Browsing by Author "Raposo, Rui Miguel Monteiro"
Now showing 1 - 1 of 1
Results Per Page
Sort Options
- Streamlining the Usage of Authorization or Digital Signature in Digital ProcessesPublication . Raposo, Rui Miguel Monteiro; Inácio, Pedro Ricardo MoraisThe so-called digital transformation process is underway, leveraged mostly by the rapid technological development, but also more recently by the COVID-19 pandemic in particular. Although, the untrained eye, this transformation may seem to be only the transposition of procedures or documents to a corresponding digital format, the truth is that not everything that humans do manually and in a simple way can be easily transposed to digital (e.g., an election), just as there are aspects that are much better accomplished in the digital world than in the real one (e.g., a qualified digital signature). The work discussed in this dissertation explores the transposition to the digital world of very important tasks in organizations and entities today: those of authorizing or not authorizing, approving or not approving, or dispatching issues in document management systems. Integrating strict security assurances to digital processes typically comes with both computational and usability costs. The particular subject of streamlining the usage of digital authorizations is difficult to address nowadays because there is no widely adopted or agreed mechanism for them, thought there is regulation and widely recognized technology for digital signatures in Europe. There is no standard format for digital authorizations, though intuition suggests that they should be formed by a message with temporal pertinence glued to a supporting document via some strong digital means such as a qualified digital signature or a message authentication code mechanism. This project looked into the landscape in terms of legislation and recommended mechanisms for authentication, digital signature and digital seals in Europe, to then step up to the proposal of a data structure for a digital authorization and later on to the proposal of the algorithms to build and verify digital authorizations. The scheme proposed herein is based on symmetric key cryptography only, aiming to minimize impact on key management and maximizing potential adoption. In the meanwhile, the possible regimes (hierarchical vs. equality) for structuring authorizations in large organizations or entities are also identified and discussed, since their differences resonate into different cryptographic primitives and technologies being later applied. Some of these primitives are also discussed in this dissertation, specially the ones used to build the algorithms of the proposed scheme. The proposed algorithms for constructing and verifying digital authorizations were validated using the ProVerif tool. The main conclusions are that there is still much ground to be covered in this context, but that it is possible to integrate secure digital authorization schemes in the short to medium term, and that efforts should be focused next in the definition of the format and mechanisms that need to be widely adopted and recognized, enabling moving from intra- to inter-entities.