Hello Dr. Naicken,
On 2015-09-21 23:13, Stephen Naicken wrote:
>
> I would agree with S. Moonesamy on this. It is certainly not
> impossible, but it would be very unwise to do this. Here are my
> thoughts with the caveat that it has been a few years since I explored
> smart card crypto and I am not a cryptographer.
>
> Theoretically, either there is a single decryption key or there are
> many decryption keys (up to a maximum of one per user/card). Assuming
> that the secure memory bounds of the reader are sufficient to store
> all keys and the reader does indeed store all keys, then one
> compromised device is sufficient to compromise all cards.
> Alternatively, it is possible that the reader fetches the appropriate
> key on-demand. In this scenario, the strength of the secure
> connection from server to reader must be at least as strong as that of
> all other components of the system.
>
Thumbs up for the simple & clear explanation. As you mentioned, with a
"key on-demand" approach one needs to ensure that security is maintained
throughout the transfer. In the context of the National Identity Card,
this part is obscure and the little information that was ultimately
released lead me to understand that some parts of the system are
"managed" by a third-party (telecom company to be precise). If the
system is compromised at this point, data captured would most probably
be crypted.
The fingerprint reader in one of the interviews of the Minister of
Technology, Communication & Innovation, is mentioned as being
"standalone". Key on-demand cannot be used in this case.
The use of a Security Access Module was mentioned by the Heads of
Operations of the Mauritius National Identity Card project. It was said
that the SAM contains the key to decrypt data stored in the ID Card. I
would eliminate the use of unique keys. If the card reader is standalone
and that the project used "unique keys", then a mechanism to update the
reader with new keys (for freshly issued ID Cards) would be needed.
There is no mention of such mechanism.
I am therefore left with only one scenario where there is one key for
all cards which is stored in the Security Access Module of the reader.
Regards,
--
Ish Sookun
Received on Tue Sep 22 2015 - 06:50:32 PST