references - springer978-0-387-44606-6/1.pdf · references [i] anderson r: ... loompanics...
TRANSCRIPT
References
[I] Anderson R: Security Engineering: A Guide to Building Dependable, Distributed Systems; John Wiley & Sons, 2001. http://www.cl.cam.ac.uk/users/rial4/
[2] ANSI X9.17: Financial institution key management (wholesale), ASC X9 Secretariat American Bankers Association, 1985.
[3] ANSI X9.30-1: Public key cryptography for the Financial Services Industry - Part 1: The Digital Signature Algorithm (DSA); 1997.
[4] ANSI X9.30-2: Public key cryptography for the Financial Services Industry - Part 2: The Secure Hash Algorithm 1 (SHA-1); 1997.
[5] ANSI X9.42: Public Key Cryptography for the Financial Services Industry: Agreement of Symmetric Keys Using Discrete Logarithm Cryptography; 2001.
[6] ANSI X9.44: Public Key Cryptography Using Reversible Transport of Symmetric Algorithm Keys Using RSA.
[7] ANSI X9.62: Public Key Cryptography for the Financial Services Industry, The
Elliptic Curve Digital Signature Algorithm (ECDSA); 1998.
[8] ANSI X9.82 Part 3: Deterministic Random Bit Generators, ASC X9 Secretariat
American Bankers Association.
[9] Appleford K, Hill S: Postage Meter Approval Protection Profile; Consignia PLC, Logica UK Ltd, 30-Apr-2001 http://www.commoncriteriaportal.org/public/files/ppfiles/IPMAR pp.pdf
[10] Biham E, Chen R: Near collisions of SHA-0; Advances in Cryptology, Crypto 04, Springer-Verlag, Berlin 2004, pp290-305.
[II] Gerrit Bleumer: Secure PC-Franking for Everyone; Kurt Bauknecht, Sanjay Kumar Madria, Gunther Pemul (Eds.): Electronic Commerce and Web Technologies (EC-Web 2000), LNCS 1875, Springer-Verlag, Berlin 2000, 94-109.
[12] Blum L, Blum M, Shub M: A simple unpredictable pseudorandom number generator; SIAM Journal on Computing, 15 (1986), 364- 383.
[13] Brown D, Johnson D: Formal Security Proofs for a Signature Scheme with Partial Message Recovery; Topics in Cryptology, RSA 2001, Springer Verlag, Berlin 2001, http://grouper.ieee.org/groups/1363/Research/contributions/PVSigSec.pdf
228 Electronic Postage Systems
[14] Callas J, Donnerhacke L, Finney H, Thayer R: Open PGP; Request for Comments 2440, Nov 1998. http://www.ietf.org/rfc/rfc2440.txt
[15] Canada Post Corporation: Digital Meter Indicia Specification (DMIS); Version 1.2, May 2003.
[16] Canada Post Corporation: Postage Meter Product Information Handling Requirement; Version 2.0, May 15, 2003.
[17] Canada Post Corporation: Postage Server Product Information Handling Requirement; Version 2.02, Dec 2005.
[18] CEN TC 331 Postal Service http://www.nen.nl/cen331/
[19] CEN EN 14615: Digital postage marks - Applications, Security & Design, 2005.
[20] CNN: Gates: Buy stamps to send e-mail; CNN Technology; March 5, 2004. http://www.cnn.com/2004/TECH/internet/03/05/spam.charge.ap/index.html
[21] Coron JS: On the Security of Random Sources; in (Imai H and Zheng Y, Eds.), Public-Key Cryptography, LNCS 1560, Springer-Verlag, Berlin 1999, 29-42.
[22] Dallas Semiconductors: DS1954B Crypto iButton™, FIPS 140-1 Non-Proprietary, Cryptographic Module Security Policy, Level 3 Validation, August 16, 1999.
[23] Deutsche Post AG Zentrale: Voraussetzung zur Einfiihrung von Systemen zur PC-Frankierung; Version 1.2, Nov 2001.
[24] Deutsche Post AG Headquarters: FRANKIT New Generation Digital Franking; Version 1.3, May 2003
[25] Diffie W., van Oorschot P.C, Wiener M.: Authentication and Authenticated Key Exchanges; Designs, Codes and Cryptography, vol 2, 1992, pp 107-125.
