I am gonna send data from host application to java card and check if it's correct.
Which encryption mechanism should I implement to ensure that the data is sent from an un-fake host application.
Ensure data sent from an un-fake terminal
-
marjkbadboy
- Posts: 33
- Joined: Fri Jul 31, 2015 2:47 am
- Points :217
- Contact:
Re: Ensure data sent from an un-fake terminal
You can implement mutual authentication as GP defined.
It's hunting season!
Re: Ensure data sent from an un-fake terminal
The problem with authenticating the host is that the host might be running a vulnerable or possibly infected host OSes and even with mutual bi-directional authentication, the host side's keys might be stolen.
That said, such protection with bi-directional encryption and authentication is better than none at all.
This boils down to what your application is used for. Ideally, it would be nice if a secure screen (E-Ink) at the very least were attached to the card so that the card can display authentication information for user to approve before allowing the entire secure session between host and card to proceed. This scheme is very expensive due to the need of using custom display cards and the firmware to be written in proprietary format (not JavaCard anymore).
For a more reasonable security, you are better off having an isolated host computer without any networking interfaces (remove the Bluetooth, WiFi and Ethernet chipset ...etc... from the physical Motherboard) or use a vanilla Raspberry Pi Zero attach to a USB smart card reader, USB keyboard and USB mouse via a USB hub and a HDMI HAT adapter for screen. With such an air-gap single board computer, the chances of getting infection is much lower as long as you don't attach storage devices (i.e. USB flash drives and Hard disk) except for the MicroSD card containing the Raspberry Pi OS image.
With the above setup, you can do bi-directional asymmetric or symmetric based encryption and authentication if you want.
Whatever that have been said above really depends on how much security and how sensitive your application is and the usage of appropriate security assurance measures and practices (i.e. OPSEC) to ensure that compromises are kept to the minimum.
That said, such protection with bi-directional encryption and authentication is better than none at all.
This boils down to what your application is used for. Ideally, it would be nice if a secure screen (E-Ink) at the very least were attached to the card so that the card can display authentication information for user to approve before allowing the entire secure session between host and card to proceed. This scheme is very expensive due to the need of using custom display cards and the firmware to be written in proprietary format (not JavaCard anymore).
For a more reasonable security, you are better off having an isolated host computer without any networking interfaces (remove the Bluetooth, WiFi and Ethernet chipset ...etc... from the physical Motherboard) or use a vanilla Raspberry Pi Zero attach to a USB smart card reader, USB keyboard and USB mouse via a USB hub and a HDMI HAT adapter for screen. With such an air-gap single board computer, the chances of getting infection is much lower as long as you don't attach storage devices (i.e. USB flash drives and Hard disk) except for the MicroSD card containing the Raspberry Pi OS image.
With the above setup, you can do bi-directional asymmetric or symmetric based encryption and authentication if you want.
Whatever that have been said above really depends on how much security and how sensitive your application is and the usage of appropriate security assurance measures and practices (i.e. OPSEC) to ensure that compromises are kept to the minimum.
Who is online
Users browsing this forum: No registered users and 15 guests