Digital Signatures are a step in the right direction towards achieving true security
Utimaco Safeware has announced that its digital signature solution, SafeGuard Sign&Crypt, was among a number of products tested by a team from the Bonn University computing science faculty and was the only one to survive their (simulated) attacks. The results from these tests signify that products that use up-to-date technology can resist the types of attack currently carried out by hackers and that digital signature technology is well on the way to providing users with acceptable levels of security.
The team of researchers subjected various signature solutions currently on the market to a simulated attack. The aim of the attempt was to show that commonly used means of attack, such as Trojan horse programmes, could be successful in capturing the security numbers (or PINs) used for activating a digital signatures. The team of researchers also found that they were able to succeed in changing the appearance of documents within the "secure viewer" of the many of the tested products. The secure viewer is an additional feature provided by many signature solutions providers to ensure that users cannot sign documents that have been changed without their knowledge. However, with the methods applied by the team it was not possible to read the PIN from Utimaco's SafeGuard Sign&Crypt, neither could the team successfully change the text in Utimaco's secure viewer.
"Malicious threats from programmes that can be sneaked into the PC as "Trojan horses" have long been recognised by security vendors," said Utimaco Safeware director Norbert Pohlmann. "It is part of Utimaco Safeware's product strategy for the continuing development of its security solutions to take all recognised points of attack and weak spots in the operating system properly into account. One essential consideration is to provide protection from Trojans that read PINs."
Utimaco’s SafeGuard Sign&Crypt is designed to carry out the signing and encryption of digital documents and e-mails. SafeGuard Sign&Crypt is based around a combined hardware and software solution for optimum security, consisting of the signature, verification and encryption components, as well as an optional SafeGuard smartcard and CardMan smartcard reader.
Trojan horses are programmes that hide a function that is intended to cause damage within a "pretty package". Often these programmes offer apparently useful functions (e.g. games) and carry out their true purpose in secret. In most cases these programs aim to spy out important information on the PC and pass it to unauthorised people. Besides electronic address books and web-surfing favourites,
this can also include keys, passwords and PINs.
Secure viewers are present in most signature programmes. Their aim is to ensure that the user can check the document once again before signing it and only sign what they actually see on the screen (what you see is what you sign).
PIN (Personnel Identification Number) and digital signature
A PIN is an individual code number (or password) with which an authorised user proves their identity. In the case of a digital signature the PIN protects access to the user's secret signature key and must not be compromised for this reason especially. This applies whether the signature key is saved on the PC's hard disk, on a diskette or on a smartcard. However, saving the PIN on a smartcard increases security considerably: the signature key is protected from direct illicit observation and even if the attacker knows the PIN they can only access the signature key when the card is inserted.
In the IT sector intelligent chip-cards (smartcards) are increasingly taking on the function of a universal security token. With one single smartcard, users can logon to their PC, carry out digital signing and encrypt data when saving and transferring it.
- ends -
About Utimaco Safeware
Utimaco Safeware is the leading European manufacturer of professional and certified IT security solutions. Utimaco Safeware develops and sells integrated security solutions based on established standards regulating mobile/desktop security and Internet security. Utimaco Safeware maintains its website at http://www.utimaco.com.
For further information contact:
t: +44 (0)1 494 434 434
This press release was distributed by ResponseSource Press Release Wire on behalf of Strategic Public Relations Ltd in the following categories: Consumer Technology, Personal Finance, Business & Finance, Computing & Telecoms, for more information visit https://pressreleasewire.responsesource.com/about.