Visible to the public Biblio

Filters: Keyword is DER Decoder  [Clear All Filters]
2020-01-06
Rezaeighaleh, Hossein, Laurens, Roy, Zou, Cliff C..  2018.  Secure Smart Card Signing with Time-based Digital Signature. 2018 International Conference on Computing, Networking and Communications (ICNC). :182–187.
People use their personal computers, laptops, tablets and smart phones to digitally sign documents in company's websites and other online electronic applications, and one of the main cybersecurity challenges in this process is trusted digital signature. While the majority of systems use password-based authentication to secure electronic signature, some more critical systems use USB token and smart card to prevent identity theft and implement the trusted digital signing process. Even though smart card provides stronger security, any weakness in the terminal itself can compromise the security of smart card. In this paper, we investigate current smart card digital signature, and illustrate well-known basic vulnerabilities of smart card terminal with the real implementation of two possible attacks including PIN sniffing and message alteration just before signing. As we focus on second attack in this paper, we propose a novel mechanism using time-based digital signing by smart card to defend against message alteration attack. Our prototype implementation and performance analysis illustrate that our proposed mechanism is feasible and provides stronger security. Our method uses popular timestamping protocol packets and does not require any new key distribution and certificate issuance.