Paper 2023/1801

ForgedAttributes: An Existential Forgery Vulnerability of CMS and PKCS#7 Signatures

Falko Strenzke, MTG AG
Abstract

This work describes an existential signature forgery vulnerability of the current CMS and PKCS#7 signature standards. The vulnerability results from an ambiguity of how to process the signed message in the signature verification process. Specifically, the absence or presence of the so called SignedAttributes field determines whether the signature message digest receives as input the message directly or the SignedAttributes, a DER-encoded structure which contains a digest of the message. If an attacker takes a CMS or PKCS#7 signed message M which was originally signed with SignedAttributes present, then he can craft a new message M 0 that was never signed by the signer and has the DER-encoded SignedAttributes of the original message as its content and verifies correctly against the original signature of M . Due to the limited flexibility of the forged message and the limited control the attacker has over it, the fraction of vulnerable systems must be assumed to be small but due to the wide deployment of the affected protocols, such instances cannot be excluded. We propose a countermeasure based on attack-detection that prevents the attack reliably.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Preprint.
Keywords
existential signature forgeryattackcmspkcs#7
Contact author(s)
fstrenzke @ cryptosource de
History
2023-11-24: approved
2023-11-22: received
See all versions
Short URL
https://ia.cr/2023/1801
License
Creative Commons Attribution-ShareAlike
CC BY-SA

BibTeX

@misc{cryptoeprint:2023/1801,
      author = {Falko Strenzke},
      title = {{ForgedAttributes}: An Existential Forgery Vulnerability of {CMS} and {PKCS}#7 Signatures},
      howpublished = {Cryptology {ePrint} Archive, Paper 2023/1801},
      year = {2023},
      url = {https://eprint.iacr.org/2023/1801}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.