Abstract
Digital signatures are a key technology for many Internet-based commercial and administrative applications and, therefore, an increasingly popular target of attacks. Due to their strong cryptographic properties an attacker is more likely to subvert them with malicious software, ie Trojan horse programs. We show that by fusing two techniques, our WORM-supported reliable input method and the Intelligent Adjunct model of the Trusted Computing Platform Alliance, we can achieve a high degree of protection from Trojan horse programs during the process of creating digital signatures. Existing software products immediately benefit from our results. Moreover, we examine three ways of storing and executing the signing software with respect to its susceptibility to Trojan horse programs and identify the most suitable combination.
Chapter PDF
Similar content being viewed by others
References
Balacheff, B., D. Chan, L. Chen, S. Pearson and G. Proudler (2000). ‘Securing Intelligent Adjuncts Using Trusted Computing Platform Technology’. IFIP TC8/WG 8.8 4th Working Conference on Smart Card Research and Advanced Applications. pp: 177–195.
Bontchev, V. (1996). ‘Possible macro virus attacks and how to prevent them’. Computers&Security 15(1996):595–626.
CERT Coordination Center (1999). CERT Advisory CA-99-02-Trojan-Horses. http://www.cert.org/advisories/CA-99-02-Trojan-Horses.html
Cremers, A. B., A. Spalka and H. Langweg (2001). ‘Vermeidung und Abwehr von Angriffen Trojanischer Pferde auf Digitale Signaturen’. 7. Deutscher IT-Sicherheitskongress. Bonn, May 2001 [German]
Docherty, P., and P. Simpson (1999). ‘Macro Attacks: What Next After Melissa?’. Computers & Security 18(1999):391–395.
European Parliament and European Council (1998). ‘Directive on a Community framework for electronic signatures’. C5-0026/99-1998/0191-(COD).
Ford, R. (1999). “Malware: Troy Revisited’. Computers & Security 18(1999):105–108.
Hoffmeister, A., Cryptovision GmbH (2000). Personal communication.
Lacoste, G., B. Pfitzmann, M. Steiner and M. Waidner, ed. (2000) SEMPER-Secure Electronic Marketplace for Europe. Berlin et al: Springer-Verlag.
Lapid, Y., N. Ahituv and S. Neumann (1986). ‘Approaches to Handling “Trojan Horse” Threats’. Computers&Security 5(1986):251–256.
Popek, G.J., and C.S. Kline (1977). ‘Encryption Protocols, Public Key Algorithms and Digital Signatures in Computer Networks’. R. A. DeMillo (1978). Foundations of Secure Computation. pp:133–153.
Pordesch, U. (2000). ‘Der fehlende Nachweis der Präsentation signierter Daten”. DuD Datenschutz und Datensicherheit 24.2(2000):89–95. [German]
Schmidt, A. U. (2000). ‘Signiertes XML und das Präsentationsproblem’. DuD Datenschutz und Datensicherheit 24.3(2000):153–158. [German]
Spalka, A., A. B. Cremers and H. Langweg (2001). ‘The Fairy Tale of “What You See Is What You Sign”. Trojan Horse Attacks on Software for Digital Signatures’. IFIP Working Conference on Security and Control of IT in Society-II. Bratislava, June 2001.
Stabell-Kulø, T. (2000). ‘Smartcards: how to put them to use in a user-centric system’. HUC2K The Second International Symposium on Handheld and Ubiquitous Computing. http://www.pasta.cs.uit.no/publications/HUC2K.html.
Trusted Computing Platform Alliance (2000). TCPA Trusted Subsystem Specification Version 0.9. http://www.trustedpc.org.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2001 IFIP International Federation for Information Processing
About this paper
Cite this paper
Spalka, A., Cremers, A.B., Langweg, H. (2001). Protecting the Creation of Digital Signatures with Trusted Computing Platform Technology Against Attacks by Trojan Horse Programs. In: Dupuy, M., Paradinas, P. (eds) Trusted Information. SEC 2001. IFIP International Federation for Information Processing, vol 65. Springer, Boston, MA. https://doi.org/10.1007/0-306-46998-7_28
Download citation
DOI: https://doi.org/10.1007/0-306-46998-7_28
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-7923-7389-6
Online ISBN: 978-0-306-46998-5
eBook Packages: Springer Book Archive