Authors:
Thomas Zefferer
and
Bernd Zwattendorfer
Affiliation:
Graz University of Technology, Austria
Keyword(s):
Electronic Signatures, Server-based Signature, Security Evaluation, Evaluation Model.
Related
Ontology
Subjects/Areas/Topics:
Access Control
;
Applications
;
Artificial Intelligence
;
Data Engineering
;
Databases and Data Security
;
e-Business
;
e-Business and e-Commerce
;
Enterprise Information Systems
;
Government
;
Information and Systems Security
;
Internet Technology
;
Knowledge Management and Information Sharing
;
Knowledge-Based Systems
;
Society, e-Business and e-Government
;
Symbolic Systems
;
Web Information Systems and Technologies
;
Web Security and Privacy
Abstract:
During the past years, a general trend towards server-based signature solutions can be observed. Server-based signature solutions rely on a secure central server component that is able to securely store cryptographic keys and to create electronic signatures on behalf of users. Due to their various advantages compared to client-based solutions, it must be expected that server-based signature solutions will be increasingly deployed in security-critical fields of application in future. This raises the need for appropriate means to systematically evaluate the security of such solutions. Unfortunately, existing evaluation methods (e.g. Protection Profiles according to Common Criteria) are only partly applicable for evaluating server-based signature solutions. To overcome this issue, we propose a new implementation-independent evaluation model for server-based signature solutions. The proposed evaluation model is based on an abstract architectural model for server-based signature solution
s and can hence be applied to arbitrary implementations. This way, we provide a powerful instrument to assess the security of future server-based signature solutions and pave the way for their adoption in security-critical fields of application.
(More)