[3486] in cryptography@c2.net mail archive
Re: IP: State Govt Will Use Datakey Smart Cards
daemon@ATHENA.MIT.EDU (Arnold G. Reinhold)
Fri Oct 16 11:58:44 1998
In-Reply-To: <kjogrebx1a.fsf@speedy.rtfm.com>
Date: Thu, 15 Oct 1998 12:05:23 +0100
To: EKR <ekr@rtfm.com>
From: "Arnold G. Reinhold" <reinhold@world.std.com>
Cc: "Enzo Michelangeli" <em@who.net>, <cryptography@c2.net>
At 3:26 PM -0700 10/14/98, EKR [Eric Rescorla ekr@rtfm.com] wrote:
>"Arnold G. Reinhold" <reinhold@world.std.com> writes:
>
. . .
>> Methods to eliminate that risk are at least worth
>> discussing.
>>
>> For example, it might make sense to separate the RNG from the rest of the
>> smart card, perhaps as a detachable submodule. The smart card could then be
>> audited by supplying a known bit stream to the RNG input and verifying that
>> all outputs followed published algorithmic specs.
>Except that there's some special message you can send the card which
>puts it into spy mode where it starts leaking. So it shows up fine
>under testing but the spooks can compromise it.
>
One could have a number of nodes set up with smart cards driven by
deterministic pseudo-random bit streams and compare the outputs with a
software implementation of the smart card algorithm. Any attempt to turn on
"spy mode" on these nodes would be caught immediately. Risk of detection
would be a serious deterrent to a smart card manufacturer.
>I think Reflections on Trusting Trust is the appropriate reference
>here.
>
I looked up the paper. (Thanks AltaVista). It is at
http://info.acm.org/classics/sep95/ Thompson's method of burying bugs deep
in complier binaries is a cute hack, but hardly a rigorous proof that "You
can't trust code that you did not totally create yourself." I can think of
a number of ways of countering the attack he describes. The question of
creating trusted compilers and other tools might best be folded into the
ongoing Buffer Overrun thread.
I am not saying bootstrapping trust is easy, but I believe that it is
possible and that it is very important work.
Arnold Reinhold
