Digital signature represents the only valid method to give signed electronic documents probative value at least as traditional documents with handwritten signature. The above claim has a full counterpart with the current law system of most countries, so that the process of document dematerialization has been already started relying on the current infrastructures as well as the current juridical regulations, with strong attention towards common interoperability rules. As a consequence, the issue regarding the vulnerabilities of digital signature is particularly important. This paper presents a new attack to digital signature not based on the insertion of instructions in the document to sign but in the same way producing a non-static visualization of the signed document, with the purpose of producing (legal) effects different from those desired by the signer. The paper proves the attack by example and gives a possible way to contrast it.
展开▼
