USENIX Conference Policies
Providing Authentication to Messages Signed with a Smart Card in Hostile Environment
This paper presents a solution to how a smart card can be used to sign data in a hostile environment. In particular, how to use a smart card to make a signature on data when the machine to which the smart-card reader is attached can not be trusted. The problem is solved by means of a verification server together with a substitution table and a one-time pad; it is argued that lacking a trusted channel from the card, our solution is minimal.
An invalid signature (a signature on data not intended to be signed) can only be made if the online server colludes with the machine the user is using. In all other circumstances, only a denial-of-service attack is possible. The realization is applicable in practice, but slightly awkward.
author = {Tage Stabell-Kul{\^a} and Ronny Arild and Per Harald Myrvang},
title = {Providing Authentication to Messages Signed with a Smart Card in Hostile Environment},
booktitle = {USENIX Workshop on Smartcard Technology (Smartcard 99)},
year = {1999},
address = {Chicago, IL},
url = {https://www.usenix.org/conference/usenix-workshop-smartcard-technology/providing-authentication-messages-signed-smart-card},
publisher = {USENIX Association},
month = may
}