I. Zs. Berta, B. Bencsáth|
Sending authentic messages from malicious terminals
Proceedings of the Networkshop 2004 Conference, NIIF, Hungary, 2004, NIIF, Hungary.
abstract The user wishes to communicate with a remote partner over an insecure network. Since the user is a human being, a terminal is needed to gain access to the network. Various cryptographic algorithms running on the terminal may provide authenticity and/or secrecy for the userâ€™s messages. In this paper the problem of sending authentic messages from insecure or untrusted terminals is analyzed. In this case attackers are able to gain total control over the terminal, so the user must consider the terminal as a potential attacker. Smart cards are often considered the ultimate tool for secure messaging from untrusted terminals. Although they are secure tamper-resistant microcomputers with strong cryptographic powers, their lack of user interface enables man-in-the middle attack from the terminal. This paper analyzes the usability of smart cards for the above problem, and investigates various possibilities for authentic communication between the user and the smart card. Since the user is a human being with limited memory and little computational power, it is questionable that authentic communication is possible between the above two parties in practice. In the first part of our lecture, we review various solutions and protocols from literature that can aid the user in an untrusted terminal environment. In the second part of the lecture, we propose a solution, that can be implemented with smart cards that exist today, and does not need the user to perform cryptographic operations. Although the smart card cannot decide if the message came from the user or from a malicious software running on the terminal, but can still aid the user in authenticating the message. This is possible if the user sends a so-called biometric message. A biometric message could be a video or voice message. Such a message is very hard to manipulate, it may even require human interaction. In order to prevent the attack, the smart card should ensure, that the attacker has no possibility, no time to perform such a complicated attack. The smart card can be used as a secure time that can guarantee that the message was sent in a certain time frame. This way, the time the attacker has to manipulate the message can be severely limited so even simple algorithmic authenticators can provide strong security.