SlideShare a Scribd company logo

Are electronic signature assumptions realistic

Download as PPTX, PDF
Pawel Krawczyk
Pawel Krawczyk

A retrospective analysis of basic legal and technical assumptions that were laid at base of EU Directive 1999/93/EC on electronic signatures and subsequent technical standards (CWA). See http://ipsec.pl/ for more details.

Technology
1 of 9
Are electronic signature assumptions realistic? Paweł Krawczyk IPSec.pl
The Directive • Equivalency to handwritten signature – Which hadwritten signature? • At $10 CC purchase? At wedding contract? At car dealer? At notary? At church? • Sole control of the owner (AdEs 2.2c) – Reality – Polish article 47 • Utopia that turned into fetish
Technical standards • CWA 14170:2004 „A typical environment for the first case might be the home or the office, where the individual or the company has direct control of the SCS (e.g. an SCS implemented in a mobile phone). In this case, the security requirements may be met by organisational methods put in place or managed by the signer, and the technical means to ensure achievement of the security requirements may be more relaxed.”
Computer in home or office? • Direct control?? • In XXI century??? • This could be valid in 70’s – Pre-BBS, pre-FidoNet, pre-Internet • Reality of „direct control” – RDP, XDMCP, SSH, PoisonIvy... – Direct control from Romania over server in Australia with proxy in USA
Results • The Smartcard – €150’000 CC certificate, DPA protection, tamper-proof Is then inserted into... • The Signature Creation System – Pirated Windows, no patches, on admin account and out-of-date antivirus
QCA’s response • „Attack is possible, but only if using software non-compliant with recommendations found in „User manual” delivered with QCA products”
All about antivirus
SEALED 2007 • “Study on the standardisation aspects of eSignature” “The view of PKI taken in these documents is still based on the views from the 1970s and 1980s (an off-line world!) that have to some extent failed in the 1990s for various reasons”
What works out there? • Username and • Trusted email – PEC password (UK) (IT), De-mail (DE), • Server-based OCES (DK), TSCP signature (MobiTrust, (USA) Trusted Profile, OCES • Risk-based II) authentication (e- • SMS password Deklaracje) (banks) • 3rd party (EchoSign, • Software digital DocuSign) signature (UK, DK, PL – e-Sąd) • OTP tokens (banks)

Recommended

How encryption work
How encryption workHow encryption work
How encryption workYosuke Takabatake
 
E signature-signyourdoc
E signature-signyourdocE signature-signyourdoc
E signature-signyourdocKishankant Yadav
 
Wisekey italia presentation 2012
Wisekey italia presentation 2012Wisekey italia presentation 2012
Wisekey italia presentation 2012K-Team Consulting Srl
 
Document security & firewall
Document security & firewallDocument security & firewall
Document security & firewallSanjay Singh
 
DIGITAL SIGNATURE PPT
DIGITAL SIGNATURE PPTDIGITAL SIGNATURE PPT
DIGITAL SIGNATURE PPTRajanGoyal16
 
Digital signatures
Digital signaturesDigital signatures
Digital signaturesIshwar Dayal
 
Reaching Agreement: eSignature API strategies (API Days Paris 2016-12-13)
Reaching Agreement: eSignature API strategies (API Days Paris 2016-12-13)Reaching Agreement: eSignature API strategies (API Days Paris 2016-12-13)
Reaching Agreement: eSignature API strategies (API Days Paris 2016-12-13)DocuSign
 
Future of Public Key Infrastructure
Future of Public Key InfrastructureFuture of Public Key Infrastructure
Future of Public Key InfrastructureChin Wan Lim
 

Recommended

How encryption work
How encryption workHow encryption work
How encryption workYosuke Takabatake
 
E signature-signyourdoc
E signature-signyourdocE signature-signyourdoc
E signature-signyourdocKishankant Yadav
 
Wisekey italia presentation 2012
Wisekey italia presentation 2012Wisekey italia presentation 2012
Wisekey italia presentation 2012K-Team Consulting Srl
 
Document security & firewall
Document security & firewallDocument security & firewall
Document security & firewallSanjay Singh
 
DIGITAL SIGNATURE PPT
DIGITAL SIGNATURE PPTDIGITAL SIGNATURE PPT
DIGITAL SIGNATURE PPTRajanGoyal16
 
Digital signatures
Digital signaturesDigital signatures
Digital signaturesIshwar Dayal
 
