Towards a Personal Security Device

Christof Rath, Thomas Niedermair, Thomas Zefferer

Research output: Chapter in Book/Report/Conference proceedingConference contributionResearchpeer-review

Abstract

In Europe, eID and e-signature solutions are basic building blocks of many transactional e-government services, especially in citizens-to-government communication. Many European countries issue smart cards to provide eID and e-signature functionality on a high assurance level. However, to access these tokens, security-critical code has to be executed on the client platform of the user. If the client platform is compromised, an attacker may gain access to credentials of the user and subsequently be able to issue electronic signatures or access protected resources. To address this problem, we present the concept of a personal security device. It is an isolated, low-cost, single-purpose device to execute security-critical code of eID and e-signature tasks. We developed a concrete implementation on a RaspberryPI and evaluated the solution via an external application. Our solution increases the security of eID and e-signature processes by mitigating the impact of a compromised client platform.
Original languageEnglish
Title of host publicationSecurity and Trust Management
PublisherSpringer
Pages1-16
Number of pages16
Volume9871 LNCS
ISBN (Print)9783319465975
DOIs
Publication statusPublished - 2016
Event12th International Workshop on Security and Trust Management, STM 2016 - Heraklion, Crete, Greece
Duration: 26 Sep 201627 Sep 2016

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume9871 LNCS
ISSN (Print)03029743
ISSN (Electronic)16113349

Conference

Conference12th International Workshop on Security and Trust Management, STM 2016
CountryGreece
CityHeraklion, Crete
Period26/09/1627/09/16

Keywords

    Cite this

    Rath, C., Niedermair, T., & Zefferer, T. (2016). Towards a Personal Security Device. In Security and Trust Management (Vol. 9871 LNCS, pp. 1-16). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 9871 LNCS). Springer. https://doi.org/10.1007/978-3-319-46598-2_1