Emergency Certification Infrastructures and Services

As a result of implementing the European digital signature directive in Austria as well as in other European countries, Public-Key-Infrastructure Technology has become a critical infrastructure. The state depends on the operativeness of that technology. Austria is especially exposed, since electronic signatures are deeply interweaved into administrative processes. A breakdown of this critical infrastructure would have disastrous consequences. In this project we discuss securing the operativeness and availability of PK-Infrastructure to ensure smooth and uninterrupted functionality of applications relying on these technologies. Core goal of research will be the design of a transferrable service. In an emergency, the service will have to be taken over from an existing service provider, whose infrastructure most likely will not be ready for transfer. We will therefore research the prerequisites and required properties of a framework change management enabled PKI, a full design of such a framework and a prototype implementation. Based on a comprehensive survey and definition of emergency scenarios, a concrete framework with the required properties will be designed. This framework must safeguard the PKI and keep downtime to the absolute minimum. This design will be implemented as a prototype and tested with a simulated emergency scenario. Experiences with this test will be fed back into the prototype. After the end of the project a concrete implementation for an emergency service provider will be realized based on further development of the components. This implementation will be made available to be ready for any real emergency that may occur. This research is accompanied by studies in privacy and loss of trust, resulting from the involved takeover of data from one service provider to another service provider. This research will provide suggestions to keep such loss of trust to the absolute minimum. Since European Standardization and interoperability issues are influencing details of the emergency service design, a survey, gap analysis and concrete suggestions for improvements of standards, interoperability guidelines and conformance checking are also an important part of the project.