Title :
Hardening digital signatures against untrusted signature software
Author :
Buccafurri, Francesco ; Lax, Gianluca
Author_Institution :
DIMET, Univ. of Reggio Calabria, Reggio Calabria
Abstract :
Digital signature is nowadays a consolidated machinery allowing the management of electronic documents with full legal power. In this scenario, digital signature represents thus the key issue on every process of document de- materialization toward which both private and public organizations, as well as simple citizens, are moving quickly. Unfortunately, digital signature suffers from a severe vulnerability, directly deriving from the potential untrustworthy of the platform where the signature generation process runs. Indeed, the usage of secure smart cards does not eliminate the necessity of interfacing them with the PC. allowing the attacker to poison the PC itself to obtain signed documents with no intention from the subscriber. The problem is inherently unsolvable, provided that the current signature mechanism, as well as its legal value, are maintained. In this paper we give a solution with nice backward compatibility properties, working as a full solution in a restricted (but probable) set of untrustworthy cases, and mitigating the problem in the more general case.
Keywords :
digital signatures; digital signatures; document dematerialization; electronic documents management; secure smart cards; signature generation process; untrusted signature software; Application software; Cryptography; Digital signatures; Lab-on-a-chip; Law; Legal factors; Machinery; Proposals; Smart cards; User interfaces;
Conference_Titel :
Digital Information Management, 2007. ICDIM '07. 2nd International Conference on
Conference_Location :
Lyon
Print_ISBN :
978-1-4244-1475-8
Electronic_ISBN :
978-1-4244-1476-5
DOI :
10.1109/ICDIM.2007.4444217
