ETSI publishes remote server signing standards draft versions

By | ETSI, European Telecommunications Standards Institute | No Comments

ETSILast July 2nd, 2018, the European Telecommunications Standards Institute (ETSI) published a new draft version of the following digital signature creation standards, which mainly focuses on develop the new technical environment of remote server signing compliant with eIDAS: ETSI TS 119 431-1, TS 119 431-2 and ETSI 119 432.

ETSI TS 119 431-1:Electronic Signatures and Infrastructures (ESI);Policy and security requirements for trust service providers; Part 1:TSP service components operating a remote QSCD /SCDev

This standard focuses on digital signature creation devices and aims to create a digital signature value on behalf of a remote signer.

Moreover, it specifies the policy and security requirements generally applicable to trust service providers (TSPs) which implement a service component that operates a signature or seal creation device (as defined in Regulation (EU) No 910 / 2014), called remote QSCD / SCDev.

This component contains a server signature application, which is the server signature application service (SSASC) component. In addition to being the signature application of the server, it contains the service elements and the signature creation device (SCDev).

The requirements of this standard are aligned with the requirements specified in CEN EN 419 241-1.

ETSI TS 119 431-2:Electronic Signatures and Infrastructures (ESI);Policy and security requirements for trust service providers;Part 2: TSP service components supporting AdES digital signature creation

ETSI TS 119 431-2 provides the policy and security requirements for the trust service provider (TSPs) that implements a service component that supports the creation of AdES digital signatures. This component contains a signature creation application and, in summary, is called the signature creation application service component (SCASC). However, it is more than just the SCA, since it contains the elements of service thanks to which a part of the main part of the application can be implemented as defined in EN 319 102-1 [1] and TS 119 101.

This standard is based on the general policy requirements specified in ETSI EN 319 401 [9] and take into account the related requirements of ETSI TS 119 101.

ETSI TS 119 432:Electronic Signatures and Infrastructures (ESI);Protocols for remote digital signature creation

This standard specifies the applicable protocols and interfaces when carried out, by a distributed solution composed of two or more systems / services / components, the process of creation of AdES digital signatures (as defined by ETSI EN 319 102-1 and / or digital signature values), as a result of the Data Representation Signatures to be signed. This standard is limited to the remote server signature.

If you wish, you can consult the original version of the documents and send your opinions through the contact form by clicking here.

For more information about ETSI, click here.

24-28/09: Date with NIS Summer School in Greece

By | Ciberseguridad, Cybersecurity | No Comments

The fifth edition of NIS Summer School on Network and Information Security (NIS’18) will take place from 24th to 28th September in Heraklion (Greece).

NIS Summer School is organized by the European Union Agency for Network and Information Security (ENISA) and the Foundation for Research and Technology (Hellas). The meeting will reunite for four days different players in the sector such as the Public Administration , private sector companies and non-profit organizations.

This edition’s focus is “The Changing Risk Landscape”. The IT sector lives in constant evolution, which poses significant challenges. Due to this, the actors involved must accelerate their reaction time and encourage the exchange of collaboration and information to achieve adequate and effective responses to the challenges that may arise.

With this Summer School, ENISA seeks to promote a culture of cybersecurity in the EU. The aim is to  improve the capacity of Member States when responding to cyber-attacks. ENISA follows a risk mitigation strategy by raising awareness and publishing studies and reports on current NIS issues.

Disseminating works on Cybersecurity Threat Intelligence

Non-profit organizations working in Cyber Threat Intelligence will have the opportunity to present their work during the event, which may be related to Horizon 2020 projects, national academic research, development projects and open source communities.

Presentations at NIS Summer School

During NIS Summer School there will be a large number of speakers who come from both the public and private sectors and the university environment. Specifically, the following stand out:

  • Nektarios Tavernarakis (FORTH President)
  • Udo Helmbrecht (ENISA Executive Director)
  • Damien Cauquil (Head of Research & Development Digital Security – Econocom)
  • Piotr Kijewski (Strategic Programmes Manager The Shadowserver Foundation)
  • Prof. Dr. Ir. Bart Preneel (Full Professor Katholieke Universiteit Leuven)

 Data of the event

Date: 24th-28th September, 2018
Place: Galaxy Hotel Iraklio – Leof. Dimokratias 75, Iraklio 713 06, Grecia
URL: https://nis-summer-school.enisa.europa.eu/

To see  NIS Summer School 2018 program, click here.

