Klaus Stranacher et al.
as the possibility to explicitly define a designated redactor, or to allow the redacting of predefined data blocks only. Unfortunately, current concepts that propose a use of redactable signatures in order to assure authenticity and integrity of public sector data lack on an assessment and definition of appropriate redactable signature schemes so far.
In this paper we bridge this gap by assessing existing redactable signature schemes and evaluating their capabilities to meet the requirements of public sector data. For this purpose, we first recap the concept of trusted and reliable public sector data in Section 2. In Section 3, we then derive concrete requirements that have to be met by redactable signature schemes when being applied to the concept of trusted and reliable public sector data. Potential candidates of redactable signature schemes are examined in Section 4. In Section 5, we map the derived requirements to the examined redactable signature schemes in order to assess them schemes’ capabilities to meet the given requirements.
2. Trusted and reliable public sector data
This section comprises a brief overview of the findings of Stranacher et al.( 2013). Since the re‐use of public sector information and the open publishing of governmental data do not define new issues, several requirements for such data provisioning techniques have already emerged over the past years. For instance, the Open Government Working Group( 2007) has published eight fundamental principles for open government data. While also the PSI Directive includes some general and common requirements for providing public sector data, security requirements have not been defined.
Stranacher et al.( 2013) define security requirements, namely data integrity and authenticity, when publishing public sector data. Both requirements ensure data consumers that published data have not been altered and are provided by a trustworthy authority. The authors also propose a concept for trusted and reliable public sector data. They distinguish two main use cases. In the first use case public sector data are published as it is. To ensure data integrity and authenticity, conventional electronic signatures are applied to these data. In the second use case, the public sector data contain personal and private data that need to be anonymized before publishing. Redactable signatures are used in this case. Figure 1 illustrates this use case and shows how trusted and reliable anonymization of public sector data without applying a new signature to the modified data is achieved. Avoiding the re‐generation of electronic signatures e. g. might be useful if the person, who has originally signed the data, is not available anymore for re‐signing for some reason.
Figure 1: Authenticity and integrity for redacted public sector data( Stranacher et al., 2013)
In the following Section 3 we define concrete requirements redactable signatures for this use case. Additionally we give some more details on different redactable signature schemes and their applicability for public sector data in the sections 4 and 5.
3. Requirements for redactable signature schemes
The proposed concept of Stranacher et al.( 2013) for anonymized public sector data elaborates on the different properties of redactable signature schemes, but lacks on defining concrete requirements for redactable signature schemes applied to anonymized public sector data. In order to close this gap, this section defines legal, organisational and technical requirements for redactable signature schemes.
509