Reaching Agreement: eSignature API strategies (API Days Paris 2016-12-13)
Reaching Agreement: eSignature API strategies (API Days Paris 2016-12-13)Reaching Agreement: eSignature API strategies (API Days Paris 2016-12-13)
Reaching Agreement: eSignature API strategies (API Days Paris 2016-12-13)DocuSign
 
Future of Public Key Infrastructure
Future of Public Key InfrastructureFuture of Public Key Infrastructure
Future of Public Key InfrastructureChin Wan Lim
 
Microsoft paint es un programa simple para editar gráficos
Microsoft paint es un programa simple para editar gráficosMicrosoft paint es un programa simple para editar gráficos
Microsoft paint es un programa simple para editar gráficosKatyaVanesita RZ
 
Facultad de comercio exterior administración empresarial economíca y mark...
Facultad de comercio exterior administración empresarial economíca y mark...Facultad de comercio exterior administración empresarial economíca y mark...
Facultad de comercio exterior administración empresarial economíca y mark...Gabriel Dario Enriquez Lopez
 
¿Por que es importante saber programar?
¿Por que es importante saber programar?¿Por que es importante saber programar?
¿Por que es importante saber programar?Anibal Guzmán Miranda
 
The SEO secret sauce to international success
The SEO secret sauce to international successThe SEO secret sauce to international success
The SEO secret sauce to international successOban International
 
Decagolo etico angie melisa
Decagolo etico angie melisaDecagolo etico angie melisa
Decagolo etico angie melisaAngie Melissa Monroy
 
La aventura de encontrar un empleo 18abr2013
La aventura de encontrar un empleo 18abr2013La aventura de encontrar un empleo 18abr2013
La aventura de encontrar un empleo 18abr2013AINTZANE Diez Urbieta
 
Phrasal verbs_Johan Enciso Florez Ingles B1+ UNAD 2015
Phrasal verbs_Johan Enciso Florez Ingles B1+ UNAD 2015Phrasal verbs_Johan Enciso Florez Ingles B1+ UNAD 2015
Phrasal verbs_Johan Enciso Florez Ingles B1+ UNAD 2015Johann Enflo
 
Pragmatic view on Electronic Signature directive 1999 93
Pragmatic view on Electronic Signature directive 1999 93Pragmatic view on Electronic Signature directive 1999 93
Pragmatic view on Electronic Signature directive 1999 93Pawel Krawczyk
 
How do you secure an electronic signature?
How do you secure an electronic signature?How do you secure an electronic signature?
How do you secure an electronic signature?XeniT Solutions nv
 
2017.03.30 - e-Signatures Conference for ZertES and eIDAS
2017.03.30 - e-Signatures Conference for ZertES and eIDAS 2017.03.30 - e-Signatures Conference for ZertES and eIDAS
2017.03.30 - e-Signatures Conference for ZertES and eIDAS Kyos
 
Digital signature
Digital signatureDigital signature
Digital signatureYash Karanke
 
Session 1. e-ID_esign
Session 1. e-ID_esignSession 1. e-ID_esign
Session 1. e-ID_esigne-SENS project
 
Digital Signatures: how it's done in PDF
Digital Signatures: how it's done in PDFDigital Signatures: how it's done in PDF
Digital Signatures: how it's done in PDFiText Group nv
 
OWASP Ukraine Thomas George presentation
OWASP Ukraine Thomas George presentationOWASP Ukraine Thomas George presentation
OWASP Ukraine Thomas George presentationuisgslide
 
Email Interception For The Good Guys | CloudFest 2021
Email Interception For The Good Guys | CloudFest 2021Email Interception For The Good Guys | CloudFest 2021
Email Interception For The Good Guys | CloudFest 2021Axigen
 
Cryptography: zero knowledge proof and multi party computation, OW2online, Ju...
Cryptography: zero knowledge proof and multi party computation, OW2online, Ju...Cryptography: zero knowledge proof and multi party computation, OW2online, Ju...
Cryptography: zero knowledge proof and multi party computation, OW2online, Ju...OW2
 
Online bankingsecurity
Online bankingsecurityOnline bankingsecurity
Online bankingsecurityMohammad Akteruzzaman(Nannu)
 
