In the recent literature a new vulnerability of digital signature has been addressed, based on a novel mechanism (denoted Dall attack) allowing ambiguous presentation of electronic documents. This mechanism operates by a non-trivial inclusion into a single polymorphic file of a pair of different contents, encoded through two different format types. In this paper we overcome the main limitation of the above attack, consisting in the necessity of having html among the two involved formats. Here, exploiting an unusual feature of the pdf standard, we are able to enhance the attack in such a way that the two filetypes, namely pdf and tiff, embedded into the polymorphic file are both extremely safe, allowing the attacker to produce a fake document that appears in a format widely accepted in the context of e-government activities both whenever it is signed and whenever it is fraudulently exploited. This significantly increases both the danger and the plausibility of the Dali attack.
展开▼
