by Adrian Spalka, Armin B. Cremers, Hanno Langweg
Informatica
http://www2.hig.no/~hannol/research/../research/informatica02.pdf
Add To MetaCart
Abstract:
Electronic signatures are introduced by more and more countries as legally binding means for signing electronic documents with the primary hope of boosting e-commerce and e-government. Given that the underlying cryptographic methods are sufficiently strong, attacks by Trojan horse programs on electronic signatures are becoming increasingly popular. Most of the current systems either employ costly or inflexible – yet still inadequate – defence mechanisms or simply ignore the threat. A signatory has to trust the manufacturer of the software that it will work in the intended way. In the past, Trojan horse programs have shown to be of growing concern for end-user computers. Software for electronic signatures must provide protection against Trojan horses attacking the legally relevant signing process. In a survey of commercial of the shelf signature software programs we found severe vulnerabilities that can easily be exploited by an attacker. In this work we propose a secure electronic paper as a countermeasure. It is a collection of preventive and restorative methods that provides, in parallel to traditional signatures on paper, a high degree of protection of the system against untrustworthy programs. We focus our attention on Microsoft Windows NT and Windows 98, two operating systems most likely to be found on the customers ' computers. The resulting system is an assembly of a small number of inexpensive building blocks that offers reliable protection against Trojan horse programs attempting to forge electronic signatures. 1
Citations
|
9
|
Protecting the Creation of Digital Signatures with Trusted Computing Platform Technology Against Attacks by Trojan Horse Programs
– Spalka, Cremers, et al.
- 2001
|
|
6
|
Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic signatures
– Parliament, Council
- 1999
|
|
5
|
Possible macro virus attacks and how to prevent them
– Bontchev
- 1996
|
|
4
|
Malware: Troy Revisited
– Ford
- 1999
|
|
3
|
Approaches to Handling “Trojan Horse” Threats
– Lapid, Ahituv, et al.
- 1986
|
|
2
|
Vermeidung und Abwehr von Angriffen Trojanischer Pferd Programme auf Digitale Signaturen
– Cremers, Spalka, et al.
- 2001
|
|
2
|
Zu einem prinzipiellen Problem digitaler Signaturen’. DuD Datenschutz und Datensicherheit
– Fox
- 1998
|
|
2
|
Deutsche Telekom AG
– Graf
- 2001
|
|
2
|
Cryptovision GmbH
– Hoffmeister
- 2000
|
|
2
|
Deutsche Post AG
– Kalkreuth
- 2000
|
|
2
|
Giesecke & Devrient GmbH
– Mackert
- 2000
|
|
2
|
Encryption Protocols, Public Key Algorithms and
– Popek, Kline
- 1977
|
|
2
|
Der fehlende Nachweis der Präsentation signierter Daten’. DuD Datenschutz und Datensicherheit 24.2(2000):89-95
– Pordesch
- 2000
|
|
2
|
Utimaco Safeware AG
– Potzner
- 2001
|
|
2
|
Smartcards: how to put them to use in a user-centric system
– Stabell-Kulø
- 2000
|
|
1
|
Problems in Practical Use of Electronic Signatures
– Janácek, Ostertág
- 2001
|
|
1
|
Windows NT Security
– Okuntseff
- 1997
|
|
1
|
Risiken elektronischer Signaturverfahren’. Datenschutz und Datensicherheit 17.10(1993):561-569
– Pordesch
- 1993
|
|
1
|
Langweg (2001). ‘The Fairy Tale of “What You See Is What You Sign
– Spalka, Cremers, et al.
|
