Paper 2023/1801
ForgedAttributes: An Existential Forgery Vulnerability of CMS and PKCS#7 Signatures
Abstract
This work describes an existential signature forgery vulnerability of the current CMS and PKCS#7 signature standards. The vulnerability results from an ambiguity of how to process the signed message in the signature verification process. Specifically, the absence or presence of the so called SignedAttributes field determines whether the signature message digest receives as input the message directly or the SignedAttributes, a DER-encoded structure which contains a digest of the message. If an attacker takes a CMS or PKCS#7 signed message M which was originally signed with SignedAttributes present, then he can craft a new message M 0 that was never signed by the signer and has the DER-encoded SignedAttributes of the original message as its content and verifies correctly against the original signature of M . Due to the limited flexibility of the forged message and the limited control the attacker has over it, the fraction of vulnerable systems must be assumed to be small but due to the wide deployment of the affected protocols, such instances cannot be excluded. We propose a countermeasure based on attack-detection that prevents the attack reliably.
Metadata
- Available format(s)
- Category
- Cryptographic protocols
- Publication info
- Preprint.
- Keywords
- existential signature forgeryattackcmspkcs#7
- Contact author(s)
- fstrenzke @ cryptosource de
- History
- 2023-11-24: approved
- 2023-11-22: received
- See all versions
- Short URL
- https://ia.cr/2023/1801
- License
-
CC BY-SA
BibTeX
@misc{cryptoeprint:2023/1801, author = {Falko Strenzke}, title = {{ForgedAttributes}: An Existential Forgery Vulnerability of {CMS} and {PKCS}#7 Signatures}, howpublished = {Cryptology {ePrint} Archive, Paper 2023/1801}, year = {2023}, url = {https://eprint.iacr.org/2023/1801} }