International Journal of Open Information Technologies

The task of providing security to remote digital signature systems (“cloud” signature) for cases of end user running client-side components on devices without potential of ensuring trusted environment (most common examples of such devices are smartphones with iOS or Android operation systems) is considered. This task has become particularly topical recently: users are used to performing (or at least confirming) their operations with smartphones, however, such usage of digital signature is still evolving.  Main issues and functional requirements are dealt with, ways to construct systems employing devices with cryptographic software running in weakly secure environment are discussed. The task of remote issuance of digital certificates is also considered: such a process can make completely remote usage of digital signature (from the very beginning, without even one personal appearance to a certification authority) possible. Taking functional and information security requirements into account, a scenario is developed in the current paper to solve the mentioned task.

Estonian eID scheme: Mobiil-ID. Technical specifications and procedures for assurance level high for electronic identification. https://ec.europa.eu/cefdigital/wiki/download/attachments/62885749/EE%20eID%20LoA%20mapping%20-%20Mobiil-ID.pdf?version=1&modificationDate=1531759816924&api=v2#:~:text=Estonian%20eID%20is%20always%20issued,this%20document%20as%20Mobiil%2DID.&text=The%20identity%20documents%20database%20provides,validity%20of%20the%20provided%20document.

A. Parsovs. “Estonian Electronic Identity Card: Security Flaws in Key Management”, https://www.usenix.org/conference/usenixsecurity20/presentation/parsovs

T. ElGamal, “A Public Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms”, in Proc. Crypto 84, Springer-Verlag, New York, Heidelberg, Berlin, 1985, pp. 10–18.

J.L. Danger, S. Guilley, P. Hoogvorst, C. Murdica, D. Naccache: “A synthesis of side-channel attacks on elliptic curve cryptography in smart-cards”, in Journal of Cryptographic Engineering, 3(4), 2013, pp. 241–265.

“Sotovye operatory nachali perehod na otechestvennuyu svyaz”, http://www.ipmce.ru/about/press/popular/sotsv/ (in Russian)

A.G. Sabanov, “Analiz mezhdunarodnyh standartov po identifikacii I autentifikacii“, talk on the X Ural Forum “Information security of financial sphere“, 2018 (in Russian).

OpenID Connect Core 1.0, https://openid.net/specs/openid-connect-core-1_0.html

Edinaya biometricheskaya sistema. Medodicheskiye rekomendacii po rabote s Edinoj biometricheskoj sistemoj dlya razrabotchikov. https://bio.rt.ru/documents/ (in Russian).