NIS Summer School 2018

The EU invests in the future of Digital Transformation 2017-2021

By | Digital Transformation, Transformación Digital | No Comments

The European Commission published last May the multi-year budget of the European Union, called Multi-Annual Financial Framework which, among other items, supports the digital transformation in the European Union during the period 2017-2021.

Within this budget there is a program called “Digital Europe”, which is part of the Digital Single Market strategy, and  is endowed with 9.2 billion euros. The purpose of the program is to promote the digital transformation of the EU by increasing investments, maximizing momentum in areas of public interest and reinforcing several cooperation projects with Member States.

Action lines of the EU Digital program

The program is based on five lines of action that will drive digital transformation:

  • Supercomputers: A total of 2,7 billion euros will be allocated to boost the processing capabilities of high-level computing in the EU. In addition, the use of supercomputers in areas of public interest such as health,  environment, and safety will be encouraged. Finally, these capabilities will be made available to small and medium-sized enterprises (SMEs) in the EU.

 

  • Artificial Intelligence: The objectives in this area consist in promoting and reinforcing the use of artificial intelligence in both business and Public Administrations; facilitate secure access and storage of large data sets and algorithms; and strengthening and supporting testing and experimentation facilities in the Member States. In total, they will allocate 2,500 million euros to this item.

 

  • Cybersecurity and trust: Although digital technologies have opened a world of possibilities to  EU citizens, they also carry a risk. Among others, cyber attacks, fraud and data theft stand out. So far, the EU has responded by adopting the first legislation at European level on cybersecurity, the NIS regulation.

A total of 2,0 billion euros will be allocated to:

Promote the provision of advanced cybersecurity equipment.

– Disseminate, at European level, knowledge, skills and abilities related to cybersecurity.

– Ensure the deployment of the latest cybersecurity solutions in the economy.

– Strengthen capacities to ensure a common level of network and information system security in the EU.
  • Advanced digital skills: The EU wants to invest in training digital skills for the EU citizens. The “Digital Europe” program will offer students and IT experts numerous training opportunities in advanced digital technologies. In total, 700 million euros will be allocated to the training of qualified personnel.
  • Broad use of digital technologies in the economy and society: The EU seeks to boost the digitization of Public Administrations and their services, as well as to ensure the interoperability at European level and facilitate access to technology and know-how to all the companies. This section will have a total of 1,3 billion euros.

For further information, please click here.

 

Digital Transformation

ETSI Security Week 2018

By | Ciberseguridad | No Comments

ETSI Security Week 2018ETSI Security Week 2018 took place last June 11th to 15th at the ETSI headquarters, located in Sophia Antipolis (southern France).

This free event addressed the main challenges in the cybersecurity sector in an increasingly digital world. The meeting focused on the  current issues in the sector such as: cybersecurity policies, legislative actions, cyber attacks and the latest technologies in this field. In addition, the fundamental challenges in the world of cybersecurity and the technical and standardization actions undertaken to overcome them were discussed.

 

Presentations at ETSI Security Week 2018

There were presentations on the following topics:

  • Latest Cybersecurity drivers, considering the latest policies and legal actions, as well as the latest cyber attacks.
  • Security / privacy / security of IoT.
  • 5G security / privacy.
  • Distributed record technologies.
  • Remote signature creation services eIDAS.
  • Middlebox and Hackathon Security.

The calendar of presentations during the month of June was the following:

  • 11th:  Latest drivers for Cybersecurity.
  • 12th and 13th: Future-Proof IoT Security and Privacy.
  • 12th: Hot topics in Middlebox security.
  • 12th and 13th: Middlebox Hackaton.
  • 13th: Remote Signature Creation Services by TSP: Protocols and Audit Requirements.
  • 13th and 14th: What does 5G Security offer?
  • 14th and 15th: Security and Trust in ICT: the Value of Distributed Ledger Technology.

If you wish to see some of the presentations that were made during Security Week 2018, please click here.

About this edition

For their part, the speakers came from different fields: national security agencies, IT leaders, cybersecurity experts, global standards organizations, developers, researchers, universities and policy makers. In total, more than 300 visitors from all over Europe participated.

The talk that attracted the most attention from the public was ” 5G Security/privacy”, in which the future of the integrated UICC was described. On the other hand, the hackathon offered a concrete example of the specifications of the ETSI TC CYBER middlebox security protocol and its implementations.

If you wish to know more about the event, please click here .

More information available on  Twitter.