Forgery Attacks on Time-Stamp, Signed PDF and X.509 Certificate
スポンサーリンク
概要
- 論文の詳細を見る
This paper studies two types of documents in which an adversary can forge a signature on a chosen document. One type is that a nonce is padded on an input document. The time-stamp protocol is a good example of this type. Another is a structured document (such as PS or PDF) whose contents are described in a body part and information (such as generated time and a generator) are in a meta part. In fact, this paper shows how to forge a time-stamp, a signature on a PDF and an X.509 certificate by the extended forgery attack and numerical examples. Forged signature by the original or the extended attacks is only accepted by the clients whose length check of zero-field is loosely implemented. As a result, we found that the latest versions of Adobes Acrobat and Acrobat Reader accept the forged time-stamp and the forged signature on a PDF document. Target of this attack is RSASSA-PKCS1-v1_5, which does not have provable security. We also show the expanded attack might forge the signature of RSASSA-PSS, which has provable security, when the length check of zero-field is omitted or loosely implemented.
- (社)電子情報通信学会の論文
- 2009-01-01
著者
-
OGATA Wakaha
Tokyo Institute of Technology
-
Shimoyama Takeshi
Secure Computing Lab. Fujitsu Laboratories Ltd.
-
Itoh Kouichi
Secure Computing Lab. Fujitsu Laboratories Ltd.
-
Izu Tetsuya
Secure Computing Lab. Fujitsu Laboratories Ltd.
-
Ogata Wakaha
Tokyo Inst. Of Technol. Tokyo Jpn
-
Ogata Wakaha
Department Of Computer Engineering Faculty Of Engineering Himeji Institute Of Technology
-
Ogata Wakaha
Faculty Of Engineering Tokyo Institute Of Technology
-
TAKENAKA Masahiko
Secure Computing Lab., FUJITSU LABORATORIES Ltd.
-
Takenaka Masahiko
Secure Computing Lab. Fujitsu Laboratories Ltd.
-
Ogata Wakaha
Faculty Of Engineering Himeji Institute Of Technology
-
Ogata Wakaha
Himeji Institute Of Technology
-
Takenaka M
Secure Computing Lab. Fujitsu Laboratories Ltd.
関連論文
- Collision-Based Power Attack for RSA with Small Public Exponent
- New RSA-Based (Selectively) Convertible Undeniable Signature Schemes
- New Identity-Based Blind Signature and Blind Decryption Scheme in the Standard Model
- Analysis on Secret Sharing Schemes with Non-Graphical Access Structures (Special Section on Cryptography and Information Security)
- Electronic Ticket Scheme for ITS(Special Section on Cryptography and Information Security)
- Provably Secure On-Line Secret Sharing Scheme
- Comments on the Security Proofs of Some Signature Schemes Based on Factorization(Information Security)
- New RSA-Based (Selectively) Convertible Undeniable Signature Schemes
- New Identity-Based Blind Signature and Blind Decryption Scheme in the Standard Model
- Collision-Based Power Attack for RSA with Small Public Exponent
- Forgery Attacks on Time-Stamp, Signed PDF and X.509 Certificate
- A Practical Countermeasure against Address-bit Differential Power Analysis (特集:プライバシを保護するコンピュータセキュリティ技術)
- Design Optimization of a High-Speed, Area-Efficient and Low-Power Montgomery Modular Multiplier for RSA Algorithm(Digital, Low-Power LSI and Low-Power IP)
- General Conversion for Obtaining Strongly Existentially Unforgeable Signatures
- On Some Variations of Kurosawa-Desmedt Public-Key Encryption Scheme(Cryptography and Information Security)
- Efficient Divisible Voting Scheme(Application)(Cryptography and Information Security)
- Some new results on nonperfect secret sharing schemes
- Efficient Almost Secure 1-Round Message Transmission Schemes for 3t+1 Channels
- k out of n Oblivious Transfer without Random Oracles (Protocol) (Cryptography and Information Security)
- 4-Move Perfect ZKIP for Some Promise Problems
- Relationship between Standard Model Plaintext Awareness and Message Hiding
- Fast Elliptic Curve Multiplications Resistant against Side Channel Attacks(Tamper-Resistance)(Cryptography and Information Security)
- Fast Elliptic Curve Multiplications with SIMD Operations (Asymmetric Cipher) (Cryptography and Information Security)
- A General Model of Structured Multisignatures with Message Flexibility(Signatures,Cryptography and Information Security)
- Provably Secure On-Line Secret Sharing Scheme
- On Claw Free Families (Special Section on Cryptography and Information Security)
- Matching Oblivious Transfer : How to Exchange Valuable Data(Special Section on Cryptography and Information Security)
- k out of n Oblivious Transfer without Random Oracles
- On the Practical Secret Sharing Scheme : Special Section on Cryptography and Information Security
- Reshufflable and Laziness Tolerant Mental Card Game Protocol (Special Section on Cryptography and Information Security)
- A Simple and Efficient Secret Sharing Scheme Secure against Cheating
- Undeniable and Unpretendable Signatures