WYSIWYS

From HandWiki

In cryptography, What You See Is What You Sign (WYSIWYS) is a property of digital signature systems that ensures the semantic content of signed messages can not be changed, either by accident or intent. [1]

Mechanism of WYSIWYS

When digitally signing a document, the integrity of the signature relies not just on the soundness of the digital signature algorithms that are used, but also on the security of the computing platform used to sign the document. The WYSIWYS property of digital signature systems aims to tackle this problem by defining a desirable property that the visual representation of a digital document should be consistent across computing systems, particularly at the points of digital signature and digital signature verification.[2]

It is relatively easy to change the interpretation of a digital document by implementing changes on the computer system where the document is being processed, and the greater the semantic distance, the easier it gets. From a semantic perspective this creates uncertainty about what exactly has been signed. WYSIWYS [3][4][5][6] is a property of a digital signature system that ensures that the semantic interpretation of a digitally signed message cannot be changed, either by accident or by intent. This property also ensures that a digital document to be signed can not contain hidden semantic content that can be revealed after the signature has been applied. Though a WYSIWYS implementation is only as secure as the computing platform it is running on, various methods have been proposed to make WYSIWYS more robust.[2][7]

The term WYSIWYS was coined by Peter Landrock and Torben Pedersen to describe some of the principles in delivering secure and legally binding digital signatures for Pan-European projects. [1]

References

  1. 1.0 1.1 P. Landrock, T. Pedersen, "WYSIWYS? -- What you see is what you sign?". Information Security Technical Report, Volume 3, Number 2, 1998, pp. 55-61
  2. 2.0 2.1 A. Jøsang and B. AlFayyadh. "Robust WYSIWYS: A Method For Ensuring that What You See Is What You Sign". Proceedings of the Australasian Information Security Conference (AISC'08), Wollongong, Australia, January 2008.
  3. A. Weber, "See What You Sign: Secure Implementations of Digital Signatures", in Proceedings of the International Conference on Intelligence and Services in Networks, 1998, pp. 509-520.
  4. K. Scheibelhoferm, "Signing XML Documents and the Concept of What You See Is What You Sign", Masters thesis, Graz University of Technology, Austria, 2001.
  5. A. Spalka, A.B. Cremers, H. Langweg, "The fairy tale of What You See Is What You Sign - Trojan Horse Attacks on Software for Digital Signatures", in IFIP Working Conference on Security and Control of IT in Society-II (SCITS-II).
  6. A. Jøsang, D. Povey and A. Ho. "What You See is Not Always What You Sign". Proceedings of the Australian Unix User Group Symposium (AUUG2002), Melbourne, September, 2002.
  7. A. Alsaid, C. Mitchell, "Dynamic Content attacks on Digital Signatures", Information Management and Computer Security 13(4), 2005, pp.328-336.