On the Need to Divide the Signature Creation Environment

Electronic signatures have been legally recognized as the key element for boosting e-commerce under secure conditions. Several legislations throughout the world establish electronic signatures as legally equivalent to hand-written signatures, assigning them the property of evidence in legal proceedings. In addition, international standards define electronic signatures as non-repudiation evidence respecting the signed information. Bearing this in mind, it is obvious that the reliability of electronic signatures is paramount. However, the results show that several attacks on signature creation environments are feasible and easy to perform. As a result, the reliability of evidence is drastically undermined. We claim that the division of the environment becomes the most effective solution to counteract current threats. The formal proofs that support this statement are given along with an overview of the legal background and a summary of main potential threats on signature creation environments.

[1]  Benjamín Ramos,et al.  Formal Validation of OFEPSP+ with AVISPA , 2009, ARSPA-WITS.

[2]  Karl Scheibelhofer What You See Is What You Sign - Trustworthy Display of XML Documents for Signing and Verification , 2001, Communications and Multimedia Security.

[3]  David Brumley,et al.  Remote timing attacks are practical , 2003, Comput. Networks.

[4]  Werner Schindler,et al.  A Timing Attack against RSA with the Chinese Remainder Theorem , 2000, CHES.

[5]  Cécile Canovas,et al.  An overview of side channel analysis attacks , 2008, ASIACCS '08.

[6]  Dieter Gollmann,et al.  Evidence and non-repudiation , 1997 .

[7]  H. Elsheshtawy,et al.  Personal Information Protection and Electronic Documents Act , 2015 .

[8]  Hidema Tanaka,et al.  Evaluation of Information Leakage via Electromagnetic Emanation and Effectiveness of Tempest , 2008, IEICE Trans. Inf. Syst..

[9]  Francis Olivier,et al.  Electromagnetic Analysis: Concrete Results , 2001, CHES.

[10]  Audun Jøsang,et al.  What You See is Not Always What You Sign , 2002 .

[11]  Onur Aciiçmez,et al.  Cache Based Remote Timing Attack on the AES , 2007, CT-RSA.

[12]  Sandeep K. S. Gupta,et al.  Vulnerabilities of PKI based Smartcards , 2007, MILCOM 2007 - IEEE Military Communications Conference.

[13]  Onur Aciiçmez,et al.  Yet another MicroArchitectural Attack:: exploiting I-Cache , 2007, CSAW '07.

[14]  Benjamín Ramos,et al.  An optimistic fair exchange protocol based on signature policies , 2008, Comput. Secur..

[15]  Kunal Kain Electronic Documents and Digital Signatures , 2003 .

[16]  Armin B. Cremers,et al.  Trojan horse attacks on software for electronic signatures , 2002, Informatica.

[17]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[18]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[19]  Jianying Zhou,et al.  An intensive survey of fair non-repudiation protocols , 2002, Comput. Commun..

[20]  John C. Mitchell,et al.  Compositional analysis of contract signing protocols , 2005, 18th IEEE Computer Security Foundations Workshop (CSFW'05).

[21]  Jean-Jacques Quisquater,et al.  ElectroMagnetic Analysis (EMA): Measures and Counter-Measures for Smart Cards , 2001, E-smart.

[22]  Sean W. Smith,et al.  Keyjacking: the surprising insecurity of client-side SSL , 2005, Comput. Secur..

[23]  William J. Caelli,et al.  Non-Repudiation in the Digital Environment , 2000, First Monday.

[24]  April M. Barton Electronic Signatures in Global and National Commerce Act , 2001 .

[25]  Pierre Girard,et al.  Software attacks on smart cards , 2003, Inf. Secur. Tech. Rep..

[26]  Chris J. Mitchell,et al.  Dynamic content attacks on digital signatures , 2005, Inf. Manag. Comput. Security.

[27]  Jean-Pierre Seifert,et al.  On the power of simple branch prediction analysis , 2007, ASIACCS '07.

[28]  Kris Tiri,et al.  Side-Channel Attack Pitfalls , 2007, 2007 44th ACM/IEEE Design Automation Conference.

[29]  Peter K. Pearson,et al.  IPA: A New Class of Power Attacks , 1999, CHES.