Desarrollo de una aplicación de software para la validación de los formatos oficiales de firma digital dentro del Sistema Nacional de Certificación Digital de Costa Rica

En el año 2014 el Gobierno de Costa Rica emitió la directriz 067-MICITT-H-MEIC, la cual faculta a los ciudadanos a exigir que las instituciones del estado brinden sus servicios electrónicamente utilizando firma digital. La publicación de esta directriz conlleva un esfuerzo enorme de parte de las entidades que soportan la implementación de firma digital en el país, para proveerle a los usuarios, guías y herramientas de ejemplo que les ayude en el uso e implementación de firma digital. Sin embargo, a pesar de estos esfuerzos no tienen herramientas disponibles para la firma y validación de todos los formatos oficiales de firma de documentos. El objetivo principal de este proyecto de investigación fue desarrollar una aplicación de software para la validación de los formatos oficiales dentro del Sistema Nacional de Certificación Digital (SNCD), que pueda ser tomada en cuenta para formar parte de las herramientas de ejemplo de firma y validación de documentos firmados digitalmente. Primero, se realizó una revisión sistemática de los documentos oficiales sobre firma digital del Gobierno de Costa Rica para identificar los perfiles oficiales de los formatos de firma digital. Luego, se seleccionó un perfil para validarlo con la aplicación. Posteriormente, se procedió al desarrollo de la aplicación con base en los requerimientos técnicos de los estándares de la ETSI y en la migración de una librería desarrollada por la Unión Europea que valida las firmas de acuerdo con estos estándares. Finalmente, se validó la aplicación desde el punto de vista funcional y de seguridad. Para la validación de seguridad se realizó un análisis estático de código y se evaluó la aplicación con la “Guía de requerimientos técnicos para el aseguramiento de la información de los componentes tecnológicos que utilizan certificados y firma digital en aplicaciones de software dentro del Sistema Nacional de Certificación Digital”, elaborada por Alejandro Mora. Como resultado se desarrolló una aplicación fiable y segura para la validación de documentos firmados digitalmente dentro del SNCD. Esta investigación se enmarca en el proyecto “Desarrollo de esquemas para certificar autoridades certificadoras y aplicaciones de software en el SNCD” del Centro de Investigaciones en Tecnologías de la Información y la Comunicación de la Universidad de Costa Rica.In the year 2014, the Government of Costa Rica issued the directive 067-MICITT-H-MEIC which empowers citizens to demand that state institutions provide their services electronically using digital signature. The publication of this directive involves a huge effort from the entities that support the implementation of digital signature in the country, to provide guides and tools to the users, to help them in the use and implementation of digital signatures. However, despite these efforts they do not have available tools for signing and validating all official document signing formats. The main objective of this research project was to develop a software application for the validation of the official document signing formats within the Sistema Nacional de Certificación Digital (SNCD), which can be considered to be part of the example tools for signature and validation of digitally signed documents. First, a systematic review of the official documents on the digital signature of the Government of Costa Rica was carried out to identify the official profiles of the digital signature formats. Then, a profile was selected to validate it with the application. Subsequently, the application was developed based on the technical requirements of the ETSI standards and the migration of a library developed by the European Union that validates the signatures in accordance with these standards. Finally, the application was validated from the functional and security point of view. For the security validation a static code analysis was performed and the application was evaluated with the guide "Guía de requerimientos técnicos para el aseguramiento de la información de los componentes tecnológicos que utilizan certificados y firma digital en aplicaciones de software dentro del Sistema Nacional de Certificación Digital", developed by Alejandro Mora. As a result, a reliable and secure application for the validation of digitally signed documents within the SNCD was developed. This research is part of the project "Desarrollo de esquemas para certificar autoridades certificadoras y aplicaciones de software en el SNCD” of the Centro de Investigaciones en Tecnologías de la Información y la Comunicación of the Universidad de Costa Rica.UCR::Vicerrectoría de Investigación::Sistema de Estudios de Posgrado::Ingeniería::Maestría Profesional en Computación e Informátic

