← Back to context

Comment by altairprime

13 days ago

There’s no way to prove you aren’t MitM-proxying a reply from a device not paired to your phone in that scenario, because the kernel ‘says’ it’s USB to the app but a patched kernel can lie about that unless the kernel is attested-unmodified-secured — and anyways USB can itself be mitm’d at the phys layer without the kernel knowing at all.

5 comments

altairprime

Reply
fluidcruft  13 days ago

You can enroll keys on trusted hardware and then use them on untrusted hardware. That's how smartcards work. Enrollment is secure (say performed by your employer) and (in theory) extracting the private key is impossible.

Smartcards also seem to have the ability to issue certificate requests. I think the keys inside the cards are signed by a manufacturer trust chain (I got a gemalto card to play with for signatures and places like IdenTrust were able to verify authentic cards, but I wasn't trying to fool anything so it may be possible... but they would only issue certain levels of keys for specific cards)

I'm not saying you are wrong (I don't know enough about the details) but it all was much more sophisticated than I had thought and the chips seem to be running some sort of attestation of the chip in the card. Basically, you can't MITM things if doing so requires getting a private key that only exists in the factory. That sort of thing.

  • altairprime  12 days ago

    I look forward to being wrong, certainly!

    • fluidcruft  12 days ago

      Well you should understand that trusting media is not part of how modern encryption works. Having access to USB isn't any different from having access to a network switch or the airwaves. Things like yubikeys and smartcards are designed to work when using untrusted devices.

      The question is how do you convince other people to trust your phone to store their secrets--not how do you yourself come to trust your own device to store your own secrets. And if you can't convince others your device is secure (i.e. "why the hell would I trust you and your phone to store my password?"), then just use something they can trust instead. I'm not saying EU is going to allow whatever, I'm just saying it's not a huge technical or usability problem to rely on something the EU should be able to trust (like a yubikey) if the EU can't trust your phone.

      1 reply →

Aachen  13 days ago

My mom can also do the identification on my phone and unlock it for me. There is fundamentally no way to prevent proxy issues if you let people do verification themselves

Intercepting the USB reader traffic to feed the computer a different card is about the most roundabout way of achieving that