Skip to main content
SpringerLink
Log in

Security and Trust in the Italian Legal Digital Signature Framework

  • Conference paper
Trust Management (iTrust 2005)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 3477))

Included in the following conference series:

Abstract

The early adoption of a national, legal digital signature framework in Italy has brought forth a series of problems and vulnerabilities. In this paper we describe each of them, showing how in each case the issue does not lie in the algorithms and technologies adopted, but either in faulty implementations, bad design choices, or legal and methodological issues. We also show which countermeasures would be appropriate to reduce the risks. We show the reflex of these vulnerabilities on the trust-based framework which gives legal value to digital signatures. We think that this study can help to avoid similar mistakes, now that under EU directives a similar architecture is planned or under development in most EU countries.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. D.P.R. 10-11-1997, n. 513, Regolamento contenente i criteri e le modalitá per la formazione, l’archiviazione e la trasmissione di documenti con strumenti informatici e telematici a norma dell’articolo 15, comma 2, della legge 15 marzo 1997, n. 59. Gazzetta Ufficiale n. 60, March 13 (1998) (in Italian)

    Google Scholar 

  2. Perri, P., Zanero, S.: Lessons learned from the italian law on privacy. Computer Law and Security Report 20 (2004)

    Google Scholar 

  3. Monti, A.: Il documento informatico nei rapporti di diritto privato. InterLex website (1997) (in Italian)

    Google Scholar 

  4. Borruso, R., Buonomo, G., Corasaniti, G., D’Aietti, G.: Profili penali dell’informatica. Giuffré (1994)

    Google Scholar 

  5. D.P.C.M. 08-02-1999, Regole tecniche per la formazione, la trasmissione, la conservazione, la duplicazione, la riproduzione e la validazione, anche temporale, dei documenti informatici. Gazzetta Ufficiale n. 87, April 15 (1999) (in Italian)

    Google Scholar 

  6. D.P.R. 07/04/2003, n. 137, Regolamento recante disposizioni di coordinamento in materia di firme elettroniche a norma dell’articolo 13 del decreto legislativo 23 gennaio 2002, n. 10 (2003) (in Italian)

    Google Scholar 

  7. Directive 1999/93/EC of the European Parliament and of the Council of December 13 (1999), On a Community framework for electronic signatures. Official Journal L013 (January 19, 2000)

    Google Scholar 

  8. Cammarata, M., Maccarone, E.: La firma digitale sicura. Il documento informatico nell’ordinamento italiano. Giuffré, Milan (2003)

    Google Scholar 

  9. Dumortier, J.: Legal status of qualified electronic signatures in europe. In: Paulus, S., Pohlmann, N., Reimer, H. (eds.) ISSE 2004-Securing Electronic Business Processes, Vieweg, pp. 281–289 (2004)

    Google Scholar 

  10. Brazell, L.: Electronic signatures: law and regulation. Sweet & Maxwell, London (2004)

    Google Scholar 

  11. Winn, J.K.: The emperor’s new clothes: The shocking truth about digital signatures and internet commerce. Idaho Law Review Symposium on Uniform Electronic Transaction Act (2001)

    Google Scholar 

  12. Kain, K., Smith, S., Asokan, R.: Digital signatures and electronic documents: A cautionary tale. In: Advanced Communications and Multimedia Security, IFIP TC6/TC11 6th Joint Working Conference on Communications and Multimedia Security. IFIP Conference Proceedings, vol. 228, pp. 293–308. Kluwer Academic, Dordrecht (2002)

    Google Scholar 

  13. Zanero, S.: Sconfinati campi di cavoli amari. Vulnerability Advisory (2002) (in Italian)

    Google Scholar 

  14. Autoritá per l’informatica nella pubblica amministrazione: Deliberazione n. 51/2000, “regole tecniche in materia di formazione e conservazione di documenti informatici delle pubbliche amministrazioni ai sensi dell’art. 18, comma 3, del decreto del presidente della repubblica, Novembre 10 (1997), n. 513 (2000) (in Italian)

