A comparison of cryptographic keycards

Posted Oct 17, 2017 18:14 UTC (Tue) by sagi (subscriber, #64671)
Parent article: A comparison of cryptographic keycards

Thank you for this fine article. I have been using the FSFE smart cards for a long time and have been considering the FST-01 as a replacement once I make the switch to Curve25519 for authentication.

One angle I never see covered in smart card comparisons is susceptibility to emanation, ie. the quality of shielding (TEMPEST) against electromagnetic sidechannels.

Fox-IT has recently demonstrated the ability to sniff AES keys from an application processor with pretty cheap hardware. There is a lot of research by Daniel Genkin et. al., including against Curve25519. This makes me wonder about the risk trade-off for use on the go (e.g. laptop+smart card during travel, conferences). Could a smart card that protects key material against a compromised host leak that same key more easily by virtue of being less shielded and singularly purposed for secret computation? My own knowledge on this trade-off is very limited, perhaps someone else can enlighten me? Naturally these things depend on your threat model, but that does not stop my curiosity :-)

A comparison of cryptographic keycards

Posted Oct 18, 2017 10:57 UTC (Wed) by hkario (subscriber, #94864) [Link]

yes, but as the article points out, that essentially requires a targeted attack

and while dedicated, top of the line, smart-cards are (claimed to be) more resistant to attacks and analysis like this, they are not invulnerable, and definitely are not perfect (they make be TEMPEST resistant but can create low entropy RSA keys...)

finally, if you are worried about such attacks, how do you plan to secure against rubber hose cryptanalysis?