In our past two posts, we have got familiar with the general overview of remote signature services as well as the main idea of its practical implementations. Now we will answer one of the most frequently asked questions regarding such solutions: Are they safe to use? Security, with special regard to information technology, is a very complex term. It should be stated, as it is in almost every study regarding the topic, that achieving a hundred percent information security is nearly impossible. In general, most aim to provide the triangle of confidentiality, integrity and availability of information. So what ensures these in remote signature solutions?
The last post thematized the mechanism of remote signature creation. For the security aspects, we should recall the flowchart detailing the key generation process.
We should take the thread from when the request is forwarded to the environment of a TSP. This request gets to the TSP’s Qualified electronic Signature Creation Device (QSCD), which is a generally required security solution for qualified remote signatures as well as for many other qualified trust services; this is basically a secure signature generation device, which procedurally ensures the secrecy of signing keys and the cryptographical techniques as well as the credential matching the right owner. It contains a Signature Activation Module (SAM) and a Cryptographic Module, which in most cases is a Hardware Security Module (HSM).
The request first gets to the SAM, which uses the activation data (SAD) to authenticate the signer and activate their signing key. For certified remote signatures, SAM should be compliant with CEN PP EN 419 241-2
When this is done, the SAM sends the hash to the HSM which does most of the work regarding security. The HSM by definition is a physical computing device that protects and manages the digital key. Physically, they are plug-in cards or external devices attached to a server. They are designed by specific access control mechanisms to ensure that sensitive cryptographic materials do not leave the chip. HSMs are used for the secure generation of keys; they do this so with incorporate True Random Number generators, which take a lot of input from the environment, including thermal and athmospheric noises etc., in order not to be predictable, therefore not to be cracked.
Architectures are categorized confidence-of-control-wise by CEN EN 419 241-1, which provides two categories, called Sole Control Assurance Levels (SCAL). A HSM, in order to be used to create qualified remote signatures, should be SCA Level 2, which, by definition, means that „The signing keys are used, with a high level of confidence, under the sole control of the signer” and „The authorized signer's use of its key for signing is enforced by the signature activation module by means of signature activation data provided, by the signer, using a signature activation protocol, in order to enable the use of the corresponding signing key to sign specific documents”. The HSMs are used for a lot of other security purposes, including but not limited to create secure backups, tamper proofing and maintaining logs for processes.
When the HSM is done with the key operations, the Server Signing Application (SSA) forwards the result back to the Signer Interaction Component, and the signature is done. Although even reading this post takes several minutes, the process itself is done in a few seconds, and as a result, a qualified signature is made.
Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC.
Franck Leroy: CEN Standards on remote signing (Conference Paper)
Cryptomathic: Introducing the signature activation protocol for remote server signing
ETSI TS 119 432 V1.1.1 (2019-03)
ETSI TS 119 431-2 V1.1.1 (2018-12)
ETSI TS 119 431-1 V1.1.1 (2018-12)
© 2020 Microsec Ltd. | Company registration number: 01-10-047218 | Tax number: 23584497-2-41