Abstract
Recently, electronic documents are deployed in many areas, thanks to their cost-efficiency and utility. However, trust concerns arise owing to the hardness of detecting document modification. To solve these concerns, many document processing software provide digital signature function. However, not much research was done to diagnose the security of implemented digital signature. Therefore, in this paper, we analyze the security of digital signature function implemented in PDF software including Adobe Acrobat, Nuance PDF Converter, and Foxit Phantom, and propose a list of recommendations for PDF software developers.
This work was supported by grant RND project “A Study on visible digital signature of electronic document” of KISA.
This work was supported by Priority Research Centers Program through the National Research Foundation of Korea(NRF) funded by the Ministry of Education, Science and Technology(2011-0018397).
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Merkle, R.C.: A Certified Digital Signature. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 218–238. Springer, Heidelberg (1990)
Bellare, M., Miner, S.K.: A Forward-Secure Digital Signature Scheme. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 431–448. Springer, Heidelberg (1999)
ISO 32000-1:2008. First Edition 2008-7-1: Document management - Portable document format - Part 1: PDF 1.7, http://www.iso.org/
Kaliski, B.: PKCS#7: Cryptographic Message Syntax (RFC 2315), RSA Laboratories (1998)
Merkle, R.C.: A Certified Digital Signature. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 218–238. Springer, Heidelberg (1990)
Housley, R., Polk, W., Ford, W., Solo, D.: Internet x.509 public key infrastructure certificate and CRL profile. IETF RFC 3280 (2002)
Lee, Y., Ahn, J., Kim, S., Won, D.H.: A PKI System for Detecting the Exposure of a User’s Secret Key. In: Atzeni, A.S., Lioy, A. (eds.) EuroPKI 2006. LNCS, vol. 4043, pp. 248–250. Springer, Heidelberg (2006)
CEOworld Magazine, http://ceoworld.biz/ceo/2010/04/13/
Lee, Y., Kim, I.J., Kim, S., Won, D.H.: A Method for Detecting the Exposure of OCSP Responder’s Session Private Key in D-OCSP-KIS. In: Chadwick, D., Zhao, G. (eds.) EuroPKI 2005. LNCS, vol. 3545, pp. 215–226. Springer, Heidelberg (2005)
Myers, M., Ankney, R., Malpani, A., Galperin, S., Adams, C.: X.509 Internet PKI Online Certificate Status Protocol. IETF RFC 2560 (1999)
Gürgens, S., Rudolph, C.: Security Analysis of Efficient (Un-)fair Non-repudiation Protocols. Formal Aspects of Computing 17(3), 260–276 (2005)
Kocher, P.C.: On Certificate Revocation and Validation. In: Hirschfeld, R. (ed.) FC 1998. LNCS, vol. 1465, pp. 172–177. Springer, Heidelberg (1998)
Naor, M., Nissim, K.: Certificate revocation and certificate update. In: Proc. of USENIX Security Symposium, pp. 217–228 (1998)
Micali, S.: Certificate revocation system. United States Patent, US Patent 5,666,416 (1997)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Park, S., Lee, C., Lee, K., Kim, J., Lee, Y., Won, D. (2011). Security Analysis on Digital Signature Function Implemented in PDF Software. In: Kim, Th., et al. Future Generation Information Technology. FGIT 2011. Lecture Notes in Computer Science, vol 7105. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-27142-7_38
Download citation
DOI: https://doi.org/10.1007/978-3-642-27142-7_38
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-27141-0
Online ISBN: 978-3-642-27142-7
eBook Packages: Computer ScienceComputer Science (R0)