[26] European Commission, DG Internal Market: Main Developments in the European Postal Sector; WIK Consult, Final Report, July 2004. http://europa.eu.int/comm/intemal market/post/doc/studies/2004-wik-fmal en.pdf
[27] European Network of Excellence (ECRYPT): The Side Channel Cryptanalysis Lounge; Ruhr Universitat Bochum. http://www.crypto.ruhr-uni-bochum.de/en sclounge.html
[28] European Parliament: Directive on the restriction of the use of certain hazardous substances in electrical and electronic equipment; Directive 2002/95/EC of the European Parliament and of the Council of 27 January 2003. http://europa.eu.int/eur-lex/pri/en/oi/dat/2003/l 037/1 03720030213enOO 190023.pdf
[29] Fisher D.: Companies, People, Ideas, Delivery Problems; in Forbes Feb 28, 2005 http://www.forbes.com/global/2005/0228/046.html
[30] German Federal Office for Information Security (BSI): IT Baseline Protection Manual; 2003 http://www.bsi.de/english/gshb/manual/download/index.html
[31] Saul Hansell: Postage Is Due for Companies Sending E-Mail; New York Times, Feb 5, 2006. http://www.nytimes.com/2006/02/05/technology/05AOL.html? r=l&oref==slogin.
[32] Harmon P., Rosen M., Guttman M.: Developing E-Business Systems and Architecture; Morgan Kaufmann Publishers, San Francisco, 2001.
[33] IEEE Standard 1363: Specifications for Public-Key Cryptography; 2000.
References 229
[34] IEEE Standard 1363a: Specifications for Public-Key Cryptography—Amendment 1: Additional Techniques; 2004.
[35] International Business Machines (IBM): IBM 4758 Models 2 and 23 PCI Cryptographic Coprocessor; Specification Sheet (G221-9091-04) (04/2004) http://www-1 .ibm.com/servers/eserver/zseries/library/specsheets/pdf/g2219091 .pdf
[36] International Standards Organization (ISO): Information Technology—Security Techniques, Modes of Operation for an n-bit block cipher; ISO/IEC 10116, 1997.
[37] International Standards Organization (ISO): "Information Technology AIDC Techniques Bar code symbology specification - PDF417"; ISO/IEC 15438.
[38] International Standards Organization (ISO): The Directory Authentication Framework; ISO/IEC/ITU 9594-8, 1988.
[39] International Standards Organization (ISO), "Information Technology AIDC Techniques Bar code symbology specification - Data Matrix"; ISO/IEC 16022. http://www. idautomation.com/datamatrixfaq .html
[40] International Standards Organization (ISO): The Information Security Standard; ISO/ lEC 17799, 2005 http://\wvw.isol 7799software.com/
[41] International Standards Organization (ISO): Common Criteria for Information Technology Security Evaluation, Version 2, May 1998, ISO/IEC JTC 1 15408 http://www.commoncriteriaportal.org/
[42] International Post Corporation: Global Electronic Postmark (EPM) http://v^rvvw.ptc.upu.int/ps/ebusi.shtml.
[43] Kahn D: The Codebreakers: The Comprehensive History of Secret Communication from Ancient Times to the Internet; Scribner 1996.
[44] Klima V, Rosa T: Attack on Private Signature Keys of the OpenPGP Format; Research Report 2001; http://eprint.iacr.org/2002/076.pdf
[45] Knuth D: The Art of Computer Programming — Seminumerical Algorithms, Vol 2, Addison-Wesley, Reading MA, 2nd edition 1973.
[46] Krawczyk H, Bellare M, Canetti R, HMAC: Keyed-Hashing for Message Authentication, Internet Engineering Task Force, Request for Comments (RFC) 2104, February 1997. http://www.faqs.org/rfcs/rfc2104.html
[47] Krawczyk H.: HMQV: A High-Performance Secure Diffie-Hellman Protocol; in V. Shoup (Ed.): Crypto 2005, LNCS 3621, Springer-Verlag August 2005, pp 546-566.
[48] Law L., Menezes A.J., Qu M., Solinas J., Vanstone S.: An efficient Protocol for Authenticated Key Management; Designs, Codes and Cryptography, vol 28, 119-134,2003.
[49] Levine, J.R.: An Overview of E-Postage; Feb 2004. http://www.taugh.com/epostage.pdf
[50] Mann CC: Homeland Insecurity; The Atlantic Monthly, Sep 2002 http://www.theatlantic.com/doc/200209/mann
[51] Matsumoto, T., Takashima, Y., Imai, H.: On seeking smart public-key distribution systems; Transactions lECE of Japan, 1986, E69(2), pp 99-106.
[52] Maurer UM: A universal statistical test for random bit generators; Journal of Crypto-logy, vol 5, no 2 (1992), 89-105.
