Hardening Digital Signatures against Untrusted Signature Software

姓名：謝宏偉學號：M99G0219

Digital Information Management, 2007. ICDIM '07. 2nd International Conference on

1.前言 The basic property digital signature has to satisfy is that, at

least as autograph signature, it is a non-repudiable proof of both the identity of the provenances of electronic documents and the declaration of what documents themselves represent.

As a consequence, every form of vulnerability should be carefully considered in order to understand whether digital signature may represent for electronic documents what handmade signature represents for traditional ones.

1.前言 The most critical point of the digital signature protocol is

the secreteness of the private key.

The weak point of this proposal is that the delayed confirmation of the signature introduces from both a practical and a legal point of view a number of problems, whose solution should not be simple and, more importantly, should have radical impacts, probably not tolerable in a scenario where digital signatures have a significative diffusion and are included in the law system of most countries in a stable and consolidated way.

2.方法 As explained in the introduction, digital signature suffers

from a severe vulnerability, directly deriving from the potential untrustworthy of the platform where the signature generation process runs.

2.方法 Our method works as a full solution in a restricted (but

probable) set of untrustworthy cases, and mitigates the problem in the more general case.

it does not require new peripherals,

it can be implemented using smart cards existing today as well as existing signature softwares,

it does not require significative extra procedural charge to the user and, finally,

it does not affect the legal notion of digital signature.

2.方法 The data source employed for the check is a Java applet

coming from the smart card (that is a Java smart card) and, to increase security, the operations required to the applet are minimized to just those necessary to implement the check, that is, both:

allowing the user to choose the document.

sending it to the smart card to serially compute the digest and comparing it with that coming from the signature software.

3.執行結果 Our proposal requires an additional preliminary step w.r.t.

the current signature protocol in which the user sends

3.執行結果 It is worth noting that our technique is able to contrast

the malware-based attack in case it is conducted at user-level, that is both JVM and OS of the PC are not corrupted.

In the other cases, clearly the proposed methodology cannot guarantee that it succeeds, since we cannot exclude that a man-in-the-middle attack, poisoning the I/O functionalities of the platform hides the actual communication between the PC and the smart-card.

3.執行結果 As widely remarked both in this paper and in the

literature, in case the platform cannot be considered trusted no full solution may exist.

Anyway, we may expect that a number of even kernel-level-malware-based attacks can be correctly intercepted by our check mechanism thus avoiding that it succeeds.

4.執行問題 We start by giving some more detail about Java cards.

Every Java card can store and run several Java card applets allowing thus the implementation of different features carried on the same card.

Java applets are passive, so that they cannot start a communication but only reply requests coming from some software through the Java card reader device.

4.執行問題 For security reasons, the default is that applets do not

share memory and are isolated each other, but they can communicate or share resources in case this is explicitly required.

A Java card contains the Java Card Virtual Machine, used to process bytecode, and some native methods implemented in hardware in case it has to run complex operations like cryptographic algorithms.

4.執行問題

5.結論 The importance of encryption-based digital signature is

nowadays universally known, due to the revolution that such a mechanism has induced on the role that electronic documents may have in both public and private organizations.

In fact, digital signature represents at the moment the only valid method to give to signed electronic documents probation value at least as traditional documents with autograph signature.

5.結論 The above claim has a full counterpart with the current law

system of most countries, so that the process of document dematerialization has been already started relying on the current infrastructures as well as the current juridical regulation, with strong attention towards interoperability common rules.

Actually, a serious vulnerability occurs, not depending on the algorithms on which digital signature relies, but strictly related to the practical way in which digital signature is implemented.

5.結論 This vulnerability allows an attacker to sign documents

and to exploit them without any intention of the signature's owner.

The danger is thus very concrete, especially if we think of a next future where electronic documents will be used in a pervasive way in all economics and administrative negotiations.