B. Schneier and J. Kelsey
Security Protocols, International Workshop April 1996 Proceedings, Springer-Verlag, 1997, pp. 155-169.
ABSTRACT:
Some digital signature algorithms (such as RSA) require messages to be padded before they are signed. Secure tokens can use these padding bits as a subliminal channel to embed auditing information in their signed messages. These auditing bits simplify protecting against lost and stolen tokens; breaks of specific protocols, hash functions, and ciphers; and attacks based on defeating a token's tamper-resistance.
[full text - postscript] [full text - LaTeX]
Copyright Counterpane Internet Security, Inc., 2003
Reprint Permission