Posts Tagged ‘Digital Signatures

Checking and Signing XML Documents on Java Smart Cards

Smart card assistance for generating digital signatures is current state of the art and best practice. This is mainly due to the fact that smart cards now a days have enough processing power to produce digital signatures for documents by on card resources (processor and memory) only. This way the owner’s private signing key never has to leave the smart card: The signing key is and remains permanently stored in a tamper proof environment. A closer look at the signing process however reveals a still existing major security problem: the problem known as the “what you see is what you sign” problem. Before signing a document the signer usually wants to check the document’s syntactic and semantic correctness.

When compared to the traditional process of signing a paper document with a hand written signature, the difference can easily be identified: In the traditional case, it is relatively easy for the user to assert the correctness, because syntactic and semantic document checking and signature generation are in immediate context. Digitally signing an electronic document is completely different, because checking and signature generation are executed in two different environments, exposing fundamentally different characteristics different with respect to security on the one hand and processor, memory, and display resources on the other hand.

Traditionally, the signing application computes the document’s digest using a one way hash function and sends the result to the smart card. The card encrypts the digest by an asymmetric cipher using the signing key stored on the card. The resulting value is the digital signature of the document. It is sent back to the signing application. The user can neither check the syntactic correctness of the document (in case of XML documents: well formedness, validity) nor the semantic correctness of the document. What really is signed is beyond the user’s control. It might for instance be the digest for a manipulated document. Even if the smart card can be regarded as tamper proof, the terminal (e.g. a PC) and the programs running on it are vulnerable to viruses and Trojan horses. Such evildoers might obviously also affect signing applications and let them produce valid signatures for from the user’s perspective invalid documents. Such incidents invalidate the signing process in total.

We propose an enhanced architecture which performs checking and signing of XML documents on Java smart cards, called JXCS architecture. The basic idea of JXCS is to shift the syntactic validation and hash value generation from the vulnerable PC to the trusted smart card. Syntactic validation imposes the following challenges and opportunities: Challenging is the need of processing XML documents on resource constraint Java smart cards. The opportunity of the approach is the possibility to perform syntactic and even semantic checks on the XML document in a tamper proof environment which improves the security of the signing process.
We propose the need for three major checks on the XML documents to be signed: Well formedness, validity and content acknowledgement using a class 3 card reader. Taken together all three checks can defeat “what you see is what you sign” attacks.

Tags : , , , , , , , , , ,

Quantum cryptography

The concept of quantum cryptography(QC), which utilizes a quantum channel and classical TMs (Turing Machine) (as well as a classical channel) and some protocols such as oblivious transfer based on this concept have also been presented. QC is one of the solutions to the above-mentioned problem when a QTM (Quantum Turing Machine) is realized in the future: that is, QC will be used for key-distribution in place of public-key encryption if a QTM is realized. The major difference between QC and QPKC is that QC employs a quantum channel (and classical channel)while QPKC (Quantum Public Key Cryptosystem) employs only a classical channel. The security assumption for a QC scheme is quantum mechanics (believed by most physicists), while that fora QPKC scheme is a computational assumption (e.g., existence of a one-way function) in the QTM model.

Although several experimental QC systems have been already realized in the current technologies, recently reported security flaws of these systems are due to their realistic restrictions of quantum channels such as channel losses, realistic detection process, modifications of the qubits through channels, and fixed dark count error over long distance channels. In addition, it is likely that much more complicated communication networks will be utilized in the future, and it seems technically very hard and much costly to realize a quantum channel from end to end through such complicated networks even in the future.

Accordingly, the QPKC approach seems much more promising, since in many applications encryption and key-distribution should be realized by end-to-end communication through (classical) complicated communication networks. QC provides no solution to the problem of digital signatures when a QTM is realized: that is, QC cannot be used in digital signatures. Hence, our QPKC approach may be the only possible solution to the problem of digital signatures when a QTM is realized.

Tags : , , , , , , , , , , ,

Checking and Signing XML Documents on Java Smart Cards

Smart card assistance for generating digital signatures is current state of the art and bestpractice. This is mainly due to the fact that smart cards now a days have enough processingpower to produce digital signatures for documents by on card resources (processor and memory)only. This way the owner’s private signing key never has to leave the smart card: The signingkey is and remains permanently stored in a tamper proof environment. A closer look at thesigning process however reveals a still existing major security problem: the problem known asthe “what you see is what you sign” problem. Before signing a document the signer usuallywants to check the document’s syntactic and semantic correctness.

When compared to the traditional process of signing a paper document with a hand writtensignature, the difference can easily be identified: In the traditional case, it is relativelyeasy for the user to assert the correctness, because syntactic and semantic document checkingand signature generation are in immediate context. Digitally signing an electronic documentis completely different, because checking and signature generation are executed in twodifferent environments, exposing fundamentally different characteristics different withrespect to security on the one hand and processor, memory, and display resources on the other hand.

Traditionally, the signing application computes the document’s digest using a one way hashfunction and sends the result to the smart card. The card encrypts the digest by an asymmetriccipher using the signing key stored on the card. The resulting value is the digital signatureof the document. It is sent back to the signing application. The user can neither check thesyntactic correctness of the document (in case of XML documents: well formedness, validity)nor the semantic correctness of the document. What really is signed is beyond the user’scontrol. It might for instance be the digest for a manipulated document. Even if the smartcard can be regarded as tamper proof, the terminal (e.g. a PC) and the programs running onit are vulnerable to viruses and Trojan horses. Such evildoers might obviously also affectsigning applications and let them produce valid signatures for from the user’s perspectiveinvalid documents. Such incidents invalidate the signing process in total.

We propose an enhanced architecture which performs checking and signing of XML documents onJava smart cards, called JXCS architecture. The basic idea of JXCS is to shift the syntacticvalidation and hash value generation from the vulnerable PC to the trusted smart card.Syntactic validation imposes the following challenges and opportunities: Challenging is theneed of processing XML documents on resource constraint Java smart cards. The opportunity ofthe approach is the possibility to perform syntactic and even semantic checks on the XMLdocument in a tamper proof environment which improves the security of the signing process.We propose the need for three major checks on the XML documents to be signed: Wellformedness, validity and content acknowledgement using a class 3 card reader. Taken togetherall three checks can defeat “what you see is what you sign” attacks.

Enhanced by Zemanta

Tags : , , , , , , , , , ,

Digital Signatures Using Randomized Hashing

To accommodate the randomizing of a message during digital signature generation and verification, additional operations are needed as specified below.

Signature Generation:

Signature Verification:

Tags : , , , , ,