[erlang-questions] How to exchange sensitive data with ports?
Illo de' Illis
illo@REDACTED
Fri Aug 7 17:52:04 CEST 2009
On Aug 7, 2009, at 4:22 PM, Elena Garrulo wrote:
> Hello,
>
> I'd like to access smart cards from Erlang. Since there is not
> dedicated module, I'll have to use C for that.
[...]
> However, the whole purpose of using smart cards is accessing sensitive
> information stored into the card itself. To my limited knowledge,
> opening a port (pipe) with an external process would allow sniffing.
> Is that true? If not, what tools should I use (preferably working
> both on Linux and Windows)?
What follows applies to Linux only.
In your scenario, a good level of security can be obtained just by
assuming� that the following is true:
- the bad guy is not logged as root or a malicious program is not
running with root privileges during a smartcard transaction -
should this be untrue, you would have a good deal more to worry about.
That said, I would go with a port driver, in spite it being
discouraged by the post you're referring to, since it would limit
eavesdropping and pipe redirection/tracing/dumping. But whatever
choice you're going to pick, you'll have to deal with the fact that
you cannot tell the Erlang VM where to store the data you're sending.
So even if you'd allocate an unpageable (secured) memory buffer to
store sensitive data in your C code, that data could be paged out when
passed to the VM.
I would recommend storing the sensitive data in a secured memory
buffer in the C code (accessing them by some sort of hash table keyed
by terms) and exposing functions for filling the dictionary by
obtaining sensitive information from both the user (i.e. by accessing /
dev/tty) and the smartcard, managing this values and passing portions
of the in-code dictionary from an erlang node to another (both coupled
with your C code) securely by SSL or whatever suits your needs. This
way you could provide a good level of overall security and
performance, and the security issues could be limited to your context.
Ciao,
Illo.
More information about the erlang-questions
mailing list