Author
|
Conference
|
Journal
|
Organization
|
Year
|
DOI
Look for results that meet for the following criteria:
since
equal to
before
between
and
Search in all domains
Limit my searches in the following domains
Agriculture Science
Arts & Humanities
Biology
Chemistry
Computer Science
Economics & Business
Engineering
Environmental Sciences
Geosciences
Material Science
Mathematics
Medicine
Physics
Social Science
Multidisciplinary
Keywords
(5)
High Availability
Online Auction
Smart Card
Time Synchronization
Man In The Middle
Subscribe
Academic
Publications
Using Smart Cards for Tamper-Proof Timestamps on Untrusted Clients
Edit
Using Smart Cards for Tamper-Proof Timestamps on Untrusted Clients
(
Citations: 2
)
BibTex
|
RIS
|
RefWorks
Download
Guenther Starnberger
,
Lorenz Froihofer
,
Karl M. Goeschka
Online auctions of governmental bonds and CO2 certificates are challenged by
high availability
requirements in face of high peak loads around the auction deadline. Traditionally, these requirements are addressed by cluster solutions. However, with strong requirements regarding hardware ownership and only a few auctions per owner per year hardware clusters are a rather ineffective solution.Consequently, we contribute with a solution that alleviates the dependability problems by shifting them into the security domain: Key idea is to provide a secure timestamp service that allows users to place bids locally until the deadline, independent of server availability. This allows to mitigate peak-loads and network or server outages as the transfer of bids to the server can be delayed until after a performance peak or the repair of a failed component.In this paper in particular, we contribute with a secure
time synchronization
and timestamping protocol tailored to online auctions where we apply secure timestamps on smart cards locally connected to the bidder's computer. Moreover, our timestamping protocol is robust with respect to man-in-the-middle delay attacks. Finally, we prove the feasibility of our approach based on a .NET
smart card
implementation and conclude with a discussion of current
smart card
limitations.
Conference:
Availability, Reliability and Security - IEEEARES
, pp. 96-103, 2010
DOI:
10.1109/ARES.2010.78
Cumulative
Annual
View Publication
The following links allow you to view full publications. These links are maintained by other sources not affiliated with Microsoft Academic Search.
(
www.informatik.uni-trier.de
)
(
guenther.starnberger.name
)
(
ieeexplore.ieee.org
)
(
doi.ieeecomputersociety.org
)
(
ieeexplore.ieee.org
)
More »
Citation Context
(2)
...This allows us to decouple the auction deadline from bid submission, because clients can locally timestamp bids using a smart card and a secure time synchronization protocol [
24
] and transmit those bids to the server at a later time...
...To facilitate this approach, we apply secure client-side timestamps [
24
] that can then be used by the server to verify the time of bid submission...
...In our system, security critical components are executed within secure smart cards, including software to maintain the current time with a secure time synchronization protocol [
24
]...
Guenther Starnberger
,
et al.
Adaptive run-time performance optimization through scalable client req...
...Consequently, we introduced a smartcardbased secure timestamping protocol that solves the new security challenges [
28
]...
...The first prerequisite to temporal decoupling is a secure smart card running the security-critical parts of the application such as time synchronization and time stamping of bid submissions [25,
28
]...
...Goeschka discussed in our trust model [
28
]...
Lorenz Froihofer
,
et al.
Experience Report: Trading Dependability, Performance, and Security th...
References
(8)
Maintaining the time in a distributed system
(
Citations: 70
)
Keith Marzullo
,
Susan S. Owicki
Conference:
Symposium on Principles of Distributed Computing - PODC
, pp. 295-305, 1983
An Upper and Lower Bound for Clock Synchronization
(
Citations: 140
)
Jennifer Lundelius
,
Nancy A. Lynch
Journal:
Information and Computation/information and Control - IANDC
, vol. 62, no. 2/3, pp. 190-204, 1984
How to Break MD5 and Other Hash Functions
(
Citations: 413
)
Xiaoyun Wang
,
Hongbo Yu
Conference:
Theory and Application of Cryptographic Techniques - EUROCRYPT
, pp. 19-35, 2005
A security analysis of the NTP protocol version 2
(
Citations: 10
)
Matt Bishop
Conference:
Annual Computer Security Applications Conference - ACSAC
, 1990
Balancing of Dependability and Security in Online Auctions
(
Citations: 4
)
Lorenz Froihofer
,
Karl M. Goeschka
Conference:
Dependable Systems and Networks - DSN
, 2008
Order by:
Citations
(2)
Adaptive run-time performance optimization through scalable client request rate control
(
Citations: 1
)
Guenther Starnberger
,
Lorenz Froihofer
,
Karl M. Goeschka
Published in 2011.
Experience Report: Trading Dependability, Performance, and Security through Temporal Decoupling
Lorenz Froihofer
,
Guenther Starnberger
,
Karl M. Goeschka