Abstract
We analyse the legal requirements that digital signature schemes have to fulfil to achieve the Statutory Trust granted by the EU electronic signature laws (“legally equivalent to hand-written signatures”). Legally, we found that the possibility to detect subsequent changes is important for the Statutory Trust. However, detectability was neither adequately nor precisely enough defined in the technical and legal definitions of the term “Data Integrity”. The existing definition on integrity lack a precise notion of which changes should not invalidate a corresponding digital signature and also lack notions to distinguish levels of detection. We give a new definition for Data Integrity including two notions: Authorized changes, these are changes which do not compromise the data’s integrity; and their level of detection. Especially, the technical term “Transparency” introduced as a security property for sanitizable signature schemes has an opposite meaning in the legal context. Technically, cryptography can allow authorized changes and keep them unrecognisably hidden. Legally, keeping them invisible removes the Statutory Trust. This work shows how to gain the Statutory Trust for a chameleon hash based sanitizable signature scheme.
Research funded by BMBF [FKZ:13N10966] and ANR as part of ReSCUeIT project.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Agrawal, S., Kumar, S., Shareef, A., Rangan, C.P.: Sanitizable Signatures with Strong Transparency in the Standard Model. In: Bao, F., Yung, M., Lin, D., Jing, J. (eds.) Inscrypt 2009. LNCS, vol. 6151, pp. 93–107. Springer, Heidelberg (2010)
Alsaid, A., Mitchell, C.J.: Dynamic content attacks on digital signatures. Information Management & Computer Security 13 (2005)
Ateniese, G., Chou, D.H., de Medeiros, B., Tsudik, G.: Sanitizable Signatures. In: di Vimercati, S.D.C., Syverson, P.F., Gollmann, D. (eds.) ESORICS 2005. LNCS, vol. 3679, pp. 159–177. Springer, Heidelberg (2005)
Bishop, M.: Computer Security: Art and Science. Addison-Wesley Professional (2002) ISBN: 0201440997
Boyer, J.: Canonical XML V 1.0 (March 2001)
Brzuska, C., Fischlin, M., Freudenreich, T., Lehmann, A., Page, M., Schelbert, J., Schröder, D., Volk, F.: Security of Sanitizable Signatures Revisited. In: Jarecki, S., Tsudik, G. (eds.) PKC 2009. LNCS, vol. 5443, pp. 317–336. Springer, Heidelberg (2009)
Bundesverfasssungsgericht (BVerfG). Urteil vom. 1 BvR 370/07, 1 BvR 595/07 - NJW, 822 (February 27, 2008)
Caplan, R.M.: HIPAA. health insurance portability and accountability act of 1996. Dent Assist. 72(2), 6–8 (1997)
Clark, D.D., Wilson, D.R.: A comparison of commercial and military computer security policies. In: IEEE Symposium on Security and Privacy, p. 184 (1987) ISSN: 1540-7993
Clark, J.: XSL Transformations (XSLT) version 1.0, www.w3.org/TR/xslt
Dumortier, J.: Legal status of qualified electronic signatures in europe. In: ISSE 2004 - Securing Electronic Business Processes. Vieweg (2004)
Eastlake, Reagle, Solo.: XML-signature syntax and processing. W3C recommendation (February 2002), www.w3.org/TR/xmldsig-core/
EU. Directive 2009/140/EC of 25 November 2009 amending Directives 2002/21/EC on a common regulatory framework for electronic communications networks and services, 2002/19/EC on access to, and interconnection of, electronic communications networks and associated facilities, and 2002/20/EC on the authorization of electronic communications networks and services. Official Journal L 337/8 (December 2009)
EU. Regulation 460/2004/EC of the European Parliament and of the Council of 10 March 2004 establishing the European Network and Information Security Agency. Official Journal L 77/1 (March 2004)
EU. Regulation 45/2001 of the European Parliament and of the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data. Official Journal, L 8/1 (January 2001)
EU. Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic signatures. Official Journal L 12, 12–20 (2000)
EU. Consolidated version of the treaty on european union. Official Journal of the European Union (March 2010)
Goldwasser, S., Micali, S., Rivest, R.L.: A digital signature scheme secure against adaptive chosen-message attacks. SIAM Journal on Computing 17 (1988)
Gollmann, D.: Computer Security 2e. John Wiley & Sons (2005)
Herkenhöner, R., Jensen, M., Pöhls, H.C., de Meer, H.: Towards automated processing of the right of access in inter-organizational web service compositions. In: IEEE Int. Workshop on WebService and Business Process Security (WSBPS). IEEE (2010)
De Hert, P., Gutwirth, S.: Privacy, data protection and law enforcement. Opacity of the individual and transparency of power. In: Privacy and the Criminal Law, pp. 61–104. Intersentia nv (2006)
Hill, B.: Attacking xml security. Black Hat Briefings USA (2007)
Latham, D.C.: Department of defense trusted computer system evaluation criteria (1985)
Miyazaki, K., Iwamura, M., et al.: Digitally signed document sanitizing scheme with disclosure condition control. IEICE Transactions (2005)
EU Court of Justice. Judgment of the court Case C28/08P (June 29, 2010)
Pöhls, H.C., Tran, D., Petersen, F., Pscheid, F.: MS Office 2007: Target of hyperlinks not covered by digital signatures (December 2007), www.securityfocus.com/archive/1/485031/30/0/
Pöhls, H.C., Samelin, K., Posegga, J.: Sanitizable Signatures in XML Signature — Performance, Mixing Properties, and Revisiting the Property of Transparency. In: Lopez, J., Tsudik, G. (eds.) ACNS 2011. LNCS, vol. 6715, pp. 166–182. Springer, Heidelberg (2011)
Posegga, J., Vogt, H., Kehr, R.: Eine Vorrichtung zur Erhöhung der Sicherheit bei Digitalen Signaturen. German Patent (Akz 199 23 807.3); European Patent (EP 1 054364 A2), Patentblatt 2000/47 (1999)
Stallings, W.: Network Security Essentials: Applications and Standards, 3rd edn. Prentice-Hall (2006) ISBN: 0132380331
Steinfeld, R., Bull, L., Zheng, Y.: Content Extraction Signatures. In: Kim, K. (ed.) ICISC 2001. LNCS, vol. 2288, pp. 285–304. Springer, Heidelberg (2002)
Zanero, S.: Security and Trust in the Italian Legal Digital Signature Framework. In: Herrmann, P., Issarny, V., Shiu, S.C.K. (eds.) iTrust 2005. LNCS, vol. 3477, pp. 34–44. Springer, Heidelberg (2005)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Pöhls, H.C., Höhne, F. (2012). The Role of Data Integrity in EU Digital Signature Legislation — Achieving Statutory Trust for Sanitizable Signature Schemes. In: Meadows, C., Fernandez-Gago, C. (eds) Security and Trust Management. STM 2011. Lecture Notes in Computer Science, vol 7170. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-29963-6_13
Download citation
DOI: https://doi.org/10.1007/978-3-642-29963-6_13
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-29962-9
Online ISBN: 978-3-642-29963-6
eBook Packages: Computer ScienceComputer Science (R0)