Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

I am quite new to cards and tokens and trying to get a handle on a couple of iss

ID: 654859 • Letter: I

Question

I am quite new to cards and tokens and trying to get a handle on a couple of issues prior to purchasing and using one.

1- physical access to keys on the card or token: Are all of these devices set up to (or easily configured to) require a pin/pw of some kind prior to use? So, for instance, if the card is lost, a pin must be entered prior to accessing any information or modules (ie, openpgp) that reside on the card?

2- What is the effect of a malicious keylogger on the use of a smart card or token? For instance, if using a USB type token w/smartcard capability, does a keylogger compromise all that is on the device, even if the attacker is unable to physically obtain the usb token?

Explanation / Answer

Most (all?) of the cards require a PIN and are designed to lock themselves after multiple failed attempts, so physical access to a card is pretty much useless without knowing the PIN as the cards are designed to be tamper-proof. So far I haven't heard of any way to extract the secrets using a hardware-attack in a real world scenario.

A keylogger on a machine will indeed capture the PIN if you're entering it into an application on the computer. That can be mitigated by using a reader with a hardware keypad and entering the PIN on that keypad. That way the PIN never reaches the computer and even a compromised machine won't be able to capture it. All credit card terminals you use when paying are, at the very least a reader like this one (but often are full-featured computers that handle the entire transaction themselves) so the POS system never gets your PIN.

A keylogger will never be able to compromise the card's secrets, as the cards are specifically designed to never reveal them, it will however compromise the PIN and any data you encrypt/decrypt with that card or token.

Related Questions

I am planning to engage a vendor to do pen test on my external systems. I know t
Question #657093
I am planning to make a graph for this 10 Meter Transect we havedone in lab. The
Question #5687
I am planning to replace automatic range ball washer at my golf course. The new
Question #2766486
I am planning to use JSON as the data transport mechanism between my iOS app and
Question #662049
I am planning to utilize a new system in our lab, in which I will co-culture can
Question #32274
I am playing a game of Dungeon and Dragons with my family. My son’s character mu
Question #3353319
I am playing in a tennis tournament, and I am up against a player I have watched
Question #2902411
I am playing with dependency injection, but i am not sure I am doing it right. E
Question #655546
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
I am quite comfortable with using actionscript3 and flash. I also have some expe
Next
I am rating karma points 1750 by using other Questions. The answer has to be goo

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.