[erlang-questions] How to exchange sensitive data with ports?

Illo de' Illis illo@REDACTED
Fri Aug 7 17:52:04 CEST 2009

On Aug 7, 2009, at 4:22 PM, Elena Garrulo wrote:

> Hello,
> I'd like to access smart cards from Erlang. Since there is not
> dedicated module, I'll have to use C for that.
> However, the whole purpose of using smart cards is accessing sensitive
> information stored into the card itself. To my limited knowledge,
> opening a port (pipe) with an external process would allow sniffing.
> Is that true? If not, what tools  should I use (preferably working
> both on Linux and Windows)?

What follows applies to Linux only.

In your scenario, a good level of security can be obtained just by  
assuming that the following is true:

- the bad guy is not logged as root or a malicious program is not  
running with root privileges during a smartcard transaction -

should this be untrue, you would have a good deal more to worry about.

That said, I would go with a port driver, in spite it being  
discouraged by the post you're referring to, since it would limit  
eavesdropping and pipe redirection/tracing/dumping. But whatever  
choice you're going to pick, you'll have to deal with the fact that  
you cannot tell the Erlang VM where to store the data you're sending.  
So even if you'd allocate an unpageable (secured) memory buffer to  
store sensitive data in your C code, that data could be paged out when  
passed to the VM.
I would recommend storing the sensitive data in a secured memory  
buffer in the C code (accessing them by some sort of hash table keyed  
by terms) and exposing functions for  filling the dictionary by  
obtaining sensitive information from both the user (i.e. by accessing / 
dev/tty) and the smartcard, managing this values and passing portions  
of the in-code dictionary from an erlang node to another (both coupled  
with your C code) securely by SSL or whatever suits your needs. This  
way you could provide a good level of overall security and  
performance, and the security issues could be limited to your context.


More information about the erlang-questions mailing list