[Muscle] GlobalPlatform keys

Daniel Benoy daniel at benoy.name
Wed Jun 17 06:12:03 PDT 2009 

On Wed, 2009-06-17 at 00:11 -0400, Michael StJohns wrote:
> At 11:33 PM 6/16/2009, Daniel Benoy wrote:
> >So the card user could put an applet on the card that used up all the
> >space, and that would be bad for the card issuer?  Are there any other
> >reasons a business would keep their key secret?
> 
> Say you insert your card into a hacked machine.  Hacked machine erases your company's applet and your keys.  Card is useless.  Hacked machine "TERMINATES" your card (see GlobalPlatform specs).  Card is useless.
> 
> You start hacking on the card and accidentally delete the company applet and your cert - company has to go through the process of re-issuing which is time and money.

If the card is in your possession, you can render it useless in more
direct ways.

> 
> You claim the card is lost - company reissues you a new one, but you erase and repurpose the card.

I guess that one makes sense.

> 
> 100 unissued cards are stolen from the company locker and erased, sold and repurposed.

Those would probably have the default key on them.

> 
> The keys are a way of locking the card to the issuers purpose.  They impose policy on the end user that the end user can't defeat.  

I guess that makes sense.

> Mike
> 
> 
> 
> >Can you download applet code?  I guess that would be a good reason.
> >
> >On Wed, 2009-06-17 at 02:40 +0200, Sébastien Lorquet wrote:
> >> That's not cruel, that's a business and security practice: imagine
> >> that card free space is sorta "rented" by card owners to application
> >> providers :-)
> >> And allowing to install evil applications on already issued cards is
> >> always a bad thing, even if it cannot harm other on-card
> >> applications : There's an applet firewall that enforces strict data
> >> sharing rules, who usually prevent any bit to cross application
> >> boundaries!
> >> 
> >> Sebastien
> >> 
> >> On Wed, Jun 17, 2009 at 1:30 AM, Daniel Benoy <daniel at benoy.name>
> >> wrote:
> >>         Great, thanks for the reply :)  I've been googling all over,
> >>         but I
> >>         couldn't really find an explanation for this basic question.
> >>          For some
> >>         reason that baffles me, smart cards aren't popular even among
> >>         the nerdy
> >>         community :p
> >>         
> >>         So, would I be correct in saying that you get no security
> >>         benefit from
> >>         changing the issuer domain key, except that whoever gets your
> >>         card would
> >>         be unable to use it for their own stuff?  That actually sounds
> >>         like a
> >>         cruel 'feature', to poison the cards against competitors.
> >>          (Prevent me
> >>         from wiping out my visa card and installing MuscleCard on it,
> >>         for
> >>         example :p)
> >>         
> >>         I suppose perhaps there's some hypothetical scenario, though,
> >>         where
> >>         someone could secretly take your card, and install some
> >>         malicious
> >>         program on it, which stores their pin or otherwise does
> >>         something
> >>         tricky...  Hm.
> >>         
> >>         
> >>         On Tue, 2009-06-16 at 23:11 +0200, Sébastien Lorquet wrote:
> >>         > Hi,
> >>         >
> >>         > GP keys are used to manage the card contents, ie add/remove
> >>         applets
> >>         > and packages.
> >>         >
> >>         > The worst an attacker can do is remove the applet instance
> >>         along with
> >>         > its data and reinstanciate it. But data allocated in the
> >>         applet is
> >>         > never readable from the outside, otherwise banks would not
> >>         use chip
> >>         > credit cards :-)
> >>         >
> >>         > You current keys are probably
> >>         404142434445464748494A4B4C4D4E4F, like
> >>         > all development cyberflex cards :)
> >>         > So they're not really secret until you change them using the
> >>         PUT KEY
> >>         > command.
> >>         > but don't forget to write them down somwewhere in a secure
> >>         place :-)
> >>         >
> >>         > In general if the card is for you only, you don't need to
> >>         change the
> >>         > security domain keys.
> >>         >
> >>         > Regards,
> >>         > Sebastien
> >>         >
> >>         
> >>         > _______________________________________________
> >>         > Muscle mailing list
> >>         > Muscle at lists.musclecard.com
> >>         > http://lists.drizzle.com/mailman/listinfo/muscle
> >>         
> >>         _______________________________________________
> >>         Muscle mailing list
> >>         Muscle at lists.musclecard.com
> >>         http://lists.drizzle.com/mailman/listinfo/muscle
> >>         
> >> 
> >> _______________________________________________
> >> Muscle mailing list
> >> Muscle at lists.musclecard.com
> >> http://lists.drizzle.com/mailman/listinfo/muscle
> >
> >
> >_______________________________________________
> >Muscle mailing list
> >Muscle at lists.musclecard.com
> >http://lists.drizzle.com/mailman/listinfo/muscle
> 
> 
> 
> _______________________________________________
> Muscle mailing list
> Muscle at lists.musclecard.com
> http://lists.drizzle.com/mailman/listinfo/muscle
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 6255 bytes
Desc: not available
Url : http://lists.drizzle.com/pipermail/muscle/attachments/20090617/af193181/smime-0001.bin

More information about the Muscle mailing list