Using Multiple Smart Cards for Signing Messages at Malicious Terminals

  • István Zsolt Berta
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4176)


Having no trusted user interface, smart cards are unable to communicate with the user directly. Communication is possible with the aid of a terminal only, which leads to several security problems. For example, if the terminal is untrusted (which is a very typical scenario), it may perform a man-in-the middle attack. Thus, a malicious terminal can make the user sign documents that she would not sign otherwise. A signature that a card computes at a malicious terminal does not prove anything about the content of the signed document. What it does prove, is that the user did insert her card into a malicious terminal and she did intend to sign – something.

In this paper we propose a solution where a user has multiple smart cards, and each card represents a ’signal’, a certain piece of information. The user encodes her message by using a subset of her cards for signing at the untrusted terminal. The recipient decodes the message by checking which cards were used. We also make use of time stamps from a trusted time stamping authority to allow cards to be used more than once.


Smart Card Human User Attack Tree Visual Cryptography Card Reader 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Abadi, M., Burrows, M., Kaufman, C., Lampson, B.: Authentication and Delegation with Smart-cards. In: Ito, T., Meyer, A.R. (eds.) TACS 1991. LNCS, vol. 526, Springer, Heidelberg (1992)Google Scholar
  2. 2.
    Schneier, B., Shostack, A.: Breaking up is Hard to do: Modelling security threats for smart cards. USENIX Workshop on Smart Card Technology, Chicago, Illinois, USA (1999),
  3. 3.
    Balfanz, D., Felten, E.: Hand-Held Computers Can Be Better Smart Cards. In: Proceedings of USENIX Security 1999, Washington, DC (1999)Google Scholar
  4. 4.
    Gobioff, H., Smith, S., Tygar, J.D.: Smart Cards in Hostile Environments. In: Proceedings of the 2nd USENIX Workshop on Electronic Commerce, November 1996, 23-28 (1996)Google Scholar
  5. 5.
    Clarke, D., Gassend, B., Kotwal, T., Burnside, M., Dijk, M.v., Devadas, S., Rivest, R.: The Untrusted Computer Problem and Camera-Based Authentication (2002)Google Scholar
  6. 6.
    Naor, M., Pinkas, B.: Visual Authentication and Identification. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 322–336. Springer, Heidelberg (1997)Google Scholar
  7. 7.
    Matsumoto, T.: Human-Computer cryptography: An attempt. In: ACM Conference on Computer and Communications Security, pp. 68–75 (1996)Google Scholar
  8. 8.
    Schneier, B.: The Solitaire Encryption Algorithm (1999),
  9. 9.
    Stabell-Kulo, T., Arild, R., Myrvang, P.: Providing Authentication to Messages Signed with a Smart Card in Hostile Environments. In: Usenix Workshop on Smart Card Technology, Chicago, Illinois, USA (May 10-11, 1999)Google Scholar
  10. 10.
    Asokan, N., Debar, H., Steiner, M., Waidner, M.: Authenticating Public Terminals. In: Computer Networks 1999 (1999)Google Scholar
  11. 11.
    Berta, I.Z., Vajda, I.: Limitations of humans at malicious terminals. Tatra Mountains Mathematical Publications 29, 1–16 (2004)MATHMathSciNetGoogle Scholar
  12. 12.
    Berta, I.Z., Buttyßn, L., Vajda, I.: Privacy protecting protocols for revokable signatures. In: Cardis 2004, Toulouse, France (2004)Google Scholar
  13. 13.
    Berta, I.Z., Buttyßn, L., Vajda, I.: A framework for the revocation of unintended digital signatures initiated by malicious terminals. IEEE Transactions on Secure and Dependable Computing 2(3), 268–272 (2005)CrossRefGoogle Scholar
  14. 14.
    Gruschka, N., Reuter, F., Luttenberger, N.: Checking and Signing XML Using Java Smart Cards. In: CARDIS 2004, Tolouse, France (2004)Google Scholar
  15. 15.
    Girard, P., Giraud, J., Gauteron, L.: Secure electronic signatures when Trojan Horses are lurking. In: e-smart 2004, Sophia Antipolis (2004)Google Scholar
  16. 16.
    Berta, I.Z., Vajda, I.: Documents from Malicious Terminals. In: SPIE Microtechnologies for the New Millenium 2003, Bioengineered and Bioinspired Systems, Spain (2003)Google Scholar
  17. 17.
    Maurer, U.: A Unified and Generalized Treatment of Authentication Theory. In: Puech, C., Reischuk, R. (eds.) STACS 1996. LNCS, vol. 1046, pp. 387–398. Springer, Heidelberg (1996)Google Scholar
  18. 18.
    Sßnta, r.: Smart Card based Application for Message Authentication in a Malicious Terminal Environment. Master’s Thesis, Fachhochschule Darmstadt (2004)Google Scholar
  19. 19.
    Schneier, B.: Attack Trees. Dr. Dobb’s Journal (December 1999),

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • István Zsolt Berta
    • 1
  1. 1.Microsec Ltd. 

Personalised recommendations