BIB-VERSION:: CS-TR-v2.0
ID:: ncstrl.dartmouthcs//TR2003-457
ENTRY:: February 15, 2008
ORGANIZATION:: Dartmouth College, Computer Science
TITLE:: Electronic Documents and Digital Signatures
TYPE:: Technical Report (paper)
REVISION:: 1
AUTHOR:: Kain, Kunal
DATE:: May 2003
RETRIEVAL:: For a paper copy, email <reports@cs.dartmouth.edu>
RETRIEVAL:: For a paper copy, write to
       Technical Report Librarian
       Department of Computer Science
       Dartmouth College
       6211 Sudikoff Laboratory
       Hanover, NH 03755-3510
       USA
RETRIEVAL:: PDF at http://www.cs.dartmouth.edu/reports/TR2003-457.pdf
ABSTRACT:: 
Often, the main motivation for using PKI in business environments is to streamline workflow, by enabling humans to digitally sign electronic documents, instead of manually signing paper ones. However, this application fails if adversaries can construct electronic documents whose viewed contents can change in useful ways, without invalidating the digital signature. In this paper, we examine the space of such attacks, and describe how many popular electronic document formats and PKI packages permit them.
NOTE:: 
A revised version was published as follows:
<br>K. Kain, S.W. Smith, R. Asokan.
<br>"Digital Signatures and Electronic Documents: A Cautionary Tale."
<br>Advanced Communications and Multimedia Security,
<br>pp. 293-307, September 2002. Kluwer Academic Publishers. 
<br>http://portal.acm.org/citation.cfm?id=647802.737169
<br>http://www.cs.dartmouth.edu/~sws/pubs/ksa02.pdf
END:: ncstrl.dartmouthcs//TR2003-457