230 Electronic Postage Systems
[53] Mayer M.: USPS will use a PKI to manage electronic postage; Government Computer News (GCN), Sep 7, 1998, Vol 7, No 24. http://www.gcn.eom/l7 24/news/33918-1 .html
[54] Menezes A..J., van Oorschot P.C, Vanstone S.A.: Handbook of Applied Cryptography; CRC-Press, August 2001. http://www.cacr.math.uwaterloo.ca/hac/
[55] Menezes A.J., Qu M., Vanstone S.: Some new key agreement protocols providing mutual implicit authentication; Second Workshop on Selected Areas in Cryptography (SAC), pp 22-32, 1995.
[56] Merkle RC: A fast software one-way hash function; Journal of Crypto logy, issue 3,
1990.
[57] Micali S, Schnorr C.P.: Efficient, perfect random number generators; Advances in
Cryptology, Crypto 88, Springer Verlag, Berlin 1990, 173-198.
[58] Mr. Unzip: How to Screw the Post Office; Loompanics Unlimited, Washington 2000.
[59] Neumann PG: Computer Related Risks; ACM Press, New York, Addison-Wesley, Reading Massachusetts, 1995. http://www.csl.sri.com/users/neumann/insiderisks.html
[60] Niehaus S.: GNU Stamp, http://gnustamp.sourceforge.net/
[61 ] Odlyzko A.: The Case Against Micropayments;
http://www.dtc.umn.edu/~odlyzko/doc/case.against.micropayments.pdf
[62] Pastor J: CRYPTOPOST (TM): A universal information-based franking system for automated mail processing. US Postal Services Fourth Advanced Technology Conference, Washington, D.C, Nov 5-7, 1990, pp 429^42.
[63] Pastor J: CRYPTOPOST (TM) - A Cryptographic Application to Mail Processing; Journal of Cryptology, vol 3, no 2, Springer Verlag, Berlin 1991, 137-146.
[64] Paul H. (Hg.): AbschluBbericht der Mensch - Maschine - Kommunikation 1995 -Irritation und Komplexitat; Institut Arbeit und Technik, Gelsenkirchen, 1996
http://www.iatge.de/aktuell/veroeff/ps/paul96b.pdf
[65] Pfleeger C: Security in Computing (3rd ed); Prentice Hall PTR, Dec 2002.
[66] Pintsov L, Vanstone S: Postal Revenue Collection in the Digital Age; Financial Cryptography 2000, Springer Verlag, Berlin 2001, http://www.postinsight.pb.com/files/POST REV.pdf
[67] American Society of Mechanical Engineers: Pitney Bowes Model M Postage Meter 1920, An International Historic Mechanical Engineering Landmark, September 1986. http://www.asme.org/Communities/History/Landmarks/ PitneyBowes Model M Postage.cfm
[68] Rowe C: Mail Fraud; Chip's Closet Cleaner Issue 13
http://www.chiprowe.com/articles/mail.html
[69] RSA Laboratories: Public Key Crypto Systems, PKCS#1, Version 1.5; Nov 1993.
http://www.rsasecurity.com/rsalabs/
[70] Schneier B: Applied Cryptography: Protocols, Algorithms, and Source Code in C,
Second Edition; John Wiley, 1996.
[71] Shamir A: On the generation of cryptographically strong pseudoyrandom sequences;
ACM Trasnactions on Computer Systems, 1 (1983), 38-44.
[72] Skala M, Roth M, Hernaeus N, Guyomarch R, Koch W: Gnu Privacy Guard; 2005. http://www.gnupg.org/
References 231
[73] Thales e-Security Inc.: WebSentry^^ Secures the First Live Electronic Stamping System; http://www.thales-esecurity.com/CaseStudies/Documents/Stampit Case Study.pdf
[74] Tilborg Hv: Encyclopedia of Cryptography and Security; Springer Verlag, New York
2005.
