论文信息 - Dynamic content attacks on digital signatures

Dynamic content attacks on digital signatures

Purpose – Aims to address some of the problems that arise when signing digital documents that contain dynamic content.Design/methodology/approach – Briefly introduces the problem of signing digital documents with dynamic content and discusses possible locations for signature functionality in a computer system. Outlines existing solutions to the problems and introduces a novel solution. Finally, discusses issues and unresolved problems.Findings – The suggested solution requires all document handling applications to possess application awareness of the digital signature program in order to function properly. Every application must implement a COM interface and register itself in the Registry, in a locale specific to the digital signature program to sign the digital document.Originality/value – Provides a new solution to the problem of digitally signing a digital document.

Chris J. Mitchell | Adil Alsaid

[1] Siani Pearson,et al. Trusted Computing Platforms: TCPA Technology in Context , 2002 .

[2] Armin B. Cremers,et al. The fairy tale of''what you see is what you sign , 2001 .

[3] Armin B. Cremers,et al. Protecting the Creation of Digital Signatures with Trusted Computing Platform Technology Against Attacks by Trojan Horse Programs , 2001, SEC.

[4] Donald E. Eastlake,et al. (Extensible Markup Language) XML-Signature Syntax and Processing , 2002, RFC.

[5] Grady Booch,et al. Essential COM , 1998 .

[6] Arnd Weber,et al. See What You Sign: Secure Implementations of Digital Signatures , 1998, IS&N.

[7] Torben P. Pedersen,et al. WYSIWYS? - What you see is what you sign? , 1998, Inf. Secur. Tech. Rep..

[8] LampsonButler,et al. A Trusted Open Platform , 2003 .

[9] C. M. Sperberg-McQueen,et al. Extensible Markup Language (XML) , 1997, World Wide Web J..

[10] Alfred Menezes,et al. Handbook of Applied Cryptography , 2018 .

[11] Karl Scheibelhofer,et al. Signing XML Documents and the Concept of "What You See Is What You Sign , 2001 .

[12] R. Asokan,et al. Digital signatures and electronic documents: a cautionary tale , 2002, Communications and Multimedia Security.

[13] Butler W. Lampson,et al. A Trusted Open Platform , 2003, Computer.

[14] Audun Jøsang,et al. What You See is Not Always What You Sign , 2002 .