该文探讨了企业采用PKI(公钥基础设施)以电子方式签署文档以优化工作流程的问题。然而,如果对手能构造出内容可变但签名不失效的电子文档,这一方法的安全性将受到挑战。文中分析了这类攻击的可能性,并指出多种流行电子文档格式和PKI包对此类攻击的脆弱性。
摘要:
Organizations of almost all sizes are discovering the value of "going digital" by converting their office documents to electronic documents. Many of these documents, including financial information, while papers, legal documents, and external communications, require expensive review and mark-up by internal and external workgroups. The main motivations or using PKI (public key infrastructure) in business environment (e.g., e-commerce) is to streamline workflow, by enabling human to digitally sign electronic documents, instead of manually signing paper ones. However, this approach fails if adversaries can construct electronic documents whose viewed contents can change in useful ways, without invalidating the digital signature. In this paper we have examined the space of such attacks, and have described how many popular electronic document formats and PKI packages permit them.
展开
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
