Wednesday, 30 January 2008

Trusting electronically signed documents.

Both electronic and paper documents are subject to tampering. The discovery of collisions has demonstrated that the process of signing a hash signature is not without its own vulnerabilities. In fact, the collision allows two versions of the document to be created with the same hash and thus same electronic signature.

It was stated in a response to an earlier post that “Electronic contracts do not have to be re-read when they are returned because there's generally no mechanism (unless it's built into the electronic process) to alter the contract terms, scratch out a line, insert text, etc. What you send is what is being signed.

Unfortunately this is not true.

An attacker could generate two documents. One states:
Sell at $500,000.00 (Order 1)

The second document states:
Sell at $1,000,000.00 (Order 2)

Our attacker wants to have the second document as the one that is signed. By doing this they have increased the sale contract by $500,000.

Confoo is a tool that has been used to demonstrate two web pages that look different, but have the same MD5 hash (and there are also issues with other hash algorithms as well).

Digital signatures typically work using public key crypto. The document is signed using the private key of the signer. The public key is used for verification of the signature. The issue is that public key crypto is slow. So rather then signing the entire document, a hash of the document is signed. As long as the hash is trusted, the document is trusted. The concern is that collisions exist.

So back to the issue. Our attacker takes order 1 and order 2 and uses the Confoo techniques (also have a look at Stripwire).

The client is sent a document that reads as “order 1” and they agree to buy a product for $500,000. As such they sign the order using an MD5 hash that is encrypted with the buyers private key. Our attacker (using Confoo style techniques) has set up a document with a collision. Order 1 and Order 2 both have the same hash.

Our attacker can substitute the orders and the signed document (that is a verified hash) will still verify as being signed.

The ability of Microsoft Word to run macros and code makes it a relatively simple attack to create a collision in this manner.

So, electronic documents do need to be re-read – but it is simpler in that there are tools to verify these. Ensure that the Hash used is trusted and even use multiple hashes together.

Further Reading:
http://www.doxpara.com/slides/Black%20Ops%20of%20TCP2005_Japan.ppt


Tech aside.

This attack works due to the nature of hashing algorithms. If you have 2 documents, x and y that have the same hash (i.e. a collision) then by appending an additional block of information – q to the documents will also result in a collision. This is (x+q) will have the same hash as (y+q).

No comments: