- WYSIWYS
WYSIWYS is an
acronym for "What You See Is What You Sign", used incryptography to describe the property ofdigital signature systems that the semantic content of signed messages can not be changed, either by accident or intent.Meaning
The concept of “
digital signature ”, first publicly described by Diffie and Hellman (1976) in their classicpaper “New directions in Cryptography” W. Diffie and M. E. Hellman. "New directions in cryptography". IEEE Transactions on Information Theory, 22(6):644–654, November 1976.] , suggests that it is a computer-based equivalent of physical written signatures. Although there are similarities between handwritten and digital signatures there arealso fundamental differences. The main similarity is that both types of signatures can provide evidenceof authenticity of a document. The differences are due to the radically different nature of paper baseddocuments on the one hand and digital documents on the other. In paper-based transactions a documentconsists of text printed as ink on a piece of paper, where the text represents the information and the paperrepresents the storage medium. In this way the information and the storage medium are inseparable. The validity of a paper-based document is authenticated by a signature written in ink on the same piece ofpaper. The signature serves as evidence of the signer’s agreement to the text on the paper, and the verification of signatures can be done directly without any complex instruments.For digital signatures all of thischanges. Documents are immaterial because the information is represented by logical bits that can bestored on, and copied to, any suitable electronic medium, and they only become meaningful to humanswhen represented through an analogue physical medium such as a computer screen or a printout. Thevalidity of a digital document is authenticated by verifying that the digital signature logicallymatches the bit string representation of the document. Because a digital document in its bit string form can not beobserved or interpreted directly by the signer, the digital signature should only serve as evidence of the signer’s agreementto the high level semantic interpretation of the document, although technically speaking it represents thesigner’s agreement to the bit string document itself. For human signers, digital signatures should in fact be interpreted as an agreement to the analogue representation of documents e.g. on a computer screen. Highly complex instruments are now needed notonly for interpreting the document but also for producing the digital signature. The complexity of the instruments needed to interpret and visualize the digital document determines the semantic distance between its bit sting representation and its semantic interpretation.
It is relatively easy to change the interpretation of a digital document by implementing changes on the computer system where the document is being processed, and the greater the semantic distance, the easier it gets. From a semantic perspective this creates uncertainty about what exactly has been signed. WYSIWYS A. Weber, "See What You Sign: Secure Implementationsof Digital Signatures", in Proceedings of the InternationalConference on Intelligence and Services inNetworks, 1998, pp. 509-520.] K. Scheibelhoferm, "Signing XML Documents andthe Concept of What You See Is What You Sign", Mastersthesis, Graz University of Technology, Austria, 2001.] A. Spalka, A.B. Cremers, H. Langweg, "Thefairy tale of What You See Is What You Sign - TrojanHorse Attacks on Software for Digital Signatures",in IFIP Working Conference on Security and Controlof IT in Society-II (SCITS-II).] A. Jøsang, D. Povey and A. Ho. "What You See is Not Always What You Sign". Proceedings of the Australian Unix User Group Symposium (AUUG2002), Melbourne, September, 2002. ] means that the semantic interpretation of a digitally signed message can not be changed, either by accident or by intent. This also means that a digital document to be signed can not contain hidden semantic content that can be revealed after the signature has been applied, because that would mean that the semantic interpretation of the document can change. WYSIWYS is a desirable property of digital signature systems that is difficult to guarantee because of the increasing complexity of modern computer systems. Various methods have been proposed to make WYSIWYS more robust. A. Jøsang and B. AlFayyadh. "Robust WYSIWYS: A Method For Ensuring that What You See Is What You Sign". Proceedings of the Australasian Information Security Conference (AISC'08), Wollongong, Australia, January 2008.] A. Alsaid, C. Mitchell, "Dynamic Content attacks on Digital Signatures", Information Management and Computer Security 13(4), 2005, pp.328-336.]
References
Wikimedia Foundation. 2010.
