Skip to main content
SpringerLink
Log in

Implementing Advanced Electronic Signature by Public Digital Identity System (SPID)

  • Conference paper
  • First Online:
Electronic Government and the Information Systems Perspective (EGOVIS 2016)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 9831))

Abstract

Advanced electronic signature is a form of signature recognized by EU legislation, which does not include the heaviest features of qualified electronic signature (i.e., qualified PKI certificates and qualified signature creation devices). The massive adoption of advanced electronic signature strictly depends on how solutions are easy, usable, and little invasive for citizens. In this paper, we propose a new advanced electronic signature protocol that relies on a public system for the management of the digital identity. Our proposal aims at implementing an effective synergy between the two mechanisms to provide the citizen with a unique, uniform, portable, and effective tool applicable to both peer authentication and document signature. The solution is designed for the Italian Public Digital Identity System (SPID), but it is easily extensible to any identity management system compliant with the EU regulatory environment (i.e., eIDAS).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

References

  1. Directive 99/93/CEE. http://eur-lex.europa.eu/legal-content/EN/ALL/;jsessionid=TCsMT1yBQ965GRJTMG9GnFDxQqYP1W7Y1LFLLkwsmjvWRy1Q15FJ!527097711?uri=CELEX:31999L0093

  2. Agency for Digital Italy (AgID) (2015). http://www.agid.gov.it/

  3. Electronic identification and trust services (eIDAS) (2015). http://ec.europa.eu/dgs/connect/en/content/electronic-identification-and-trust-services-eidas-regulatory-environment-and-beyond

  4. Electronic Signatures in Global and National Commerce Act (2015). http://www.gpo.gov/fdsys/pkg/PLAW-106publ229/html/PLAW-106publ229.htm

  5. On Electronic Identification and Trust Services for Electronic Transactions inthe Internal Market and Repealing Directive 1999/93/EC (2015). http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv:OJ.L_.2014.257.01.0073.01.ENG

  6. Security Assertion Markup Language (SAML) (2015). http://it.wikipedia.org/wiki/Security_Assertion_Markup_Language

  7. SPID-Agenzia per l’Italia Digitale (2015). http://www.agid.gov.it/sites/default/files/regole_tecniche/spid_regole_tecniche_v0_1.pdf

  8. Ateniese, G., Blundo, C., De Santis, A., Stinson, D.R.: Constructions and bounds for visual cryptography. In: Meyer auf der Heide, F., Monien, B. (eds.) ICALP 1996. LNCS, vol. 1099, pp. 416–428. Springer, Heidelberg (1996)

    Chapter  MATH  Google Scholar 

  9. Berta, I.Z., Buttyán, L., Vajda, I.: Mitigating the untrusted terminal problem using conditional signatures. In: Proceedings of International Conference on Information Technology: Coding and Computing, ITCC 2004, vol. 1, pp. 12–16. IEEE (2004)

    Google Scholar 

  10. Berta, I.Z., Vajda, I.: Documents from malicious terminals. In: Microtechnologies for the New Millennium 2003, pp. 325–336. International Society for Optics and Photonics (2003)

    Google Scholar 

  11. Buccafurri, F., Caminiti, G., Lax, G.: Fortifying the dalì attack on digital signature. In: Proceedings of the 2nd International Conference on Security of Information and Networks, pp. 278–287. ACM (2009)

    Google Scholar 

  12. Buccafurri, F., Fotia, L., Lax, G.: Allowing continuous evaluation of citizen opinions through social networks. In: Kő, A., Leitner, C., Leitold, H., Prosser, A. (eds.) EDEM 2012 and EGOVIS 2012. LNCS, vol. 7452, pp. 242–253. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  13. Buccafurri, F., Fotia, L., Lax, G.: Privacy-preserving resource evaluation in social networks. In: 2012 Tenth Annual International Conference on Privacy, Security and Trust (PST), pp. 51–58. IEEE (2012)

    Google Scholar 

  14. Buccafurri, F., Fotia, L., Lax, G.: Allowing non-identifying information disclosure in citizen opinion evaluation. In: Kő, A., Leitner, C., Leitold, H., Prosser, A. (eds.) EDEM 2013 and EGOVIS 2013. LNCS, vol. 8061, pp. 241–254. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  15. Buccafurri, F., Fotia, L., Lax, G.: Allowing privacy-preserving analysis of social network likes. In: 2013 Eleventh Annual International Conference on Privacy, Security and Trust (PST), pp. 36–43. IEEE (2013)

    Google Scholar 

  16. Buccafurri, F., Fotia, L., Lax, G.: Social signature: signing by tweeting. In: Kő, A., Francesconi, E. (eds.) EGOVIS 2014. LNCS, vol. 8650, pp. 1–14. Springer, Heidelberg (2014)

    Google Scholar 

  17. Buccafurri, F., Fotia, L., Lax, G., Mammoliti, R.: Enhancing Public Digital Identity System (SPID) to prevent information leakage. In: Kö, A., Francesconi, E. (eds.) EGOVIS 2015. LNCS, vol. 9265, pp. 57–70. Springer, Heidelberg (2015)

    Chapter  Google Scholar 

  18. Buccafurri, F., Lax, G., Fotia, L., Nicolazzo, S., Nocera, A.: A lightweight electronic signature scheme using twitter. In: Proceedings of 23rd Italian Symposium on Advanced Database Systems (SEBD 2015), Gaeta, Italy (2015)

    Google Scholar 

  19. Buccafurri, F., Lax, G., Fotia, L., Nicolazzo, S., Nocera, A.: A new approach for electronic signature. In: Proceedings of 2nd ICISSP 2016 Roma, Italy (2016)

