Signing your name away : an overview on the risks of electronic signatures

Abstract: Many companies are joining the worldwide drive toward a paperless environment. The utilisation of digital documents, contracts or approval forms can save organisations large costs and time as documents can be electronically signed and transmitted to their destination within minutes. Electronic signatures can bring many advantages, but a review of the current situation shows many cybersecurity threats around the signing of documents in a digital form. Many companies are still in the early phases of utilising electronic signatures, with many potential opportunities for manipulation. This paper discusses the various types of electronic signatures, how they can be exploited and recommends general security measures individuals and organisations can follow in order to use electronic signatures more securely

Enhancing End User Security - Attacks & Solutions

End user computing environments, e.g. web browsers and PC operating systems, are the target of a large number of attacks, both online and offline. The nature of these attacks varies from simple online attacks, such as user tracking using cookies, to more sophisticated attacks on security protocols and cryptographic algorithms. Other methods of attack exist that target end user applications that utilise and interact with cryptographic functions provided by the PC operating system. After providing a general introduction to the security techniques and protocols used in this thesis, a review of possible threats to end user computing environments is given, followed by a discussion of the countermeasures needed to combat these threats. The contributions of this thesis include three new approaches for enhancing the security of end user systems, together with an analysis and a prototype implementation of an end user security enhancement tool. The following paragraphs summarise the three main contributions of this thesis. Digitally signing a digital document is a straightforward procedure; however, when the digital document contains dynamic content, the digital signature may remain valid but the viewed document may not be the same as the document when viewed by the signer. A new solution is proposed to solve the problem; the main idea behind the solution is to make the application aware of the sensitive cryptographic function being requested. In order to verify a digital signature computed on a document or any other object (e.g. an executable), access to the public key corresponding to the private key used to sign the document is required. Normally, the public part of the key is made available in a digital 'certificate', which is made up of the public key of the signer, the name of the signer, and other data, all signed using the private signing key of a trusted third party known as a Certification Authority (CA). To verify such a certificate, and thereby obtain a trusted copy of the document signer's public key, a trusted copy of the CA's public key is required. If a malicious party can insert a fake CA public key into the list of CA public keys stored in a PC, then this party could potentially do considerable harm to that PC, since this malicious party could then forge signatures apparently created by other entities. A method of achieving such an attack without attracting the user's attention is presented in this thesis. Countermeasures that can be deployed to prevent the insertion of a fake root public key are discussed. A suggested solution that can be used to detect and remove such fake keys is presented, and a prototype implementation of this solution is described. SSL/TLS supports mutual authentication, i.e. both server and client authentication, using public key certificates. However, this optional feature of SSL/TLS is not widely used because most end users do not have a certified public key. Certain attacks rely on this fact, such as web spoofing and phishing attacks. A method for supporting client-side SSL authentication using trusted computing platforms is proposed. The proposed approach makes a class of phishing attacks ineffective; moreover, the proposed method can also be used to protect against other online attacks

A method for creating digital signature policies.

Increased political pressures towards a more efficient public sector have resulted in the increased proliferation of electronic documents and associated technologies such as Digital Signatures. Whilst Digital Signatures provide electronic document security functions, they do not confer legal meaning of a signature which captures the conditions under which a signature can be deemed to be legally valid. Whilst in the paper-world this information is often communicated implicitly, verbally or through notes within the document itself, in the electronic world a technological tool is required to communicate this meaning; one such technological aid is the Digital Signature Policy. In a transaction where the legality of a signature must be established, a Digital Signature Policy can confer the necessary contextual information that is required to make such a judgment. The Digital Signature Policy captures information such as the terms to which a signatory wishes to bind himself, the actual legal clauses and acts being invoked by the process of signing, the conditions under which a signatory's signature is deemed legally valid and other such information. As this is a relatively new technology, little literature exists on this topic. This research was conducted in an Action Research collaboration with a Spanish Public Sector organisation that sought to introduce Digital Signature Policy technology; their specific research problem was that the production of Digital Signature Policies was time consuming, resource intensive, arduous and suffered from lack of quality. The research therefore sought to develop a new and improved method for creating Digital Signature Policies. The researcher collaborated with the problem owner, as is typical of Participative Action Research. The research resulted in the development of a number of Information Systems artefacts, the development of a method for creating Digital Signature Policies and finally led to a stage where the problem owner could successfully develop the research further without the researcher's further input

Enhancing the reliability of digital signatures as non-repudiation evidence under a holistic threat model

