Towards a Modular Architecture for Adaptable Signature-verification Tools

Thomas Lenz, Klaus Stranacher, Thomas Zefferer

2013

Abstract

The verification of electronic signatures represents a key component of security-sensitive applications. Signature-verification tools need to meet several requirements regarding security, reliability, usability, and accessibility. A conducted survey revealed that existing signature-verification tools often meet only a subset of these requirements. In most cases, available tools support a limited set of document and signature formats only, or do not feature appropriate interfaces that allow both end users and third-party applications to access the tool’s functionality in a convenient way. This complicates the development of electronic signature based third-party applications and reduces the usability for end users. To solve this problem, we propose a new architecture for Web based signature-verification tools. The proposed architecture follows a plug-in based approach that eases the integration of new signature formats and interfaces. The practical applicability of the proposed architecture is demonstrated by means of a concrete implementation covering different use cases. This implementation demonstrates that the proposed architecture facilitates the realization of signature-verification tools that are able to meet all requirements of end users and third-party applications. This way, the proposed architecture and the implemented solution contribute to the security, usability, and efficiency of present and future electronic signature based applications.

References

  1. Adobe Corporation (2008). Document management - Portable document format Part 1: PDF 1.7.
  2. Bray, T., Paoli, J., Sperberg-McQueen, C., Maler, E., Yergeau, F., and Cowan, J. (2006). Extensible Markup Language (XML) 1.1 (Second Edition). http:// www.w3.org/TR/2006/REC-xml11-20060816/.
  3. ETSI TS 101 903 (2010). Electronic Signatures and Infrastructures (ESI); XML Advanced Electronic Signatures (XAdES) V1.4.2.
  4. European Commission (2011). European Commission Decision, Establishing minimum requirements for the cross-border processing of documents signed electronically by competent authorities under Directive 2006/123/EC of the European Parliament and of the Council on services in the internal market, notified under document C(2011) 1081, 2011/130/EU. http:// eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ: L:2011:053:0066:0072:EN:PDF.
  5. Fielding, R., Gettys, J., Mogul, J., Frystyk, H., Masinter, L., Leach, P., and Berners-Lee, T. (1999). Hypertext transfer protocol - http/1.1. http://www.ietf.org/ rfc/ rfc2616.txt.
  6. Gudgin, M., Hadley, M., Mendelsohn, N., Moreau, J.-J., and Nielsen, H. F. (2007). Soap version 1.2 part 1: Messaging framework. http://www.w3.org/TR/ soap12-part1/.
  7. Housley, R. (2009). Cryptographic Message Syntax (CMS). http://www.ietf.org/rfc/rfc5652.txt.
  8. Leitold, H., Posch, R., and Rössler, T. (2009). Mediabreak resistant eSignatures in eGovernment-An Austrian experience. In Dimitris Gritzalis, J. L., editor, Emerging Challenges for Security, Privacy, and Trust - 24th IFIP SEC, volume IFIP AICT 297 of IFIP Advances in Information and Communication Technologies, pages 109 - 118. Springer.
  9. Leitold, H., Posch, R., and R össler, T. (2010). Reconstruction of electronic signatures from eDocument printouts. Computers and Security, 29(5):523 - 532. Challenges for Security, Privacy and Trust.
  10. Leitold H., Hollosi A., P. R. (2002). Security Architecture of the Austrian Citizen Card Concept. In Proceedings of 18th Annual Computer Security Applications Conference (ACSAC'2002), Las Vegas, 9-13 December 2002. pp. 391-400, IEEE Computer Society, ISBN 0-7695-1828-1, ISSN 1063-9527., pages 391-400.
  11. OASIS (2007). Digital Signature Service Core Protocols, Elements, and Bindings Version 1.0. http://docs.oasisopen.org/dss/v1.0/oasis-dss-core-spec-v1.0-os.pdf.
  12. Ramsdell, B. and Turner, S. (2010). Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.2 Message Specification. http://tools.ietf.org/html/rfc5751.
  13. RSA Laboratories (1993). PKCS#7: Cryptographic Message Syntax Standard. ftp://ftp.rsasecurity.com/pub/ pkcs/ascii/pkcs-7.asc.
  14. Stranacher, K. and Kawecki, T. (2012). Interoperable Electronic Documents. In Scholl, Flak, Janssen, Macintosh, Moe, Sbø, and Wimmer, editors, Electronic Government and Electronic Participation - Joint Proceedings of Ongoing Research and Projects of IFIP EGOV and IFIP ePart 2012, volume 39 of Informatik, pages 81 - 88. Trauner.
  15. The European Parliament and the Council of the European Union (2000). Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic signatures. http:// eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ: L:2000:013:0012:0020:EN:PDF.
  16. The European Parliament and the Council of the European Union (2006). Directive 2006/123/EC of the European Parliament and of the Council of 12 December 2006 on services in the internal market. http:// eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ: L:2006:376:0036:0068:en:PDF.
  17. World Wide Web Consortium (2008a). Web Content Accessibility Guidelines (WCAG) 2.0. http:// www.w3.org/TR/WCAG/.
  18. World Wide Web Consortium (2008b). XML Signature Syntax and Processing (Second Edition). http:// www.w3.org/TR/xmldsig-core/.
  19. Zefferer, T., Tauber, A., Zwattendorfer, B., and Knall, T. (2011). Secure and Reliable Online-Verification of Electronic Signatures in the Digital Age. In Bebo White, P. I. and Santoro, F. M., editors, Proceedings of the IADIS International Conference WWW/INTERNET 2011, pages 269 - 276.
Download


Paper Citation


in Harvard Style

Lenz T., Stranacher K. and Zefferer T. (2013). Towards a Modular Architecture for Adaptable Signature-verification Tools . In Proceedings of the 9th International Conference on Web Information Systems and Technologies - Volume 1: WEBIST, ISBN 978-989-8565-54-9, pages 325-334. DOI: 10.5220/0004356303250334


in Bibtex Style

@conference{webist13,
author={Thomas Lenz and Klaus Stranacher and Thomas Zefferer},
title={Towards a Modular Architecture for Adaptable Signature-verification Tools},
booktitle={Proceedings of the 9th International Conference on Web Information Systems and Technologies - Volume 1: WEBIST,},
year={2013},
pages={325-334},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0004356303250334},
isbn={978-989-8565-54-9},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 9th International Conference on Web Information Systems and Technologies - Volume 1: WEBIST,
TI - Towards a Modular Architecture for Adaptable Signature-verification Tools
SN - 978-989-8565-54-9
AU - Lenz T.
AU - Stranacher K.
AU - Zefferer T.
PY - 2013
SP - 325
EP - 334
DO - 10.5220/0004356303250334