As i understand SAM modules are kind of SMART Cards which connect to the MCU via ISO 7816 protocol.
Is there any other application for them except storing secure
keys?
Can I used usual mobile sim-cards instead of SAM module to storing
keys?
As i know when we store keys in the SAM module ,it is almost
impossible to retrieve the keys, & SAM used a sequence of random
challenge & polyphase authentication to verify the card.Then how SAM
send this verification to MCU?is there direct access between SAM &
Reader ? or they connected via MCU?which command used to store keys
in the SAM?
Is there any special standard protocol for this secure
transmission? (storing key in SAM/ Authentication between
CARD-SAM-MCU/ verifying process & ...)
Why chip manufacturer does not equipped their MCU to this secure
Element internally?
Is there any other application for them except storing secure keys?
Smart Cards contain a general purpose CPU, so anything you can think of. But performing operations on the stored keys are indeed their main purpose.
Can I used usual mobile sim-cards instead of SAM module to storing keys?
A generic (Java) card would make more sense.
As i know when we store keys in the SAM module it is almost impossible to retrieve the keys, & SAM used a sequence of random challenge & polyphase authentication to verify the card. Then how SAM send this verification to MCU? Is there direct access between SAM & Reader? Or they connected via MCU? Which command used to store keys in the SAM?
This really depends on the implementation.
Is there any special standard protocol for this secure transmission? (storing key in SAM/ Authentication between CARD-SAM-MCU/ verifying process & ...)
Not as far as I know. There are probably many "standards" that do apply, but to my knowledge there isn't a one that describes the use of SAM cards in general.
Why chip manufacturer does not equipped their MCU to this secure Element internally?
Sometimes they do.
Securing a chip is however very tricky. Basically you are storing a key in a device that you know an attacker is going to get its hands on. So you have to use address-bus scrambling, shields etc. etc. etc.
Using a standard smart card that has previously received certification and withstood penetration testing is much more cost effective.
Related
I am working on an embedded system that should support SNMPv3, and I am wondering how to let the user add new USM?
Is it reasonable to let the user add it by SNMP? by HTTPS?
Thanks
Avner
Depends on where you are aiming at with your product:
There are users out there that will only expect to receive some traps from your SNMPv3 device - Those users might not necessarily have access to tooling allowing them to add users via SNMP (or don't want to be bothered with having to install and operate free tooling).
Whether it makes sense to implement a user administration frontpage using HTTPS strongly depends on the amount of muscle your platform has. To me, that sounds a bit heavy-weight.
Most SNMPv3 devices I have come across so far had a simple ssh command-line-based interface for user management, so I would expect that is common practice in the market. Remember, adding users is a one-time activity in most environments.
What you should and must allow in any case is changing users' encryption and authentication keys using the USM MIB - The whole SNMPv3 security concept will cease to be of any value when keys cannot be frequently (ideally, in an automated way) changed.
Suppose I want to develop a IM application, and I want to ensure my users that I will not obtain their conversation information, that is, prove by a algorithm that I don't know about something.
How can I do that? Is their something similar to public-key method to do that?
I do not believe this is a solvable problem as long as the application you provide is a black box to the user. The way to achieve what you want is to provide the source code to your client so that the user can inspect it and potentially compile it themselves. For example, consider Tarsnap, which is targeting exactly this kind of problem (they provide online backups "for the truly paranoid"). The Tarsnap client is only provided in source form.
You can provide a similar (but weaker) assurance by publishing your protocol specification without publishing the source code to your implementation. This allows the user to inspect the protocol, determine whether it sends data that could be read in transit, and potentially implement their own client to protect themselves from any side-channels that might exist in your client.
The overarching rule is that cryptography is best done in public. Each piece of your system that is secret is a piece that the user must implicitly trust you on and cannot prove your behavior. The fewer secrets you enforce, the more trustworthy you can be.
Ultimately, however, I do not believe it is possible to prove that Eve does not know something. It is only possible to prove that Eve cannot discover something given that she stays within some set of rules.
As a quick proof by counter-example:
Alice sends message M to Bob using a provably-secure transform E(K,M).
Eve intercepts E(K,M), but since it is provably-secure, and she does not have K, she cannot decrypt it.
Eve begins dating Bob and convinces him to tell her K.
Eve performs D(K,E(K,M)) and recovers M.
Therefore, E(K,M) does not prove blindness over all possible attacks, despite being provably-secure over traditional attacks.
I am making a shared object that does a lots of encryption and decryption using public key and private key. I want store these keys within the binary, Is there any way to save these keys securely so that no one can use it . so How to embed a cryptographic key in a binary ?
If the code can access the keys, so can the users on whose machine the code is running. This is incontrovertible - there's no way around it unless you control the hardware.
Is there any way to save these keys securely so that no one can use it .
As millimoose said, no you can not. Or perhaps more accurately: you can not save data, any data, in a binary such that it is of use to your binary and not anyone else. While not usually discussed with this generic of a use case, this is the heart of Digital Rights Management - a desire to have some data (be it cryptographic or otherwise) that is only usable in a controlled manner.
