The public sector holds large amounts of data of
various areas such as social affairs, economy, or tourism. Various
initiatives such as Open Government Data or the EU Directive on
public sector information aim to make these data available for public
and private service providers. Requirements for the provision of
public sector data are defined by legal and organizational
frameworks. Surprisingly, the defined requirements hardly cover
security aspects such as integrity or authenticity.
In this paper we discuss the importance of these missing
requirements and present a concept to assure the integrity and
authenticity of provided data based on electronic signatures. We
show that our concept is perfectly suitable for the provisioning of
unaltered data. We also show that our concept can also be extended
to data that needs to be anonymized before provisioning by
incorporating redactable signatures. Our proposed concept enhances
trust and reliability of provided public sector data.
[1] D.Slamanig und S.Rass, "Redigierbare Signaturen: Theorie und Praxis"
in: Datenschutz und Datensicherheit, Bd. 35, Nr. 11, S. 757-762.
[2] R. Steinfeld, L. Bull und Y. Zheng: Content Extraction Signatures.
ICISC, LNCS 2288, S. 285-304. Springer, 2001.
[3] G. Ateniese, D. H. Chou, B. de Medeiros und G. Tsudik. Sanitizable
Signatures. ESORICS, LNCS 3679, S. 159-177. Springer, 2005.
[4] R. Johnson, D. Molnar, D. X. Song und D. Wagner. Homomorphic
Signature Schemes. CTRSA, LNCS 2271, S. 244-262. Springer, 2002.
[5] M. Klonowski und A. Lauks. Extended Sanitizable Signatures. ICISC,
LNCS 4296, S. 343-355. Springer, 2006.
[6] S. Canard und A. Jambert. On Extended Sanitizable Signature Schemes.
CT-RSA, LNCS 5985, S. 179-194. Springer, 2010.
[7] D. Slamanig und S. Rass. Generalizations and Extensions of Redactable
Signatures with Applications to Electronic Healthcare. CMS, LNCS
6109, S. 201-213. Springer, 2010.
[8] S. Haber, Y. Hatano, et al.: Efficient signature schemes supporting
redaction, pseudonymization, and data identification. ASIACCS, S. 353-
362. ACM, 2008.
[9] Open Government Working Group, 8 Principles of Open Government
Data, http://www.opengovdata.org/home/8principles, 2007.
[10] The European Parliament and the Council of the European Union:
Directive 2003/98/EC of the European Parliament and the Council of 17
November 2003 on the re-use of public sector information, Official
Journal of the European Union L 345/90, http://eurlex.
europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:32003L0098:EN
:NOT, 2003.
[11] The European Parliament and the Council of the European Union:
Directive 1999/93/EC of the European Parliament and the Council of 13
December 1999 on a Community framework for electronic signatures,
Official Journal of the European Union L 13/12, http://eurlex.
europa.eu/smartapi/cgi/sga_doc?smartapi!celexapi!prod!CELEXnum
doc&numdoc=31999L0093&model=guichett&lg=en, 2000.
[12] W3C Recommendation: XML-Signature Syntax and Processing (Second
Edition), http://www.w3.org/TR/xmldsig-core/, 2008.
[13] ETSI TS 101 903, Electronic Signatures and Infrastructures (ESI); XML
Advanced Electronic Signatures (XAdES), V1.4.2, 2010
[14] Adobe Corporation, Document management ÔÇö Portable document
format ÔÇö Part 1: PDF 1.7, First Edition, 2008.
[15] ETSI TS 102 778-1, Electronic Signatures and Infrastructures (ESI);
PDF Advanced Electronic Signature Profiles; Part 1: PAdES Overview -
a framework document for PAdES, V1.1.1, 2009.
[1] D.Slamanig und S.Rass, "Redigierbare Signaturen: Theorie und Praxis"
in: Datenschutz und Datensicherheit, Bd. 35, Nr. 11, S. 757-762.
