[Gnuk-users] FST-01 is going to be non-reproducible any more
NIIBE Yutaka
gniibe at fsij.org
Tue Jan 12 00:29:16 UTC 2016
On 01/11/2016 02:42 PM, NdK wrote:
> Il 11/01/2016 02:47, Yuji -UG- Imai ha scritto:
>
>> Yes, I found where gniibe mentioned about TEMPEST.
>> It's in the japanese handbook of of FST-01.
>> http://no-passwd.net/fst-01-gnuk-handbook/gnuk-token-warnings.html#id1
> Sorry, I don't understand Japanese :(
>
>> I understand making cables with LC filter is enough, right?
> Could be. Tests are needed.
There are two different things;
* EMI and ESD protection regulations (like the one for CE marking)
* Possible attack like TEMPEST
Firstly, let me explain about EMI and ESD protection regulations.
The shield of the type-A plug connector of FST-01 is not connected to
GND (It is intended to be inserted to the port directly). If there
are users who want to connect with extension cable, this design of
FST-01 is wrong (not correct), and could be considered a bug.
If it is inserted by (longer) extension cable, it is recommended to
connect the shield to GND. How? There are different opinions:
http://electronics.stackexchange.com/questions/4515/how-to-connect-usb-connector-shield
For me... if I use an extension cable and it is short enough (say, <
15cm), I would just insert FST-01 with nothing (I mean, as-is). If
it's long (say, > 120 cm), I will modify my FST-01 making connection
from the shield of type-A connector to GND directly. If I will have
another opportunity to manufacture, I will put a ferrite bead between
the shield and GND.
Secondly, let me explain about an attack like TEMPEST.
I don't think it is likely to do some attack with electromagnetic
interference from USB device remotely (even for the lack of shield-GND
connection of FST-01).
A possible scenario would be "Hub in the middle". An adversely put
a hub between your computer and FST-01 to monitor USB signals.
If an adversary had an access to USB signals directly, the token is
vulnerable by monitoring the communication (the passphrase will be
stolen, decrypted data will be stolen, etc.).
Or... it is true that there are some side channel attacks against some
RSA implementation, which can discover private keys by power analysis.
However, I don't think such known attacks are feasible against the RSA
implementation of Gnuk. (Well, I think that if an adversary has an
access to USB power line, it is equally likely he can get an access to
USB signal lines...)
--
More information about the gnuk-users
mailing list