Providing security to remote digital signature systems in case of semi-trusted secure environment

Pavel Smirnov, Stanislav Smyshlyaev

Abstract


The task of providing security to remote digital signature systems (“cloud” signature) for cases of end user running client-side components on devices without potential of ensuring trusted environment (most common examples of such devices are smartphones with iOS or Android operation systems) is considered. This task has become particularly topical recently: users are used to performing (or at least confirming) their operations with smartphones, however, such usage of digital signature is still evolving.  Main issues and functional requirements are dealt with, ways to construct systems employing devices with cryptographic software running in weakly secure environment are discussed. The task of remote issuance of digital certificates is also considered: such a process can make completely remote usage of digital signature (from the very beginning, without even one personal appearance to a certification authority) possible. Taking functional and information security requirements into account, a scenario is developed in the current paper to solve the mentioned task.

Full Text:

PDF (Russian)

References


Estonian eID scheme: Mobiil-ID. Technical specifications and procedures for assurance level high for electronic identification. https://ec.europa.eu/cefdigital/wiki/download/attachments/62885749/EE%20eID%20LoA%20mapping%20-%20Mobiil-ID.pdf?version=1&modificationDate=1531759816924&api=v2#:~:text=Estonian%20eID%20is%20always%20issued,this%20document%20as%20Mobiil%2DID.&text=The%20identity%20documents%20database%20provides,validity%20of%20the%20provided%20document.

A. Parsovs. “Estonian Electronic Identity Card: Security Flaws in Key Management”, https://www.usenix.org/conference/usenixsecurity20/presentation/parsovs

T. ElGamal, “A Public Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms”, in Proc. Crypto 84, Springer-Verlag, New York, Heidelberg, Berlin, 1985, pp. 10–18.

J.L. Danger, S. Guilley, P. Hoogvorst, C. Murdica, D. Naccache: “A synthesis of side-channel attacks on elliptic curve cryptography in smart-cards”, in Journal of Cryptographic Engineering, 3(4), 2013, pp. 241–265.

“Sotovye operatory nachali perehod na otechestvennuyu svyaz”, http://www.ipmce.ru/about/press/popular/sotsv/ (in Russian)

A.G. Sabanov, “Analiz mezhdunarodnyh standartov po identifikacii I autentifikacii“, talk on the X Ural Forum “Information security of financial sphere“, 2018 (in Russian).

OpenID Connect Core 1.0, https://openid.net/specs/openid-connect-core-1_0.html

Edinaya biometricheskaya sistema. Medodicheskiye rekomendacii po rabote s Edinoj biometricheskoj sistemoj dlya razrabotchikov. https://bio.rt.ru/documents/ (in Russian).


Refbacks

  • There are currently no refbacks.


Abava  Absolutech Convergent 2020

ISSN: 2307-8162