Title | Secure Smart Card Signing with Time-based Digital Signature |
Publication Type | Conference Paper |
Year of Publication | 2018 |
Authors | Rezaeighaleh, Hossein, Laurens, Roy, Zou, Cliff C. |
Conference Name | 2018 International Conference on Computing, Networking and Communications (ICNC) |
Date Published | mar |
Keywords | Conferences, cryptographic protocols, current smart card digital signature, cybersecurity challenges, DER Decoder, digital signatures, electronic signature, Java Card, message alteration attack, message authentication, Microsoft Windows, PIN sniffing, Pins, Protocols, pubcrawl, Resiliency, Scalability, secure smart card signing, Secure Time Stamp, security of data, sign documents, smart card terminal, smart cards, smart phones, Terminal Attack, time stamping protocol packet, time-based digital signature, trusted digital signature, trusted digital signing process |
Abstract | People use their personal computers, laptops, tablets and smart phones to digitally sign documents in company's websites and other online electronic applications, and one of the main cybersecurity challenges in this process is trusted digital signature. While the majority of systems use password-based authentication to secure electronic signature, some more critical systems use USB token and smart card to prevent identity theft and implement the trusted digital signing process. Even though smart card provides stronger security, any weakness in the terminal itself can compromise the security of smart card. In this paper, we investigate current smart card digital signature, and illustrate well-known basic vulnerabilities of smart card terminal with the real implementation of two possible attacks including PIN sniffing and message alteration just before signing. As we focus on second attack in this paper, we propose a novel mechanism using time-based digital signing by smart card to defend against message alteration attack. Our prototype implementation and performance analysis illustrate that our proposed mechanism is feasible and provides stronger security. Our method uses popular timestamping protocol packets and does not require any new key distribution and certificate issuance. |
DOI | 10.1109/ICCNC.2018.8390321 |
Citation Key | rezaeighaleh_secure_2018 |