As a result of implementing the European digital signature directive in Austria as well as in
other European countries, Public-Key-Infrastructure Technology has become a critical
infrastructure. The state depends on the operativeness of that technology. Austria is
especially exposed, since electronic signatures are deeply interweaved into administrative
processes. A breakdown of this critical infrastructure would have disastrous consequences.
In this project we discuss securing the operativeness and availability of PK-Infrastructure to
ensure smooth and uninterrupted functionality of applications relying on these technologies.
Core goal of research will be the design of a transferrable service. In an emergency, the
service will have to be taken over from an existing service provider, whose infrastructure
most likely will not be ready for transfer. We will therefore research the prerequisites and
required properties of a framework change management enabled PKI, a full design of
such a framework and a prototype implementation.
Based on a comprehensive survey and definition of emergency scenarios, a concrete
framework with the required properties will be designed. This framework must safeguard the
PKI and keep downtime to the absolute minimum. This design will be implemented as a
prototype and tested with a simulated emergency scenario. Experiences with this test will be
fed back into the prototype.
After the end of the project a concrete implementation for an emergency service provider will
be realized based on further development of the components. This implementation will be
made available to be ready for any real emergency that may occur.
This research is accompanied by studies in privacy and loss of trust, resulting from the
involved takeover of data from one service provider to another service provider. This
research will provide suggestions to keep such loss of trust to the absolute minimum.
Since European Standardization and interoperability issues are influencing details of the
emergency service design, a survey, gap analysis and concrete suggestions for
improvements of standards, interoperability guidelines and conformance checking are also
an important part of the project.