230 likes | 515 Views
Digital Signatures. Structure. Introduction Basics Elements of digital signatures Realisation in public authorities Conclusion. 1. Introduction. What is a Digital Signature?
E N D
Digital Signatures © Julia Wilk (FHÖV NRW)
Structure • Introduction • Basics • Elements of digital signatures • Realisation in public authorities • Conclusion © Julia Wilk (FHÖV NRW)
1. Introduction • What is a Digital Signature? • A Digital Signature is a type of asymmetric cryptography used to simulate the security properties of a handwritten signature on paper. • Sometimes also used: Electronic Signature (here synonymic) • Why is it important for E-Government? • Handwritten signature often required in public law • Digital signature can replace it • More possibilities of electronic services: • Cost savings • Saving Time © Julia Wilk (FHÖV NRW)
2. Basics2.1. Law • Germany: “Signaturgesetz” in 1997 • Precondition for safe and legally binding electronic signatures • Regulates specifications for using digital signatures • Europe: EU Signature Directive • Unification of different signature laws in the EU (especially different security levels) • Basis for changes of the German law in 2001, 2005 and 2007 • Changes made the law conform to the European directive © Julia Wilk (FHÖV NRW)
Law: Different Signatures • Electronic signature • Data in electronic form which are attached with other electronic data and which serve as a method of authentication • Advanced electronic signature • Means an electronic signature that is also • uniquely linked to the signatory, • capable of identifying the signatory, • linked to the data to which it relates that any change of the data is detectable. • Qualified digital signature • based on a qualified certificate of a Certification Authority (CA) • Germany: sole signature that is equal to a handwritten signature (§ 126a BGB) • Qualified digital signature with accreditation • Like a qualified signature, but furthermore • CA was accredited voluntarily • Proof for comprehensive technical and administrative security © Julia Wilk (FHÖV NRW)
2.2. Security Properties © Julia Wilk (FHÖV NRW)
Security Properties of handwritten messages • Authenticity • Nobody should impersonate someone he doesn’t is • Integrity • A message can not be falsified unnoticed • Obligation • The signature has to assure legal certainty • Confidentiality • No person except the receiver should be able to read the message © Julia Wilk (FHÖV NRW)
3. Elements of digital signatures 3.1. Basic functionality 3.2. Hash functions and hash results 3.3. Asymmetric encryption 3.4. Certification 3.5. User’s realisation © Julia Wilk (FHÖV NRW)
3.2. Hash functions and hash results • Solution: Not the document itself, but its hash result gets signed • Hash function:= algorithm which creates a digital representation in the form of a hash result of a standard length which is usually much smaller than the message but substantially unique to it • Hash function also known as “digital fingerprint” • Premises for hash functions: • Hash function has to be unique • “One-way-property” © Julia Wilk (FHÖV NRW)
3.3. Asymmetric encryption • Basic: a pair of keys, namely a private key and a public key • Premises: • Private key has to be saved, e.g. using a chip card with a PIN • Public key can be accessible for everyone, but its owner’s identity has to be identifiable without problems to guarantee authentication (certificate) • Not possible to generate the Private key by knowing someone’s Public key © Julia Wilk (FHÖV NRW)
3.2. Encryption: Proceeding • Generating message’s digest (hash result) • Using Public Key to encrypt hash result • Result of the encryption: digital signature • Sender sends • message, • digital signature and • certificate to receiver • Receiver wants to check • Integrity • Generating hash result, compare it to the sender’s hash result and decrypting the message with the sender’s public key • Authenticity • Can be checked by means of the certificate © Julia Wilk (FHÖV NRW)
3.2. Encryption: Proceeding © Julia Wilk (FHÖV NRW)
3.4.Certification • Important for authenticity: • Receiver of a message has to be sure that the public key he uses really belongs to the sender • Solution: Certification Authority (CA) • Independent, confidential • Law causes premises for a CA • Certificate: comparable with a digital identity card • Document that shows someone’s identity doubtless • Three-stepped infrastructure guarantees authenticity: • Sender • CA • Authority that controls CA © Julia Wilk (FHÖV NRW)
3.5. Realisation by user • Important for security: private key has to be absolutely saved and only available for his user • Technical premises: • Chip card and PIN • High security level because of “possession and knowledge” • Cards available through bank branches, but they are only mediators of accredited CAs • Encryption of the hash result is realised in a matter of seconds • Card reader • Computer and corresponding software © Julia Wilk (FHÖV NRW)
3.5. User acceptance • Citizen’s interests: • Doing as much as possible by using the internet • Survey: 88 % of German citizens would like to do everything concerning public administration online to avoid waiting times and save time • Today: Nearly every authority has got a homepage where you can download forms or search for information • Problem: Forms often need to be signed handwritten • We learned: Only the qualified digital signature can replace a handwritten signature • Using qualified signatures premises special equipment (remember chip card, card reader…) © Julia Wilk (FHÖV NRW)
3.5. User acceptance • Question: Are the citizens really willing to pay for their wish to do as much as possible online? • Costs for licences are estimated about 50 € in Germany • Solution: Equipment has to be all-purposed, it has to be possible to use the equipment in other fields, like home banking e.g. • Further problems: • Administrative procedures often need original documents (like a family register or a birth certificate) • If you do everything in a electronic way, the expert advice of the official is missing which maybe causes mistakes © Julia Wilk (FHÖV NRW)
3.5. User acceptance • Summing up: • The more possibilities of using digital signature equipment exist, the more will be established the digital signature and also the citizen’s acceptance • Electronic government offer is rising year by year, so maybe also the success will rise with it © Julia Wilk (FHÖV NRW)
4. Realisation in public authorities • 2001: only 4,8 % of German local authorities use digital signatures • 2006: 30 % use respectively qualified signatures and qualified signatures with accreditation © Julia Wilk (FHÖV NRW)
Use of digital signatures in German cities(Survey by KGSt, 2006) © Julia Wilk (FHÖV NRW)
5. Conclusion • Offering and diffusion of digital signatures had grown in the last years because of • Unification of law in the EU • Further development • Increasing disposition of public authorities to engage in digital signatures • Citizen’s vantages: • Many transactions can be done from the computer at home • Citizen is not bound to opening times and reachability of public authorities • Public authorities: • Saving costs in traditional sectors • New technologies cause other costs and other resources like qualified employees • Long-term: digital signatures can redound to more efficiency © Julia Wilk (FHÖV NRW)
5. Conclusion • Security • Today things like the one-way hash function, asymmetric encryption and sophisticated chip card system cause secure proceedings • The security standard has to be conformed to the computer systems that get increasingly powerful • Costs • High costs are indispensable to guarantee a high security level • User’s/Citizen’s Acceptance • Chip card systems are easy to use • High costs could reduce the success of digital signatures • Necessary to coordinate standards to use a chip card system for many different applications © Julia Wilk (FHÖV NRW)
5. Conclusion • Summing-up: • Today digital signatures are under way and can only be seen as an amendment to traditional procedures • In the future digital signatures will get more and more important to guarantee an efficient action of public authorities © Julia Wilk (FHÖV NRW)