[75] TPG: NetSet™: de nieuwe standaard http://www.tpgpost.nl/business/post versturen/frankeren/frankeermachines/net-set.jsp
[76] Tygar JD, Yee BS: Secure Coprocessors in Electronic Commerce Applications; Proceedings of USENIX Electronic Commerce Workshop, New York 1995, 155-170. http://citeseer.ist.psu.edu/yee95secure.html
[77] Tygar JD., Yee BS., Heintze N.: Cryptographic Postage Indicia; in Concurrency, and Parallelism, Programming, Networking, and Security, ASIAN '96; LNCS 1179, Springer-Verlag, Berlin 1996, pp378-391. ftp://www.cs.ucsd.edu/pub/bsy/pub/asian-96.ps
[78] Tygar JD., Yee BS., Heintze N.: Cryptographic Postage Indicia; Research Report CMU-CS-96-113. http://www.cs.berkeley.edu/~tygar/papers/Cryptographic Postage Indicia/CMU-CS-96-113.pdf
[79] United States Census Bureau: The Current Population Survey; 2006,
http://www.census.gov/population/www/socdemo/migrate.html
[80] United States Federal Register, "Postal Service Retirement Plan for manually set postage meters", vol 65, no 84, May 1, 2000, pp 25399-25400. http://ribbs.usps.gov/files/fedreg/usps2000/00-10812.PDF
[81] United States Federal Register, "Retirement Plan for Manually Set Postage Meters", vol 65, no 240, December 13, 2000, pp 77934-77938,. http://www.gpoaccess.gov/fr/index.html
[82] United States Federal Register, "Manufacture, Distribution, and Use of Postage Meters—Final Rule", vol 60, no 111, June 9, 1995, pp 30713-30742. http://www.gpoaccess.gov/fr/index.html
[83] United States General Accounting Office: "Report to the Chairman, Subcommittee on Federal Services, Post Office and Civil Service, Committee on Governmental Affairs, U.S. Senate: Postage Meters, Risk of significant financial loss but controls are being strengthened". May, 1994. http://archive.gao.gOv/t2pbat3/l 51880.pdf
[84] United States General Accounting Office, "Letter to Senator David Pryor Ranking Minority Member Subcommittee on Post Office and Civil Service United States Senate", Sep 26, 1996.
http://www.gao.gov/cgi-bin/getrpt7GGD-96-194R
[85] United States National Institute of Standards and Technology (NIST): Cryptographic Toolkit. http://csrc.nist.gov/CryptoToolkit/index.html
[86] United States National Institute of Standards and Technology (NIST): Security Requirements for Cryptographic Modules, Federal Information Processing Standards Publication 140-1, Jan. 11, 1994. http://www.itl.nist.gov/fipspubs/flpl40-l.htm
232 Electronic Postage Systems
[87] United States National Institute of Standards and Technology (NIST): Security Requirements for Cryptographic Modules; Federal Information Processing Standards Publication 140-2, May 25, 2001.
http://csrc.nist.gov/publications/fips/fipsl40-2/fipsl402.pdf
[88] United States National Institute of Standards and Technology (NIST): Derived Test Requirements for FIPS 140 (Draft); Mar 24, 2004 http://csrc.nist.gov/cryptval
[89] United States National Institute of Standards and Technology (NIST): Cryptographic Module Validation Program (CMVP); http://csrc.nist.gov/cryptval
[90] United States National Institute of Standards and Technology (NIST): Secure Hash
Standard, Federal Information Processing Standards Publication 180, May, 1993.
[91] United States National Institute of Standards and Technology (NIST): Secure Hash ^tdLXiddixd^ Federal Information Processing Standards Publication 180, April, 1995. http://www.itl.nist.gov/fipspubs/fipl 80-1 .htm
[92] United States National Institute of Standards and Technology (NIST): Secure Hash Standard, Federal Information Processing Standards Publication 180-2, Aug 1, 2002. http://csrc.nist.gov/publications/fips/fips 180-2/fips 180-2withchangenotice.pdf
[93] United States National Institute of Standards and Technology (NIST), "Digital Signature Standard (DSS)"; Federal Information Processing Standards Publication 186, May 19, 1994. http://csrc.nist.gov/cryptval/dss.htm
[94] United States National Institute of Standards and Technology (NIST): Digital Signature Standard (DSS), Federal Information Processing Standards Publication 186-2, Jan 27, 2000. http://csrc.nist.gov/publications/fips/fips 186-2/fips 186-2-change 1 .pdf
[95] United States National Institute of Standards and Technology (NIST): Digital Signature Standard (DSS), Federal Information Processing Standards Publication 186-3, Jan 27, 2000. http://csrc.nist.gov/publications/fips/fips 186-2/fips 186-2-change 1 .pdf
[96] United States National Institute of Standards and Technology (NIST), The Keyed-Hash Message Authentication Code (HMAC); Federal Information Processing Standards Publication 198, Apr 8, 2002. http://csrc.nist.gov/publications/fips/fips 198/fips-198a.pdf
[97] United States National Institute of Standards and Technology (NIST): An Introduction to Computer Security - The NIST Handbook; Special Publication 800-12, October 1995 http://csrc.nist.gov/publications/nistpubs/800-12/800-12-html/index.html
[98] United States National Institute of Standards and Technology (NIST): Recommendation for Key Management; NIST Special Publication 800-57, Aug 2005. http://csrc.nist.gov/publications/nistpubs/
[99] United States Postal Rate Commission, http://www.prc.gov
[100] United States Postal Services (USPS): Information Based Indicia Program; Performance Criteria for Information-Based Indicia and Security Architecture for Closed IBI Postage Metering Systems (PCIBI-C); January 12, 1999.