    Google Scholar 

  20. Buchmann, N., Rathgeb, C., Baier, H., Busch, C.: Towards electronic identification and trusted services for biometric authenticated transactions in the Single Euro Payments Area. In: Preneel, B., Ikonomou, D. (eds.) APF 2014. LNCS, vol. 8450, pp. 172–190. Springer, Heidelberg (2014)

    Chapter  Google Scholar 

  21. Centner, M.: XML Advanced Electronic Signatures (XAdES). Citeseer (2003)

    Google Scholar 

  22. Chaum, D., Roijakkers, S.: Unconditionally-secure digital signatures. In: Advances in Cryptology-CRYPT0 1990, pp. 206–214. Springer, Heidelberg (1991)

    Google Scholar 

  23. Chor, B., Goldwasser, S., Micali, S., Awerbuch, B.: Verifiable secret sharing and achieving simultaneity in the presence of faults. In: 26th Annual Symposium on Foundations of Computer Science, 1985, pp. 383–395. IEEE (1985)

    Google Scholar 

  24. Clarke, D., Gassend, B., Kotwal, T., Burnside, M., van Dijk, M., Devadas, S., Rivest, R.L.: The untrusted computer problem and camera-based authentication. In: Mattern, F., Naghshineh, M. (eds.) PERVASIVE 2002. LNCS, vol. 2414, pp. 114–124. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  25. Cruellas, J.C., Karlinger, G., Pinkas, D., Ross, J.: XML advanced electronic signatures (XAdES). World Wide Web Consortium, Note NOTE-XAdES-20030220 (2003)

    Google Scholar 

  26. Cuijpers, C., Schroers, J.: eIDAS as guideline for the development of a pan European eID framework in FutureID. In: Open Identity Summit 2014, vol. 237, pp. 23–38 (2014)

    Google Scholar 

  27. Dumortier, J., Vandezande, N.: Critical Observations on the Proposed Regulation for Electronic Identification and Trust Services for Electronic Transactions in the Internal Market. ICRI Research Paper, vol. 9 (2012)

    Google Scholar 

  28. Housley, R.: Cryptographic message syntax (1999)

    Google Scholar 

  29. Kaliski, B.: Pkcs# 7: Cryptographic message syntax version 1.5 (1998)

    Google Scholar 

  30. Lax, G., Buccafurri, F., Caminiti, G.: Digital document signing: vulnerabilities and solutions. Inf. Secur. J. Global Perspect. 24(1–3), 1–14 (2015)

    Google Scholar 

  31. Lee, B., Kim, K.: Fair exchange of digital signatures using conditional signature. In: Symposium on Cryptography and Information Security, pp. 179–184 (2002)

    Google Scholar 

  32. Massacci, F., Gadyatskaya, O.: How to get better EID and Trust Services by leveraging eIDAS legislation on EU funded research results (2013)

    Google Scholar 

  33. Matsumoto, T.: Human-computer cryptography: an attempt. J. Comput. Secur. 6(3), 129–149 (1998)

    Article  Google Scholar 

  34. Naor, M., Pinkas, B.: Visual authentication and identification. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 322–336. Springer, Heidelberg (1997)

    Chapter  Google Scholar 

  35. Naor, M., Shamir, A.: Visual cryptography. In: Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 1–12. Springer, Heidelberg (1995)

    Chapter  Google Scholar 

  36. Navarro, V.A., Gumbau, J., Santapau, P., Marzal, A.: Stork project results: Pan-European eID interoperability demonstrated (2011)

    Google Scholar 

  37. Pinkas, D., Pope, N., Ross, J.: CMS advanced electronic signatures (cades). IETF Request for Comments, vol. 5126 (2008)

    Google Scholar 

  38. Rabin, T.: Robust sharing of secrets when the dealer is honest or cheating. J. ACM (JACM) 41(6), 1089–1109 (1994)

    Article  Google Scholar 

  39. Taft, E., Pravetz, J., Zilles, S., Masinter, L.: The application/pdf media type. Internet proposed standard RFC, vol. 3778 (2004)

    Google Scholar 

  40. Wessels, B.: Identification and the practices of identity and privacy in everyday digital communication. doi:10.1177/1461444812450679 (2012). New Media & Society

Download references

Acknowledgments

This work has been partially supported by the Program “Programma Operativo Nazionale Ricerca e Competitività” 2007–2013, Distretto Tecnologico CyberSecurity funded by the Italian Ministry of Education, University and Research.

Author information

Authors and Affiliations

  1. DIIES, University Mediterranea of Reggio Calabria, Via Graziella, Località Feo di Vito, 89122, Reggio Calabria, Italy

    Francesco Buccafurri, Lidia Fotia & Gianluca Lax

Authors
  1. Francesco Buccafurri
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Lidia Fotia
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Gianluca Lax
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Francesco Buccafurri .

Editor information

Editors and Affiliations

  1. Corvinus University of Budapest, Budapest, Hungary

    Andrea Kő

  2. Institute of Legal Information Theory and Techniques, Florence, Italy

    Enrico Francesconi

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing Switzerland

About this paper

Cite this paper

Buccafurri, F., Fotia, L., Lax, G. (2016). Implementing Advanced Electronic Signature by Public Digital Identity System (SPID). In: Kő, A., Francesconi, E. (eds) Electronic Government and the Information Systems Perspective. EGOVIS 2016. Lecture Notes in Computer Science(), vol 9831. Springer, Cham. https://doi.org/10.1007/978-3-319-44159-7_21

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-44159-7_21

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-44158-0

  • Online ISBN: 978-3-319-44159-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation