1 Digital signature in insecure environments Janne Varjus Helsinki University of Technology Abstract Due to current legislation the digital signatures can be as valid as the hand written signatures. If the signing environment is compromised there is no way for the signatory to know what he/she is signing. Even if signing process is secure, data can be switched before signing by malware. Home computers are usually in a risk to get compromised by virus attacks and computers elsewhere can be untrusted. If computers in a risk cannot be used for signing it greatly reduces the applications of the digital signatures. To solve this issue hardware and software approaches have been developed that try to minimize the risks. KEYWORDS: Digital Signatures, Trusted Computing, Malware 1 Introduction Digital signatures are nowadays as legally binding as the normal signatures are in many countries . Accredited certificate authorities have been around for some time now, but the current usage of the digital signatures is still rare. The digital signatures should be secure enough and easy to use to gain a wide acceptance from the public and the service providers. Current implementations lack such a security as well as the ease of the usage . Also the price is a very important issue. To be able to provide services to the general public these issues must be addressed. Usable and secure digital signatures would make it possible to offer many kinds of services, which currently require a hand written signature. Numerous government and private sector services could be provided online and the need to make and archive paper documents, which will be after all inputted to the computer systems, would be eliminated. This would speed up the service and reduce the cost caused by archiving and manually processing the documents. For example the new legislation in the Finland requires the use of the digital signature for signing documents stored in the new health care information system . To be more useful also patients should be able to sign the documents stored there. Places where the most of the signing would take a place are probably the home computer of the patient and a public terminal in the hospital. This requires at least addressing the security issues. 2 Technology Digital signatures are produced by using public-key cryptography. This is usually achieved by using a smart card that holds keys and does the actual signing. The private key never leaves the card. The smart card is protected by a PIN-code that must be entered before signing.  To be able to sign a document user needs a card reader (preferably with a pin pad) and a software that handles the signing process. Software calculates a hash value for the document, transfers it to the smart card, and the smart card signs it with the private key if the entered PIN-code is correct. After signing anyone can verify with the public key that the document is signed with the corresponding private key.  To be able to trust that the public key is belonging to the user it says it belongs to, it must be signed by a trusted certificate authority. The certificate authority must also have a way to revoke the certificate. Usually the certificate authority is a third party. Also some kind of service to establish the timeline between signatures is usually required to determine which signatures have been made before revoking the certificate. Signing with an old key must also be prevented.  3 Legislation In Finland all signatures created using accredited certificate authority signed keys and secure signing device are legally binding. Otherwise signature is not necessarily legally valid. It could be argued that the law requires completely secure signing method and therefore no signature is legally binding.  Digital signatures are already required by the law in electronic medical records. After the transition period secure way to sign medical documents will be needed.  Internationally digital signature laws are quite different in different countries and legally binding signature in one country might not be binding in another country. Also liability of the signatory could differ between countries. There is work being done to harmonize laws between countries so international commerce could use the digital signature.  4 Problem description Digital signatures are usually created by calculating a hash value from the data to be signed and then the hash value
2 is signed with a public key algorithm . Signing operations and key storage are usually done with a smart card or a similar device which is a closed platform. This assures that the private keys are safe and the signing operation is secure. It however doesn t prevent malicious alteration of the hash value or the document to be signed before signing. This is because the computer used for the signing operation is an open platform, which can be infected by a trojan horse. Malware could easily alter the document to be signed when using current signing software packages.  Preventing this from happening would require that the malware couldn t take a part in the signing process. This could be achieved by using a completely closed system for the signing or by trying to verify that the software components taking part to the signing process are unaltered. First available solution is hardware based and requires a special display controller and a smart card reader combination. It basically signs what you see in the display. It is in practice a closed system so the malware should not affect it.  Second solution is software or partly software based and reduces risk that the malware could operate in the system. It is usually referred as a Trusted Computing. Hardware or software verifies the integrity of the software and detects any changes. It doesn t offer complete protection but it greatly increases the security.  