Safety weaknesses of digital signature used for safety critical applications of e-government

• Autorzy: Franekova M. , Šutak M.
• Języki publikacji: EN

Abstrakty

EN

The authors of this article focus on the analysis of safety weaks of digital signature schemes used within e-Government service in condition of Slovak republic. Main part is orientated on the possibility of attacks on eID card with using RSA digital signature scheme what was in the last months very frequently medialized in Slovakia. In the practical part on the base of mathematically description is analysed possible weaks of RSA digital signature schemes especially complexity of factorization problems dependence of length of key is describe and compare with more effectiveness ECDSA scheme. On the base of studies the authors mentioned the recommendations for parameters selection of very often used digital signature schemes focus on access to safety-critical applications supported during process of digitalization of e-Government in Slovak republic.

Słowa kluczowe

EN

e-government; safety-critical; services; eID card; authorization; qualified certificate; digital signature; RSA; ECDSA; complexity of factorization

PL

e-państwo; karta eID; autoryzacja; podpis kwalifikowany; podpis cyfrowy; RSA; ECDSA; złożoność faktoryzacji

• Wydawca: Polskie Stowarzyszenie Telematyki Transportu
• Czasopismo: Archives of Transport System Telematics
• Rocznik: 2018
• Tom: Vol. 11, iss. 3
• Strony: 11--18
• Opis fizyczny: Bibliogr. 23 poz.

Twórcy

autor

Franekova M.

• UNIVERSITY OF ŽILINA, Faculty of Electrical Engineering, Department of Control and Information Systems, 010 026 Žilina, Slovak Republic

autor

Šutak M.

• ALIGA, S. R. O., 036 01 Martin, Slovak Republic

Bibliografia

• [1] Act No. 272/2016 Coll. on Trust Services for Electronic Transactions in the Internal Market and on Amendment and Supplementing of certain Acts (Trust Services Act), Slovak, 2016
• [2] Act No. 215/2004 Coll. on Protection of Classified Information and on Amendment and Supplementing of certain Acts as amended, Slovak, 2002
• [3] FRANEKOVÁ M., RÁSTOČNÝ K.: Cryptography in safety-related systems, EDIS Žilina, 203 p., University of Žilina, Slovak, 2017
• [4] LACKO Ľ.: How to deal with eID if we want to use it for digital signing, PC Revue 3rd November 2017, Slovak, 2017
• [5] GOODIN D.: Millions of high-security crypto keys crippled by newly discovered flaw. Ars Technika Journal (10/2017). In: https://arstechnica.com/information-technology/2017/10/crypto-failure-cripples-millions-of-high-security-keys-750k-estonian-ids/ [date of access: 20.12.2017]
• [6] VAUDENAY S.: A Classical introduction to Cryptography, Springer, 2009
• [7] MILLER S.D., NARAYANAN B.: Coppersmith’s lattices “focus group”: an attack on small - exponent of RSA. August 2017, In: https://eprint.iacr.org/2017/835.pdf [date of access: 20.12.2017]
• [8] SEMINARIO C.E., WILSON D.C.: Assessing Impacts of a Power User Attack on a Matrix Factorization Collaborative Recommender System. In: https://pdfs.semanticscholar.org/0764/0f89fe3a97c8b6736f609b7c333be795d69a.pdf [date of access: 20.12.2017]
• [9] National Security Authority Decree No. 135/2009 Coll. on the Format and Manner of Completing Advanced Electronic Signature, Slovak 2009
• [10] PKCS # 1 v.2.1 RSA Cryptography Standard, 1999
• [11] ANSI X.9.31 Pseudorandom number Generator, 2011
• [12] LEVICKÝ, D.: Cryptography in communication security, Elfa Košice, Slovak, 2014
• [13] VAN TILBORG H.C.A., JAJODIA S.: Encyklopedia of Cryptography and Security, 2011
• [14] BOS J.W., et al.: Elliptic Curve Cryptography in practice. In: https://eprint.iacr.org/2013.pdf, 2013 [date of access: 20.12.2017]
• [15] RFC 5114: Additional Diffie-Hellman Groups for used of IETF Standards 2008
• [16] NEMEC M., et al.: The Return of Coppersmith’s Attack: Practical Factorization of Widely Used RSA Moduli, CCS ‘17 Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, p. 1631-1648, October 30-November 3, 2017, Dallas, TX, USA, Session H1: Crypto Attacks, 2017
• [17] CERT Software Engineering Institute, Carnegie Mellon University, Vulnerability Notes Database, Vulnerability Note VU#307015, Infineon RSA library does not properly generate RSA key pairs, Original Release date: 16 Oct 2017, In: https://www.kb.cert.org/vuls/id/307015 [date of access: 20.12.2017]
• [18] JINASENA T., MEEGAMA R., MARASINGHE R.: Access Control of Medical Images using Elliptic Curve Cryptography through Effective Multi-Key Management in a Mobile
• [19] Multicasting Environment, Computer Science and Engineering, 7(1): 1-11, doi:10.5923/j.computer.20170701.01, 2017
• [20] DAMIEN G.: BlueKrypt: Cryptography key lengths Recommendations. BlueKrypt v 30.4, 2017
• [21] SHOR P.W.: Algorithms for quantum computation: Discrete logarithms and factoring, Proc. 35nd Annual Symposium on Foundations of Computer Science (Shafi Goldwasser, ed.), IEEE Computer Society Press, 1994, p. 124-134
• [22] Havard University, HARVARDgazette, Science & Health / Engineering & Technology, Researchers create quantum calculator, 30th November 2017, In: https://news.harvard.edu/gazette/story/2017/11/researchers-create-new-type-of-quantum-computer/ [date of access: 20.12.2017]
• [23] NIST - National Institute of Standards and Technology, Information Technology Laboratory, CSRC - Computer Security Resource Centre, Projects: Post-Quantum Cryptography, In: https://csrc.nist.gov/Projects/Post-Quantum-Cryptography [date of access: 20.12.2017]