Digital Document Signing: Vulnerabilities and Solutions

Lax, Gianluca; Buccafurri, Francesco; Caminiti, Gianluca

doi:10.1080/19393555.2014.998843

Cited by 13 publications

(6 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…This means that, in certain cases, the content of a digitally signed document may be concealed or difficult to discern. According to Lax et al [ 47 ], unlike traditional documents that can be interpreted by humans through direct observation, digital documents rely on machine-level interpretation and require complex instruments such as computers for viewing and signing. This inherent complexity introduces vulnerabilities, particularly in ensuring the consistency and reliability of these instruments.…”

Section: Related Workmentioning

confidence: 99%

BEC Defender: QR Code-Based Methodology for Prevention of Business Email Compromise (BEC) Attacks

Papathanasiou,

Liontos,

Paparis

et al. 2024

Sensors

View full text Add to dashboard Cite

In an era of ever-evolving and increasingly sophisticated cyber threats, protecting sensitive information from cyberattacks such as business email compromise (BEC) attacks has become a top priority for individuals and enterprises. Existing methods used to counteract the risks linked to BEC attacks frequently prove ineffective because of the continuous development and evolution of these malicious schemes. This research introduces a novel methodology for safeguarding against BEC attacks called the BEC Defender. The methodology implemented in this paper augments the authentication mechanisms within business emails by employing a multi-layered validation process, which includes a MAC address as an identity token, QR code generation, and the integration of timestamps as unique identifiers. The BEC-Defender algorithm was implemented and evaluated in a laboratory environment, exhibiting promising results against BEC attacks by adding an extra layer of authentication.

show abstract

Section: Related Workmentioning

confidence: 99%

BEC Defender: QR Code-Based Methodology for Prevention of Business Email Compromise (BEC) Attacks

Papathanasiou,

Liontos,

Paparis

et al. 2024

Sensors

View full text Add to dashboard Cite

show abstract

“…Furthermore, a tightly secure multiparty signature scheme was proposed in [31]. Recently, in 2020, Ra-Rajkumar, and Juneja presented a security protocol [32] for multisignature authentication and key management. Tis model uses Newton's Foreword Interpolation for chaining keys from multiple signatories.…”

Section: Previous Workmentioning

confidence: 99%

Improved Multisignature Scheme for Authenticity of Digital Document in Digital Forensics Using Edward-Curve Digital Signature Algorithm

Shankar

Ai-Farhani²,

Angelin

et al. 2023

Security and Communication Networks

View full text Add to dashboard Cite

At the moment, digital documents are just as important as paper documents. As a result, authenticity is essential, especially in legal situations and digital forensics. As technology advances, these digital signature algorithms become weaker, necessitating the development of digital authentication schemes capable of withstanding current security threats. This study proposed a scheme based on an asymmetric key cryptosystem and the user’s biometric credentials to generate keys for digital signatures. A single document can be signed by multiple signatories at the same time under this scheme. The primary goal of this article is to create a safe and cost-effective multiignature scheme. To create keys for document signing and verification, the Edwards-curve Digital Signature Algorithm (EdDSA), especially Ed25519, is employed. The Edwards-curve Digital Signature Algorithm is used with blockchain technology to sign crypto wallets. The Python implementation of a scheme that enables platform independence. We performed performance, security, and comparative analysis to ensure maximum usability. The article’s main findings are that the Ed25519 algorithm can be used in blockchain.

show abstract

“…The risk exists if a victim signs the document unaware of the hidden content inside the file. In 2015, Lax et al documented potential security topics related to digitally signed documents [27]. The authors concentrated on issues related to the signature generation process like malware, signed documents containing dynamic content like macros or JavaScript, and polymorphic documents similar to [36].…”

Section: Related Workmentioning

confidence: 99%

1 Trillion Dollar Refund

Mladenov

Mainka

Selhausen³

et al. 2019

Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security

View full text Add to dashboard Cite

The Portable Document Format (PDF) is the de-facto standard for document exchange worldwide. To guarantee the authenticity and integrity of documents, digital signatures are used. Several public and private services ranging from governments, public enterprises, banks, and payment services rely on the security of PDF signatures.In this paper, we present the first comprehensive security evaluation on digital signatures in PDFs. We introduce three novel attack classes which bypass the cryptographic protection of digitally signed PDF files allowing an attacker to spoof the content of a signed PDF. We analyzed 22 different PDF viewers and found 21 of them to be vulnerable, including prominent and widely used applications such as Adobe Reader DC and Foxit. We additionally evaluated eight online validation services and found six to be vulnerable. A possible explanation for these results could be the absence of a standard algorithm to verify PDF signatures -each client verifies signatures differently, and attacks can be tailored to these differences. We, therefore, propose the standardization of a secure verification algorithm, which we describe in this paper. All findings have been responsibly disclosed, and the affected vendors were supported during fixing the issues. As a result, three generic CVEs for each attack class were issued [50][51][52]. Our research on PDF signatures and more information is also online available at https://www.pdf-insecurity.org/.

show abstract

Digital Document Signing: Vulnerabilities and Solutions

Cited by 13 publications

References 16 publications

BEC Defender: QR Code-Based Methodology for Prevention of Business Email Compromise (BEC) Attacks

BEC Defender: QR Code-Based Methodology for Prevention of Business Email Compromise (BEC) Attacks

Improved Multisignature Scheme for Authenticity of Digital Document in Digital Forensics Using Edward-Curve Digital Signature Algorithm

1 Trillion Dollar Refund

Contact Info

Product

Resources

About