|
USENIX Technical Program - Abstract - Smartcard 99
Providing Authentication to Messages Signed with a Smart Card in Hostile Environments
Tage Stabell-Kulø, Ronny Arild, and Per Harald Myrvang, University of Tromsø
Abstract
This paper presents a solution to how a smart card can be used to
sign data in a hostile environment.
In particular, how to use a smart card to make a signature on
data when the machine to which the smart-card reader is attached can
not be trusted.
The problem is solved by means of a verification server
together with a substitution table and a one-time pad; it is argued
that lacking a trusted channel from the card, our solution is
minimal.
An invalid signature (a signature on data not intended to be signed)
can only be made if the online server colludes
with the machine the user is using.
In all other circumstances, only a denial-of-service attack is
possible.
The realization is applicable in practice, but slightly awkward.
- View the full text of this paper in
HTML form and
PDF form.
- If you need the latest Adobe Acrobat Reader, you can download it from Adobe's site.
- To become a USENIX Member, please see our Membership Information.
|
Need help? Use our Contacts page.
Technical Program