References 233
[101] United States Postal Services (USPS): Information Based Indicia Program; Performance Criteria for Information-Based Indicia and Security Architecture for Open IBI Postage Metering Systems (PCIBI-0); June 25, 1999. http://www.usps.com/postagesolutions/programdoc.html
[102] United States Postal Services (USPS): Information Based Indicia Program; Performance Criteria for Information-Based Indicia Program Systems Employing Centralized Postal Security Devices (PCIBI-WAN); August 17, 2000.
[103] United States Postal Services: Postal Explorer http://pe.usps.gov
[104] United States Postal Services: Domestic Mail Manual, Chapter 604, §4.4
[105] United States Postal Services: Postage Evidencing Product Submission Procedures (Correction); Federal Register, vol 67, no 232, Dec 3, 2002. http://ribbs.usps.gov/files/fedreg/usps2002/02-30649.pdf
[106] United States Postal Services Postal Inspection Service: "The Story of American Presort, Inc", http://www.usps.com/postalinspectors/ar02/ar02nsrt.htm
[107] Universal Postal Union: Electronic Postmark (EPM) Interface; Standard S43-2, Nov 20, 2003.
[108] Universal Postal Union, http://wvv^w.upu.int
[ 109] Universal Postal Union, "Postal Market 2004, Review and Outlook". http://www.upu.org/statistics/en/postal market 2004 review and outlook en.pdf
[110] Universal Postal Union: Development of Postal Services in 2004. http://www.upu.int/statistics/en/development of postal services in 2004 en.ppt
[111] Universal Postal Union: The Worldwide Postal Network in Figures. http://www.upu.int/news centre/documents/en/ brochure the worldwide postal network in figures en.pdf
[112] Universal Postal Union: Identification of postal items - Part C: 13 character identifier for special letter products; UPU Standard SlOc, Approved 19-Apr-2005.
[113] Universal Postal Union: International Postage Meter Approval Requirements (IPMAR); UPU Standard S30-4, Approved 17-Oct-2000.
[114] Universal Postal Union: Digital postage marks (DPM) — Applications, Security and Design; UPU Standard S36-4, Approved 06-Oct-2004.
[115] Vaudenay S: The Security of DSA and ECDSA, Bypassing the Standard Elliptic Curve Certification Scheme; Y.G. Desmedt (Ed.): PKC 2003, LNCS 2567, Springer-Verlag, Berlin Heidelberg 2003, pp. 309-323.
[116] Wang XY, Feng DG, Yu HB: How to Break MD5 and other Hash Function; Advances in Cryptology, Eurocrypt 04, Springer-Verlag, Berlin 2005, ppl9-35.
[117] Wang XY, Lai XJ, Feng DG, Chen H, Yu XY: Cryptanalysis for Hash Functions MD4 and RIPEMD, Advances in Cryptology, Eurocrypt 05, Springer-Verlag, Berlin 2005,ppl-18.
[118] Wang XY, Yao A, Yao F: New collision search for SHA-1; Rump Session of Crypto 05.
[119] Wang XY, Yin YL, Yu HB: Finding Collisions in the Full SHA-1; Advances in Cryptology, Crypto 05, Springer-Verlag, Berlin 2005, pp 17-36.
234 Electronic Postage Systems
[120] Weingart S.H., White S.R., Arnold W.C., Double G.P., An Evaluation System for the Physical Security of Computing Systems, IEEE Sixth Annual Computer Security Applications Conference, Dec 3-7, 1990, Tucson AZ, pp. 232-243.
