PKI services in the Public Sector of the EU Member States Objectives and Methodology of the survey Prof. Sokratis K. Katsikas University of the Aegean, Greece

Research team Scientific Director Asst. Prof. Stefanos Gritzalis Technical Director Prof. Sokratis Katsikas Quality Reviewer Asst. Prof. Dimitris Gritzalis Researchers Asst. Prof. Lilian Mitrou Asst. Prof. Yannis Stamatiou Dr Dimitris Lekkas

University of the Aegean, Greece Facts... Increasing use of technology and the Internet by huge numbers of people. Government organizations are in a transition state: from the “paper-based” to the “paper-less” office. …these led to the idea of making available online public services (i.e. G2G and G2C transactions). A considerable advantage: Transactions can take place with unprecedented ease at high speed, with no need for physical presence of either of the transacting parties at the transaction site. A considerable disadvantage: Security problems and privacy threats. Which leads us to …

University of the Aegean, Greece Basic security requirements Confidentiality Access to information to authorized entities only. Integrity Modification of information only by authorized entities. Availability Information available to authorized entities upon request within reasonable time. Non-repudiation Impossibility of later denial of a committed action

University of the Aegean, Greece Addressing security requirements Public Key Cryptography (PKC) is an effective technology to establish the baseline security requirements. To support PKC, it is necessary to establish an appropriate infrastructure, the Public Key Infrastructure (PKI). A series of technological and legal issues need to be addressed (and resolved) before establishing a PKI.

University of the Aegean, Greece The objectives of our survey To identify the extent of the use of electronic signatures towards the establishment of e- government services. To identify the technologies employed for the exploitation of e-signatures. To investigate the legal issues involved in the use of e-signatures. To identify ways of managing certificates in the public sector. To provide a set of good-practices regarding the above issues.

University of the Aegean, Greece Components of our methodology Review current status (identify the current status regarding the use of e-signatures in the EU) Investigate legal issues pertaining to e-signatures (review legal and regulatory issues regarding the use of signatures) Investigate already employed technical standards (review the e-signature standards in place) Review relevant case studies (where available) (information stemming from relevant surveys) Make use of questionnaires (conclusions drawn from responses to appropriate questions)

University of the Aegean, Greece Expected results Good practice for the Public Sector in EU Member States Reviews Questionnaires EU legal issues Case-studies Employed technical standards

University of the Aegean, Greece Questionnaire We have prepared, for distribution, a questionnaire comprising 27 questions, grouped in 5 categories, relating to: (a) existing e-services (b) legal status of certificates (c) use of certificates in the public sector (d) requirements from Certification Service Providers (e) use of certificates for G2G and G2C transactions

University of the Aegean, Greece Issues discussed in a good-practice proposal Architecture of and technologies needed for a PKI environment Interoperability Legal status of a Certification Authority (CA) Certification hierarchy levels and cross- certification Role and identity certificates Certificate revocation and expiration policy Registration Authorities (RA) …

University of the Aegean, Greece Summary Towards a good-practice guidance, for the exploitation of Public Key Infrastructure by the Public Sector