SABRES - A Proof of Concept for Enhanced Cloud Qualified Electronic Signatures

Abstract

Public Key Infrastructure (PKI) is an essential technology that enables secure communications over the Internet. Trust Service Providers (TSPs) have a crucial role in assuring the binding of the owner’s identity to the public key through the digital certificates. Therefore, any breach may lead to major security and privacy issues. Since 2013, proposed solutions aim to improve the security of PKIs, many of them by using blockchain technology. This way a distributed trust is obtained. But the majority of the proposed solutions are not compliant with the working standards and therefore the adoption process is very difficult. Offering cloud Qualified Electronic Signatures (QES) services puts even more pressure on the TSPs, which have to ensure the sole control of the user over the private keys stored server-side. The solutions proposed so far to assure this sole control of the user have been focused on proposing remote signature protocols that guarantee the exclusive access of the user to the private keys. The problem is that this exclusiveness cannot be formally proved to the user. Therefore, in the end, this goes down to just trusting the TSP. In this context, introducing a distributed trust source would significantly grow the reliability and security of the cloud QES services. The current paper proposes a new solution that uses blockchain to improve trust in QES performed in the cloud, but not through a signature protocol, but through a distributed means of logging and verifying all accesses to one’s private key. The proposed solution is fully compliant with all working standards for cloud QES and combines PKI and blockchain advantages: interoperability with current working systems and distributed trust.