仅对文档内容进行签名是不够的:一种针对数字签名的新攻击

2008 First International Conference on the Applications of Digital Information and Web Technologies (ICADIWT) Pub Date : 2008-10-31 DOI:10.1109/ICADIWT.2008.4664402

F. Buccafurri, G. Caminiti, G. Lax

{"title":"仅对文档内容进行签名是不够的:一种针对数字签名的新攻击","authors":"F. Buccafurri, G. Caminiti, G. Lax","doi":"10.1109/ICADIWT.2008.4664402","DOIUrl":null,"url":null,"abstract":"Digital signature represents the only valid method to give signed electronic documents probative value at least as traditional documents with handwritten signature. The above claim has a full counterpart with the current law system of most countries, so that the process of document dematerialization has been already started relying on the current infrastructures as well as the current juridical regulations, with strong attention towards common interoperability rules. As a consequence, the issue regarding the vulnerabilities of digital signature is particularly important. This paper presents a new attack to digital signature not based on the insertion of instructions in the document to sign but in the same way producing a non-static visualization of the signed document, with the purpose of producing (legal) effects different from those desired by the signer. The paper proves the attack by example and gives a possible way to contrast it.","PeriodicalId":189871,"journal":{"name":"2008 First International Conference on the Applications of Digital Information and Web Technologies (ICADIWT)","volume":"27 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2008-10-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"Signing the document content is not enough: A new attack to digital signature\",\"authors\":\"F. Buccafurri, G. Caminiti, G. Lax\",\"doi\":\"10.1109/ICADIWT.2008.4664402\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Digital signature represents the only valid method to give signed electronic documents probative value at least as traditional documents with handwritten signature. The above claim has a full counterpart with the current law system of most countries, so that the process of document dematerialization has been already started relying on the current infrastructures as well as the current juridical regulations, with strong attention towards common interoperability rules. As a consequence, the issue regarding the vulnerabilities of digital signature is particularly important. This paper presents a new attack to digital signature not based on the insertion of instructions in the document to sign but in the same way producing a non-static visualization of the signed document, with the purpose of producing (legal) effects different from those desired by the signer. The paper proves the attack by example and gives a possible way to contrast it.\",\"PeriodicalId\":189871,\"journal\":{\"name\":\"2008 First International Conference on the Applications of Digital Information and Web Technologies (ICADIWT)\",\"volume\":\"27 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2008-10-31\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2008 First International Conference on the Applications of Digital Information and Web Technologies (ICADIWT)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICADIWT.2008.4664402\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2008 First International Conference on the Applications of Digital Information and Web Technologies (ICADIWT)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICADIWT.2008.4664402","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 2

摘要

数字签名是使签名的电子文档至少与手写签名的传统文档一样具有证明价值的唯一有效方法。上述主张与大多数国家的现行法律制度完全对应，因此，依靠现有的基础设施和现行的司法法规，文件非物质化的进程已经开始，并高度重视共同的互操作性规则。因此，数字签名的漏洞问题就显得尤为重要。本文提出了一种新的数字签名攻击方法，不是基于在文件中插入签名指令，而是以同样的方式产生签名文件的非静态可视化，其目的是产生与签名者期望的不同的(法律)效果。文中通过实例证明了这种攻击方法，并给出了一种可能的对比方法。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Signing the document content is not enough: A new attack to digital signature

Digital signature represents the only valid method to give signed electronic documents probative value at least as traditional documents with handwritten signature. The above claim has a full counterpart with the current law system of most countries, so that the process of document dematerialization has been already started relying on the current infrastructures as well as the current juridical regulations, with strong attention towards common interoperability rules. As a consequence, the issue regarding the vulnerabilities of digital signature is particularly important. This paper presents a new attack to digital signature not based on the insertion of instructions in the document to sign but in the same way producing a non-static visualization of the signed document, with the purpose of producing (legal) effects different from those desired by the signer. The paper proves the attack by example and gives a possible way to contrast it.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2008 First International Conference on the Applications of Digital Information and Web Technologies (ICADIWT)

自引率

0.00%

发文量