Software solutions tested at autumn 2005 didn t have any kind of protection for modifying the data to be signed or the data to be verified. Some solutions are even allowed to execute arbitrary code in their address space.  Smart cards usually have PIN codes to ensure that the card is only used by the card owner. Cheaper readers do not have a numeric keypad for the PIN code. When the PIN-code is inputted by a computer keyboard, it is relatively easy to capture it. After the PIN-code is captured, the malware can use the card whenever it wants to, if the card is inserted to the reader. Alternatively someone could acquire the PINcode and then steal the card.  The PIN-code is relatively easy to protect with readers that have a keypad and use it for entering the PIN-code. Digital signatures that satisfy certain conditions are legally binding so care should be taken when signing any document . Every time a signing operation could be misused to sign something else if the platform is compromised. However the hash should be secure so malicious information to be signed must be available at the moment when signature is performed. After signing operation the user can be very confident at least that no more forged signatures can be made using his keys, if the key material isn t exposed to the malware. Current signing software require saving the document, launching separate program for a signing operation and reviewing the document in a separate secure viewer before signature even if you just have written the document. Of course there could be only one button that reads "Sign", but it would undermine the security against malware. Also the PIN-code will be asked each time you want to sign something.  This should be much easier for the general public. 5 Software based secure signing environment using Trusted Computing Platform Document to be signed is saved to a SWORM medium to prevent modification. Java application will be used for signing because it can be executed in a trusted Java Virtual Machine or in the memory of a smart card when intelligent adjunct model is used. The signing application should be saved to the memory of the smart card so it will be more platform independent and always trusted.  This approach could be used by the general public in the future because it only requires Trusted Platform Module and a smart card reader to be in the computer, and the rest depends on the software and the smart card. Because it is very unlikely, that the malware that targets digital signatures attacks operating system loader, it could be possible to drop off the Trusted Platform Module. Then the whole solution would be software based and usable in all computers that are running operating systems supporting Trusted Computing Platform. Currently there isn t required support in any mainstream operating system so this approach is valid only in the future.  5.1 Trusted Computing Platform To prevent that the malware has access to the signing process, Trusted Computing Platform could be used. It consists of a hardware module that functions as a root of the software signature verification. Previously loaded software components verify that the components they load have a valid signature. This way the whole operating system could be verified and loading the malware as trusted software prevented. At least the malware wouldn t be able to mess up with the operating system. Also path from the reader to the software and the path from the keyboard to the software are protected. Signing software is not required to be signed and it could be run for example in a trusted Java Virtual Machine.  5.2 WORM and SWORM WORM means write once read multiple and SWORM is a software implementation of WORM. For example it could be securely implemented by using Trusted Computing Platform. WORM ensures that when a file is saved it cannot be modified anymore. When software saves a file to the SWORM medium it is impossible to tell if it will be signed in the future. This prevents the malware from monitoring when the document to be signed is saved. Also malware has only a short window of opportunity to change the data to be signed. This reduces the need of the secure viewer component in the signing software.  5.3 Intelligent adjunct model Normally smart card controls only the signing process inside the smart card, but in the Intelligent Adjunct model the smart card is given control of resources outside the smart card. The card could for example retrieve file to be signed from the SWORM medium. This means that the Java Virtual Machine
3 running on the smart card is given access to the hardware of the computer through the smart card reader interface.  5.4 Storing signing software on the smart card Signing software resides in the smart card and is loaded from there to the secure Java Virtual Machine or it could be also executed in the smart card s own internal virtual machine. Signing software should be implemented in Java so it can be run in the virtual machine. This makes it possible that integrity of the signing software is verified even if it doesn t have a signature from the Trusted Computing Platform Alliance. This makes it easier to make updates to the software. Smart card manufacturer or developer writes the signing software to the smart card and if it cannot be modified it could be considered trusted.  6 Trusted Display Controller based secure signing method Trusted Display Controller is used to control the video path. Together with a smart card reader it forms a closed platform for signing. Trusted Display Controller is a modification for the Trusted Platform Module. Rest of the system can be a normal personal computer that has open platform.  When an application wants to sign some information it sends it to the Trusted Display Controller. Trusted Display Controller first performs mutual authentication with the smart card using secure communication between the smart card reader and the controller. Only controllers that have correct certificates can access to the smart card data. User can be guaranteed that the hardware is approved to be used with the smart card even when using computer that the user has never used before.  