Improved System for Generating Electronic Digital Signatures Based on Virtual Infrastructure
Аннотация
The article presents the results of the analysis of attack vectors on the following key components of the electronic digital signature system based on virtual infrastructure: Docker, Kubernetes, Nginx, PostgreSQL. The shortcomings of the security mechanisms typical for the listed components are identified. Taking into account the results of the analysis, an approaches to improving the electronic digital signature system based on virtual infrastructure is proposed. These approaches are based on implementation additional security mechanisms and use protocol for activating electronic digital signature within the framework of the specified system. This protocol was developed taking into account the relevant solutions of the Cloud Signature Consortium. The developed protocol includes mechanisms that ensure the use of the signatory’s personal key only under his or her control. The main security mechanisms of the developed protocol are as follows: 1) use of the multi-factor authentication based on PIN and one time password (OTP); 2) use of a secure connection between the client and server parts of the electronic digital signature system based on virtual infrastructure; 3) use of signature activation data, which allows for a high degree of reliability in associating the signed hash value, elements for identifying the authenticated signatory, and the identifier of the selected private key. Prospects for improving the developed protocol are defined. They include the following: 1) implementation of mechanisms aimed at preventive detection of enemy actions; 2) reduction of the number of steps required to perform authentication; 3) implementation of mechanisms aimed at additional analysis of the signature activation data release process; 4) implementation of a method for detecting digital image violations using artificial intelligence technologies.