Sistema para prestador de serviços de confiança eIDAS

A Global Trusted Sign é uma entidade certificadora que comercializa serviços de confiança, nomeadamente selos temporais, certificados de assinatura eletrónica e selos eletrónicos que podem ser tanto qualificados como avançados, e ainda certificados de autenticação de websites(TLS/SSL). É proposto o desenvolvimento do backend do portal para a major v3.0.0, utilizando a framework Laravel na construção de uma Application Programming Interface (API) que inclua todos os seguintes requisitos: o registo de novos utilizadores, autenticação OAuth 2.0, aquisição de produtos e serviços por um sistema de carrinho de compras, integração com sistemas para geração de pagamentos e fatura, gestão dos produtos comprados e a aplicação dos certificados digitais em documentos. Como linguagem de consulta de dados à API, foi utilizado o GraphQL, possibilitando o frontend a solicitar apenas os dados necessários numa única chamada à API. Neste relatório irá ser abordado o processo de desenvolvimento seguido um método formal de Engenharia de Software, desde a arquitetura do sistema, a análise dosrequisitos, a modelação da base de dados, até à implementação final. Este projeto visa implementar testes unitários oferecendo confiança do correto funcionamento em cada lançamento, com uma single-page application realizado pelo frontend, com um layout elegante e moderno face à plataforma online atual. Nesse sentido, o objetivo deste projeto de mestrado consiste em melhorar a rapidez nos pedidos, clareza no código concebido de backend e aumentar o número de vendas da plataforma.Global Trusted Sign is a certifying entity that sells trusted services, namely timestamps, digital signature certificates, electronic stamps, website authentication (TLS/SSL), certificates that can be qualified as well as advanced. The proposal entails developing the backend of the portal for the major version v3.0.0, using the Laravel framework to build an Application Programming Interface (API), therefore includes all the following requirements: the registration of new users, OAuth 2.0 authentication, purchase of products and services through a shopping cart system, integration with systems for generating payments and invoices, management of the purchased products, and applying digital certificates to documents. The API utilizes GraphQL as the data query language, allowing the frontend to request only the necessary data in a single API call. This document addresses the development process followed by a formal method of Software Engineering, from system architecture, requirements analysis, database modeling, to the implementation. This project also aims at the implementation of unit tests, offering confidence in the correct functioning in each release, with a single page application conducted by the frontend, with an elegant and modern layout compared to the current online platform. In this context, the objective of this master's project is to improve the of speed in requests, clarity in the backend code and increase the number of platform sales

Challenges in Cybersecurity and Privacy - the European Research Landscape

Cybersecurity and Privacy issues are becoming an important barrier for a trusted and dependable global digital society development. Cyber-criminals are continuously shifting their cyber-attacks specially against cyber-physical systems and IoT, since they present additional vulnerabilities due to their constrained capabilities, their unattended nature and the usage of potential untrustworthiness components. Likewise, identity-theft, fraud, personal data leakages, and other related cyber-crimes are continuously evolving, causing important damages and privacy problems for European citizens in both virtual and physical scenarios. In this context, new holistic approaches, methodologies, techniques and tools are needed to cope with those issues, and mitigate cyberattacks, by employing novel cyber-situational awareness frameworks, risk analysis and modeling, threat intelligent systems, cyber-threat information sharing methods, advanced big-data analysis techniques as well as exploiting the benefits from latest technologies such as SDN/NFV and Cloud systems. In addition, novel privacy-preserving techniques, and crypto-privacy mechanisms, identity and eID management systems, trust services, and recommendations are needed to protect citizens’ privacy while keeping usability levels. The European Commission is addressing the challenge through different means, including the Horizon 2020 Research and Innovation program, thereby financing innovative projects that can cope with the increasing cyberthreat landscape. This book introduces several cybersecurity and privacy research challenges and how they are being addressed in the scope of 15 European research projects. Each chapter is dedicated to a different funded European Research project, which aims to cope with digital security and privacy aspects, risks, threats and cybersecurity issues from a different perspective. Each chapter includes the project’s overviews and objectives, the particular challenges they are covering, research achievements on security and privacy, as well as the techniques, outcomes, and evaluations accomplished in the scope of the EU project. The book is the result of a collaborative effort among relative ongoing European Research projects in the field of privacy and security as well as related cybersecurity fields, and it is intended to explain how these projects meet the main cybersecurity and privacy challenges faced in Europe. Namely, the EU projects analyzed in the book are: ANASTACIA, SAINT, YAKSHA, FORTIKA, CYBECO, SISSDEN, CIPSEC, CS-AWARE. RED-Alert, Truessec.eu. ARIES, LIGHTest, CREDENTIAL, FutureTrust, LEPS. Challenges in Cybersecurity and Privacy - the European Research Landscape is ideal for personnel in computer/communication industries as well as academic staff and master/research students in computer science and communications networks interested in learning about cyber-security and privacy aspects

