The Untrusted Computer Problem and Camera-Based Authentication
Pervasive '02 Proceedings of the First International Conference on Pervasive Computing
IFIP/Sec '01 Proceedings of the IFIP TC11 Sixteenth Annual Working Conference on Information Security: Trusted Information: The New Decade Challenge
Threats to legal electronic storage: analysis and countermeasures
EGOVIS'11 Proceedings of the Second international conference on Electronic government and the information systems perspective
Digital identity security architecture in Ethos
Proceedings of the 7th ACM workshop on Digital identity management
| Hi-index | 0.00 |
In the recent literature a new vulnerability of digital signature has been addressed, based on a novel mechanism (denoted Dalì attack) allowing ambiguous presentation of electronic documents. This mechanism operates by a non-trivial inclusion into a single polymorphic file of a pair of different contents, encoded through two different format types. In this paper we overcome the main limitation of the above attack, consisting in the necessity of having html among the two involved formats. Here, exploiting an unusual feature of the pdf standard, we are able to enhance the attack in such a way that the two filetypes, namely pdf and tiff, embedded into the polymorphic file are both extremely safe, allowing the attacker to produce a fake document that appears in a format widely accepted in the context of e-government activities both whenever it is signed and whenever it is fraudulently exploited. This significantly increases both the danger and the plausibility of the Dalì attack.