Abstract
This paper shows how to forge a time-stamp which the latest version of Adobe’s Acrobat and Acrobat Reader accept improperly. The target signature algorithm is RSASSA-PKCS1-v1_5 with a 1024-bit public composite and the public key e = 3, and our construction is based on Bleichenbacher’s forgery attack presented in CRYPTO 2006. Since the original attack is not able to forge with these parameters, we used an extended attack described in this paper. Numerical examples of the forged signatures and times-stamp are also provided.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Adobe Systems Inc., Adobe Acrobat family, http://www.adobe.com/products/acrobat/
AEC, TrustPort. http://www.trustport.cz/?content=tsa
Amano, E-timing EVIDENCE Verifier for Acrobat (in Japanese), https://www.e-timing.ne.jp/download/evidence-verifier/formmail.html
Adams, C., Chain, P., Pinkas, D., Zuccherato, R.: Internet X.509 Public Key Infrastructure: Time-Stamp Protocol (TSP), RFC 3161 (August 2001), http://www.ietf.org/rfc/rfc3161.txt
Bleichenbacher, D.: Chosen Ciphertext Attacks against Protocols Based on RSA Encryption Standard PKCS#1. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 1–12. Springer, Heidelberg (1998)
Bleichenbacher, D.: Forging Some RSA Signatures with Pencil and Paper. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, Springer, Heidelberg (2006)
US-CERT, Multiple RSA Implementations Fail to Properly Handle Signatures, Vulnerability Note VU#845620 (September 5, 2006), http://www.kb.cert.org/vuls/id/845620
Finney, H.: Bleichenbacher’s RSA Signature Forgery Based on Implementation Error. e-mail (August 27, 2006), http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html
Izu, T., Takenaka, M., Shimoyama, T.: Analysis on Bleichenbacher’s Forgery Attack. In: WAIS 2007, pp. 1167–1174. IEEE Computer Society, Los Alamitos (2007)
NTT Communications, Certificates for the Internal Credit Application CA. (in Japanese) http://www.ntt.com/creditca/x509.pdf
Oiwa, Y., Kobara, K., Watanabe, H.: A New Variant for an Attack Against RSA Signature Verification using Parameter Field. In: EUROPKI 2007 (June 2007)
PFU, PFU time-stamp service (in Japanese), http://www.pfu.fujitsu.com/tsa/
RSA Laboratories, RSA PKCS #1 v2.1: RSA Cryptography Standard (June 14, 2002)
A digital file of [13] in WORD format, ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1.doc
A digital file of [13]in PDF format, ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1.pdf
RSA Laboratories, Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography Specifications Version 2.1, RFC 3447 (February 2003) http://www.ietf.org/rfc/rfc3447.txt
Seiko Instruments Inc., a trial time-stamp service (in Japanese), http://www.sii.co.jp/ni/tss/trial/
Seiko Instruments Inc., Chronotrust (in Japanese), http://www.sii.co.jp/ni/tss/index.html
Tews, E.: Real World Exploit for Bleichenbacher’s Attack on SSL. e-mail submitted to the Cryptography Mailing List (September 14, 2006), http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Izu, T., Shimoyama, T., Takenaka, M. (2007). How to Forge a Time-Stamp Which Adobe’s Acrobat Accepts. In: Galbraith, S.D. (eds) Cryptography and Coding. Cryptography and Coding 2007. Lecture Notes in Computer Science, vol 4887. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-77272-9_4
Download citation
DOI: https://doi.org/10.1007/978-3-540-77272-9_4
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-77271-2
Online ISBN: 978-3-540-77272-9
eBook Packages: Computer ScienceComputer Science (R0)