Talks and Poster Presentations (with Proceedings-Entry):
G. Starnberger, L. Froihofer, K. Göschka:
"Using Smart Cards for Tamper-Proof Timestamps on Untrusted Clients";
Talk: 5th International Conference on Availability, Reliability, and Security ARES 2010,
- 2010-02-18; in: "Proceedings of the 5th International Conference on Availability, Reliability, and Security ARES 2010",
IEEE Computer Society,
Online auctions of governmental bonds and CO2
certificates are challenged by high availability requirements
in face of high peak loads around the auction deadline.
Traditionally, these requirements are addressed by cluster
solutions. However, with strong requirements regarding hardware
ownership and only a few auctions per owner per year
hardware clusters are a rather ineffective solution.
Consequently, we contribute with a solution that alleviates
the dependability problems by shifting them into the security
domain: Key idea is to provide a secure timestamp service that
allows users to place bids locally until the deadline, independent
of server availability. This allows to mitigate peak-loads and
network or server outages as the transfer of bids to the server
can be delayed until after a performance peak or the repair
of a failed component.
In this paper in particular, we contribute with a secure
time synchronization and timestamping protocol tailored to
online auctions where we apply secure timestamps on smart
cards locally connected to the bidder´s computer. Moreover,
our timestamping protocol is robust with respect to man-inthe-
middle delay attacks. Finally, we prove the feasibility of
our approach based on a .NET smart card implementation and
conclude with a discussion of current smart card limitations.
Smart cards; Synchronization; Availability; Security;
"Official" electronic version of the publication (accessed through its Digital Object Identifier - DOI)
Project Head Karl Michael Göschka:
Created from the Publication Database of the Vienna University of Technology.