The eIDAS Regulation: A Survey of Technological Trends for European Electronic Identity Schemes

The eIDAS regulation aims to provide an interoperable European framework to enable EU citizens to authenticate and communicate with services of other Member States by using their national electronic identity. While a number of high-level requirements (e.g., related to privacy and security) are established to make interoperability among Member States possible, the eIDAS regulation does not explicitly specify the technologies that can be adopted during the development phase to meet the requirements as mentioned earlier. To the best of our knowledge, there is no work available in the literature investigating the technological trends within the notified eIDAS electronic identity schemes used by Member States. To fill this gap, this paper analyzes how the different technological trends of notified schemes satisfy the requirements of the eIDAS regulation. To do this, we define a set of research questions that allow us to investigate the correlations between different design dimensions such as security, privacy, and usability. Based on these findings, we provide a set of lessons learned that would be valuable to the security community, as they can provide useful insights on how to more efficiently protect interoperable national digital identities. Furthermore, we provide a brief overview regarding the new eIDAS regulation (eIDAS 2.0) that aims to provide a more privacy-preserving electronic identity solution by moving from a centralized approach to a decentralized one

Strong Electronic Identification: Survey & Scenario Planning

The deployment of more high-risk services such as online banking and government services on the Internet has meant that the need and demand for strong electronic identity is bigger today more than ever. Different stakeholders have different reasons for moving their services to the Internet, including cost savings, being closer to the customer or citizen, increasing volume and value of services among others. This means that traditional online identification schemes based on self-asserted identities are no longer sufficient to cope with the required level of assurance demanded by these services. Therefore, strong electronic identification methods that utilize identifiers rooted in real world identities must be provided to be used by customers and citizens alike on the Internet. This thesis focuses on studying state-of-the-art methods for providing reliable and mass market strong electronic identity in the world today. It looks at concrete real-world examples that enable real world identities to be transferred and used in the virtual world of the Internet. The thesis identifies crucial factors that determine what constitutes a strong electronic identity solution and through these factors evaluates and compares the example solutions surveyed in the thesis. As the Internet become more pervasive in our lives; mobile devices are becoming the primary devices for communication and accessing Internet services. This has thus, raised the question of what sort of strong electronic identity solutions could be implemented and how such solutions could adapt to the future. To help to understand the possible alternate futures, a scenario planning and analysis method was used to develop a series of scenarios from underlying key economic, political, technological and social trends and uncertainties. The resulting three future scenarios indicate how the future of strong electronic identity will shape up with the aim of helping stakeholders contemplate the future and develop policies and strategies to better position themselves for the future

Strong Electronic Identification: Survey & Scenario Planning

The deployment of more high-risk services such as online banking and government services on the Internet has meant that the need and demand for strong electronic identity is bigger today more than ever. Different stakeholders have different reasons for moving their services to the Internet, including cost savings, being closer to the customer or citizen, increasing volume and value of services among others. This means that traditional online identification schemes based on self-asserted identities are no longer sufficient to cope with the required level of assurance demanded by these services. Therefore, strong electronic identification methods that utilize identifiers rooted in real world identities must be provided to be used by customers and citizens alike on the Internet. This thesis focuses on studying state-of-the-art methods for providing reliable and mass market strong electronic identity in the world today. It looks at concrete real-world examples that enable real world identities to be transferred and used in the virtual world of the Internet. The thesis identifies crucial factors that determine what constitutes a strong electronic identity solution and through these factors evaluates and compares the example solutions surveyed in the thesis. As the Internet become more pervasive in our lives; mobile devices are becoming the primary devices for communication and accessing Internet services. This has thus, raised the question of what sort of strong electronic identity solutions could be implemented and how such solutions could adapt to the future. To help to understand the possible alternate futures, a scenario planning and analysis method was used to develop a series of scenarios from underlying key economic, political, technological and social trends and uncertainties. The resulting three future scenarios indicate how the future of strong electronic identity will shape up with the aim of helping stakeholders contemplate the future and develop policies and strategies to better position themselves for the future

