Gianluca Caminiti

Fortifying the dalì attack on digital signature

In the recent literature a new vulnerability of digital signature has been addressed, based on a novel mechanism (denoted Dalì attack) allowing ambiguous presentation of electronic documents. This mechanism operates by a non-trivial inclusion into a single polymorphic file of a pair of different contents, encoded through two different format types. In this paper we overcome the main limitation of the above attack, consisting in the necessity of having html among the two involved formats. Here, exploiting an unusual feature of the pdf standard, we are able to enhance the attack in such a way that the two filetypes, namely pdf and tiff, embedded into the polymorphic file are both extremely safe, allowing the attacker to produce a fake document that appears in a format widely accepted in the context of e-government activities both whenever it is signed and whenever it is fraudulently exploited. This significantly increases both the danger and the plausibility of the Dalì attack.

Digital Document Signing: Vulnerabilities and Solutions

ABSTRACT Digital signature is the key issue in a number of innovative processes, such as dematerialization, e-government, e-commerce, and e-banking. Digital signature ensures both the identity of the user and the integrity of the digital document the user signs. However, despite the robustness of the underlying cryptographic primitives, a number of vulnerabilities derive from the radical difference between handwritten signature on papers and signature on digital documents. Indeed, digital documents are not directly observable because humans need a tool to interpret the bits of the document and to represent the corresponding information. The aim of this paper is to focus on the vulnerabilities of digital signature deriving from the “unobservability” of electronic documents. Possible mechanisms to contrast such vulnerabilities are also proposed, highlighting their positive and negative points under a perspective that does not ignore both practical and regulatory aspects.

Threats to legal electronic storage: analysis and countermeasures

In the last years, public administration and private companies have been involved in the process of document legal electronic storage, consisting in converting paper documents into digital ones, storing them on optical supports and developing databases to enable an effective classification of the resulting huge amount of information. In this respect, law establishes the use of digital signature to guarantee both the provenance and the integrity of digital documents. In the recent literature, a vulnerability of enveloping digital signature, based on a novel mechanism allowing ambiguous presentation of electronic documents, has been addressed. In this paper, we show that such an issue poses serious threats over archived documents (like legal acts and e-invoices), since this way an attacker is allowed to produce a certified copy of a signed document that could show a content completely different from that of the original document. A strategy to tackle this threat is also proposed.

Signing the document content is not enough: A new attack to digital signature

Digital signature represents the only valid method to give signed electronic documents probative value at least as traditional documents with handwritten signature. The above claim has a full counterpart with the current law system of most countries, so that the process of document dematerialization has been already started relying on the current infrastructures as well as the current juridical regulations, with strong attention towards common interoperability rules. As a consequence, the issue regarding the vulnerabilities of digital signature is particularly important. This paper presents a new attack to digital signature not based on the insertion of instructions in the document to sign but in the same way producing a non-static visualization of the signed document, with the purpose of producing (legal) effects different from those desired by the signer. The paper proves the attack by example and gives a possible way to contrast it.