[121] Westdeutscher Rundfunk: Betrug mit Frankiermaschine; WDR Aktuell, June 18, 2001. http://www.wdr.de/online/news/postbetrug/index.phtml
Appendix A
List of Acronyms
Keyword Explanation
3DES
AADC
ACH
ACS
AES
AMS
ANSI
AR
CA
CA
CC
CCD
CEM
CEN
CFS
CISSP
Tiple-DES
Automated Area Distribution Center, i.e., a USPS mail processing center
Automatic Clearing House
Address Change Service of the US Postal Service
Advanced Encryption Standard
Address matching service
American National Standards Institute
Ascending Register
Two letter abbreviation for Canada (ISO 3166)
Certification Authority
Common Criteria
Charge Coupled Device, technology used for digital photography
Common evaluation methodology
Comite Europeen de Normalisation, European Committee for Standardization
Computerized Forwarding System of the US Postal Services
Certified information system security professional
236 Electronic Postage Systems
Keyword Explanation
CMVP Cryptographic Module Validation Program of NIST
CO A Change of Address (of the US Postal Service)
CORBA Common Object Request Broker Architecture of the OMG
CPC Canada Post Corporation
CPU Central processing unit, main processor
CRC Cyclic Redundancy Code
CRL Certificate Revokation List
DES Data Encryption Standard
DMIS Digital Meter Indicia Specification of the Canada Post Corporation
DP AG Deutsche Post AG
DR Descending Register
DSA Digital Signature Algorithm
DSL Digital subscriber line
DSS Digital Signature Standard
DTR Derived Test Requirements under FIPS 140
EAL Evaluation Assurance Level (under Common Criteria)
ECDSA Elliptic Curve DSA
EDI Electronic document interchange
EEPROM Electrically Erasable PROM
EFP / EFT Environmental failure protection / testing
EJB Enterprise Java Beans
EKP Customer number provided by Deutsche Post
EMI / EMC Electromagnetic interference / compliance
EPROM Erasable PROM
EPV Elliptic curve PV
ERP Enterprise Resource Planning
ESI "Entgeltsicherung", German for revenue protection group
Appendix A: List of Acronyms 237
Keyword Explanation
EUR European currency
FIM Facing identification mark
PIPS Federal Information Processing Standard of NIST
FTP File Transfer Protocol
GPG GNU Privacy Guard
HMAC message authentication code mechanism based on a hash function
HMQV Hash enhanced MQV
HSM Hardware Security Module
IBI Information Based Indicia
IBIP IBI Program
IC Integrated Circuit
IEEE Institute of Electrical and Electronic Engineers, Inc.
IPC International Post Corporation
IPMAR International Postage Meter Approval Requirements
ISO International Standards Organization
ITSEC Information Technology Security Evaluation Criteria
MAC Message authentication code, message authentication code mechanism
MD Message Digest
MLOCR Multi-line optical character recognition
MQV Menezes, Qu, Vanstone
NCSC National Customer Support Center (of the US Postal Service)
NIST National Institute of Standards and Technology of the United States
NVLAP National voluntary laboratory accreditation program of NIST
ODIS Origin destination information system (of the US Postal Service)
OMG Open Management Group
PC Personal Computer
PC Piece Count Register
238 Electronic Postage Systems
Keyword
PGP
PKCS
PKD
PKI
PP
PROM
PSAG
PSD
PSD-PSN
PTM
PV
PVD
PVD-R
PVR
RA
RAID
RAM
REMPI
RFC
RIPE
ROM
RSA
RSM
RTC
SHA
SOHO
SRDI
Explanation
Pretty Good Privacy
Public Key Crypto System Standard
Public Key Directory
Public Key Infrastructure
Protection Profile (Common Criteria)
Programmable ROM
Postal Security Action Group
Postal security device
Postal Serial Number of a PSD
Postal Technology Management of the US Postal Services
Pintsov-Vanstone digital signature mechanism
Postage value download
PVD request
Postage value refund
Registration Authority
Redundant Array of Independent Disks
Random access memory
Re-engineering the mail—Postal Interface
Request for Comment
RACE Integrity Primitives Evaluation
Read only memory
Rivest-Shamir-Adleman digital signature mechanism
Revenue Sensitive Module
Real time clock
Secure Hash Algorithm
Small office / home office
Security relevant data item
Appendix A: List of Acronyms 239
Keyword Explanation
SSL Secure Socket Layer
ST Security Target (Common Criteria)
STS Station-to-station protocol
TCPSEC Trusted Computer Product Security Evaluation Criteria
TLS Transport Layer Security
TPG Netherlands Post
TS Total Settings Register
UK United Kingdom
UPU Universal Postal Union
USPS United States Postal Services
UZ "Unzustellbar", German for mail item not-deliverable
XML extendible markup language
ZIP Zone Improvement Program (of the US Postal Service)
Appendix B
About the Author
As senior cryptography architect, Gerrit Bleumer lead the design and development of the global cryptographic architecture of Francotyp-Postalia Group (FP), which controls the transport and delivery of cryptographic modules worldwide and supports postage meters from their initialization to removal from market. Since 2004, he has headed the department of innovation projects and product quality of the research and development division of FP. He has served on the advisory board of the Encyclopedia of Cryptography and Security published by Springer.
In 1991, he received a diploma in computer science from the University of Karlsruhe, Germany. From 1992 to 1996, he worked as research associate in several research projects in security of health care informatics funded by the Commission of the European Union. From 1997 to 1999, he worked as senior technical staff member at AT&T Labs-Research in Florham Park, NJ. In 2001 he received a Doctorate in computer science from the University of Dortmund, Germany.
