Using Multiple Smart Cards for Signing Messages at Malicious Terminals

Having no trusted user interface, smart cards are unable to communicate with the user directly. Communication is possible with the aid of a terminal only, which leads to several security problems. For example, if the terminal is untrusted (which is a very typical scenario), it may perform a man-in-the middle attack. Thus, a malicious terminal can make the user sign documents that she would not sign otherwise. A signature that a card computes at a malicious terminal does not prove anything about the content of the signed document. What it does prove, is that the user did insert her card into a malicious terminal and she did intend to sign – something. In this paper we propose a solution where a user has multiple smart cards, and each card represents a ’signal’, a certain piece of information. The user encodes her message by using a subset of her cards for signing at the untrusted terminal. The recipient decodes the message by checking which cards were used. We also make use of time stamps from a trusted time stamping authority to allow cards to be used more than once.