    Google Scholar 

  15. Firma digitale sicura in Microsoft Word. Press Release (2003) (in Italian)

    Google Scholar 

  16. Cammarata, M.: Regole tecniche per bachi legali. InterLex website (2003) (in Italian)

    Google Scholar 

  17. D.P.C.M. 13 gennaio 2004, Regole tecniche per la formazione, la trasmissione, la conservazione, la duplicazione, la riproduzione e la validazione, anche temporale, dei documenti informatici. Gazzetta Ufficiale n. 98, April 27 (2004) (in Italian)

    Google Scholar 

  18. D.P.R. 28-12-2000, n. 445, “Testo unico delle disposizioni legislative e regolamentari in materia di documentazione amministrativa”. Gazzetta Ufficiale n. 42, February 20 (2001) (in Italian)

    Google Scholar 

  19. How to minimize metadata in Word 2003. Microsoft Knowledge Base (2004)

    Google Scholar 

  20. XML signature requirements. Request For Comments 2807 (2000)

    Google Scholar 

  21. Jøsang, A., Povey, D., Ho, A.: What you see is not always what you sign. In: The proceedings of the Australian UNIX User Group (2002)

    Google Scholar 

  22. Anonymous: Security Advisory (2003) (in Italian)

    Google Scholar 

  23. Pkcs #7: RSA cryptographic message syntax standard. RSA Laboratories, version 1.5 (1993)

    Google Scholar 

  24. Bruschi, D., Fabris, D., Glave, V., Rosti, E.: How to unwittingly sign non-repudiable documents with Java applications. In: 9th Annual Computer Security Applications Conference (2003)

    Google Scholar 

  25. Spalka, A., Cremers, A.B., Langweg, H.: The fairy tale of what you see is what you sign: Trojan horse attacks on software for digital signature. In: Proceedings of the IFIPWG9.6/11.7 Working Conference, Security and Control of IT in Society-II, SCITS-II (2001)

    Google Scholar 

  26. Weber, A.: See what you sign: Secure implementations of digital signatures. In: Campolargo, M., Mullery, A. (eds.) IS&N 1998. LNCS, vol. 1430, pp. 509–520. Springer, Heidelberg (1998)

    Chapter  Google Scholar 

  27. Spalka, A., Cremers, A.B., Langweg, H.: Protecting the creation of digital signatures with trusted computing platform technology against attacks by trojan horse programs. In: Proceedings of the 16th International Conference on Information Security: Trusted Information, pp. 403–419 (2001)

    Google Scholar 

  28. Balacheff, B., Chan, D., Chen, L., Pearson, S., Proudler, G.: Securing intelligent adjuncts using trusted computing platform technology. In: Proceedings of the 4th Working Conference on Smart Card Research and Advanced Applications, pp. 177–195. Kluwer Academic Publishers, Dordrecht (2001)

    Google Scholar 

  29. Schneier, B.: A hacker looks at cryptography. In: Black Hat Conference (1999)

    Google Scholar 

  30. Gelpi, A.: La firma è sicura, il documento no. InterLex website (2002) (in Italian)

    Google Scholar 

  31. Cammarata, M.: Il certificato di Arsène Lupin. InterLex website (2003) (in Italian)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Dip. di Elettronica e Informazione, Politecnico di Milano, via Ponzio 34/5, 20133, Milano, Italy

    Stefano Zanero

Authors
  1. Stefano Zanero
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Telematics, Norwegian University of Science and Technology (NTNU), N-7491, Trondheim, Norway

    Peter Herrmann

  2. INRIA-Rocquencourt, Domaine de Voluceau, 78153, Le Chesnay, France

    Valérie Issarny

  3. Department of Computing, The Hong Kong Polytechnic University, HungHom, Kowloon, Hong Kong

    Simon Shiu

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Zanero, S. (2005). Security and Trust in the Italian Legal Digital Signature Framework. In: Herrmann, P., Issarny, V., Shiu, S. (eds) Trust Management. iTrust 2005. Lecture Notes in Computer Science, vol 3477. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11429760_3

Download citation

  • DOI: https://doi.org/10.1007/11429760_3

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-26042-4

  • Online ISBN: 978-3-540-32040-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation