The mechanism is secure under the assumption that the card is
tamper-resistant. In fact, an attacker who wants to add some more
values in the revocation list cannot do it because he cannot
falsify the group manager signature. Then, it is impossible to
substitute a value for another one because the signature would
then be incorrect. Moreover removing a value from the revocation
list would generate a card error because the final test on the
signature verification would be wrong. Finally, replaying
indefinitely the same revocation list would imply the rejection of
the signature by the verifier because he could compare the date of
the updating by (
) with the date of the last
signature by the smart card (
). In fact, if
is
different from
he can think that the signer has intended
to cheat. For example the revocation list can be updated every
day. Another solution is the use of an on-line verification (even
if it is an ``extreme'' case). We can then conclude that the
previous mechanism is secure under the assumption that the card is
secure.