Providing authentication to messages signed with a smart card in hostile environments

Authors:
Tage Stabell-Kulø;Ronny Arild;Per Harald Myrvang
Affiliations:
Department of Computer Science, University of Tromsø, Tromsø, Norway;Department of Computer Science, University of Tromsø, Tromsø, Norway;Department of Computer Science, University of Tromsø, Tromsø, Norway
Venue:
WOST'99 Proceedings of the USENIX Workshop on Smartcard Technology on USENIX Workshop on Smartcard Technology
Year:
1999

Citing 6
Cited 5

A logic of authentication

ACM Transactions on Computer Systems (TOCS)
Authentication in distributed systems: theory and practice

ACM Transactions on Computer Systems (TOCS)
Authentication and delegation with smart-cards

TACS'91 Selected papers of the conference on Theoretical aspects of computer software
Cryptography: Theory and Practice

Cryptography: Theory and Practice
Smart cards in hostile environments

WOEC'96 Proceedings of the 2nd conference on Proceedings of the Second USENIX Workshop on Electronic Commerce - Volume 2
Secure coprocessors in electronic commerce applications

WOEC'95 Proceedings of the 1st conference on USENIX Workshop on Electronic Commerce - Volume 1

The Design of a COTSReal-Time Distributed Security Kernel

EDCC-4 Proceedings of the 4th European Dependable Computing Conference on Dependable Computing
Smartcards: Hot to Put them to Use in a User-Centric System

HUC '00 Proceedings of the 2nd international symposium on Handheld and Ubiquitous Computing
A Framework for the Revocation of Unintended Digital Signatures Initiated by Malicious Terminals

IEEE Transactions on Dependable and Secure Computing
Using multiple smart cards for signing messages at malicious terminals

ISC'06 Proceedings of the 9th international conference on Information Security
A user-friendly approach to human authentication of messages

FC'05 Proceedings of the 9th international conference on Financial Cryptography and Data Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

This paper presents a solution to how a smart card can be used to sign data in a hostile environment. In particular, how to use a smart card to make a signature on data when the machine to which the smart-card reader is attached can not be trusted. The problem is solved by means of a verification server together with a substitution table and a one-time pad; it is argued that lacking a trusted channel from the card, our solution is minimal. An invalid signature (a signature on data not intended to be signed) can only be made if the online server colludes with the machine the user is using. In all other circumstances, only a denial-of-service attack is possible. The realization is applicable in practice, but slightly awkward.