Skip to main content
SpringerLink
Log in

The Role of Data Integrity in EU Digital Signature Legislation — Achieving Statutory Trust for Sanitizable Signature Schemes

  • Conference paper
Security and Trust Management (STM 2011)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7170))

Included in the following conference series:

Abstract

We analyse the legal requirements that digital signature schemes have to fulfil to achieve the Statutory Trust granted by the EU electronic signature laws (“legally equivalent to hand-written signatures”). Legally, we found that the possibility to detect subsequent changes is important for the Statutory Trust. However, detectability was neither adequately nor precisely enough defined in the technical and legal definitions of the term “Data Integrity”. The existing definition on integrity lack a precise notion of which changes should not invalidate a corresponding digital signature and also lack notions to distinguish levels of detection. We give a new definition for Data Integrity including two notions: Authorized changes, these are changes which do not compromise the data’s integrity; and their level of detection. Especially, the technical term “Transparency” introduced as a security property for sanitizable signature schemes has an opposite meaning in the legal context. Technically, cryptography can allow authorized changes and keep them unrecognisably hidden. Legally, keeping them invisible removes the Statutory Trust. This work shows how to gain the Statutory Trust for a chameleon hash based sanitizable signature scheme.

Research funded by BMBF [FKZ:13N10966] and ANR as part of ReSCUeIT project.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 54.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 69.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Agrawal, S., Kumar, S., Shareef, A., Rangan, C.P.: Sanitizable Signatures with Strong Transparency in the Standard Model. In: Bao, F., Yung, M., Lin, D., Jing, J. (eds.) Inscrypt 2009. LNCS, vol. 6151, pp. 93–107. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  2. Alsaid, A., Mitchell, C.J.: Dynamic content attacks on digital signatures. Information Management & Computer Security 13 (2005)

    Google Scholar 

  3. Ateniese, G., Chou, D.H., de Medeiros, B., Tsudik, G.: Sanitizable Signatures. In: di Vimercati, S.D.C., Syverson, P.F., Gollmann, D. (eds.) ESORICS 2005. LNCS, vol. 3679, pp. 159–177. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  4. Bishop, M.: Computer Security: Art and Science. Addison-Wesley Professional (2002) ISBN: 0201440997

    Google Scholar 

  5. Boyer, J.: Canonical XML V 1.0 (March 2001)

    Google Scholar 

  6. Brzuska, C., Fischlin, M., Freudenreich, T., Lehmann, A., Page, M., Schelbert, J., Schröder, D., Volk, F.: Security of Sanitizable Signatures Revisited. In: Jarecki, S., Tsudik, G. (eds.) PKC 2009. LNCS, vol. 5443, pp. 317–336. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  7. Bundesverfasssungsgericht (BVerfG). Urteil vom. 1 BvR 370/07, 1 BvR 595/07 - NJW, 822 (February 27, 2008)

    Google Scholar 

  8. Caplan, R.M.: HIPAA. health insurance portability and accountability act of 1996. Dent Assist. 72(2), 6–8 (1997)

    Google Scholar 

  9. Clark, D.D., Wilson, D.R.: A comparison of commercial and military computer security policies. In: IEEE Symposium on Security and Privacy, p. 184 (1987) ISSN: 1540-7993

    Google Scholar 

  10. Clark, J.: XSL Transformations (XSLT) version 1.0, www.w3.org/TR/xslt

  11. Dumortier, J.: Legal status of qualified electronic signatures in europe. In: ISSE 2004 - Securing Electronic Business Processes. Vieweg (2004)

    Google Scholar 

  12. Eastlake, Reagle, Solo.: XML-signature syntax and processing. W3C recommendation (February 2002), www.w3.org/TR/xmldsig-core/

  13. EU. Directive 2009/140/EC of 25 November 2009 amending Directives 2002/21/EC on a common regulatory framework for electronic communications networks and services, 2002/19/EC on access to, and interconnection of, electronic communications networks and associated facilities, and 2002/20/EC on the authorization of electronic communications networks and services. Official Journal L 337/8 (December 2009)

