Bringing JSON signatures to ETSI AdES framework: Meet JAdES signatures

Abstract This paper proposes a set of JSON signed and unsigned attributes which, if incorporated into a JSON signature, will convert it in a digital signature (JAdES) with identical capabilities (for instance, feasibility of validating them long after their generation, even after the signing certificate has expired, or has been revoked) as the digital signatures in ETSI AdES family, namely CAdES, PAdES, and XAdES. The paper also proposes two different mechanisms for incorporating the aforementioned attributes into a JWS signature (i.e. building a JAdES signature on JWS), with special emphasis in the computation and checking of archive time-stamps (i.e. time-stamp tokens that assure integrity and time of existence of all the contents of the digital signature). Finally, the paper summarizes the results obtained by a program developed to ascertain the correctness of the technical approaches taken, and that served as proof of concept. This paper has served as the starting point for building a formal proposal for producing an ETSI (European Telecommunications Standards Institute) Technical Specification (ETSI TS) to ETSI Electronic Signatures and Infrastructure (ESI) Technical Committee, responsible, within ETSI, of developing European Standards for digital signatures and public key infrastructure in general, and of the standardization of AdES digital signatures family in particular.

[1]  Henrich Christopher Pöhls,et al.  Towards compactly encoded signed IoT messages , 2017, 2017 IEEE 22nd International Workshop on Computer Aided Modeling and Design of Communication Links and Networks (CAMAD).

[2]  Michael B. Jones JSON Web Signature (JWS) Unencoded Payload Option , 2016, RFC.

[3]  Julien P. Stern,et al.  Certification validation: Back to the past , 2013, Comput. Math. Appl..

[4]  José María de Fuentes,et al.  A taxonomy and survey of attacks on digital signatures , 2013, Comput. Secur..

[5]  Paul E. Hoffman,et al.  Concise Binary Object Representation (CBOR) , 2020, RFC.

[6]  P. Hoffman Enhanced Security Services for S/MIME , 1999, RFC.

[7]  Bret Jordan,et al.  JSON Canonicalization Scheme (JCS) , 2020, RFC.

[8]  Alexandros G. Fragkiadakis,et al.  ECDSA on Things: IoT Integrity Protection in Practise , 2016, ICICS.

[9]  Robert W. Shirey,et al.  Internet Security Glossary, Version 2 , 2007, RFC.

[10]  Michael Jones,et al.  Cleartext JSON Web Signature (JWS) , 2018 .

[11]  Panagiotis Papadimitratos,et al.  Lightweight X.509 Digital Certificates for the Internet of Things , 2017, InterIoT/SaSeIoT.

[12]  Jim Schaad,et al.  Enhanced Security Services (ESS) Update: Adding CertID Algorithm Agility , 2007, RFC.

[13]  Russ Housley,et al.  Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile , 2002, RFC.

[14]  Michael B. Jones,et al.  JSON Web Signature (JWS) , 2015, RFC.

[15]  John Mattsson,et al.  CBOR Profile of X.509 Certificates , 2019 .

[16]  John Boyer Canonical XML Version 1.0 , 2001, RFC.

[17]  Carlisle M. Adams,et al.  X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP , 1999, RFC.