Securing intelligent adjuncts using trusted computing platform technology
Proceedings of the fourth working conference on smart card research and advanced applications on Smart card research and advanced applications
Sec '01 Proceedings of the 16th international conference on Information security: Trusted information: the new decade challenge
Digital signatures and electronic documents: a cautionary tale
Proceedings of the IFIP TC6/TC11 Sixth Joint Working Conference on Communications and Multimedia Security: Advanced Communications and Multimedia Security
See What You Sign: Secure Implementations of Digital Signatures
IS&N '98 Proceedings of the 5th International Conference on Intelligence and Services in Networks: Technology for Ubiquitous Telecom Services
How to unwittingly sign non-repudiable documents with Java applications
ACSAC '03 Proceedings of the 19th Annual Computer Security Applications Conference
STM'11 Proceedings of the 7th international conference on Security and Trust Management
Hi-index | 0.00 |
The early adoption of a national, legal digital signature framework in Italy has brought forth a series of problems and vulnerabilities. In this paper we describe each of them, showing how in each case the issue does not lie in the algorithms and technologies adopted, but either in faulty implementations, bad design choices, or legal and methodological issues. We also show which countermeasures would be appropriate to reduce the risks. We show the reflex of these vulnerabilities on the trust-based framework which gives legal value to digital signatures. We think that this study can help to avoid similar mistakes, now that under EU directives a similar architecture is planned or under development in most EU countries.