direct PIN entry. Using a smartcard reader with a keypad the communication is directly between the keypad and the reader. The PIN never travels to host and thus is unavailable for intercept. While in theory the reader itself could be flawed I have never seen an exploit involving direct PIN entry and I would assume it would probably be hardware specific. There are methods to harden PIN entry without a dedicated keypad using programmable smartcards and OTP instead of PIN only but not sure if that is an alternative you are interested in.

Also keep in mind a lot also depends on the use case. Is the card being used for digital signatures? What is the damage resulting from an attacker obtaining a fraudulent signature vs stealing the actual private key. In some scenarios that is a significant mitigation in other scenarios it is a meaningless distinction. The latter scenario is much tougher to defend against because protecting the keys is easier than protecting unauthorized use of the keys.

Gerald Davis
  • 2,250
  • 16
  • 17
  • 2
    With power analysis you do not have to destroy the card and the private key can still be extracted. However, that's still an extremely expensive attack. – KovBal Jul 08 '15 at 13:12
0

If the card OS itself supports ANY command to export/read out secret key – you may imagine some scenarios to get private key remotely. But MOST (if not all…) do not have such functionality at all. Purposely. So it is then no matter of host security/protection utilized – the card cannot send back private key in any scenario. Some cards goes even further – they have NO key import function at all. You can only generate key pair inside the card and read public key only. This approach cuts off also any disputes IF private key have been copied BEFORE importing into the card. You can have private key in the card if cart itself had generated key pair or you do not have private key all in the card.

Of course all mentioned attack on card by physical inspections or power consumption/time/fault based analysis still exist but they are hardly exportable by remote means (maybe fault analysis could be sometimes still exportable remotely).

But the most dangerous threads are related to mentioned “remote usage of PIN authenticated card” which does not need any key extraction :) If you can use keys in the smart card remotely for providing signing actions you typically get what you want as the result of RSA calculation is the goal, not the private key itself ;)

DARc
  • 51
  • 1
  • 3
-1

No.

Forget about the remote part. Just give your smartcard to the attacker and tell him to use any resources to get the private key. He will not be able to do so on a local attack let alone on a remote attack. That is all what tamper proof is about.
At least that is what the manufacturers claim.

Jeff
  • 3,599
  • 4
  • 17
  • 23
  • ... and got certified? – SEJPM Jun 30 '15 at 20:06
  • but what if, (strong assumption), he finds a *zero-day exploit* in NSS (=high-level interface software, used by firefox/thunderbird, buffers PIN IIRC), is the answer still "no" then? – SEJPM Jun 30 '15 at 20:27
  • You changed the situation - the card is in use and being read - that's a vastly different scenario from a disconnected card. Memory, cached data, insecure applications are in play in the question. – schroeder Jul 01 '15 at 17:46