[Authentication] "Wallet" security analysis
lemma at confuego.org
Fri Jul 17 02:02:50 PDT 2009
On Friday 17 July 2009 07:46:57 Anders Rundgren wrote:
> Since I'm working with similar stuff but for PKI a security analysis would
> maybe be of some value?
Yeah, of course.
> There are essentially two attacks that you want to protect from:
> 1. Key theft
> 2. Key misuse
> For asymmetric keys, it is enough to make the container "strong" in
> various ways to thwart key theft since crypto-operations are indirect.
> Protecting against key misuse (trojans authenticating to services) is much
> harder since it more or less assumes that the key-using app is
> authenticating to the crypto store. Since the app is running in user-mode
> it means that you have to rely on a potentially untrusted application.
> Since I'm not a Linux-person I don't know how to do this authentication in
> a good way. Would "root" ownership of the calling ".EXE" be a possible way
> characterize a trusted application? Pardon me if I'm off here due to my
> Linux incompetence...
> Anyway, I'm a bit puzzled about the security offered by "wallets" for
> shared secrets, particularly when there is an open API involved.
Yes, that's indeed a security problem we have knowlingly been living with due
to a lack of ways to fix it.
While some platforms might provide what it takes to authenticate an
application and apply acls (I don't think all so, eg. I haven't found a way to
get peer process' identity on Windows sockets), this is not the only threat.
Another one would be ptracing/debugging as that's very well possible for the
service itself (running as user) as well as for trusted applications (at least
unless disabled) or applications spying on each other using the X protocol
A solution to this might well be underway using AppArmor, SELinux or the
likes. But until somethings's available security could be described as:
- Secrets are protected while your collection is locked.
- Secrets are not protected while your collection is unlocked - so don't use
untrusted software and lock your screen if you take a break :-)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part.
Url : http://lists.freedesktop.org/archives/authentication/attachments/20090717/71bee4ba/attachment.pgp
More information about the Authentication