The goal of an attack will be to achieve one of the following service failures in the Signature Creation System (SCS) or the Signature Verification System (SVS): The goal of the attacker is to use the Signature Creation Data (SCD) on behalf of the user, but without his consent and knowledge. There is an exception when the attacker tries to show different content related to the signer's identity.
This category includes the methods aimed at manipulating the environment of the Signature Creation System (SCS). The attacker applies methods specifically focused on breaking the security of the hash function used in the signature calculation. The attacker modifies the request information that identifies the certificate whose revocation is being requested.
This subcategory considers methods where the attacker changes the verification of the certificate validity period. This category includes methods of attack that affect the verification of the signature being verified. The attacker changes the visualization of the Data To Be Verified (DTBV) and can present a DTBV that differs from what is actually signed.
The attacker changes the behavior of the viewer so that it presents the Data To Be Verified (DTBV) in a different way.
Method of classification
The target of the attack must be identified and classified according to the Attacker's target dimension. The attack method must be classified in the deepest level subcategory of the selected branch. As in the previous step, the subcategory of the deepest level of the selected branch must be selected.
The attack is carried out on two of the most widely deployed signature applications in Germany. Second, and using the information above, the purpose of the attack must be classified. In this case, the main goal of the attacker is to use the signature creation data without the user's permission.
Therefore, we classify the attack method as D2-CAT4: Unauthorized invocation of the signing function. However, the sort method specifies that the deepest level subcategory of the selected industry must be selected.
Survey and classification of attacks on digital signatures
The method proposed here aims to reduce ambiguity during the classification process, but we do not claim that the method is deterministic, as we believe that this is not possible in this imprecise field of study. 4 shows the specificity of the attacks, each of which is used to achieve a single specific goal. Figure 5 shows the distribution of attack methods used for verification level versus target dimension.
As in the previous distribution, it can be seen that there is a clear specificity in the surveyed attacks. Also, two methods prevail: those focused on modifying the appearance of the signed document by masking the document attacks (10 attacks) and, to a lesser extent, methods that mask the displayed verification result (5 attacks) . 4 and 5, the attack method raises accurate information about the target pursued and vice versa.
Each classified method is assigned to only one goal, unlike goal distribution, where some goals are assigned to more than one goal. This can help make informed decisions when implementing security measures to counter certain types of attacks or prevent the attacker from achieving a specific goal. Consequently, systems must be designed and implemented to specifically mitigate the risks associated with attacks involving target D1-CAT2.
Evaluation of the taxonomy
Conclusions
Description: The attack is carried out on two of the most installed signature software in Germany. Description: The attacker basically monitors the communication between the signature software and the chip card to change the hash of the data sent to the card (DTBSR). Description: The attacker aims to replace the content of an email with arbitrary data, maintaining the validity of the signature.
Method: D2-CAT5: Compromise of the Signature Creation Data (SCD)/D2-CAT5.3: Unauthorized Access to the SCDev/D2-CAT5.3.2: Bypassing Authentication. Method: D2-CAT5: Compromise of Signature Creation Data (SCD)/D2-CAT5.3: Unauthorized Access to the SCDev/Compromise of Signer Authentication Data (SAD)/D2-CAT4.1.2: SAD- interception/D2-CAT4 .1.2.2: Interception in communication between processes/entities. Method: D2-CAT5: Compromise of Signature Creation Credentials (SCD)/D2-CAT5.3: Unauthorized Access to the SCDev/D2-CAT5.3.1: Compromise of Signer Authentication Credentials (SAD)/D2- CAT4.1.1: Social engineering.
Method: D2-CAT5: Signature Creation Data Compromise (SCD)/D2-CAT5.2: Eavesdropping (Side Channel)/D2-CAT5.2.1: Timing Analysis. Method: D2-CAT5: Signature Creation Data Compromise (SCD)/D2-CAT5.2: Eavesdropping (Side Channel)/D2-CAT5.2.3: Power Analysis. Method: D2-CAT5: Signature Creation Data Compromise (SCD)/D2-CAT5.2: Eavesdropping (Side Channel)/D2-CAT5.2.2: Electromagnetic Analysis.
Method: D2-CAT5: Signature Creation Data Compromise (SCD)/D2-CAT5.2: Eavesdropping (Side Channel)/D2-CAT5.2.6: Bug Insertion. Method: D2-CAT5: Signature Creation Data Compromise (SCD)/D2-CAT5.2: Eavesdropping (Side Channel)/D2-CAT5.2.4: Microarchitectural Analysis. Method: D2-CAT4: Unauthorized Invocation of Signing Function/D2-CAT4.1: Compromising Signer Authentication Data (SAD)/D2-CAT4.1.3: Guessing.
If the user does not notice the change, it will be completely felt in the hands of the attacker. Method: D2-CAT5: Compromise of Signature Creation Data (SCD)/D2-CAT5.3: Unauthorized Access to SCDev/D2-CAT5.3.1: Compromise of Signatory Authentication Data (SAD)/D2- CAT4.1.2: SAD/D2 Interception-CAT4.1.2.3: Endpoint Compromise. Method: D2-CAT5: Signature Creation Data (SCD) Compromise/D2-CAT5.1: SCD Interception/D2- CAT5.1.1: Inter-Process/Entity Communication Interception.
Description: The attacker observes how the signer introduces the SAD into the platform of the SCS (eg before generating a signature). In particular, the attack changes the viewer's presentation surface without detection to trick the user into respecting the result of the signature verification. In this potential attack, the revocation request is modified by the attacker before it is verified by the owner of the certificate.
Description: This potential attack requires the attacker to be able to change the signature timestamp without detection.
