Threats to Legal Electronic Storage: Analysis and Countermeasures

  • Francesco Buccafurri
  • Gianluca Caminiti
  • Gianluca Lax
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6866)


In the last years, public administration and private companies have been involved in the process of document legal electronic storage, consisting in converting paper documents into digital ones, storing them on optical supports and developing databases to enable an effective classification of the resulting huge amount of information. In this respect, law establishes the use of digital signature to guarantee both the provenance and the integrity of digital documents. In the recent literature, a vulnerability of enveloping digital signature, based on a novel mechanism allowing ambiguous presentation of electronic documents, has been addressed. In this paper, we show that such an issue poses serious threats over archived documents (like legal acts and e-invoices), since this way an attacker is allowed to produce a certified copy of a signed document that could show a content completely different from that of the original document. A strategy to tackle this threat is also proposed.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Adobe Systems Incorporated. TIFF 6.0 Specification (1992),
  2. 2.
    Alsaid, A., Mitchell, C.: Dynamic content attacks on digital signatures. Information Management & Computer Security 13(4), 328–336 (2005)CrossRefGoogle Scholar
  3. 3.
    Bearman, D.: Collecting software: a new challenge for archives & museums. Archives & Museum Informatics (1990)Google Scholar
  4. 4.
    Buccafurri, F., Caminiti, G., Lax, G.: Fortifying the dalì attack on digital signature. In: Proceedings of the 2nd International Conference on Security of Information and Networks, pp. 278–287. ACM, New York (2009)Google Scholar
  5. 5.
    Clarke, D., Gassend, B., Kotwal, T., Burnside, M., van Dijk, M., Devadas, S., Rivest, R.: The untrusted computer problem and camera-based authentication. In: Mattern, F., Naghshineh, M. (eds.) PERVASIVE 2002. LNCS, vol. 2414, pp. 114–124. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  6. 6.
    EU Directive 1999/93 of the European Parliament. Official Journal of the European Communities (December 13, 1999)Google Scholar
  7. 7.
    Freed, N., Borenstein, N.: Multipurpose Internet Mail Extensions (MIME) Part One: Format of Internet Message Bodies (1996)Google Scholar
  8. 8.
    Granger, S.: Emulation as a digital preservation strategy. Corporation for National Research Initiatives (2000)Google Scholar
  9. 9.
    International Organization for Standardization. ISO 32000-1:2008. Document management – Portable document format – Part 1: PDF 1.7 (2008)Google Scholar
  10. 10.
    Jøsang, A., Povey, D., Ho, A.: What you see is not always what you sign. In: Proc. of the Australian UNIX and Open Systems User Group, Melbourne, Australia, September 4-6 (2002)Google Scholar
  11. 11.
    Kaliski, B.: PKCS#7: Cryptographic Message Syntax (IETF RFC 2315), RSA Laboratories (1998)Google Scholar
  12. 12.
    Lee, K., Slattery, O., Lu, R., Tang, X., McCrary, V.: The state of the art and practice in digital preservation. Journal of Research-National Institute of Standards and Technology 107(1), 93–106 (2002)CrossRefGoogle Scholar
  13. 13.
    Little, D., Farmer, S., El-Hilali, O.: Digital Data Integrity (2007)Google Scholar
  14. 14.
    Scheibelhofer, K.: Signing XML Documents and the Concept of What You See Is What You Sign. Master’s thesis, Institute for Applied Inf. Processing and Communications, Graz University of Technology (2001),
  15. 15.
    Spalka, A., Cremers, A., Langweg, H.: Protecting the creation of digital signatures with trusted computing platform technology against attacks by trojan horse programs. In: Proc. of the IFIP SEC 2001, Paris, France, June 11-13, pp. 403–420. Kluwer Academic, Dordrecht (2001)Google Scholar
  16. 16.
    The Electronic Signatures in Global and National Commerce Act (ESIGN). Pub.L. 106-229, 14 Stat. 464, enacted, 15 U.S.C. ch. 96 (June 30, 2000)Google Scholar
  17. 17.
    Waters, D., Garrett, J.: Preserving Digital Information. Report of the Task Force on Archiving of Digital Information. The Commission on Preservation and Access, 1400 16th St., NW, Suite 740, Washington (1996)Google Scholar
  18. 18.
    Zimmer, W.: Legally compliant electronic storage. Leading Edge Forum, CSC Papers (2010)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Francesco Buccafurri
    • 1
  • Gianluca Caminiti
    • 1
  • Gianluca Lax
    • 1
  1. 1.DIMETUniversità degli Studi Mediterranea di Reggio CalabriaReggio CalabriaItaly

Personalised recommendations