[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] adding smartcard support to Tor



What is the advantage of a smart card over a standard encrypted thumb drive?

On 10/17/2015 11:19 AM, Razvan Dragomirescu wrote:
> Thank you Ivan, I've taken a look but as far as I understand your
> project only signs the HiddenService descriptors from an OpenPGP card.
> It still requires each backend instance to have its own copy of the
> key (where it can be read by an attacker). My goal is to have the HS
> private key exclusively inside the smartcard and only sign/decrypt
> with it when needed but never reveal it. An attacker should not be
> able to steal the key and host his own HS at the same address - the
> address would be effectively tied to the smartcard - whoever owns the
> smartcard can sign HS descriptors and decrypt traffic with it, so he
> or she is the owner of the service.
>
> Best regards,
> Razvan
>
> --
> Razvan Dragomirescu
> Chief Technology Officer
> Cayenne Graphics SRL
>
> On Sat, Oct 17, 2015 at 4:43 AM, Ivan Markin <twim@xxxxxxxxxx
> <mailto:twim@xxxxxxxxxx>> wrote:
>
>     Hello,
>     Razvan Dragomirescu:
>     > I am not sure if this has been discussed before or how hard it would be to
>     > implement, but I'm looking for a way to integrate a smartcard
>     with Tor -
>     > essentially, I want to be able to host hidden service keys on
>     the card. I'm
>     > trying to bind the hidden service to a hardware component (the
>     smartcard)
>     > so that it can be securely hosted in a hostile environment as
>     well as
>     > impossible to clone/move without physical access to the smartcard.
>
>     I'm not sure that this solution is 100% for your purposes. But
>     recently
>     I've added OpenPGP smartcard support to do exactly this into
>     OnionBlance
>     [1]+[2]. What it does is that it just signs a HS descriptor using
>     OpenPGP SC (via 'Signature' or 'Authentication' key). [It's still a
>     pretty dirty hack, there is no even any exception handling.] You
>     can use
>     it by installing "manager/front" service with your smartcard in it via
>     OnionBalace and balancing to your actual HS. There is no any bandwidth
>     limiting (see OnionBalance design). You can setup OB and an actual
>     HS on
>     the same machine for sure.
>
>     > I have Tor running on the USBArmory by InversePath (
>     > http://inversepath.com/usbarmory.html ) and have a microSD form
>     factor card
>     > made by Swissbit (
>     >
>     www.swissbit.com/products/security-products/overwiev/security-products-overview/
>     <http://www.swissbit.com/products/security-products/overwiev/security-products-overview/>
>     > ) up and running on it. I am a JavaCard developer myself  and I have
>     > developed embedded Linux firmwares before but I have never
>     touched the Tor
>     > source.
>
>     There is a nice JavaC applet by Joeri [3]. It's the same applet that
>     Yubikey is using. You can find well-written tutorial of producing your
>     OpenPGP card at Subgraph [4].
>
>     >
>     > Is there anyone that is willing to take on a side project doing
>     this? Would
>     > it be just a matter of configuring OpenSSL to use the card (I
>     haven't tried
>     > that yet)?
>
>     I'm not sure that it is worth to implement a card support in
>     little-t-tor itself. As I said, all the logic is about HS descriptor
>     signing. Python and other langs that provide readablity will provide
>     security then.
>     I think/hope so.
>
>     [1] https://github.com/mark-in/onionbalance
>     [2] https://github.com/mark-in/openpgpycard
>     [3] http://sourceforge.net/projects/javacardopenpgp/
>     [4] https://subgraph.com/sgos/documentation/smartcards/index.en.html
>
>     Hope it helps.
>     --
>     Ivan Markin
>     /"\
>     \ /       ASCII Ribbon Campaign
>      X    against HTML email & Microsoft
>     / \  attachments! http://arc.pasp.de/
>
>
>     _______________________________________________
>     tor-dev mailing list
>     tor-dev@xxxxxxxxxxxxxxxxxxxx <mailto:tor-dev@xxxxxxxxxxxxxxxxxxxx>
>     https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
>
>
>
>
> _______________________________________________
> tor-dev mailing list
> tor-dev@xxxxxxxxxxxxxxxxxxxx
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev