Proposal of an Automatic Signature Scheme Using a Compiler

Keisuke USUDA  Masahiro MAMBO  Tomohiko UYEMATSU  Eiji OKAMOTO  

IEICE TRANSACTIONS on Fundamentals of Electronics, Communications and Computer Sciences   Vol.E79-A   No.1   pp.94-101
Publication Date: 1996/01/25
Online ISSN: 
Print ISSN: 0916-8508
Type of Manuscript: Special Section PAPER (Special Section on Cryptography and Information Security)
computer virus,  virus protection,  digital signature,  automatic signature scheme,  

Full Text: PDF>>
Buy this Article

Computer viruses, hackers, intrusions and ther computer crimes have recently become a serious security problem in information systems. Digital signatures are useful to defend against these threats, especially against computer viruses. This is because a modification of a file can be detected by checking the consistency of the originai file with its accompanying digital signature. But an executable program might have been infected with the viruses before the signature was created. In this case, the infection cannot be detected by signature verification and the origin of the infection cannot be specified either. In this paper, we propose a signature scheme in which one can sign right after the creation of an executable program. That is, when a user compiles a source program, the compiler automatically creates both the executable program and its signature. Thus viruses cannot infect the executable programs without detection. Moreover, we can specify the creator of contaminated executable programs. In our signature scheme, a signature is created from a set of secret integers stored in a compiler, which is calculated from a compiler-maker's secret key. Each compiler is possessed by only one user and it is used only when a secret value is fed into it. In this way a signature of an executable program and the compiler-owner are linked to each other. Despite these measures, an executable program could run abnormally because of an infection in prepro-cessing step, e.g. an infection of library files or included files. An infection of these files is detected by ordinary digital signatures. The proposed signature scheme together with digital signature against infection in the preprocessing step enables us to specify the origin of the infection. The name of the signature creator is not necessary for detecting an infection. So, an owner's public value is not searched in our scheme, and only a public value of a compiler-maker is required for signature verification. Furthermore, no one can use a compiler owned by another to create a proper signature.