The best you can accomplish, and this is a lot of work even for well funded and motivated organizations, would be to use the TPM to perform cryptographic operations on your behalf and in a manner that is tied to the state of the system. I'm guessing that solution isn't what you are looking for.
You cannot do this if you don't have control over the hardware and operating system. If you have full control, then then there is little need to add additional protection to the key. The best way of security storing keys is keeping them out of the binary. You could for instance use a secure token. This could be a TPM, a smart card or even a HSM. Those secure tokens do the cryptographic calculations on the token itself, so you never need to load it into memory.
If you want to have a very safe storage in a binary then you could take a look at this HSM. You can run your code within the HSM. Even with such a HSM, you should only generate the keys within the HSM and keep them in there. Oh, yeah, this requires you to spend several thousand dollars on an HSM...
My friend proved it to me by taking the WP7 papertoss games and getting the .xap from it and then posting his own high scores.
Is there any fool proof way to stop this ? (I think xbox live integration makes hacking the high scores impossible but that is for special people )
It depends first of all how the high-scores are sent. I can only assume that what your friend did was take the XAP and modify some internal file or track the HTTP web requests that are used to send the scores to the centralized locations. I have two recommendations for you.
Encrypt. Don't keep scores in plaintext. There are plenty of strong encryption methods that you can take advantage of that will render the scoreboard useless unless the person who tries to read it has the key.
If you send the scores to a web service, never send it in plaintext (once again). From my own experience I can say that web requests can be easily altered and sniffed. So if I see that the app sends http://yourservice/sendscore?user=Den&score=500, I might as well invoke http://yourservice/sendscore?user=Den&score=99999999. Same applies if you plan on using headers.
Be aware, that using the Xbox Live services is only possible if you are a registered Xbox developer, and this is not easy to get.
First of all - is a high score list really that critical that you're worried about an edge case (the common person isn't going to have a dev unlocked phone with ability to modify the *.xap file)?
Second of all, no. There's no fool-proof way to protect your high score list if it is being stored locally on the device. The only way to protect the high score list would be to store it in the cloud via a web service or some other mechanism.
It is tricky to have a secure high score system since users can always modify information on the client side. It's impossible to prevent a determined hacker from looking at your code, but you can make it more difficult by obfuscating your code. PreEmptive's Dotfuscator is currently free for Windows Phone 7 developers and also has analytics built in if you want to use it. This will obfuscate your code and make it harder to read your code. Although it's not fool proof, it's an extra hurdle for hackers to overcome.
The obfuscation would make it harder to find the encryption key you're using to authenticate the high score.
Sorry I couldn't find the best heading for this question. Following is my requirement.
I a working on a project which deals which large amount of money transactions to different account. The system automatically transfers money to accounts of A,B, C etc etc,, But before this is done Some one from A,B or C should approve(electronically) the amount to be transferred.
What do you think is the best way of doing it? I want the system to send a file (PDF of something) which is digitally signed (?) and the authorised person from A,B and C should check and confirm that the amount is correct.
Since the amount is high I must make sure the file sent out by the system is not tampered and at the same time I also want to make sure the file (reply) sent by A,B or C is also not tampered . What is the best way to achieve it? Any ideas?
Digital Signatures is what you are looking for. Adobe PDF (since you mentioned pdf) allows you to sign the pdf in the free Adobe Reader version and verification is also done automatically, as soon as you open the pdf document.
The difference between DigSig and (H)MACs as posted by Noldorin is, that MACs use symmetric encryption, where you require a secure channel to exchange the key, whereas in a PKI environment that secure channel is not required.
It depends how you want to distribute your keys.
You'll want to look into MACs (Message Authentication Codes). There are a number of libraries out there for various languages that implement common algorithms such as HMAC.
EDIT: See also DSA (http://en.wikipedia.org/wiki/Digital_Signature_Algorithm), which is a popular algorithm for digital signatures, and is fully implemented in the standard .NET framework (System.Cryptography namespace).
My first reaction would be Digital Signatures - but they have a fatal flaw: they are digital data that could be compromised by a careless user.
If that is a concern you can go for the process that South African banks use, a one-time password. This password is transferred to them via a means that is not involved in the transaction (in South Africa this is by SMS, which I strongly recommend). We first type in a username and password, and then get the OTP via SMS which we then need to type in for any transactions that lead to money leaving our accounts.
Strong forms of security (in increasing effectiveness) include (I am no expert, but I do know a few):
Knowledge (A password)
Possession (A cell-phone SIM card that can receive SMSes, or a USB thumbdrive with a certificate)
Location (A computer with a hardware-based certificate management system, CellID)
Time (OTP expires, transaction must occur at specific time)
Identity (A fingerprint reader - effectively a password - but insanely long)
Uniqueness (A fibre-optic cable encoded in the polarization of the photons)
From what I know if you have any three of those you can be comfortable with your security. Adding more increases security exponentially, but also increases the inconvenience factor. The banks use Knowledge, Possession and Time in South Africa - and phishing really doesn't work against South African banks.
Hope this helped you out a little.
To digitally sign a file, you can use any of Microsoft's partners. Arx for example provide you with a tool called CoSign which you can use for free (or at least their trial version). This will allow you to add electronic signatures to most available formats (word, pdf, xml etc').