Traditional sensitive operations, like banking transactions, purchase processes, contract agreements etc. need to tie down the involved parties respecting the commitments made, avoiding a further repudiation of the responsibilities taken. Depending on the context, the commitment is made in one way or another, being handwritten signatures possibly the most common mechanism ever used. With the shift to digital communications, the same guarantees that exist in real world transactions are expected from electronic ones as well. Non-repudiation is thus a desired property of current electronic transactions, like those carried out in Internet banking, e-commerce or, in general, any electronic data interchange scenario. Digital evidence is generated, collected, maintained, made available and verified by non-repudiation services in order to resolve disputes about the occurrence of a certain event, protecting the parties involved in a transaction against the other's false denial about such an event. In particular, a digital signature is considered as non-repudiation evidence which can be used subsequently, by disputing parties or by an adjudicator, to arbitrate in disputes. The reliability of a digital signature should determine its capability to be used as valid evidence. The reliability depends on the trustworthiness of the whole life cycle of the signature, including the generation, transfer, verification and storage phases. Any vulnerability in it would undermine the reliability of the digital signature, making its applicability as non-repudiation evidence dificult to achieve. Unfortunately, technology is subject to vulnerabilities, always with the risk of an occurrence of security threats. Despite that, no rigorous mechanism addressing the reliability of digital signatures technology has been proposed so far. The main goal of this doctoral thesis is to enhance the reliability of digital signatures in order to enforce their non-repudiation property when acting as evidence. In the first instance, we have determined that current technology does not provide an acceptable level of trustworthiness to produce reliable nonrepudiation evidence that is based on digital signatures. The security threats suffered by current technology are suffice to prevent the applicability of digital signatures as non-repudiation evidence. This finding is also aggravated by the fact that digital signatures are granted legal effectiveness under current legislation, acting as evidence in legal proceedings regarding the commitment made by a signatory in the signed document. In our opinion, the security threats that subvert the reliability of digital signatures had to be formalized and categorized. For that purpose, a holistic taxonomy of potential attacks on digital signatures has been devised, allowing their systematic and rigorous classification. In addition, and assuming a realistic security risk, we have built a new approach more robust and trustworthy than the predecessors to enhance the reliability of digital signatures, enforcing their non-repudiation property. This new approach is supported by two novel mechanisms presented in this thesis: the signature environment division paradigm and the extended electronic signature policies. Finally, we have designed a new fair exchange protocol that makes use of our proposal, demonstrating the applicability in a concrete scenario. ----------------------------------------------------------------------------------------------------------------------------------------------------------------Las operaciones sensibles tradicionales, tales como transacciones bancarias, procesos de compra-venta, firma de contratos etc. necesitan que las partes implicadas queden sujetas a los compromisos realizados, evitando así un repudio posterior de las responsabilidades adquiridas. Dependiendo del contexto, el compromiso se llevaría a cabo de una manera u otra, siendo posiblemente la firma manuscrita el mecanismo más comúnmente empleado hasta la actualidad. Con el paso a las comunicaciones digitales, se espera que las mismas garantías que se encuentran en las transacciones tradicionales se proporcionen también en las electrónicas. El no repudio es, por tanto, una propiedad deseada a las actuales transacciones electrónicas, como aquellas que se llevan a cabo en la banca online, en el comercio electrónico o, en general, en cualquier intercambio de datos electrónico. La evidencia digital se genera, recoge, mantiene, publica y verifica mediante los servicios de no repudio con el fin de resolver disputas acerca de la ocurrencia de un determinado evento, protegiendo a las partes implicadas en una transacción frente al rechazo respecto a dicho evento que pudiera realizar cualquiera de las partes. En particular, una firma digital se considera una evidencia de no repudio que puede emplearse posteriormente por las partes enfrentadas o un tercero durante el arbitrio de la disputa. La fiabilidad de una firma digital debería determinar su capacidad para ser usada como evidencia válida. Dicha fiabilidad depende de la seguridad del ciclo de vida completo de la firma, incluyendo las fases de generación, transferencia, verificación, almacenamiento y custodia. Cualquier vulnerabilidad en dicho proceso podría socavar la fiabilidad de la firma digital, haciendo difícil su aplicación como evidencia de no repudio. Desafortunadamente, la tecnología está sujeta a vulnerabilidades, existiendo siempre una probabilidad no nula de ocurrencia de amenazas a su seguridad. A pesar de ello, hasta la fecha no se ha propuesto ningún mecanismo que aborde de manera rigurosa el estudio de la fiabilidad real de la tecnología de firma digital. El principal objetivo de esta tesis doctoral es mejorar la fiabilidad de las firmas digitales para que éstas puedan actuar como evidencia de no repudio con garantías suficientes

Dynamic content attacks on digital signatures

Digitally signing a digital document is a straightforward procedure; however, when the digital document contains dynamic content, the digital signature may remain valid but the viewed document may not be the same as the document when viewed by the signer. Other similar problems can exist even with static documents, if the appearance of a document can be changed. In this paper, we consider previously proposed solutions for such problems, and propose a new solution. Unresolved issues and problems are also discussed