Authors: Klaus Stranacher, Vesna Krnjic, Thomas Zefferer

Abstract:

The public sector holds large amounts of data of various areas such as social affairs, economy, or tourism. Various initiatives such as Open Government Data or the EU Directive on public sector information aim to make these data available for public and private service providers. Requirements for the provision of public sector data are defined by legal and organizational frameworks. Surprisingly, the defined requirements hardly cover security aspects such as integrity or authenticity. In this paper we discuss the importance of these missing requirements and present a concept to assure the integrity and authenticity of provided data based on electronic signatures. We show that our concept is perfectly suitable for the provisioning of unaltered data. We also show that our concept can also be extended to data that needs to be anonymized before provisioning by incorporating redactable signatures. Our proposed concept enhances trust and reliability of provided public sector data.

Keywords: Trusted Public Sector Data, Integrity, Authenticity, Reliability, Redactable Signatures.

Digital Object Identifier (DOI): doi.org/10.5281/zenodo.1084308

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1720

References:

[1] D.Slamanig und S.Rass, "Redigierbare Signaturen: Theorie und Praxis" in: Datenschutz und Datensicherheit, Bd. 35, Nr. 11, S. 757-762.
[2] R. Steinfeld, L. Bull und Y. Zheng: Content Extraction Signatures. ICISC, LNCS 2288, S. 285-304. Springer, 2001.
[3] G. Ateniese, D. H. Chou, B. de Medeiros und G. Tsudik. Sanitizable Signatures. ESORICS, LNCS 3679, S. 159-177. Springer, 2005.
[4] R. Johnson, D. Molnar, D. X. Song und D. Wagner. Homomorphic Signature Schemes. CTRSA, LNCS 2271, S. 244-262. Springer, 2002.
[5] M. Klonowski und A. Lauks. Extended Sanitizable Signatures. ICISC, LNCS 4296, S. 343-355. Springer, 2006.
[6] S. Canard und A. Jambert. On Extended Sanitizable Signature Schemes. CT-RSA, LNCS 5985, S. 179-194. Springer, 2010.
[7] D. Slamanig und S. Rass. Generalizations and Extensions of Redactable Signatures with Applications to Electronic Healthcare. CMS, LNCS 6109, S. 201-213. Springer, 2010.
[8] S. Haber, Y. Hatano, et al.: Efficient signature schemes supporting redaction, pseudonymization, and data identification. ASIACCS, S. 353- 362. ACM, 2008.
[9] Open Government Working Group, 8 Principles of Open Government Data, http://www.opengovdata.org/home/8principles, 2007.
[10] The European Parliament and the Council of the European Union: Directive 2003/98/EC of the European Parliament and the Council of 17 November 2003 on the re-use of public sector information, Official Journal of the European Union L 345/90, http://eurlex. europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:32003L0098:EN :NOT, 2003.
[11] The European Parliament and the Council of the European Union: Directive 1999/93/EC of the European Parliament and the Council of 13 December 1999 on a Community framework for electronic signatures, Official Journal of the European Union L 13/12, http://eurlex. europa.eu/smartapi/cgi/sga_doc?smartapi!celexapi!prod!CELEXnum doc&numdoc=31999L0093&model=guichett&lg=en, 2000.
[12] W3C Recommendation: XML-Signature Syntax and Processing (Second Edition), http://www.w3.org/TR/xmldsig-core/, 2008.
[13] ETSI TS 101 903, Electronic Signatures and Infrastructures (ESI); XML Advanced Electronic Signatures (XAdES), V1.4.2, 2010
[14] Adobe Corporation, Document management ÔÇö Portable document format ÔÇö Part 1: PDF 1.7, First Edition, 2008.
[15] ETSI TS 102 778-1, Electronic Signatures and Infrastructures (ESI); PDF Advanced Electronic Signature Profiles; Part 1: PAdES Overview - a framework document for PAdES, V1.1.1, 2009.