Klaus Stranacher

Cloud Computing in E-Government across Europe

Cloud computing has many advantages which also governments and public authorities can benefit from. Therefore, a couple of European countries have already adopted cloud computing in the public sector or are planning to do so. In this paper, we evaluate eight European countries on their use of cloud computing in e-Government and compare them. As a result, the dominant cloud computing deployment model in those countries is a so-called G-Cloud Governmental Cloud, a private or community cloud especially designed for national governmental use. In addition, no favored cloud service model has emerged, hence all standard cloud service models Infrastructure, Platform, and Software as a Service are adopted by most countries. Finally, half of the evaluated countries have anchored cloud computing in one of their national ICT strategies.

A Federated Cloud Identity Broker-Model for Enhanced Privacy via Proxy Re-Encryption

Reliable and secure user identification and authentication are key enablers for regulating access to protected online services. Since cloud computing gains more and more importance, identification and authentication in and across clouds play an increasing role in this domain too. Currently, existing web identity management models are often just mapped to the cloud domain. Besides, within recent years several cloud identity management models such as the cloud identity broker-model have emerged. In the aforementioned model, an identity broker in the cloud acts as hub between various service and identity providers. While this seems to be a promising approach for adopting identity management in cloud computing, still some problems can be identified. A notable issue is the dependency of users and service providers on the same central broker for identification and authentication processes. Additionally, letting an identity broker store or process sensitive data such as identity information in the cloud brings up new issues, in particular with respect to user’s privacy. To overcome these problems, we propose a new cloud identity management model based on the federation between different cloud identity brokers. Thereby, users and service providers can select their favorite cloud identity broker without being dependent on one and the same broker. Moreover, it enhances user’s privacy by the use of appropriate cryptographic mechanisms and in particular proxy re-encryption. Besides introducing the model we also provide a proof of concept implementation thereof.

Cross-Border Legal Identity Management

Electronic Identities (eID) and their cross-border recognition are on top of the agenda of various e-Government initiatives of the European Commission (EC). Therefore, the EC launched the EU large scale pilot STORK, which was running for about 3.5 years and finished at the end of 2011. In this period, STORK has established a European eID interoperability platform for citizens. The focus of STORK was to achieve eID interoperability of natural persons. However, many e-Government processes are conducted by representatives of legal persons. Hence, this paper proposes an eID interoperability framework for the cross-border identification and authentication of legal persons or professional representatives using electronic mandates. The framework strongly bases on the findings of STORK and introduces an extension of the STORK framework supporting cross-border identification and authentication of legal persons.

Foreign Identities in the Austrian E-Government

With the revision of the Austrian E-Government Act [8] in the year 2008, the legal basis for a full integration of foreign persons in the Austrian e-government, has been created. Additionally, the EGovernment Equivalence Decree [1] has been published in June 2010. This decree clarifies which foreign electronic identities are considered to be equivalent to Austrian identities and can be electronically registered within the Austrian identity register. Based on this legal framework a concept has been developed which allows non-Austrian citizens to log in to Austrian online administrative procedures using their foreign identity. A solution resting upon this concept has been developed and successfully tested. This solution has become operative in July 2010.

A Comparative Survey of Cloud Identity Management-Models

Secure identification and authentication are essential processes for protecting access to services or applications. These processes are also crucial in new areas of application such as the cloud computing domain. Over the past years, several cloud identity management-models for managing identification and authentication in the cloud domain have emerged. In this paper, we survey existing cloud identity management-models and compare and evaluate them based on selected criteria, e.g., on practicability or privacy aspects.

Measuring Usability to Improve the Efficiency of Electronic Signature-Based e-Government Solutions

Usability and security are crucial requirements of efficient e-Government services and applications. Given security requirements are mostly met by integration of approved cryptographic methods such as two-factor authentication and qualified electronic signatures. Integration of these technologies into e-Government applications usually introduces additional complexity and often affects the usability of these solutions. So far, research on usability as efficiency-measuring instrument in e-Government has primarily focused on the evaluation of e-Government Web sites only. Usability issues raised by the integration of security-enhancing technologies into e-Government applications have not been considered in detail yet. We filled this gap by conducting a usability analysis of three core components of the Austrian e-Government infrastructure to improve efficiency in this domain. The evaluated components act as middleware and facilitate integration of e-ID and e-Signature tokens such as smart cards and mobile phones into e-Government applications. We have assessed the usability and perceived security of these middleware components by means of a thinking-aloud test with 20 test users. This chapter introduces the evaluated components, discusses the followed methodology, and presents obtained results of the conducted usability test.

Enhancing the Modularity and Applicability of Web-Based Signature-Verification Tools

Electronic signature are an important concept and crucial tool for security-critical applications. Employing the full potential of electronic signatures requires the availability of appropriate signature-verification tools. Today, a plethora of different signature-verification tools exist that allow users to verify electronically signed files and documents. Unfortunately, most of these tools have been designed for a special use case and lack support for various fields of application. This renders the development of applications based on electronic signatures difficult and reduces usability for end users. To overcome this issue, we propose an improved architecture for signature-verification tools. This architecture ensures flexibility and an easy extensibility by following a plug-in-based approach. The applicability and practicability of the proposed architecture has been assessed by means of a concrete implementation. This implementation demonstrates the proposed architecture’s capability to meet requirements of various different application scenarios and use cases. This way, the proposed architecture and the developed implementation that relies on this architecture contribute to the security, usability, and efficiency of present and future electronic signature-based applications.

Trust-Service Status List Based Signature Verification

Interoperability and cross-border services are on the top of the agenda of the Digital Agenda for Europe and the e-Government action plan. Here, electronic signatures and their verification play a major role. Especially electronic signatures relying on qualified certificates and produced by secure signature creation devices are of special interest --- as they are legally equivalent to handwritten signatures. To facilitate the recognition of such qualified signatures, trust-service status lists have been established. Current signature verification applications lack on a sufficient support of trust-service status lists. To solve this problem, we propose an efficient, adaptable and easy to use trust-service status list enabled signature verification application. Our solution bases on the Austrian signature verification component MOA-SP. It extends the existing architecture to support trust-service status list functionalities. Finally, our implementation is evaluated in real life scenarios and we give a survey about the implementation status of trust-service status lists in Europe.

Modular Architecture for Adaptable Signature-Creation Tools

Electronic signatures play an important role in e-Business and e-Government applications. In particular, electronic signatures fulfilling certain security requirements are legally equivalent to handwritten signatures. Nevertheless, existing signature-creation tools have crucial drawbacks with regard to usability and applicability. To solve these problems, we define appropriate requirements for signature-creation tools to be used in e-Government processes. Taking care of these requirements we propose a modular architecture for adaptable signature-creation tools. Following a user-centered design process we present a concrete implementation of the architecture based upon the Austrian Citizen Card. This implementation has been used to prove the applicability of the architecture in real life. Our tool has been successfully tested and has been assessed as usable and intuitive. It has already been officially released and is widely used in productive environments.