Developers for security devices should consider attacks and threats. Users would, too.
The most important thing is software vulnerability. In this answer, let me talk about software vulnerability, at first. That's because this is more likely than other threats.
Gnuk developers are security conscious, however, it is still possible for Gnuk to have security related bugs.
Thus, Gnuk support firmware upgrade. This is not only for security bugs, but the feature guarantees that the device is under control of its user. Note that it is not Tivoization, where hardware vendor controls firmware upgrade. But it is the user who control the device.
Gnuk is Free Software, and I (gniibe) think that it is mandatory for user's freedom of computing.
We need much care here too. Software upgrade could be one of weak points, and it could have its own security bugs.
For side channel attacks, in general, we could consider power analysis attack, timing attack, etc.
Gnuk took routines of AES and RSA from PolarSSL version 0.14, and then, RSA routines for ARM were heavily modified for speed.
See this PolarSSL news, and you could evaluate how it's good (not only against side channel attacks but also about vulnerabilities, etc.).
Because RSA routines in Gnuk is heavily modified version, it could have a flaw, but I (gniibe) believe nothing.
That's being said, let us think about the real scenario for Gnuk Token.
If it is possible for an attacker to do some side channel attacks, it means that the attacker has full control of your Gnuk Token or he has full control of your host PC. Note that attackers don't need to have full control, in many cases of side channel attacks against keys on host PC.
Doing side channel attacks against RSA computation means that Gnuk Token has been authenticated. Given some control of communication for authenticated Gnuk Token, it is more likely for attackers to just send requests to the Token to make digital signature or to do authentication.
Simply stealing Gnuk Token, it is not possible to do side channel attacks against RSA computation of your private keys.
If your host PC is under control of an attacker and USB communication is monitored, your pass phrase will be stolen. Or it is more likely for attackers to send requests to the Token to make digital signature or to do authentication, if they have such a control.
Gnuk has a feature to support input by device itself, but it requires some additional hardware. If it is enabled, it will be safe against USB monitoring.
Asked: 2012-10-30 16:00:58 +0900
Seen: 295 times
Last updated: Nov 05 '12