    Google Scholar 

  14. EU. Regulation 460/2004/EC of the European Parliament and of the Council of 10 March 2004 establishing the European Network and Information Security Agency. Official Journal L 77/1 (March 2004)

    Google Scholar 

  15. EU. Regulation 45/2001 of the European Parliament and of the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data. Official Journal, L 8/1 (January 2001)

    Google Scholar 

  16. EU. Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic signatures. Official Journal L 12, 12–20 (2000)

    Google Scholar 

  17. EU. Consolidated version of the treaty on european union. Official Journal of the European Union (March 2010)

    Google Scholar 

  18. Goldwasser, S., Micali, S., Rivest, R.L.: A digital signature scheme secure against adaptive chosen-message attacks. SIAM Journal on Computing 17 (1988)

    Google Scholar 

  19. Gollmann, D.: Computer Security 2e. John Wiley & Sons (2005)

    Google Scholar 

  20. Herkenhöner, R., Jensen, M., Pöhls, H.C., de Meer, H.: Towards automated processing of the right of access in inter-organizational web service compositions. In: IEEE Int. Workshop on WebService and Business Process Security (WSBPS). IEEE (2010)

    Google Scholar 

  21. De Hert, P., Gutwirth, S.: Privacy, data protection and law enforcement. Opacity of the individual and transparency of power. In: Privacy and the Criminal Law, pp. 61–104. Intersentia nv (2006)

    Google Scholar 

  22. Hill, B.: Attacking xml security. Black Hat Briefings USA (2007)

    Google Scholar 

  23. Latham, D.C.: Department of defense trusted computer system evaluation criteria (1985)

    Google Scholar 

  24. Miyazaki, K., Iwamura, M., et al.: Digitally signed document sanitizing scheme with disclosure condition control. IEICE Transactions (2005)

    Google Scholar 

  25. EU Court of Justice. Judgment of the court Case C28/08P (June 29, 2010)

    Google Scholar 

  26. Pöhls, H.C., Tran, D., Petersen, F., Pscheid, F.: MS Office 2007: Target of hyperlinks not covered by digital signatures (December 2007), www.securityfocus.com/archive/1/485031/30/0/

  27. Pöhls, H.C., Samelin, K., Posegga, J.: Sanitizable Signatures in XML Signature — Performance, Mixing Properties, and Revisiting the Property of Transparency. In: Lopez, J., Tsudik, G. (eds.) ACNS 2011. LNCS, vol. 6715, pp. 166–182. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  28. Posegga, J., Vogt, H., Kehr, R.: Eine Vorrichtung zur Erhöhung der Sicherheit bei Digitalen Signaturen. German Patent (Akz 199 23 807.3); European Patent (EP 1 054364 A2), Patentblatt 2000/47 (1999)

    Google Scholar 

  29. Stallings, W.: Network Security Essentials: Applications and Standards, 3rd edn. Prentice-Hall (2006) ISBN: 0132380331

    Google Scholar 

  30. Steinfeld, R., Bull, L., Zheng, Y.: Content Extraction Signatures. In: Kim, K. (ed.) ICISC 2001. LNCS, vol. 2288, pp. 285–304. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  31. Zanero, S.: Security and Trust in the Italian Legal Digital Signature Framework. In: Herrmann, P., Issarny, V., Shiu, S.C.K. (eds.) iTrust 2005. LNCS, vol. 3477, pp. 34–44. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Institute of IT Security and Security Law, University of Passau, Germany

    Henrich C. Pöhls & Focke Höhne

Authors
  1. Henrich C. Pöhls
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Focke Höhne
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Naval Research Laboratory, Code 5543, 20375, Washington, DC, USA

    Catherine Meadows

  2. Department of Computer Science, University of Malaga, 29071, Málaga, Spain

    Carmen Fernandez-Gago

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Pöhls, H.C., Höhne, F. (2012). The Role of Data Integrity in EU Digital Signature Legislation — Achieving Statutory Trust for Sanitizable Signature Schemes. In: Meadows, C., Fernandez-Gago, C. (eds) Security and Trust Management. STM 2011. Lecture Notes in Computer Science, vol 7170. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-29963-6_13

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-29963-6_13

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-29962-9

  • Online ISBN: 978-3-642-29963-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation