Ensuring that the integrity of an e-signature remains intact is crucial to protecting its attached messages or documents. This article will explain three types of e-signature validation attacks and how they can be avoided by adopting the standards for e-signatures under eIDAS.
eIDAS, the European Regulation for the electronic identification and trust services for electronic transactions, has referenced standards for signature formats used in Advanced Electronic Signatures and Qualified Electronic Signatures that work to protect the integrity of the e-signature and its associated data.
The Real Danger of E-Signature Attacks
The use of e-signatures continues to gain acceptance around the globe as a solution that helps not only individuals, but also businesses and government entities facilitate the transfer of data, such as official government documents, medical information, financial information and business contracts. Instead of relying on a hand-written signature, which is not always guaranteed to be secure, a Qualified Electronic Signature is now an accepted method to validate the identity of the signer/sender of aforementioned data and is, by law, accepted by court across the EU internal market.
Unfortunately, as cyber-criminals become more adept at discovering vulnerabilities within information systems, they have discovered methods to launch e-signature validations attacks. Here are three classes of e-signature validation attacks that allow hackers to take advantage of certain vulnerabilities that may exist within some e-signatures.
It is important to note that each attack takes advantage of a missing step within the signature verification process and not on the signature generation. As we will note in the end, if a signature format conforms to the referenced standards, these signature verification algorithms can be produced which are immune to the mentioned attacks.
The classification described below is based on a publication by pdf-insecurity.org.
E-Signature Attack #1 – Universal Signature Forgery (USF)
The goal of a Universal Signature Forgery (USF) attack is to disable the e-signature verification process by manipulating the signature object by adding invalid content to it or removing references to the signature object. This object holds all the information that is needed for signature validation.
Even though the signature object exists and remains within the e-signature, its validation logic is unable to apply the correct cryptographic operations needed to verify the signature because the USF attack has confused the signature validation logic. If the hacker is successful with their USF attack, the online validation logic or view application will display that the e-signature is valid and belongs to a specific individual or entity on its display panel.
E-Signature Attack #2 – Incremental Saving Attack (ISA)
In the instance of an Incremental Saving Attack (ISA), the goal is to make an incremental save to a document by redefining its structure. Therefore, the target of this attack is a PDF document’s incremental saving or incremental updating feature, which when used legitimately allows a user to add annotations to their PDF. These annotations are saved incrementally as a new PDF body after the PDF’s original content. The incremental saving feature is also used for signing the PDF and allows for the signature object to be appended to its original file content.
Normally, any alterations after a document has been signed would trigger a warning that the document had been tampered with. However, when conducting an ISA attack, the attacker might add additional content, such as new pages or annotations to an already signed PDF. Technically, this breach is not attack. Instead, it is an exploit of the PDF’s incremental saving feature. However, the vulnerability takes place when the signature’s validation logic does not detect that the content within the PDF file has been tampered with. The unsigned content that has been added after the signing of the document is simply seen as an update by the individual or entity that originally created the document’s e-signature. A successful ISA attack will result in new content/body updates being shown, while signature verification processes will remain unaware that modifications or updates have been made to the PDF document.
E-Signature Attack #3 – Signature Wrapping (SWA)
A Signature Wrapping (SWA) attack uses a unique approach to bypass a PDF’s signature protection without accessing its incremental saving feature. It does thing by moving the second part of the signed /ByteRange to the end of the breached document. Meanwhile, the attacker then reuses the xref pointer within the document’s signed trailer to reference his manipulated xref. In some instances, the attacker may also wrap the relocated second part with a stream object or dictionary to prevent it from being processed by the PDF’s or the online signature protection feature.
In a successful SWA attack, an attacker can add malicious unsigned objects into the document. If he has chosen to wrap the relocated second part, these objects can be placed before or after the manipulated xref. If no wrapping is added, the malicious objects would be placed after the manipulated xref. Depending on the PDF viewer, the attacker may copy the file’s last trailer and place it after his manipulated xref to allow the PDF file to be opened and to bypass signature verification without the manipulations to be detected.
eIDAS Standards Provides Enhanced Protection Against E-Signature Attacks
The eIDAS referenced standards include requirements which goes beyond the minimum requirement for PDF signatures. With these additional requirements, signature verification algorithms can easily be implemented to thwart attacks that would otherwise go unnoticed through normal PDF or online signature verification processes. eIDAS provides guidelines for the use of advanced electronic and qualified electronic signatures that add to the protections that are available within PDF software. Under the eIDAS legislation, all EU member states are required to recognize the validity of qualified and advanced electronic signatures that comply with its set standards.
Advanced electronic signatures must meet certain requirements that ensure their authenticity in order to be considered valid. The signature must be able to identify and be uniquely link to its signatory.
The signatures must be created with electronic signature data that is under the sole control of the signatory. Additionally, that electronic signature data must be able to identify if any tampering of data has occurred after the signature has been created.
The integrity of a qualified e-signature can be assured when it meets all eIDAS requirements and is based on a qualified certificate issued by an EU member state. Qualified electronic signatures are validated with certificates that have been issued through a qualified trust service provider. That provider must verify the signer’s identity before issuing a certificate.
A potential successful attack on the validation of a signature can depend on how the signature is created as well as how stringent the validation process is. Because of the nature of standard PDF software and its updating features, it leaves e-signatures vulnerable to attack. But these vulnerabilities can be mitigated by adopting the eIDAS referenced standards for Advanced or Qualified Electronic Signatures.
References and Further Reading
- Benefits of the eIDAS Toolbox – Case Studies from Various Industries (Part 1) (2018), by Gaurav Sharma
- Benefits of the eIDAS Toolbox – Case Studies from Various Industries (Part 2) (2018), by Gaurav Sharma
- Digital Trade and Trade Financing - Embracing and Shaping the Transformation (2018), by SWIFT & OPUS Advisory Services International Inc
- REGULATION (EU) No 1316/2013 establishing the Connecting Europe Facility, amending Regulation (EU) No 913/2010 and repealing Regulations (EC) No 680/2007 and (EC) No 67/2010(12/2013), by the European Parliament and the European Council
- Selected articles on Electronic Signing and Digital Signatures (2014-today), by Ashiq JA, Gaurav Sharma, Guillaume Forget, Jan Kjaersgaard , Peter Landrock, Torben Pedersen, Dawn M. Turner, and more
- Selected articles on Authentication (2014-today), by Heather Walker, Luis Balbas, Guillaume Forget, Jan Kjaersgaard, Dawn M. Turner and more
- eIDAS webinar 1: Using electronic Identification, Authentication and trust Services for Business (2018), by the European Commission
- The European Interoperability Framework - Implementation Strategy (2017), by the European Commission
- Proposal for a DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL amending Directive (EU) 2015/849 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing (2016), by the European Commission
- REGULATION (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (2016), by the European Parliament and the European Council
Proposal for a REGULATION concerning the respect for private life and the protection of personal data in electronic communications and repealing Directive 2002/58/EC (Regulation on Privacy and Electronic Communications), (2017), by the European Parliament and the European Council
- Revised Directive 2015/2366 on Payment Services (commonly known as PSD2) (2015), by the European Parliament and the Council of the European Union
- REGULATION (EU) No 910/2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC (2014) by the European Parliament and the European Commission
DIRECTIVE 2013/37/EU amending Directive 2003/98/EC on the re-use of public sector information (2013) by the European Parliament and the Council