An Online secure ePassport Protocol
An Online secure ePassport ProtocolAn Online secure ePassport Protocol
An Online secure ePassport ProtocolVijay Pasupathinathan, PhD
 
digital signature for SMS security
digital signature for SMS securitydigital signature for SMS security
digital signature for SMS securityNilu Desai
 
Why and how to implement strong authentication on the web cartes 2010 - pat...
Why and how to implement strong authentication on the web cartes 2010 - pat...Why and how to implement strong authentication on the web cartes 2010 - pat...
Why and how to implement strong authentication on the web cartes 2010 - pat...Keynectis
 
How to Hack a Telecom and Stay Alive
How to Hack a Telecom and Stay AliveHow to Hack a Telecom and Stay Alive
How to Hack a Telecom and Stay AlivePositive Hack Days
 
130522 Analysis of Electronic Signatures in the Cdn Justice Sector
130522 Analysis of Electronic Signatures in the Cdn Justice Sector130522 Analysis of Electronic Signatures in the Cdn Justice Sector
130522 Analysis of Electronic Signatures in the Cdn Justice SectorPatrick Cormier
 

More Related Content

Viewers also liked

Microsoft paint es un programa simple para editar gráficos
Microsoft paint es un programa simple para editar gráficosMicrosoft paint es un programa simple para editar gráficos
Microsoft paint es un programa simple para editar gráficosKatyaVanesita RZ
 
Facultad de comercio exterior administración empresarial economíca y mark...
Facultad de comercio exterior administración empresarial economíca y mark...Facultad de comercio exterior administración empresarial economíca y mark...
Facultad de comercio exterior administración empresarial economíca y mark...Gabriel Dario Enriquez Lopez
 
¿Por que es importante saber programar?
¿Por que es importante saber programar?¿Por que es importante saber programar?
¿Por que es importante saber programar?Anibal Guzmán Miranda
 
The SEO secret sauce to international success
The SEO secret sauce to international successThe SEO secret sauce to international success
The SEO secret sauce to international successOban International
 
La aventura de encontrar un empleo 18abr2013
La aventura de encontrar un empleo 18abr2013La aventura de encontrar un empleo 18abr2013
La aventura de encontrar un empleo 18abr2013AINTZANE Diez Urbieta
 
Phrasal verbs_Johan Enciso Florez Ingles B1+ UNAD 2015
Phrasal verbs_Johan Enciso Florez Ingles B1+ UNAD 2015Phrasal verbs_Johan Enciso Florez Ingles B1+ UNAD 2015
Phrasal verbs_Johan Enciso Florez Ingles B1+ UNAD 2015Johann Enflo
 

Viewers also liked (7)

Microsoft paint es un programa simple para editar gráficos
Microsoft paint es un programa simple para editar gráficosMicrosoft paint es un programa simple para editar gráficos
Microsoft paint es un programa simple para editar gráficos
 
Facultad de comercio exterior administración empresarial economíca y mark...
Facultad de comercio exterior administración empresarial economíca y mark...Facultad de comercio exterior administración empresarial economíca y mark...
Facultad de comercio exterior administración empresarial economíca y mark...
 
¿Por que es importante saber programar?
¿Por que es importante saber programar?¿Por que es importante saber programar?
¿Por que es importante saber programar?
 
The SEO secret sauce to international success
The SEO secret sauce to international successThe SEO secret sauce to international success
The SEO secret sauce to international success
 
Decagolo etico angie melisa
Decagolo etico angie melisaDecagolo etico angie melisa
Decagolo etico angie melisa
 
La aventura de encontrar un empleo 18abr2013
La aventura de encontrar un empleo 18abr2013La aventura de encontrar un empleo 18abr2013
La aventura de encontrar un empleo 18abr2013
 
Phrasal verbs_Johan Enciso Florez Ingles B1+ UNAD 2015
Phrasal verbs_Johan Enciso Florez Ingles B1+ UNAD 2015Phrasal verbs_Johan Enciso Florez Ingles B1+ UNAD 2015
Phrasal verbs_Johan Enciso Florez Ingles B1+ UNAD 2015
 

Similar to Are electronic signature assumptions realistic

Pragmatic view on Electronic Signature directive 1999 93
Pragmatic view on Electronic Signature directive 1999 93Pragmatic view on Electronic Signature directive 1999 93
Pragmatic view on Electronic Signature directive 1999 93Pawel Krawczyk
 