Challenges in Cybersecurity and Privacy - the European Research Landscape

Cybersecurity and Privacy issues are becoming an important barrier for a trusted and dependable global digital society development. Cyber-criminals are continuously shifting their cyber-attacks specially against cyber-physical systems and IoT, since they present additional vulnerabilities due to their constrained capabilities, their unattended nature and the usage of potential untrustworthiness components. Likewise, identity-theft, fraud, personal data leakages, and other related cyber-crimes are continuously evolving, causing important damages and privacy problems for European citizens in both virtual and physical scenarios. In this context, new holistic approaches, methodologies, techniques and tools are needed to cope with those issues, and mitigate cyberattacks, by employing novel cyber-situational awareness frameworks, risk analysis and modeling, threat intelligent systems, cyber-threat information sharing methods, advanced big-data analysis techniques as well as exploiting the benefits from latest technologies such as SDN/NFV and Cloud systems. In addition, novel privacy-preserving techniques, and crypto-privacy mechanisms, identity and eID management systems, trust services, and recommendations are needed to protect citizens’ privacy while keeping usability levels. The European Commission is addressing the challenge through different means, including the Horizon 2020 Research and Innovation program, thereby financing innovative projects that can cope with the increasing cyberthreat landscape. This book introduces several cybersecurity and privacy research challenges and how they are being addressed in the scope of 15 European research projects. Each chapter is dedicated to a different funded European Research project, which aims to cope with digital security and privacy aspects, risks, threats and cybersecurity issues from a different perspective. Each chapter includes the project’s overviews and objectives, the particular challenges they are covering, research achievements on security and privacy, as well as the techniques, outcomes, and evaluations accomplished in the scope of the EU project. The book is the result of a collaborative effort among relative ongoing European Research projects in the field of privacy and security as well as related cybersecurity fields, and it is intended to explain how these projects meet the main cybersecurity and privacy challenges faced in Europe. Namely, the EU projects analyzed in the book are: ANASTACIA, SAINT, YAKSHA, FORTIKA, CYBECO, SISSDEN, CIPSEC, CS-AWARE. RED-Alert, Truessec.eu. ARIES, LIGHTest, CREDENTIAL, FutureTrust, LEPS. Challenges in Cybersecurity and Privacy - the European Research Landscape is ideal for personnel in computer/communication industries as well as academic staff and master/research students in computer science and communications networks interested in learning about cyber-security and privacy aspects

The Proceedings of the 23rd Annual International Conference on Digital Government Research (DGO2022) Intelligent Technologies, Governments and Citizens June 15-17, 2022

The 23rd Annual International Conference on Digital Government Research theme is “Intelligent Technologies, Governments and Citizens”. Data and computational algorithms make systems smarter, but should result in smarter government and citizens. Intelligence and smartness affect all kinds of public values - such as fairness, inclusion, equity, transparency, privacy, security, trust, etc., and is not well-understood. These technologies provide immense opportunities and should be used in the light of public values. Society and technology co-evolve and we are looking for new ways to balance between them. Specifically, the conference aims to advance research and practice in this field. The keynotes, presentations, posters and workshops show that the conference theme is very well-chosen and more actual than ever. The challenges posed by new technology have underscored the need to grasp the potential. Digital government brings into focus the realization of public values to improve our society at all levels of government. The conference again shows the importance of the digital government society, which brings together scholars in this field. Dg.o 2022 is fully online and enables to connect to scholars and practitioners around the globe and facilitate global conversations and exchanges via the use of digital technologies. This conference is primarily a live conference for full engagement, keynotes, presentations of research papers, workshops, panels and posters and provides engaging exchange throughout the entire duration of the conference