论文信息 - Archiving Digital Documents: Issues in Dematerialization (Extended Abstract)

Archiving Digital Documents: Issues in Dematerialization (Extended Abstract)

In the last years, public administrations and private companies have been involved in the process of document dematerialization, consisting in converting paper documents into digital ones, storing them on optical supports and developing databases to enable an effective classification of such a huge amount of information. In this respect, Italian law establishes the use of digital signature to guarantee both the provenance and the integrity of such digital documents. In the recent literature, a new vulnerability of enveloping digital signature, based on a novel mechanism allowing ambiguous presentation of electronic documents, has been addressed. In this paper, we extend such an attack to those document formats that are typically involved in dematerialization, i.e., pdf and tiff. Such an issue poses serious threats over dematerialized documents like legal acts and e-invoices, since this way the attacker is allowed to produce a fake document that appears in a reliable format both whenever it is signed and whenever it is fraudulently exploited.

Francesco Buccafurri | Gianluca Lax | Gianluca Caminiti

[1] W. Marsden. I and J , 2012 .

[2] Nathaniel S. Borenstein,et al. Multipurpose Internet Mail Extensions (MIME) Part Two: Media Types , 1996, RFC.

[3] Armin B. Cremers,et al. Protecting the Creation of Digital Signatures with Trusted Computing Platform Technology Against Attacks by Trojan Horse Programs , 2001, SEC.

[4] John Ross,et al. CMS Advanced Electronic Signatures (CAdES) , 2008, RFC.

[5] Audun Jøsang,et al. What You See is Not Always What You Sign , 2002 .

[6] P. Hoffman. Enhanced Security Services for S/MIME , 1999, RFC.

[7] Karl Scheibelhofer,et al. Signing XML Documents and the Concept of "What You See Is What You Sign , 2001 .

[8] Srinivas Devadas,et al. The untrusted computer problem and camera based authentication using optical character recognition , 2002 .

[9] R. Housley. Cryptographic Message Syntax , 1999, RFC.

[10] Chris J. Mitchell,et al. Dynamic content attacks on digital signatures , 2005, Inf. Manag. Comput. Security.

[11] Nathaniel S. Borenstein,et al. Multipurpose Internet Mail Extensions (MIME) Part One: Format of Internet Message Bodies , 1996, RFC.