Secure Smart Card Signing with Time-based Digital Signature

Smart card is not tamper proof but it is temper resistant and temper evident to a degree. Smart card is widely used for business transactions and multiple services in a wide range of industries worldwide to support access, identity, payments and other applications. This paper presents an overview of attacks against smart card implementations and possible countermeasures for attacks that can give background for the assessment of the tools to improve security system of cards.

cse.lehigh.edu

Despite the fact that public key algorithms are very strong, their security lies in the safe custody of the private key. In case of private key compromise, extensive damage may be caused to the user as the key can be used to sign forged documents. The usual way to store a private ...

International Journal of Emerging Technology and Advanced Engineering, 2014

User authentication is a most important problem, particularly with mobile devices such as PDA’s, smart card, laptops. User authentication is a primary and foremost problem for every system for providing safe access to access personal information. Password and Personal Identification Number (PIN) based authentication is the leading and classical mechanism for verifying the identity of actual device user. In this paper, we proposed an efficient remote authentication scheme using dynamic identity and smart card. The proposed protocol is based on Time Hash function. The proposed scheme provides basic security requirements with minimum computational cost. The session key can be created by the commonly known values from the communicating parties.

International Journal of Computer Applications, 2013

Recently, Tsai et al. proposed dynamic ID based smart card authentication scheme. This paper demonstrates that Tsai et al.'s scheme fails to provide early wrong password detection, secure password change and protection against insider attack. To overcome, we propose a secure SCAM (Smart Card based Authentication Mechanism) which keeps all previous merits and achieves security and functionality requirements. The performance of both the schemes has been analyzed in terms of various metrics. Comparing with Tsai et al.'s scheme, our scheme provides higher security with nearly same cost. For network where clock synchronization is tough, nonce based scheme is additionally offered.

Lecture Notes in Computer Science

ESIGN is an efficient digital signature algorithm [OkS, Ok], whose computation speed is more than twenty times faster than that of the RSA scheme, while its key length and signature length are comparable to those of the M A scheme. This paper presents a software implementation of ES-IGN on an 8bit microprocessor smart card. This realizes a computation time for signature generation of about 0.2 seconds. To achieve this remarkable speed for signature generation, appropriate implementation techniques such as precomputation and table look-up techniques are effectively used. Moreover, this software implementation is compact enough for smart cards; the program size and the data size including the work area are at most 3Kbytes each. Practical identification schemes based on ESIGN are also presented.

2011

Nowadays, Online banking security mechanisms focus on safe authentication mechanisms, but all these mechanisms are rendered useless if we are unable to ensure the integrity of the transactions made. Of late a new threat has emerged known as Man In The Browser attack, its capable of modifying a transaction in real time without the users notice, after the user has successfully logged in using safe authentication mechanisms. In this paper we analyze the Man In the Browser attack and propose a solution based upon Digitally signing a transaction and using the mobile phones as a software token for Digital Signature code

2013

This is to certify that the thesis entitled Development of Time-stamped Signcryption Scheme and its Application in E-cash System by Sanjib Kumar Baral and Sourav Dash in partial fulfillment of the requirements for the award of Bachelor of Technology Degree in Computer Science and Engineering at the National Institute of Technology, Rourkela, is an authentic work carried out by them under my supervision and guidance. To the best of my knowledge, the matter embodied in the thesis has not been submitted to any other university / institute for the award of any Degree or Diploma.

Proceedings of the 2nd international conference on Security of information and networks - SIN '09, 2009

2003

Consumers for years have put their trust in physical means of proving personal identity. However, with the advent of Smart Cards, creating the same sense of trust in the security world is a challenge. Smart Cards, carrying digital signatures, private keys and certificates, offer an approach to trust in the security world that integrates the familiar card form with the capability to provide strong authentication. The same characteristics that make Smart Cards attractive change the threat environment to secure communications in traditional computer systems. In this paper, we propose new methods of authentication in systems that use Smart Cards and secure coprocessor to ensure secure Internet transactions and provide solutions on how to defend against some of the possible attacks.

ijns.femto.com.tw

Yang-Wang-Chang proposed an improved timestamp associated password authentication scheme based on Yang-Shieh, who had earlier proposed timestamp-based remote authentication scheme using smart cards. In this paper, we propose an efficient ...