How do you secure an electronic signature?
How do you secure an electronic signature?How do you secure an electronic signature?
How do you secure an electronic signature?XeniT Solutions nv
 
2017.03.30 - e-Signatures Conference for ZertES and eIDAS
2017.03.30 - e-Signatures Conference for ZertES and eIDAS 2017.03.30 - e-Signatures Conference for ZertES and eIDAS
2017.03.30 - e-Signatures Conference for ZertES and eIDAS Kyos
 
Digital Signatures: how it's done in PDF
Digital Signatures: how it's done in PDFDigital Signatures: how it's done in PDF
Digital Signatures: how it's done in PDFiText Group nv
 
OWASP Ukraine Thomas George presentation
OWASP Ukraine Thomas George presentationOWASP Ukraine Thomas George presentation
OWASP Ukraine Thomas George presentationuisgslide
 
Email Interception For The Good Guys | CloudFest 2021
Email Interception For The Good Guys | CloudFest 2021Email Interception For The Good Guys | CloudFest 2021
Email Interception For The Good Guys | CloudFest 2021Axigen
 
Cryptography: zero knowledge proof and multi party computation, OW2online, Ju...
Cryptography: zero knowledge proof and multi party computation, OW2online, Ju...Cryptography: zero knowledge proof and multi party computation, OW2online, Ju...
Cryptography: zero knowledge proof and multi party computation, OW2online, Ju...OW2
 
digital signature for SMS security
digital signature for SMS securitydigital signature for SMS security
digital signature for SMS securityNilu Desai
 
Why and how to implement strong authentication on the web cartes 2010 - pat...
Why and how to implement strong authentication on the web cartes 2010 - pat...Why and how to implement strong authentication on the web cartes 2010 - pat...
Why and how to implement strong authentication on the web cartes 2010 - pat...Keynectis
 
How to Hack a Telecom and Stay Alive
How to Hack a Telecom and Stay AliveHow to Hack a Telecom and Stay Alive
How to Hack a Telecom and Stay AlivePositive Hack Days
 
130522 Analysis of Electronic Signatures in the Cdn Justice Sector
130522 Analysis of Electronic Signatures in the Cdn Justice Sector130522 Analysis of Electronic Signatures in the Cdn Justice Sector
130522 Analysis of Electronic Signatures in the Cdn Justice SectorPatrick Cormier
 
How to secure electronic passports
How to secure electronic passportsHow to secure electronic passports
How to secure electronic passportsRiscure
 
How to hack a telecommunication company and stay alive. Sergey Gordeychik
How to hack a telecommunication company and stay alive. Sergey GordeychikHow to hack a telecommunication company and stay alive. Sergey Gordeychik
How to hack a telecommunication company and stay alive. Sergey GordeychikPositive Hack Days
 
How to hack a telecom and stay alive
How to hack a telecom and stay aliveHow to hack a telecom and stay alive
How to hack a telecom and stay aliveqqlan
 
Sergey Gordeychik - How to hack a telecom and stay alive
Sergey Gordeychik - How to hack a telecom and stay aliveSergey Gordeychik - How to hack a telecom and stay alive
Sergey Gordeychik - How to hack a telecom and stay aliveDefconRussia
 

Similar to Are electronic signature assumptions realistic (20)

Pragmatic view on Electronic Signature directive 1999 93
Pragmatic view on Electronic Signature directive 1999 93Pragmatic view on Electronic Signature directive 1999 93
Pragmatic view on Electronic Signature directive 1999 93
 
How do you secure an electronic signature?
How do you secure an electronic signature?How do you secure an electronic signature?
How do you secure an electronic signature?
 