After the authentication controller fetches a seal image from the smart card and displays the bitmap of the information to be signed with it. The controller generates a random number and displays it with the seal and the document. User can confirm that the image on the display actually comes from the controller by looking at the seal image which is chosen by user, and only user knows what it looks like. To sign the bitmap user is required to input that random number with a normal keyboard. Security of the keyboard input is not an issue because the number is used only once.  This method could be impractical with large documents because each page must be shown and signed separately. Also because the image of the document is signed it could be hard to automatically process that data.  This isn t very appealing to the general public because special display controller costs too much for someone who just wants to use some services that require digital signature. Hardware based approach could be used in public computers intended for producing digital signatures. It could be a good idea if such a solution supported also viewing and signing documents in pdf-format instead of just bitmap. 7 Other hardware based solutions Secure signing operation could be performed on a completely separate hardware. To be able to trust the signing process, this hardware device should have a display to view the document and a smart card reader with a possibility to input the PIN-code.  The device could be a dedicated computer that has only minimal software for performing the signing process and a secure way to transfer the document to be signed. Also completely closed system that is only meant for this use is possible . It could be connected to the computer via USB or by some other means. Problem with this solution would be a high price tag and therefore it wouldn t be practical for home usage. By using a PDA as a secure signing device this could be a solution for business use. Completely closed system would be difficult for most applications because it could sign only a few preselected formats. However this could be useful when the formats are known before, like for example when signing documents at some government bureau.  8 Commercial software available from the store. Commercial software products for producing the digital signature are the easy way to go. These products are usually build to perform digital signature operations the user friendly way. But there isn t sufficient security against malware in these programs. More secure platform could help.  Many products available are vulnerable to even the most basic attacks by trojan horses. In most cases attack could be executed by using only basic user rights. Attack can be performed with a very little knowledge about the internals of the program.  DLL that provides an interface to the smart card reader can be replaced with another DLL that wraps functionality of the real DLL and so malicious DLL gains an access to the signing software address space. It could be used as a sniffer for the smart card traffic or to make changes to the signing software.  The PIN-code can be usually intercepted by just accessing to the password input box through the Windows API. Some software has protection against this, but usually the PIN-code can be still retrieved. Key pad with the smart card reader eliminates this security problem.  Most programs have secure viewer component that displays the document just before it will be signed. Malicious program can draw to the viewer surface or open a new window on top of the viewer. This could be prevented by refreshing the content frequently enough and by monitoring that no window is on top of the actual viewer window.  Most of these attacks can be prevented using simple methods, but programs do not employ them. Software manufacturers assume that environment where programs will be used is not compromised. And it is responsibility of the user to assure this.  This option is more appealing to the general public because it needs just the software and the smart card reader and
4 is compatible with the platforms that the software supports. Security however is not so great and for the digital signature with legal obligations it isn t a very good option. 9 Solution for the general public For the general public the security should be high because users aren t experts and the equipment should be cheap for home use. Also the solution must be easy to use. Users shouldn t be able to make any modifications that would produce a security risk. This means that the platform must be closed or at least the software must be protected from any modifications. To keep the cost of this solution low need of extra hardware should be kept minimal. To protect the software from modifications it should be loaded from read only memory and no other software should be running at the same time. Device used needs a display because of the need to inspect the document to be signed. Displays capable to view documents aren t cheap, so usually at home buying one for this reason is out of the question. A computer display is usually the only display that is found from home and is capable to view documents. This means that the computer should be used to sign the documents in home environment. I propose that a specialized Linux distribution booted from a CD-ROM could be used to perform the signing. Booting from the CD-ROM ensures that only the software that is on the CD is running and making changes to the software is impossible. This would be a good solution for home use because only needed hardware is a card reader and a normal computer. Distribution should include only the necessary tools and nothing