I. Zs. Berta, I. Vajda|
Message Authentication using Smart Card and Biometry
Second Central European Conference on Cryptography (HajduCrypt) 2002, Debrecen, Hungary, 2002.
The user wishes to communicate with a remote partner over an insecure network. Since the user is a human being, a terminal is needed to gain access to the network. Various cryptographic algorithms running on the terminal may provide authenticity and/or secrecy for the users messages.
In this paper the problem of sending authentic messages from insecure or untrusted terminals is analyzed. In this case attackers are able to gain total control over the terminal, so the user must consider the terminal as a potential attacker.
Smart cards are often considered the ultimate tool for secure messaging from untrusted terminals. Although they are secure tamper-resistant microcomputers with strong cryptographic powers, their lack of user interface enables man-in-the middle attack from the terminal.
This paper analyzes the usability of smart cards for the above problem, and investigates various possibilities for authentic communication between the user and the smart card. Since the user is a human being with limited memory and little computational power, it is questionable that authentic communication is possible between the above two parties in practice. The authors show various algorithms from literature and history that do solve the problem of authentic messaging from untrusted terminals. Unfortunately, most of these are impractical for commercial use.
The authors highlight that while the human being is a very poor computer, it is an excellent biometric device. Several biometric media encapsulate the content of the message and the identity of the sender, such as speech, video and handwriting. The authors suggest, that such media is far more difficult to counterfeit than plaintext. The authors analyze this additional protection provided by biometry.
In the protocol proposed by the authors, the user sends messages in a biometric format, and strengthens biometry with simple algorithmic authenticators. The smart card functions in this protocol as a secure time gate ensuring, that the attacker has extremely little time to counterfeit both the biometric and the algorithmic protection on the message.
The authors claim, that with the proper calibration of the biometric method and the time gate of the smart card, their protocol is strong enough for practical use.