Secure Smart Card Signing With Time-Based Digital Signature

Keywords

DER Decoder; Java Card; Secure Time Stamp; Terminal Attack; Time-based Digital Signature

Abstract

People use their personal computers, laptops, tablets and smart phones to digitally sign documents in company's websites and other online electronic applications, and one of the main cybersecurity challenges in this process is trusted digital signature. While the majority of systems use password-based authentication to secure electronic signature, some more critical systems use USB token and smart card to prevent identity theft and implement the trusted digital signing process. Even though smart card provides stronger security, any weakness in the terminal itself can compromise the security of smart card. In this paper, we investigate current smart card digital signature, and illustrate well-known basic vulnerabilities of smart card terminal with the real implementation of two possible attacks including PIN sniffing and message alteration just before signing. As we focus on second attack in this paper, we propose a novel mechanism using time-based digital signing by smart card to defend against message alteration attack. Our prototype implementation and performance analysis illustrate that our proposed mechanism is feasible and provides stronger security. Our method uses popular timestamping protocol packets and does not require any new key distribution and certificate issuance.

Publication Date

6-19-2018

Publication Title

2018 International Conference on Computing, Networking and Communications, ICNC 2018

Number of Pages

182-187

Document Type

Article; Proceedings Paper

Personal Identifier

scopus

DOI Link

https://doi.org/10.1109/ICCNC.2018.8390321

Socpus ID

85050107352 (Scopus)

Source API URL

https://api.elsevier.com/content/abstract/scopus_id/85050107352

This document is currently not available here.

Share

COinS