else. Such tools would be the signing software and a collection of editors and viewers. Also tools to access file systems on the computer should be included. Distribution could be easily customized to fit any special purpose by adding software to it. If trusted service provider provides the CD, user knows that he/she has obtained a valid copy. For example the distribution could be constructed to support all the services that the government offers. It might be advantageous for the service providers to create one common distribution for every service. Security with this solution would be quite good because every time system is booted, clean copy of the operating system will be loaded and minimal Linux is a very hard target for any kind of malware that doesn t already come with the distribution. Of course any other OS could be used for this purpose if it can be customized. This Linux distribution could also be running under a virtual machine. It reduces security but could be a good option for some purposes. In this configuration the smart card reader could pose a security risk because it needs to be connected to the virtual machine through the actual computer. Otherwise well implemented virtual machine should be relatively safe place to run this Linux distribution. Normal trojan horse would have great difficulty to do something because it would have to directly modify address space used by the virtual machine. Need to boot to another operating system makes this Linux distribution a little difficult to use if it is needed frequently. Solution Price Security Software, Trusted Computing low medium Hardware high high Current software in market low low Bootable linux CD free medium Table 1: Solutions for producing digital signatures For users who use it just occasionally it could be the best solution and because the Linux is under the GPL it would also be free. This Linux distribution could also be useful for applications where whole computer is dedicated to performing digital signature operations. This could be the case for example if temporary workstation is needed to produce digital signatures. 10 Analysis of the solutions Different solutions follow the rule: When usability increases security decreases or the price increases. Trusted Computing Platform based solutions provide more secure environment and therefore increase also security of the signing software. Current software shows that the developers don t care to make even the most basic protection against malware. Usually the manual says that it is responsibility of the user to provide malware-free environment.  Closed platform hardware solutions are very secure and also expensive. The advantage with the closed platform is that outside influence can t interfere with it. Special hardware is also usually easy and fast to use. Linux boot CD solution seems to be a good choice compared to the other choices, but it is necessary to boot computer to this special environment. Frequent usage with one computer that is in other uses too could be very inconvenient. This solution could also be used to make workstation that is dedicated for digital signing. Solutions are compared in the Table Conclusion Emerging services that use digital signatures need to have a secure way for the user to make the signatures. As the number of the services will increase also solutions to perform digital signatures will increase and security will be taken into account more seriously. Current hardware solutions are expensive and software solutions insecure. Specialized hardware could be option when the signing of documents is very frequent. Because hardware solution also makes it possible to authenticate the hardware by the smart card, it is the best solution for use in public computers like for example the computer in the library. Current software solutions are suitable for people that can be sure that their computer doesn t contain any malware. Software solution that utilizes Trusted Computing Platform would be secure and inexpensive but operating systems that support it are not currently available for the wide audience. 
5 New solutions must be developed before the general public can utilize the services safely. Because of the legally binding nature of the digital signature equal to a hand written signature these solutions must be very secure. One possibility to achieve secure and inexpensive system could be using Linux system that boots from the CD. It however isn t very user friendly because user must first shut down the operating system he/she uses regularly. References  Laki sähköisistä allekirjoituksista /14,  Laki sosiaali- ja terveydenhuollon asiakastietojen sähköisestä käsittelystä /159,  B. Balacheff, L. Chen, D. Plaquin, and G. Proudler. A trusted process to digitally sign a document. In NSPW 01: Proceedings of the 2001 workshop on New security paradigms, pages 79 86, New York, NY, USA, ACM Press.  H. Langweg. Malware attacks on electronic signatures revisited. In Konferenzband der 3. Jahrestagung Fachbereich Sicherheit der Gesellschaft für Informatik., pages ,  A. Spalka, A. B. Cremers, and H. Langweg. The fairy tale of what you see is what you sign - trojan horse attacks on software for digital signatures. In Proceedings of the IFIP WG 9.6/11.7 Working Conference.,  A. Spalka, A. B. Cremers, and H. Langweg. Protecting the creation of digital signatures with trusted computing platform technology against attacks by trojan horse programs. In Sec 01: Proceedings of the 16th international conference on Information security: Trusted information, pages ,  M. Wang. A review of electronic signatures regulations: do they facilitate or impede international electronic commerce? In ICEC 06: Proceedings of the 8th international conference on Electronic commerce, pages , New York, NY, USA, ACM.  J. Zhou and R. Deng. On the validity of digital signatures. SIGCOMM Comput. Commun. Rev., 30(2):29 34, 2000.