Trust and Reliability for Public Sector Data

The public sector holds large amounts of data of various areas such as social affairs, economy, or tourism. Various initiatives such as Open Government Data or the EU Directive on public sector information aim to make these data available for public and private service providers. Requirements for the provision of public sector data are defined by legal and organizational frameworks. Surprisingly, the defined requirements hardly cover security aspects such as integrity or authenticity. In this paper we discuss the importance of these missing requirements and present a concept to assure the integrity and authenticity of provided data based on electronic signatures. We show that our concept is perfectly suitable for the provisioning of unaltered data. We also show that our concept can also be extended to data that needs to be anonymized before provisioning by incorporating redactable signatures. Our proposed concept enhances trust and reliability of provided public sector data.

Authors:

• Klaus Stranacher
• Vesna Krnjic
• Thomas Zefferer

Keywords:

• Trusted Public Sector Data
• Integrity
• Authenticity
• Reliability
• Redactable Signatures.

References:

[1] D.Slamanig und S.Rass, "Redigierbare Signaturen: Theorie und Praxis"
in: Datenschutz und Datensicherheit, Bd. 35, Nr. 11, S. 757-762.
[2] R. Steinfeld, L. Bull und Y. Zheng: Content Extraction Signatures.
ICISC, LNCS 2288, S. 285-304. Springer, 2001.
[3] G. Ateniese, D. H. Chou, B. de Medeiros und G. Tsudik. Sanitizable
Signatures. ESORICS, LNCS 3679, S. 159-177. Springer, 2005.
[4] R. Johnson, D. Molnar, D. X. Song und D. Wagner. Homomorphic
Signature Schemes. CTRSA, LNCS 2271, S. 244-262. Springer, 2002.
[5] M. Klonowski und A. Lauks. Extended Sanitizable Signatures. ICISC,
LNCS 4296, S. 343-355. Springer, 2006.
[6] S. Canard und A. Jambert. On Extended Sanitizable Signature Schemes.
CT-RSA, LNCS 5985, S. 179-194. Springer, 2010.
[7] D. Slamanig und S. Rass. Generalizations and Extensions of Redactable
Signatures with Applications to Electronic Healthcare. CMS, LNCS
6109, S. 201-213. Springer, 2010.
[8] S. Haber, Y. Hatano, et al.: Efficient signature schemes supporting
redaction, pseudonymization, and data identification. ASIACCS, S. 353-
362. ACM, 2008.
[9] Open Government Working Group, 8 Principles of Open Government
Data, http://www.opengovdata.org/home/8principles, 2007.
[10] The European Parliament and the Council of the European Union:
Directive 2003/98/EC of the European Parliament and the Council of 17
November 2003 on the re-use of public sector information, Official
Journal of the European Union L 345/90, http://eurlex.
europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:32003L0098:EN
:NOT, 2003.
[11] The European Parliament and the Council of the European Union:
Directive 1999/93/EC of the European Parliament and the Council of 13
December 1999 on a Community framework for electronic signatures,
Official Journal of the European Union L 13/12, http://eurlex.
europa.eu/smartapi/cgi/sga_doc?smartapi!celexapi!prod!CELEXnum
doc&numdoc=31999L0093&model=guichett&lg=en, 2000.
[12] W3C Recommendation: XML-Signature Syntax and Processing (Second
Edition), http://www.w3.org/TR/xmldsig-core/, 2008.
[13] ETSI TS 101 903, Electronic Signatures and Infrastructures (ESI); XML
Advanced Electronic Signatures (XAdES), V1.4.2, 2010
[14] Adobe Corporation, Document management ÔÇö Portable document
format ÔÇö Part 1: PDF 1.7, First Edition, 2008.
[15] ETSI TS 102 778-1, Electronic Signatures and Infrastructures (ESI);
PDF Advanced Electronic Signature Profiles; Part 1: PAdES Overview -
a framework document for PAdES, V1.1.1, 2009.