Hardening Digital Signatures
against Untrusted Signature
Software
Digital Information Management, 2007. ICDIM '07. 2nd International Conference on
姓名：謝宏偉
學號：M99G0219
1.前言


The basic property digital signature has to satisfy is that, at
least as autograph signature, it is a non-repudiable proof of
both the identity of the provenances of electronic
documents and the declaration of what documents
themselves represent.
As a consequence, every form of vulnerability should be
carefully considered in order to understand whether
digital signature may represent for electronic documents
what handmade signature represents for traditional ones.
1.前言


The most critical point of the digital signature protocol is
the secreteness of the private key.
The weak point of this proposal is that the delayed
confirmation of the signature introduces from both a
practical and a legal point of view a number of problems,
whose solution should not be simple and, more
importantly, should have radical impacts, probably not
tolerable in a scenario where digital signatures have a
significative diffusion and are included in the law system of
most countries in a stable and consolidated way.
2.方法

As explained in the introduction, digital signature suffers
from a severe vulnerability, directly deriving from the
potential untrustworthy of the platform where the
signature generation process runs.
2.方法

Our method works as a full solution in a restricted (but
probable) set of untrustworthy cases, and mitigates the
problem in the more general case.




it does not require new peripherals,
it can be implemented using smart cards existing today as well as
existing signature softwares,
it does not require significative extra procedural charge to the user
and, finally,
it does not affect the legal notion of digital signature.
2.方法

The data source employed for the check is a Java applet
coming from the smart card (that is a Java smart card) and,
to increase security, the operations required to the applet
are minimized to just those necessary to implement the
check, that is, both:


allowing the user to choose the document.
sending it to the smart card to serially compute the digest and
comparing it with that coming from the signature software.
3.執行結果

Our proposal requires an additional preliminary step w.r.t.
the current signature protocol in which the user sends
3.執行結果


It is worth noting that our technique is able to contrast
the malware-based attack in case it is conducted at
user-level, that is both JVM and OS of the PC are not
corrupted.
In the other cases, clearly the proposed methodology
cannot guarantee that it succeeds, since we cannot
exclude that a man-in-the-middle attack, poisoning the
I/O functionalities of the platform hides the actual
communication between the PC and the smart-card.
3.執行結果


As widely remarked both in this paper and in the literature,
in case the platform cannot be considered trusted no full
solution may exist.
Anyway, we may expect that a number of even kernel-levelmalware-based attacks can be correctly intercepted by our
check mechanism thus avoiding that it succeeds.
4.執行問題



We start by giving some more detail about Java cards.
Every Java card can store and run several Java card applets
allowing thus the implementation of different features
carried on the same card.
Java applets are passive, so that they cannot start a
communication but only reply requests coming from some
software through the Java card reader device.
4.執行問題


For security reasons, the default is that applets do not
share memory and are isolated each other, but they
can communicate or share resources in case this is
explicitly required.
A Java card contains the Java Card Virtual Machine,
used to process bytecode, and some native methods
implemented in hardware in case it has to run
complex operations like cryptographic algorithms.
4.執行問題
5.結論


The importance of encryption-based digital signature is
nowadays universally known, due to the revolution that
such a mechanism has induced on the role that electronic
documents may have in both public and private
organizations.
In fact, digital signature represents at the moment the only
valid method to give to signed electronic documents
probation value at least as traditional documents with
autograph signature.
5.結論


The above claim has a full counterpart with the current law
system of most countries, so that the process of document
dematerialization has been already started relying on the
current infrastructures as well as the current juridical
regulation, with strong attention towards interoperability
common rules.
Actually, a serious vulnerability occurs, not depending on
the algorithms on which digital signature relies, but strictly
related to the practical way in which digital signature is
implemented.
5.結論


This vulnerability allows an attacker to sign documents
and to exploit them without any intention of the
signature's owner.
The danger is thus very concrete, especially if we think of a
next future where electronic documents will be used in a
pervasive way in all economics and administrative
negotiations.