A Distributed and Secure Architecture for Signature and Decryption Delegation through Remote Smart Cards

Abstract

The established legal value of digital signatures and the growing availability of identity-based digital services are progressively extending the use of smart cards to all citizens, opening new challenging scenarios. Among them, motivated by concrete applications, secure and practical delegation of digital signatures and decryptions is becoming more and more critical. Unfortunately, all secure delegation systems proposed so far include various drawbacks with respect to some of the main functional requirements of any practical system. With the purpose of proposing a truly practical solution for signature and decryption delegation, in this chapter the authors put forth the notion of a “Proxy Smart Card System,” a distributed system that allows a smart card owner to delegate part of its computations to remote users. They first stress the problematic aspects concerning the use of known proxy-cryptography schemes in synergy with current standard technologies, which in turn motivates the need of proxy smart card systems. Then they formalize the security and functional requirements of a proxy smart card system, identifying the involved parties, the adversary model, and the usability properties. Finally, the authors present the design and analysis of a proxy smart card system, which implements the required functionalities outperforming the current state of the art.