An Implementation-independent Evaluation Model for Server-based Signature Solutions
Thomas Zefferer, Bernd Zwattendorfer
2014
Abstract
During the past years, a general trend towards server-based signature solutions can be observed. Server-based signature solutions rely on a secure central server component that is able to securely store cryptographic keys and to create electronic signatures on behalf of users. Due to their various advantages compared to client-based solutions, it must be expected that server-based signature solutions will be increasingly deployed in security-critical fields of application in future. This raises the need for appropriate means to systematically evaluate the security of such solutions. Unfortunately, existing evaluation methods (e.g. Protection Profiles according to Common Criteria) are only partly applicable for evaluating server-based signature solutions. To overcome this issue, we propose a new implementation-independent evaluation model for server-based signature solutions. The proposed evaluation model is based on an abstract architectural model for server-based signature solutions and can hence be applied to arbitrary implementations. This way, we provide a powerful instrument to assess the security of future server-based signature solutions and pave the way for their adoption in security-critical fields of application.
References
- A-Trust (2010). Activate mobile phone signature. http://www.buergerkarte.at/en/activate-mobile.html.
- Bicakci, K. and Baykal, N. (2003). Saots: A new efficient server assisted signature scheme for pervasive computing. In Hutter, D., Mller, G., Stephan, W., and Ullmann, M., editors, SPC, volume 2802 of Lecture Notes in Computer Science, pages 187-200. Springer.
- Bicakci, K. and Baykal, N. (2005). Improved server assisted signatures. Computer Networks, 47(3):351-366.
- CEN/ISSS (2001). Protection profile - cure signature creation device type http://wwww.commoncriteriaportal.org/files/pp files/pp0006b.pdf.
- Common Criteria (2013). Common http://www.commoncriteriaportal.org/.
Paper Citation
in Harvard Style
Zefferer T. and Zwattendorfer B. (2014). An Implementation-independent Evaluation Model for Server-based Signature Solutions . In Proceedings of the 10th International Conference on Web Information Systems and Technologies - Volume 1: WEBIST, ISBN 978-989-758-023-9, pages 302-309. DOI: 10.5220/0004839603020309
in Bibtex Style
@conference{webist14,
author={Thomas Zefferer and Bernd Zwattendorfer},
title={An Implementation-independent Evaluation Model for Server-based Signature Solutions},
booktitle={Proceedings of the 10th International Conference on Web Information Systems and Technologies - Volume 1: WEBIST,},
year={2014},
pages={302-309},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0004839603020309},
isbn={978-989-758-023-9},
}
in EndNote Style
TY - CONF
JO - Proceedings of the 10th International Conference on Web Information Systems and Technologies - Volume 1: WEBIST,
TI - An Implementation-independent Evaluation Model for Server-based Signature Solutions
SN - 978-989-758-023-9
AU - Zefferer T.
AU - Zwattendorfer B.
PY - 2014
SP - 302
EP - 309
DO - 10.5220/0004839603020309