Index
Numerics 2D barcode symbology 14
64
A active attack 95 address matching services advertisement 10 alteration 190 application layer 72 ascending register 7, 37 assurance 207 asymmetric encryption mechanism 92, 94 asymmetric message authentication
mechanisms 99 atomicity 36 attack
active 95 alteration 190 bogus postal security devices collusion 187 copying 190 cryptanalysis 191 existential forgery 102 hijacking the print mechanism impersonation 188 inappropriate induction 191 manipulation 189 message replay 190 miss-application 190 obliteration 191 physical 189 print multiplexing 189
190
189
repudiation 188 selective cryptanalysis 95 selective forgery 102 side channel 189 substitution 191 subversion of key management subverted payments 188 system infiltration 188 total break 95,102 universal break 95,102
attack counterfeiting 190 attacker model 183 authenticating key 99 authorization 60
B bank payment channel 29 barcode symbology
2D 14 DataMatrix 14 PDF417 14
batch mode 31 block size 97 blocking 61 bogus postal security devices 190 business reply mail 47
carriers 35 cell 33 certified mail 45 certified mail statement 45
189
244 Electronic Postage Systems
class of mail 41 Click'n'ship 167 closed e-postage device 26 collision resistance 97 collusion 187 Common Criteria Recognition
Arrangement 219 Common Evaluation Methodology 220 common services layer 72 competitive postal operator 22 copying 190 counter 10 counterfeiting 190 courtesy reply mail 47 credit limit 31 cryptanalysis 191 cryptographic boundary 213,219 cryptographic checksum 33, 58, 88 cryptographic key 91
pair 94 private 94 public 94 secret key 93 symmetric key 93
cryptographic mechanism asymmetric encryption 92 digital signature 99 hash function 96 message authentication code 99 security parameter 91 symmetric encryption 92
cube 33 customized stamps 19 cyclic redundancy check code (CRC) 98
D data capture 43 data correction indicium 46 data integrity 98 data matrix
cell 33 cube 33 element 33
DataMatrix 14 delivery confirmation 46 delivery point barcode 86 depositing post office 10, 27, 28 descending register 7, 37
destruction stage 108 digital postage meter 13 digital postmark 2 digital signature 99, 101 digital signature mechanism 99, 101
non-repudiation 103 private key 101 public key 101 with appendix 102 with message recovery 102
distribution tier 72
E eBay 168 electronic postage 1 electronic postage system 2, 17
server infrastructure 17 electronic postmark 1 electronic presorting 23 electronic signature
see digital signature element 33 encryption mechanism
active attack 95 asymmetric 92,94 key transport channel 93 mode of operation 94 passive attack 95 secret key 93 selective cryptanalysis 95 symmetric 92 total break 95 universal break 95
encryption mechanisms public key 94
end date 43 Endicia.com 167 endorsement 10 enterprise tier 72 entropy 111 e-postage device 25
closed 26 data capture 43 local state 72 mail-handler 39 multi-carrier 29 offline 25 online 25
Index 245
open 26 postal security device 38 remote state 72 usage profiles 44
e-postage minting system 25, 28 e-postage provider 28 e-postage system
bank payment channel 29 e-postage minting system 28 e-postage provider 28 post backoffice 28 postal payment channel 29
evaluation 207 evaluation assurance levels 219 existential forgery 102 extra services 41
facing identification mark (FIM) 64, 137 FIM see facing identification mark
H hardware security module 14 hash function 96
one-way 97 hash results 97 hash values 97 hijacking the print mechanism 189 hybrid encryption 112 hybrid mail 23
I IBI-lite 139, 174 impersonation 188 imprint
5eepostage imprint 9 inappropriate induction 191 indicia 13 indicia key 38,58 inducting post office 10 initialization 59 integration testing 208 integrity check value
see message authentication code international mail 24 International Post Corporation 24 issuer 113
K key
authenticating 99 public key pair 101 signing 99 verifying 99
key life cycle pre-operational stage 107
key life-cycle destruction stage 108 operational stage 108 post-operational stage 108
key transport channel 93, 100
licensing post office 28 local state 72 lost or stolen e-postage devices 197
M MAC
see message authentication code mail- carrier 49 mail processing facility
originating 34 mailer's value-added services 39 mail-handler 39 mailing behavior monitoring 196 mailing date 7 mailing parameter entry 44 manipulation 189 message authentication 98 message authentication code 99 message authentication mechanism
asymmetric 99 existential forgery 102 selective forgery 102 total break 102 universal break 102