2017.03.30 - e-Signatures Conference for ZertES and eIDAS
2017.03.30 - e-Signatures Conference for ZertES and eIDAS 2017.03.30 - e-Signatures Conference for ZertES and eIDAS
2017.03.30 - e-Signatures Conference for ZertES and eIDAS
 
Digital signature
Digital signatureDigital signature
Digital signature
 
Session 1. e-ID_esign
Session 1. e-ID_esignSession 1. e-ID_esign
Session 1. e-ID_esign
 
Digital Signatures: how it's done in PDF
Digital Signatures: how it's done in PDFDigital Signatures: how it's done in PDF
Digital Signatures: how it's done in PDF
 
OWASP Ukraine Thomas George presentation
OWASP Ukraine Thomas George presentationOWASP Ukraine Thomas George presentation
OWASP Ukraine Thomas George presentation
 
Email Interception For The Good Guys | CloudFest 2021
Email Interception For The Good Guys | CloudFest 2021Email Interception For The Good Guys | CloudFest 2021
Email Interception For The Good Guys | CloudFest 2021
 
Cryptography: zero knowledge proof and multi party computation, OW2online, Ju...
Cryptography: zero knowledge proof and multi party computation, OW2online, Ju...Cryptography: zero knowledge proof and multi party computation, OW2online, Ju...
Cryptography: zero knowledge proof and multi party computation, OW2online, Ju...
 
Online bankingsecurity
Online bankingsecurityOnline bankingsecurity
Online bankingsecurity
 
An Online secure ePassport Protocol
An Online secure ePassport ProtocolAn Online secure ePassport Protocol
An Online secure ePassport Protocol
 
digital signature for SMS security
digital signature for SMS securitydigital signature for SMS security
digital signature for SMS security
 
Why and how to implement strong authentication on the web cartes 2010 - pat...
Why and how to implement strong authentication on the web cartes 2010 - pat...Why and how to implement strong authentication on the web cartes 2010 - pat...
Why and how to implement strong authentication on the web cartes 2010 - pat...
 
How to Hack a Telecom and Stay Alive
How to Hack a Telecom and Stay AliveHow to Hack a Telecom and Stay Alive
How to Hack a Telecom and Stay Alive
 
130522 Analysis of Electronic Signatures in the Cdn Justice Sector
130522 Analysis of Electronic Signatures in the Cdn Justice Sector130522 Analysis of Electronic Signatures in the Cdn Justice Sector
130522 Analysis of Electronic Signatures in the Cdn Justice Sector
 
Cyber law/Business law
Cyber law/Business lawCyber law/Business law
Cyber law/Business law
 
How to secure electronic passports
How to secure electronic passportsHow to secure electronic passports
How to secure electronic passports
 
How to hack a telecommunication company and stay alive. Sergey Gordeychik
How to hack a telecommunication company and stay alive. Sergey GordeychikHow to hack a telecommunication company and stay alive. Sergey Gordeychik
How to hack a telecommunication company and stay alive. Sergey Gordeychik
 
How to hack a telecom and stay alive
How to hack a telecom and stay aliveHow to hack a telecom and stay alive
How to hack a telecom and stay alive
 
Sergey Gordeychik - How to hack a telecom and stay alive
Sergey Gordeychik - How to hack a telecom and stay aliveSergey Gordeychik - How to hack a telecom and stay alive
Sergey Gordeychik - How to hack a telecom and stay alive
 

More from Pawel Krawczyk

Top DevOps Security Failures
Top DevOps Security FailuresTop DevOps Security Failures
Top DevOps Security FailuresPawel Krawczyk
 
Authenticity and usability
Authenticity and usabilityAuthenticity and usability
Authenticity and usabilityPawel Krawczyk
 
Reading Geek Night 2019
Reading Geek Night 2019Reading Geek Night 2019
Reading Geek Night 2019Pawel Krawczyk
 
Unicode the hero or villain
Unicode the hero or villain Unicode the hero or villain
Unicode the hero or villain Pawel Krawczyk
 
Get rid of TLS certificates - using IPSec for large scale cloud protection
Get rid of TLS certificates - using IPSec for large scale cloud protectionGet rid of TLS certificates - using IPSec for large scale cloud protection
Get rid of TLS certificates - using IPSec for large scale cloud protectionPawel Krawczyk
 
Presentation from CyberGov.pl 2015
Presentation from CyberGov.pl 2015 Presentation from CyberGov.pl 2015
Presentation from CyberGov.pl 2015 Pawel Krawczyk
 
Łukasz Lenart "How secure your web framework is? Based on Apache Struts 2"
Łukasz Lenart "How secure your web framework is? Based on Apache Struts 2"Łukasz Lenart "How secure your web framework is? Based on Apache Struts 2"
Łukasz Lenart "How secure your web framework is? Based on Apache Struts 2"Pawel Krawczyk
 
