Protecting Against Digital Signature Validation Attacks

Preserving the integrity of an e-signature is crucial to protecting the attached messages or documents. In this article, we delve deeper into the three types of digital signature attacks and how you can avoid them by adopting the standards for e-signatures under eIDAS.

eIDAS, the European Regulation for the electronic identification and trust services for electronic transactions, has referenced standards for signature formats used in Advanced Electronic Signatures and Qualified Electronic Signatures that work to protect the integrity of the e-signature and its associated data.

The Real Danger of Digital Signature Attacks

The use of e-signatures continues to gain acceptance around the globe as a solution that helps not only individuals, but also businesses and government entities facilitate the transfer of data. For example, official government documents, medical information, financial information, and business contracts.

Instead of relying on a hand-written signature, which is not always guaranteed to be secure, a Qualified Electronic Signature is now an accepted method to validate the identity of the signer/sender of aforementioned data. It is, by law, accepted by courts across the EU internal market.

Unfortunately, as cybercriminals become more adept at discovering vulnerabilities within information systems, they have discovered methods to launch digital signature attacks (also known as e-signature validations attacks).

Three Types of Digital Signature Attack

Here are three classes of digital signature validation attacks that allow hackers to take advantage of certain vulnerabilities that may exist within some e-signatures.

Note: each attack takes advantage of a missing step within the signature verification process, not on the signature generation. As referenced in the conclusion of this article, if a signature format conforms to the referenced standards, signature verification algorithms can be produced that are immune to the mentioned attacks.

The classification described below is based on a publication by PDF Insecurity.

Digital Signature Attack #1 – Universal Signature Forgery (USF)

The goal of a Universal Signature Forgery (USF) attack is to disable the e-signature verification process by manipulating the signature object. A USF does this by adding invalid content to the process or by removing references to the signature object. This object holds all the information that is needed for signature validation.

Even though the signature object exists and remains within the e-signature, its validation logic is unable to apply the correct cryptographic operations needed to verify the signature because the USF attack has confused the signature validation logic. If the hacker is successful with their USF attack, the online validation logic or view application will display that the e-signature is valid and belongs to a specific individual or entity on its display panel.

Digital Signature Attack #2 – Incremental Saving Attack (ISA)

In the instance of an Incremental Saving Attack (ISA), the goal is to make an incremental save to a document by redefining its structure. The target of this attack is a PDF document’s incremental saving or incremental updating feature which, when used legitimately, allows a user to add annotations to their PDF. These annotations are saved incrementally as a new PDF body after the PDF’s original content. The incremental saving feature is also used for signing the PDF and allows for the signature object to be appended to its original file content.

Normally, any alterations after a document has been signed would trigger a warning that the document had been tampered with. However, when conducting an ISA attack, the attacker might add additional content, such as new pages or annotations to an already signed PDF.

Technically, this breach is not an attack. Instead, it is an exploit of the PDF’s incremental saving feature. However, the vulnerability takes place when the signature’s validation logic does not detect that the content within the PDF file has been tampered with. The unsigned content that has been added after the signing of the document is simply seen as an update by the individual or entity that originally created the document’s digital signature. A successful ISA attack will result in new content/body updates being shown, while signature verification processes will remain unaware that modifications or updates have been made to the PDF document.

Digital Signature Attack #3 – Signature Wrapping (SWA)

A Signature Wrapping (SWA) attack uses a unique approach to bypass a PDF’s signature protection without accessing its incremental saving feature. It does this by moving the second part of the signed /ByteRange to the end of the breached document. Meanwhile, the attacker then reuses the xref pointer within the document’s signed trailer to reference their manipulated xref. In some instances, the attacker may also wrap the relocated second part with a stream object or dictionary to prevent it from being processed by the PDF’s or the online signature's protection feature.

In a successful SWA attack, an attacker can add malicious unsigned objects to the document. If they have chosen to wrap the relocated second part, these objects can be placed before or after the manipulated xref. If no wrapping is added, the malicious objects would be placed after the manipulated xref. Depending on the PDF viewer, the attacker may copy the file’s last trailer and place it after their manipulated xref to allow the PDF file to be opened and to bypass signature verification without the manipulations being detected.

eIDAS Standards Provide Enhanced Protection Against Digital Signature Attacks

eIDAS-referenced standards include requirements which go beyond the minimum requirement for PDF signatures. With these additional requirements, signature verification algorithms can easily be implemented to thwart attacks that would otherwise go unnoticed through normal PDF or online signature verification processes. eIDAS provides guidelines for the use of advanced electronic and qualified electronic signatures that add to the protections that are available within PDF software. Under the eIDAS legislation, all EU member states are required to recognize the validity of qualified and advanced electronic signatures that comply with its set standards.

Advanced electronic signatures must meet certain requirements that ensure their authenticity to be considered valid. The signature must be able to identify and be uniquely linked to its signatory. The signatures must be created with electronic signature data that is under the sole control of the signatory. Additionally, the electronic signature data must be able to identify if any tampering of data has occurred after the signature has been created.

The integrity of a qualified e-signature can be assured when it meets all eIDAS requirements and is based on a qualified certificate issued by an EU member state. Qualified electronic signatures are validated with certificates that have been issued through a qualified trust service provider. That provider must verify the signer’s identity before issuing a certificate.

A successful digital signature attack can depend on how the signature is created as well as how stringent the validation process is. Because of the nature of standard PDF software and its updating features, it leaves e-signatures vulnerable to attack. But these vulnerabilities can be mitigated by adopting the eIDAS referenced standards for Advanced or Qualified Electronic Signatures.

References and Further Reading

• Digital Trade and Trade Financing - Embracing and Shaping the Transformation (2018), by SWIFT & OPUS Advisory Services International Inc
• REGULATION (EU) No 1316/2013 establishing the Connecting Europe Facility, amending Regulation (EU) No 913/2010 and repealing Regulations (EC) No 680/2007 and (EC) No 67/2010(12/2013), by the European Parliament and the European Council 

• Selected articles on Electronic Signing and Digital Signatures (2014-today), by Ashiq JA, Gaurav Sharma, Guillaume Forget, Jan Kjaersgaard , Peter Landrock, Torben Pedersen, Dawn M. Turner, and more

• Selected articles on Authentication (2014-today), by Heather Walker, Luis Balbas, Guillaume Forget, Jan Kjaersgaard, Dawn M. Turner and more

• eIDAS webinar 1: Using electronic Identification, Authentication and trust Services for Business (2018), by the European Commission
• The European Interoperability Framework - Implementation Strategy (2017), by the European Commission
• Proposal for a DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL amending Directive (EU) 2015/849 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing (2016), by the European Commission

• REGULATION (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (2016), by the European Parliament and the European Council

• Proposal for a REGULATION concerning the respect for private life and the protection of personal data in electronic communications and repealing Directive 2002/58/EC (Regulation on Privacy and Electronic Communications), (2017), by the European Parliament and the European Council

• Revised Directive 2015/2366 on Payment Services (commonly known as PSD2) (2015), by the European Parliament and the Council of the European Union
• REGULATION (EU) No 910/2014  on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC (2014) by the European Parliament and the European Commission

• DIRECTIVE 2013/37/EU amending Directive 2003/98/EC on the re-use of public sector information (2013) by the European Parliament and the Council