Skip to main content
SpringerLink
Log in

Threats to Legal Electronic Storage: Analysis and Countermeasures

  • Conference paper
Electronic Government and the Information Systems Perspective (EGOVIS 2011)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 6866))

Abstract

In the last years, public administration and private companies have been involved in the process of document legal electronic storage, consisting in converting paper documents into digital ones, storing them on optical supports and developing databases to enable an effective classification of the resulting huge amount of information. In this respect, law establishes the use of digital signature to guarantee both the provenance and the integrity of digital documents. In the recent literature, a vulnerability of enveloping digital signature, based on a novel mechanism allowing ambiguous presentation of electronic documents, has been addressed. In this paper, we show that such an issue poses serious threats over archived documents (like legal acts and e-invoices), since this way an attacker is allowed to produce a certified copy of a signed document that could show a content completely different from that of the original document. A strategy to tackle this threat is also proposed.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Adobe Systems Incorporated. TIFF 6.0 Specification (1992), http://partners.adobe.com/public/developer/en/tiff/TIFF6.pdf

  2. Alsaid, A., Mitchell, C.: Dynamic content attacks on digital signatures. Information Management & Computer Security 13(4), 328–336 (2005)

    Article  Google Scholar 

  3. Bearman, D.: Collecting software: a new challenge for archives & museums. Archives & Museum Informatics (1990)

    Google Scholar 

  4. Buccafurri, F., Caminiti, G., Lax, G.: Fortifying the dalì attack on digital signature. In: Proceedings of the 2nd International Conference on Security of Information and Networks, pp. 278–287. ACM, New York (2009)

    Google Scholar 

  5. Clarke, D., Gassend, B., Kotwal, T., Burnside, M., van Dijk, M., Devadas, S., Rivest, R.: The untrusted computer problem and camera-based authentication. In: Mattern, F., Naghshineh, M. (eds.) PERVASIVE 2002. LNCS, vol. 2414, pp. 114–124. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  6. EU Directive 1999/93 of the European Parliament. Official Journal of the European Communities (December 13, 1999)

    Google Scholar 

  7. Freed, N., Borenstein, N.: Multipurpose Internet Mail Extensions (MIME) Part One: Format of Internet Message Bodies (1996)

    Google Scholar 

  8. Granger, S.: Emulation as a digital preservation strategy. Corporation for National Research Initiatives (2000)

    Google Scholar 

  9. International Organization for Standardization. ISO 32000-1:2008. Document management – Portable document format – Part 1: PDF 1.7 (2008)

    Google Scholar 

  10. Jøsang, A., Povey, D., Ho, A.: What you see is not always what you sign. In: Proc. of the Australian UNIX and Open Systems User Group, Melbourne, Australia, September 4-6 (2002)

    Google Scholar 

  11. Kaliski, B.: PKCS#7: Cryptographic Message Syntax (IETF RFC 2315), RSA Laboratories (1998)

    Google Scholar 

  12. Lee, K., Slattery, O., Lu, R., Tang, X., McCrary, V.: The state of the art and practice in digital preservation. Journal of Research-National Institute of Standards and Technology 107(1), 93–106 (2002)

    Article  Google Scholar 

  13. Little, D., Farmer, S., El-Hilali, O.: Digital Data Integrity (2007)

    Google Scholar 

  14. Scheibelhofer, K.: Signing XML Documents and the Concept of What You See Is What You Sign. Master’s thesis, Institute for Applied Inf. Processing and Communications, Graz University of Technology (2001), http://www.iaik.tu-graz.ac.at/teaching/11_diplomarbeiten/archive/scheibelhofer.pdf

  15. Spalka, A., Cremers, A., Langweg, H.: Protecting the creation of digital signatures with trusted computing platform technology against attacks by trojan horse programs. In: Proc. of the IFIP SEC 2001, Paris, France, June 11-13, pp. 403–420. Kluwer Academic, Dordrecht (2001)

    Google Scholar 

  16. The Electronic Signatures in Global and National Commerce Act (ESIGN). Pub.L. 106-229, 14 Stat. 464, enacted, 15 U.S.C. ch. 96 (June 30, 2000)

    Google Scholar 

  17. Waters, D., Garrett, J.: Preserving Digital Information. Report of the Task Force on Archiving of Digital Information. The Commission on Preservation and Access, 1400 16th St., NW, Suite 740, Washington (1996)

    Google Scholar 

  18. Zimmer, W.: Legally compliant electronic storage. Leading Edge Forum, CSC Papers (2010)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. DIMET, Università degli Studi Mediterranea di Reggio Calabria, Via Graziella, Località Feo di Vito, 89122, Reggio Calabria, Italy

    Francesco Buccafurri, Gianluca Caminiti & Gianluca Lax

Authors
  1. Francesco Buccafurri
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Gianluca Caminiti
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Gianluca Lax
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Center for Applied ICT (CAICT) and Copenhagen Business School (CBS), Howitzvej 60, 2000, Frederiksberg, Denmark

    Kim Normann Andersen

  2. Institute of Legal Information, Theory and Techniques, ITTIG-CNR, Italian National Reserach Council, Via de’ Barucci 20, 50127, Florence, Italy

    Enrico Francesconi

  3. ESI/Informatics, Örebro University, 701 82, Örebro, Sweden

    Åke Grönlund

  4. Faculty of Law, Leibniz Center for Law, University of Amsterdam, Kloveniersburgwal 48, 1000BA, Amsterdam, The Netherlands

    Tom M. van Engers

Rights and permissions

Reprints and permissions

Copyright information

© 2011 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Buccafurri, F., Caminiti, G., Lax, G. (2011). Threats to Legal Electronic Storage: Analysis and Countermeasures. In: Andersen, K.N., Francesconi, E., Grönlund, Å., van Engers, T.M. (eds) Electronic Government and the Information Systems Perspective. EGOVIS 2011. Lecture Notes in Computer Science, vol 6866. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-22961-9_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-22961-9_6

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-22960-2

  • Online ISBN: 978-3-642-22961-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation