Automatic event-stream notarization using digital signatures

  • Bruce Schneier
  • John Kelsey
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1189)


Some digital signature algorithms (such as RSA) require messages to be padded before they are signed. Secure tokens can use these padding bits as a subliminal channel to embed auditing information in their signed messages. These auditing bits simplify protecting against lost and stolen tokens, breaks of specific protocols, hash functions, and ciphers, and attacks based on defeating a token's tamper-resistance.


Hash Function Smart Card Protocol Message Digital Signature Scheme Hash Chain 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    R. Anderson, “UEPS — A Second Generation Electronic Wallet,” Computer Security — ESORICS '92, Springer-Verlag, 1992, pp. 411–418.Google Scholar
  2. 2.
    R. Anderson, “Why Cryptosystems Fail,” Communications of the ACM, v. 37, n. 11, Nov 1994, pp. 32–40.CrossRefGoogle Scholar
  3. 3.
    R. Anderson, “Liability and Computer Security: Nine Principles,” Computer Security — ESORICS '94, Springer-Verlag, 1994, pp. 231–245.Google Scholar
  4. 4.
    R. Anderson, “Robustness Principles for Public Key Protocols,” Advances in Cryptology — CRYPTO '95, Springer-Verlag, 1995, pp. 236–247.Google Scholar
  5. 5.
    D.W. Davies and W.L. Price, Security for Computer Networks, Second Edition, John Wiley & Sons, 1989.Google Scholar
  6. 6.
    S. Haber and W.S. Stornetta, “How to Time-Stamp a Digital Document,” Journal of Cryptology, v. 3, n.2, 1991, pp. 99–112.CrossRefGoogle Scholar
  7. 7.
    K. Nyberg and R. Rueppel, “Message Recovery for Signature Schemes Based on the Discrete Logarithm Problem,” Advances in Cryptology-EUROCRYPT '94, Springer-Verlag, 1995, pp. 182–193.Google Scholar
  8. 8.
    J.-J. Quisquater and L. Guillou, “DSS and RSA,”presented at the rump session of Eurocrypt 1995.Google Scholar
  9. 9.
    RSA Laboratories, “Public Key Cryptography Standards #1: RSA Encryption Standard,” version 1.5, 1 November 1993.Google Scholar
  10. 10.
    B. Schneier, Applied Cryptography, 2nd Edition, John Wiley & Sons, 1996.Google Scholar
  11. 11.
    G.J. Simmons, “The Prisoner's Problem and the Subliminal Channel,” Advances in Cryptology: Proceedings of CRYPTO '83, Plenum Press, 1984, pp. 51–67.Google Scholar
  12. 12.
    W.B. Sweet, “Commercial Automated Key Escrow (CAKE): An Exportable Strong Encryption Proposal, Version 2.0,” National Semiconductor iPower Business Unit, 4 June 1995.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1997

Authors and Affiliations

  • Bruce Schneier
    • 1
  • John Kelsey
    • 1
  1. 1.Counterpane SystemsMinneapolis

Personalised recommendations