Preventing Attacks on Machine Readable Travel Documents (MRTDs)

After the terror attacks of 9/11, the U.S. Congress passed legislation that requires in the US Visa Waiver Program to begin issuing issuing machine readable passports that are tamper resistant and incorporate biometric and document authentication identifiers. The International Civil Aviation Organization (ICAO) has issued specifications for Machine Readable Travel Documents (MRTD) that are equipped with a smart card processor to perform biometric identification of the holder. Some countries, such as the United States, will issue machine readable passports that serve only as passports. Other countries, such as the United Kingdom, intend to issue more sophisticated, multi-application passports that can also serve as national identity cards. We have conducted a detailed security analysis of these specificationsm, and we illustrate possible scenarios that could cause a compromise in the security and privacy of holders of such travel documents. Finally, we suggest improved cryptographic protocols and high-assurance smart card operating systems to prevent these compromises and to support electronic visas as well as passports

Solving Legal Issues in Electronic Government: Authority and Authentication

This article is an overview of some of the legal themes and issues faced by governments in the electronic age, with particular regard to their own operations: electronic service delivery and the administration of government itself. Electronic government is the performance of any function of government using electronic records and electronic communications. It may involve, in the language of the Uniform Electronic Commerce Act, ‘‘us[ing] electronic means to create, collect, receive, store, transfer, distribute, publish or otherwise deal with documents or information.’’ The term thus covers the provision of governmental services to the public, including commu- nication from the public to the government. It also extends to the ‘‘back office’’ of government, the methods of public administration within the Executive Branch of government and between government and those who supply goods and services to it. The term is sometimes used to extend to regulation of private activities carried on electronically, either as extensions of traditional activity or as new types of con- duct made available by means of electronic communica- tions. The current paper does not address such questions

Privacy Computing: Concept, Computing Framework And Future Development Trends

With the rapid development of information technology and the continuous evolution of personalized services, huge amounts of data are accumulated by the large Internet company in the process of serving users. Moreover, dynamic data interactions increase the intentional/unintentional privacy persistence in different information systems. However, the following problems such as the short board effect of privacy information preservation among different information systems and the difficulty of tracing the source of privacy violations are becoming more and more serious. Therefore, existing privacy preserving schemes cannot provide a systematic preservation. In this paper, we pay attention to the links of information lifecycle, such as information collection, storage, processing, distribution and destruction. Then we propose the theory of privacy computing and the key technology system, including privacy computing framework, formal definition of privacy computing, four principles that should be followed in privacy computing, algorithm design criteria, evaluation of privacy preserving effect, privacy computing language and so on. Finally, we employ four application scenarios to describe the universal application of privacy computing and prospect of the future research trends. It is expected to guide the theoretical research on user\u27s privacy preservation under open environments

Solving Legal Issues in Electronic Government: Authority and Authentication

This article is an overview of some of the legal themes and issues faced by governments in the electronic age, with particular regard to their own operations: electronic service delivery and the administration of government itself. Electronic government is the performance of any function of government using electronic records and electronic communications. It may involve, in the language of the Uniform Electronic Commerce Act, ‘‘us[ing] electronic means to create, collect, receive, store, transfer, distribute, publish or otherwise deal with documents or information.’’ The term thus covers the provision of governmental services to the public, including commu- nication from the public to the government. It also extends to the ‘‘back office’’ of government, the methods of public administration within the Executive Branch of government and between government and those who supply goods and services to it. The term is sometimes used to extend to regulation of private activities carried on electronically, either as extensions of traditional activity or as new types of con- duct made available by means of electronic communica- tions. The current paper does not address such questions