Leszek Miś "Czy twoj WAF to potrafi"
Leszek Miś "Czy twoj WAF to potrafi"Leszek Miś "Czy twoj WAF to potrafi"
Leszek Miś "Czy twoj WAF to potrafi"Pawel Krawczyk
 
Paweł Krawczyk - Ekonomia bezpieczeństwa
Paweł Krawczyk - Ekonomia bezpieczeństwaPaweł Krawczyk - Ekonomia bezpieczeństwa
Paweł Krawczyk - Ekonomia bezpieczeństwaPawel Krawczyk
 
Dlaczego przejmować się bezpieczeństwem aplikacji (pol)
Dlaczego przejmować się bezpieczeństwem aplikacji (pol)Dlaczego przejmować się bezpieczeństwem aplikacji (pol)
Dlaczego przejmować się bezpieczeństwem aplikacji (pol)Pawel Krawczyk
 
Filtrowanie sieci - Panoptykon
Filtrowanie sieci - PanoptykonFiltrowanie sieci - Panoptykon
Filtrowanie sieci - PanoptykonPawel Krawczyk
 
Why care about application security
Why care about application securityWhy care about application security
Why care about application securityPawel Krawczyk
 
Krawczyk Ekonomia Bezpieczenstwa 2
Krawczyk Ekonomia Bezpieczenstwa 2Krawczyk Ekonomia Bezpieczenstwa 2
Krawczyk Ekonomia Bezpieczenstwa 2Pawel Krawczyk
 
Audyt Wewnetrzny W Zakresie Bezpieczenstwa
Audyt Wewnetrzny W Zakresie BezpieczenstwaAudyt Wewnetrzny W Zakresie Bezpieczenstwa
Audyt Wewnetrzny W Zakresie BezpieczenstwaPawel Krawczyk
 
Kryptografia i mechanizmy bezpieczenstwa
Kryptografia i mechanizmy bezpieczenstwaKryptografia i mechanizmy bezpieczenstwa
Kryptografia i mechanizmy bezpieczenstwaPawel Krawczyk
 
Zaufanie W Systemach Informatycznych
Zaufanie W Systemach InformatycznychZaufanie W Systemach Informatycznych
Zaufanie W Systemach InformatycznychPawel Krawczyk
 
Real Life Information Security
Real Life Information SecurityReal Life Information Security
Real Life Information SecurityPawel Krawczyk
 
Europejskie Ramy Interoperacyjności 2.0
Europejskie Ramy Interoperacyjności 2.0Europejskie Ramy Interoperacyjności 2.0
Europejskie Ramy Interoperacyjności 2.0Pawel Krawczyk
 

More from Pawel Krawczyk (20)

Top DevOps Security Failures
Top DevOps Security FailuresTop DevOps Security Failures
Top DevOps Security Failures
 
Authenticity and usability
Authenticity and usabilityAuthenticity and usability
Authenticity and usability
 
Reading Geek Night 2019
Reading Geek Night 2019Reading Geek Night 2019
Reading Geek Night 2019
 
Effective DevSecOps
Effective DevSecOpsEffective DevSecOps
Effective DevSecOps
 
Unicode the hero or villain
Unicode the hero or villain Unicode the hero or villain
Unicode the hero or villain
 
Get rid of TLS certificates - using IPSec for large scale cloud protection
Get rid of TLS certificates - using IPSec for large scale cloud protectionGet rid of TLS certificates - using IPSec for large scale cloud protection
Get rid of TLS certificates - using IPSec for large scale cloud protection
 
Presentation from CyberGov.pl 2015
Presentation from CyberGov.pl 2015 Presentation from CyberGov.pl 2015
Presentation from CyberGov.pl 2015
 
Łukasz Lenart "How secure your web framework is? Based on Apache Struts 2"
Łukasz Lenart "How secure your web framework is? Based on Apache Struts 2"Łukasz Lenart "How secure your web framework is? Based on Apache Struts 2"
Łukasz Lenart "How secure your web framework is? Based on Apache Struts 2"
 
Leszek Miś "Czy twoj WAF to potrafi"
Leszek Miś "Czy twoj WAF to potrafi"Leszek Miś "Czy twoj WAF to potrafi"
Leszek Miś "Czy twoj WAF to potrafi"
 