[2] R. Steinfeld, L. Bull und Y. Zheng: Content Extraction Signatures.
ICISC, LNCS 2288, S. 285-304. Springer, 2001.
[3] G. Ateniese, D. H. Chou, B. de Medeiros und G. Tsudik. Sanitizable
Signatures. ESORICS, LNCS 3679, S. 159-177. Springer, 2005.
[4] R. Johnson, D. Molnar, D. X. Song und D. Wagner. Homomorphic
Signature Schemes. CTRSA, LNCS 2271, S. 244-262. Springer, 2002.
[5] M. Klonowski und A. Lauks. Extended Sanitizable Signatures. ICISC,
LNCS 4296, S. 343-355. Springer, 2006.
[6] S. Canard und A. Jambert. On Extended Sanitizable Signature Schemes.
CT-RSA, LNCS 5985, S. 179-194. Springer, 2010.
[7] D. Slamanig und S. Rass. Generalizations and Extensions of Redactable
Signatures with Applications to Electronic Healthcare. CMS, LNCS
6109, S. 201-213. Springer, 2010.
[8] S. Haber, Y. Hatano, et al.: Efficient signature schemes supporting
redaction, pseudonymization, and data identification. ASIACCS, S. 353-
362. ACM, 2008.
[9] Open Government Working Group, 8 Principles of Open Government
Data, http://www.opengovdata.org/home/8principles, 2007.
[10] The European Parliament and the Council of the European Union:
Directive 2003/98/EC of the European Parliament and the Council of 17
November 2003 on the re-use of public sector information, Official
Journal of the European Union L 345/90, http://eurlex.
europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:32003L0098:EN
:NOT, 2003.
[11] The European Parliament and the Council of the European Union:
Directive 1999/93/EC of the European Parliament and the Council of 13
December 1999 on a Community framework for electronic signatures,
Official Journal of the European Union L 13/12, http://eurlex.
europa.eu/smartapi/cgi/sga_doc?smartapi!celexapi!prod!CELEXnum
doc&numdoc=31999L0093&model=guichett&lg=en, 2000.
[12] W3C Recommendation: XML-Signature Syntax and Processing (Second
Edition), http://www.w3.org/TR/xmldsig-core/, 2008.
[13] ETSI TS 101 903, Electronic Signatures and Infrastructures (ESI); XML
Advanced Electronic Signatures (XAdES), V1.4.2, 2010
[14] Adobe Corporation, Document management ÔÇö Portable document
format ÔÇö Part 1: PDF 1.7, First Edition, 2008.
[15] ETSI TS 102 778-1, Electronic Signatures and Infrastructures (ESI);
PDF Advanced Electronic Signature Profiles; Part 1: PAdES Overview -
a framework document for PAdES, V1.1.1, 2009.
@article{"International Journal of Information, Control and Computer Sciences:64055", author = "Klaus Stranacher and Vesna Krnjic and Thomas Zefferer", title = "Trust and Reliability for Public Sector Data", abstract = "The public sector holds large amounts of data of
various areas such as social affairs, economy, or tourism. Various
initiatives such as Open Government Data or the EU Directive on
public sector information aim to make these data available for public
and private service providers. Requirements for the provision of
public sector data are defined by legal and organizational
frameworks. Surprisingly, the defined requirements hardly cover
security aspects such as integrity or authenticity.
In this paper we discuss the importance of these missing
requirements and present a concept to assure the integrity and
authenticity of provided data based on electronic signatures. We
show that our concept is perfectly suitable for the provisioning of
unaltered data. We also show that our concept can also be extended
to data that needs to be anonymized before provisioning by
incorporating redactable signatures. Our proposed concept enhances
trust and reliability of provided public sector data.", keywords = "Trusted Public Sector Data, Integrity, Authenticity,
Reliability, Redactable Signatures.", volume = "7", number = "1", pages = "139-7", }