Scroll back

Evaluierungsmodell für server-basierte Signaturen

Kurzfassung (in Englisch):

During the past years, a general trend towards server-based signature solutions can be observed. Server-based signature solutions rely on a secure central server component that is able to securely store cryptographic keys and to create electronic signatures on behalf of users. Due to their various advantages compared to client-based solutions, it must be expected that server-based signature solutions will be increasingly deployed in securitycritical fields of application in future. This raises the need for appropriate means to systematically evaluate the security of such solutions. Unfortunately, existing evaluation methods (e.g. Protection Profiles according to Common Criteria) are only partly applicable for evaluating server-based signature solutions. To overcome this issue, we propose a new implementation-independent evaluation model for server-based signature solutions. The proposed evaluation model is based on an abstract architectural model for server-based signature solutions and can hence be applied to arbitrary implementations. This way, we provide a powerful instrument to assess the security of future server-based signature solutions and pave the way for their adoption in security-critical fields of application.


Scroll forward