Paweł Krawczyk - Ekonomia bezpieczeństwa
Paweł Krawczyk - Ekonomia bezpieczeństwaPaweł Krawczyk - Ekonomia bezpieczeństwa
Paweł Krawczyk - Ekonomia bezpieczeństwa
 
Dlaczego przejmować się bezpieczeństwem aplikacji (pol)
Dlaczego przejmować się bezpieczeństwem aplikacji (pol)Dlaczego przejmować się bezpieczeństwem aplikacji (pol)
Dlaczego przejmować się bezpieczeństwem aplikacji (pol)
 
Filtrowanie sieci - Panoptykon
Filtrowanie sieci - PanoptykonFiltrowanie sieci - Panoptykon
Filtrowanie sieci - Panoptykon
 
Why care about application security
Why care about application securityWhy care about application security
Why care about application security
 
Source Code Scanners
Source Code ScannersSource Code Scanners
Source Code Scanners
 
Krawczyk Ekonomia Bezpieczenstwa 2
Krawczyk Ekonomia Bezpieczenstwa 2Krawczyk Ekonomia Bezpieczenstwa 2
Krawczyk Ekonomia Bezpieczenstwa 2
 
Audyt Wewnetrzny W Zakresie Bezpieczenstwa
Audyt Wewnetrzny W Zakresie BezpieczenstwaAudyt Wewnetrzny W Zakresie Bezpieczenstwa
Audyt Wewnetrzny W Zakresie Bezpieczenstwa
 
Kryptografia i mechanizmy bezpieczenstwa
Kryptografia i mechanizmy bezpieczenstwaKryptografia i mechanizmy bezpieczenstwa
Kryptografia i mechanizmy bezpieczenstwa
 
Zaufanie W Systemach Informatycznych
Zaufanie W Systemach InformatycznychZaufanie W Systemach Informatycznych
Zaufanie W Systemach Informatycznych
 
Real Life Information Security
Real Life Information SecurityReal Life Information Security
Real Life Information Security
 
Europejskie Ramy Interoperacyjności 2.0
Europejskie Ramy Interoperacyjności 2.0Europejskie Ramy Interoperacyjności 2.0
Europejskie Ramy Interoperacyjności 2.0
 

Recently uploaded

08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 

Recently uploaded (20)

08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 

Are electronic signature assumptions realistic

  • 1. Are electronic signature assumptions realistic? Paweł Krawczyk IPSec.pl
  • 2. The Directive • Equivalency to handwritten signature – Which hadwritten signature? • At $10 CC purchase? At wedding contract? At car dealer? At notary? At church? • Sole control of the owner (AdEs 2.2c) – Reality – Polish article 47 • Utopia that turned into fetish
  • 3. Technical standards • CWA 14170:2004 „A typical environment for the first case might be the home or the office, where the individual or the company has direct control of the SCS (e.g. an SCS implemented in a mobile phone). In this case, the security requirements may be met by organisational methods put in place or managed by the signer, and the technical means to ensure achievement of the security requirements may be more relaxed.”
  • 4. Computer in home or office? • Direct control?? • In XXI century??? • This could be valid in 70’s – Pre-BBS, pre-FidoNet, pre-Internet • Reality of „direct control” – RDP, XDMCP, SSH, PoisonIvy... – Direct control from Romania over server in Australia with proxy in USA
  • 5. Results • The Smartcard – €150’000 CC certificate, DPA protection, tamper-proof Is then inserted into... • The Signature Creation System – Pirated Windows, no patches, on admin account and out-of-date antivirus
  • 6. QCA’s response • „Attack is possible, but only if using software non-compliant with recommendations found in „User manual” delivered with QCA products”
  • 8. SEALED 2007 • “Study on the standardisation aspects of eSignature” “The view of PKI taken in these documents is still based on the views from the 1970s and 1980s (an off-line world!) that have to some extent failed in the 1990s for various reasons”
  • 9. What works out there? • Username and • Trusted email – PEC password (UK) (IT), De-mail (DE), • Server-based OCES (DK), TSCP signature (MobiTrust, (USA) Trusted Profile, OCES • Risk-based II) authentication (e- • SMS password Deklaracje) (banks) • 3rd party (EchoSign, • Software digital DocuSign) signature (UK, DK, PL – e-Sąd) • OTP tokens (banks)