For Full-Text PDF, please login, if you are a member of IEICE,|
or go to Pay Per View on menu list, if you are a nonmember of IEICE.
Forgery Attacks on Time-Stamp, Signed PDF and X.509 Certificate
Kouichi ITOH Tetsuya IZU Wakaha OGATA Takeshi SHIMOYAMA Masahiko TAKENAKA
IEICE TRANSACTIONS on Fundamentals of Electronics, Communications and Computer Sciences
Publication Date: 2009/01/01
Online ISSN: 1745-1337
Print ISSN: 0916-8508
Type of Manuscript: Special Section PAPER (Special Section on Cryptography and Information Security)
Category: Digital Signature
Bleichenbacher's forgery attack, RSASSA-PKCS-v1_5, time-stamp, PDF, X.509 certificate, Acrobat, Acrobat Reader,
Full Text: PDF(458KB)>>
This paper studies two types of documents in which an adversary can forge a signature on a chosen document. One type is that a nonce is padded on an input document. The time-stamp protocol is a good example of this type. Another is a structured document (such as PS or PDF) whose contents are described in a body part and information (such as generated time and a generator) are in a meta part. In fact, this paper shows how to forge a time-stamp, a signature on a PDF and an X.509 certificate by the extended forgery attack and numerical examples. Forged signature by the original or the extended attacks is only accepted by the clients whose length check of zero-field is loosely implemented. As a result, we found that the latest versions of Adobe's Acrobat and Acrobat Reader accept the forged time-stamp and the forged signature on a PDF document. Target of this attack is RSASSA-PKCS1-v1_5, which does not have provable security. We also show the expanded attack might forge the signature of RSASSA-PSS, which has provable security, when the length check of zero-field is omitted or loosely implemented.