Alternative to physical aspect of security

gf flag

To answer my question, imagine a device that has some sort of secret(s) (stored on a crypto coprocessor), that is encrypted with some sort of symmetric encryption (like AES).

If to make this device secure, I would keep the key separate, in a smart card for example.

Then when the smart card is inserted into the device, I would input the PIN of the smart card to allow the device to read the key on the card.

This satisfies the concept of having something physical and knowing something secret. Is there a secure alternative to the smart card in this scenario?

If the key were to be stored in a insecure NFC card, anybody could make a copy and access all of the secrets on the device.

Could there even be another solution without use of a smart card or another device with a crypto coprocessor or a smart card?

knaccc avatar
es flag
If the "secrets" are encrypted, why do they have to be stored on a "crypto co-processor"? Why can't they be stored anywhere, including somewhere public? You would then use a secure cryptographic processor with a non-extractable key store, such as a Yubikey, to decrypt it.
Zero avatar
gf flag
@knaccc Very good point, they can be stored anywhere. I hadn’t thought about that.
in flag

You could use anything that is able to perform authentication to prove that you possess a device. Usually that is performed using some kind of MAC or signature scheme.

Quite often nowadays a smartphone or telephone / SMS is used for this. This is somewhat dangerous as these devices themselves do sometimes not protect secrets all that well (something that is addressed by both Google and Apple though).

If you're looking for a more standalone system then you can think of one of the one-time password generators (HOTP, TOTP).

Note that you would generally not transmit a symmetric key once it is established; generally you use it either for a MAC. Otherwise you'd also have to protect the communication; something that is hard to do in itself. How and if this can be fixed depends on the system design though.

Zero avatar
gf flag
Okay that makes sense. Can smart cards be used for MAC? From what I understand they just have a secure storage area for stuff like keys.
Maarten Bodewes avatar
in flag
Smart cards are basically CPU's with memory and flash storage. Memory cards are different, they just contain some specific operations and of course also flash or EEPROM. High end smart cards can run over 25 MHz and often include specialized circuits and protected storage to execute AES and RSA or ECDSA operations. Some smart cards are even based on 32 bit ARM although many are 8/16/24 bit processors.

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.