Security and Privacy Issues in Wireless Mesh Networks: A Survey

This book chapter identifies various security threats in wireless mesh network (WMN). Keeping in mind the critical requirement of security and user privacy in WMNs, this chapter provides a comprehensive overview of various possible attacks on different layers of the communication protocol stack for WMNs and their corresponding defense mechanisms. First, it identifies the security vulnerabilities in the physical, link, network, transport, application layers. Furthermore, various possible attacks on the key management protocols, user authentication and access control protocols, and user privacy preservation protocols are presented. After enumerating various possible attacks, the chapter provides a detailed discussion on various existing security mechanisms and protocols to defend against and wherever possible prevent the possible attacks. Comparative analyses are also presented on the security schemes with regards to the cryptographic schemes used, key management strategies deployed, use of any trusted third party, computation and communication overhead involved etc. The chapter then presents a brief discussion on various trust management approaches for WMNs since trust and reputation-based schemes are increasingly becoming popular for enforcing security in wireless networks. A number of open problems in security and privacy issues for WMNs are subsequently discussed before the chapter is finally concluded.Comment: 62 pages, 12 figures, 6 tables. This chapter is an extension of the author's previous submission in arXiv submission: arXiv:1102.1226. There are some text overlaps with the previous submissio

Identity in eHealth - from the reality of physical identification to digital identification.

Mestrado em Informática MédicaMaster Programme in Medical Informatic

Authentication and Identity Management for the EPOS Project

The increase in the number of online services emphasizes the value of authentication and identity management that we, even without realizing, depend on. In EPOS this authentication and identity management are also crucial, by dealing and being responsible for large amounts of heterogeneous data in multiple formats and from various providers, that can be public or private. Controlling and identify the access to this data is the key. For this purpose, it is necessary to create a system capable of authenticating, authorizing, and account the usage of these services. While services in a development phase can have authentication and authorization modules directly implemented in them, this is not an option for legacy services that cannot be modified. This thesis regards the issue of providing secure and interoperable authentication and authorization framework, associated with correct identity management and an accounting module, stating the difficulties faced and how to be addressed. These issues are approached by implementing the proposed methods in one of the GNSS Data and Products TCS services, that will serve as a study case. While authentication mechanisms have improved constantly over the years, with the addition of multiple authentication factors, there is still not a clear and defined way of how authentication should be done. New security threats are always showing up, and authentication systems need to adapt and improve while maintaining a balance between security and usability. Our goal is, therefore, to propose a system that can provide a good user experience allied to security, which can be used in the TCS services or other web services facing similar problems.A importância da autenticação e gestão de identidades, de que dependemos inconscientemente, aumenta com o crescimento do número de serviços online ao nosso dispor. No EPOS, devido à disponibilização e gestão de dados heterogéneos de várias entidades, que podem ser públicas ou privadas, a existência de um sistema de autenticação e gestão de identidades é também crucial, em que o controlo e identificação do acesso a estes dados é a chave. Numa fase de desenvolvimento dos serviços, estes módulos de autenticação e autorização podem ser diretamente implementados e é possível existir uma adaptação do software aos mesmos. No entanto, há serviços já existentes, cujas alterações implicam mudanças de grande escala e uma reformulação de todo o sistema, e como tal não é exequível fazer alterações diretas aos mesmos. Esta dissertação aborda o desenvolvimento de um sistema de autenticação e autorização seguro e interoperável, associado a uma correta gestão de identidades e um módulo de controlo, identificando os problemas encontrados e propondo soluções para os mesmos. Este desenvolvimento é aplicado num dos serviços do TCS GNSS Data and Products e servirá como caso de estudo. Embora os mecanismos de autenticação tenham melhorado continuamente ao longo dos anos, com a adição de vários fatores de autenticação, ainda não existe um método único e claro de como a autenticação deve ser feita. Novas ameaças estão sempre a surgir e os sistemas atuais precisam de se adaptar e melhorar, mantendo um equilíbrio entre segurança e usabilidade. O nosso objetivo é propor um sistema que possa aliar a segurança a uma boa experiência para o utilizador, e que possa ser utilizado não só nos serviços do TCS, mas também em outros serviços web que enfrentem problemas semelhantes