[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] adding smartcard support to Tor

To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-dev] adding smartcard support to Tor
From: Ken Keys <kenkeys@xxxxxxxxxxx>
Date: Sat, 17 Oct 2015 11:36:59 -0700
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 17 Oct 2015 14:45:24 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcast.net; s=q20140121; t=1445107148; bh=V0TWFy4U6Z+sW7WkXnPugKGb9dBBDFx9tE7wBOPAil0=; h=Received:Received:Subject:To:From:Message-ID:Date:MIME-Version: Content-Type; b=an4KiJcH1h+sEACtvv4MK5OH1KeJbi7+CuJxhKvvHLSbGRSGoM9QoAP581h9870CI NdgjJosUFdXeRU2ntvz2qi2Ro9LOFC9zMga/LMSJkt04VKb7GLhoc44wZUs5zt7FLP egDfjcz3f8Hf44PWFT4iJTWfY+NqKniWqwe5Gw4KxxIFS9//c3XgQzkoQmn20ryGdZ z/Abnwwt4JIFKgbtE7uGMblUoShO8KxQoyRigVst+WzIZynUP9xjidpoWLA6ZXq2T2 4+FAOZFTVmXRe4P40jBiBZ+VXYiL/7bc1M7WP1Gbc7IDq1pz0tevA+jPAWsk7lmdDG myxFphuTrwmYg==
In-reply-to: <CAFnyNAdcY3aTHqbmdTWVGpx6N4PS8iDzKmA3GqvtJ0YWc9_-VA@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
References: <CAFnyNAdw5P53+6-YyOBfa1dmc_TMO2yCta_=4oj3ss3zR9JbuQ@xxxxxxxxxxxxxx> <5621A7CD.9070600@xxxxxxxxxx> <CAFnyNAdcY3aTHqbmdTWVGpx6N4PS8iDzKmA3GqvtJ0YWc9_-VA@xxxxxxxxxxxxxx>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla/5.0 (Windows NT 5.1; rv:38.0) Gecko/20100101 Thunderbird/38.3.0

What is the advantage of a smart card over a standard encrypted thumb drive?

On 10/17/2015 11:19 AM, Razvan Dragomirescu wrote:
> Thank you Ivan, I've taken a look but as far as I understand your
> project only signs the HiddenService descriptors from an OpenPGP card.
> It still requires each backend instance to have its own copy of the
> key (where it can be read by an attacker). My goal is to have the HS
> private key exclusively inside the smartcard and only sign/decrypt
> with it when needed but never reveal it. An attacker should not be
> able to steal the key and host his own HS at the same address - the
> address would be effectively tied to the smartcard - whoever owns the
> smartcard can sign HS descriptors and decrypt traffic with it, so he
> or she is the owner of the service.
>
> Best regards,
> Razvan
>
> --
> Razvan Dragomirescu
> Chief Technology Officer
> Cayenne Graphics SRL
>
> On Sat, Oct 17, 2015 at 4:43 AM, Ivan Markin <twim@xxxxxxxxxx
> <mailto:twim@xxxxxxxxxx>> wrote:
>
>     Hello,
>     Razvan Dragomirescu:
>     > I am not sure if this has been discussed before or how hard it would be to
>     > implement, but I'm looking for a way to integrate a smartcard
>     with Tor -
>     > essentially, I want to be able to host hidden service keys on
>     the card. I'm
>     > trying to bind the hidden service to a hardware component (the
>     smartcard)
>     > so that it can be securely hosted in a hostile environment as
>     well as
>     > impossible to clone/move without physical access to the smartcard.
>
>     I'm not sure that this solution is 100% for your purposes. But
>     recently
>     I've added OpenPGP smartcard support to do exactly this into
>     OnionBlance
>     [1]+[2]. What it does is that it just signs a HS descriptor using
>     OpenPGP SC (via 'Signature' or 'Authentication' key). [It's still a
>     pretty dirty hack, there is no even any exception handling.] You
>     can use
>     it by installing "manager/front" service with your smartcard in it via
>     OnionBalace and balancing to your actual HS. There is no any bandwidth
>     limiting (see OnionBalance design). You can setup OB and an actual
>     HS on
>     the same machine for sure.
>
>     > I have Tor running on the USBArmory by InversePath (
>     > http://inversepath.com/usbarmory.html ) and have a microSD form
>     factor card
>     > made by Swissbit (
>     >
>     www.swissbit.com/products/security-products/overwiev/security-products-overview/
>     <http://www.swissbit.com/products/security-products/overwiev/security-products-overview/>
>     > ) up and running on it. I am a JavaCard developer myself  and I have
>     > developed embedded Linux firmwares before but I have never
>     touched the Tor
>     > source.
>
>     There is a nice JavaC applet by Joeri [3]. It's the same applet that
>     Yubikey is using. You can find well-written tutorial of producing your
>     OpenPGP card at Subgraph [4].
>
>     >
>     > Is there anyone that is willing to take on a side project doing
>     this? Would
>     > it be just a matter of configuring OpenSSL to use the card (I
>     haven't tried
>     > that yet)?
>
>     I'm not sure that it is worth to implement a card support in
>     little-t-tor itself. As I said, all the logic is about HS descriptor
>     signing. Python and other langs that provide readablity will provide
>     security then.
>     I think/hope so.
>
>     [1] https://github.com/mark-in/onionbalance
>     [2] https://github.com/mark-in/openpgpycard
>     [3] http://sourceforge.net/projects/javacardopenpgp/
>     [4] https://subgraph.com/sgos/documentation/smartcards/index.en.html
>
>     Hope it helps.
>     --
>     Ivan Markin
>     /"\
>     \ /       ASCII Ribbon Campaign
>      X    against HTML email & Microsoft
>     / \  attachments! http://arc.pasp.de/
>
>
>     _______________________________________________
>     tor-dev mailing list
>     tor-dev@xxxxxxxxxxxxxxxxxxxx <mailto:tor-dev@xxxxxxxxxxxxxxxxxxxx>
>     https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
>
>
>
>
> _______________________________________________
> tor-dev mailing list
> tor-dev@xxxxxxxxxxxxxxxxxxxx
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Follow-Ups:
- Re: [tor-dev] adding smartcard support to Tor
  - From: Razvan Dragomirescu

References:
- [tor-dev] adding smartcard support to Tor
  - From: Razvan Dragomirescu
- Re: [tor-dev] adding smartcard support to Tor
  - From: Ivan Markin
- Re: [tor-dev] adding smartcard support to Tor
  - From: Razvan Dragomirescu

Prev by Author: Re: [tor-dev] Feedback on CollecTor web redesign
Next by Author: Re: [tor-dev] adding smartcard support to Tor
Previous by thread: Re: [tor-dev] adding smartcard support to Tor
Next by thread: Re: [tor-dev] adding smartcard support to Tor
Index(es):
- Author
- Thread