message digest 104 message replay attacks 190 miss-application 190 mode of operation 94 monthly invoice 30 multi-carrier e-postage device 29
246 Electronic Postage Systems
N non-repudiation 103
o obliteration 191 offline e-postage device 25 one-way liash function 97 online e-postage device 25 online mode 31 open e-postage devcie 26 operational stage 108 origin and destination 41 originating mail processing facility 34
passive attack 95 payment method
monthly invoice 30 post-download 30 pre-download 30
payment/volume reconciliation 196 PDF417 14 perimeter security paradigm 31 personalized stamps 19 physical attacks 189 piece count register 8, 37 point-to-point security paradigm 31 post backoffice 28 post office
depositing 28 inducting 27 licensing 28
postage amount entry 44 postage correction indicium 46 postage evidencing device see digital post
age meter postage imprint
advertisement 10 counter 10 endorsement 10 postmark 10 towncircle 10 tracking number 10 traditional 9
postage meter digital 13
postage minting system batch mode 31
online mode 31 Postage Point 153, 175 postage rate table 42
end date 43 start date 43
postage value download 25, 61 postage value refiind 32 postal approval process 207 postal code 8
ZIP code 8 postal operator
competitive 22 private 21 universal 21,22
postal payment channel 29 postal register 7, 36, 60
ascending 7,37 descending 7,37 piece count 8, 37 total settings 8, 37
postal register reconciliation 196 postal security device 38, 53
authorization 60 blocking 61 initialization 59 postage value download 61 postal serial number 60 real-time clock 59 re-authorization 62 re-initialization 62 scrapping 63 unblocking 61 validation 60 virtual 69 watchdog timer 59 withdrawal 61
postal security producing indicia 60 postal serial number 60 postal value-added services 40 Post-download payment method 30 postmark 10
indicia 13 post-operational stage 108 pre-download payment method 30 preimage resistance 97 pre-operational stage 107 presentation tier 72 presort type 41 print multiplexing 189
Index 247
private key 94, 101 private postal operator 21 producing indicia 60 product code 41 product code entry 44 protection profile 219 PSD-PSN 60 pseudo-random bit generator 110
entropy 111 seed 110 unpredictable 112
public key 94,101 public key certificate 113
issuer 113 subject key 113
public key encryption mechanisms 94 public key pair 94,101 putting e-postage devices on hold 197 PVD <$I Italicpostage value download 25
R range of size 41 range of weight 41 rate category 41, 44
class of mail 41 extra services 41 origin and destination 41 presort type 41 range of size 41 range of weight 41 subclass of mail 41
rate table 42 readability testing 209 real-time clock 59 re-authorization 62 redate indicium 46 refusal problem 4 registered mail 45 regular use testing 208 re-initialization 62 remote state 72 repudiation 188 resource tier 72 revenue sensitive module 216 risk assessment stage 183 risk maintenance stage 184 risk management
risk maintenance stage 184
risk reduction stage 184 risk reduction stage 184 RSM
see revenue sensitive module
s scrapping 63 second preimage resistance 97 secret key 93 secret key encryption mechanisms 93 secret prefix 100 secret suffix 100 security compliance testing 208 security parameter 91 seed 110 selective cryptanalysis 95 selective forgery 102 semi-atomicity 36 server infrastructure 17 shared secret key 99 Shipstream Manager 168 side channel attacks 189 signature confirmation 46 signing key 99 site security audit 207, 208 SmartStamp 168 software architecture
application layer 72 common services layer 72 distribution tier 72 enterprise tier 72 presentation tier 72 resource tier 72
Stampit Business 168 StampItHome 168 Stampit Web 168 stamps.com 167 start date 43 statement of induction 199 subclass of mail 41 subject key 113 substitution 191 subversion of key management 189 subverted payments 188 symmetric encryption mechanism 92 symmetric key 93 system infiltration 188
248 Electronic Postage Systems
T tamper evidence 218 tamper responsive envelope 53, 54 target of evaluation 219 terminal dues 24 testing 207 total break 95,102 total settings register 8, 37 town circle 10 tracking number 10, 45 traditional postage imprint 9
u unblocking 61 universal break 95,102 universal postal operator 22 universal postal operators 21 unpredictable 112 usage data 17 usage profiles 44 USPS Postal Technology Management
(PTM) 13
V validation 60 value-added services
of the mailer 39 postal 40
verifying key 99 virtual postal registers 37 virtual postal security device 69
see also hardware security module volume analysis 196
w watchdog timer 59 WebStamp 168 withdrawal 61
z ZIP codes