Security analysis of electronic signature applications and test suite study

Download
2013
Ergun, Tamer
Digital signature technology is used widely for security and trust in electronic business and communications. Nowadays it becomes commonly used especially in government agencies. From this point of view, it is crucial to implement correct applications to create and verify digital signatures. CEN (European Commitee for Standardization) has introduced the security requirements for signature applications but neither proposed a PKI model nor implemented a test suite to evaluate the accuracy of signature applications. This is a real necessity, because a signature application has to be hardly tested and the responses of the application to a wide range of wrong scenarios have to be well analyzed. In our thesis we aimed to design a unique PKI model and state whole problematic scenarios both in signature creation and verification and address the lack of such a suite by designing E-Signature Test Suite. E-Signature Test Suite is a set of certificates and signature files created for this aim. We also aimed to solve some security and e fficiency problems derived from validation processes of revocation datas.