Towards a Personal Security Device

Christof Rath; Thomas Niedermair; Thomas Zefferer

doi:10.1007/978-3-319-46598-2_1

Towards a Personal Security Device

Christof Rath^*, Thomas Niedermair, Thomas Zefferer

^*Corresponding author for this work

Institute of Applied Information Processing and Communications (7050)

Research output: Chapter in Book/Report/Conference proceeding › Conference paper › peer-review

Abstract

In Europe, eID and e-signature solutions are basic building blocks of many transactional e-government services, especially in citizens-to-government communication. Many European countries issue smart cards to provide eID and e-signature functionality on a high assurance level. However, to access these tokens, security-critical code has to be executed on the client platform of the user. If the client platform is compromised, an attacker may gain access to credentials of the user and subsequently be able to issue electronic signatures or access protected resources. To address this problem, we present the concept of a personal security device. It is an isolated, low-cost, single-purpose device to execute security-critical code of eID and e-signature tasks. We developed a concrete implementation on a RaspberryPI and evaluated the solution via an external application. Our solution increases the security of eID and e-signature processes by mitigating the impact of a compromised client platform.

Original language	English
Title of host publication	Security and Trust Management
Publisher	Springer
Pages	1-16
Number of pages	16
Volume	9871 LNCS
ISBN (Print)	9783319465975
DOIs	https://doi.org/10.1007/978-3-319-46598-2_1
Publication status	Published - 2016
Event	12th International Workshop on Security and Trust Management, STM 2016 - Heraklion, Crete, Greece Duration: 26 Sept 2016 → 27 Sept 2016

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	9871 LNCS
ISSN (Print)	03029743
ISSN (Electronic)	16113349

Conference

Conference	12th International Workshop on Security and Trust Management, STM 2016
Country/Territory	Greece
City	Heraklion, Crete
Period	26/09/16 → 27/09/16

Access to Document

10.1007/978-3-319-46598-2_1

Cite this

Towards a Personal Security Device. / Rath, Christof; Niedermair, Thomas; Zefferer, Thomas.
Security and Trust Management. Vol. 9871 LNCS Springer, 2016. p. 1-16 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 9871 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference paper › peer-review

Rath, C, Niedermair, T & Zefferer, T 2016, Towards a Personal Security Device. in Security and Trust Management. vol. 9871 LNCS, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 9871 LNCS, Springer, pp. 1-16, 12th International Workshop on Security and Trust Management, STM 2016, Heraklion, Crete, Greece, 26/09/16. https://doi.org/10.1007/978-3-319-46598-2_1

@inproceedings{0ad00afd591246bfa48187ac33512079,

title = "Towards a Personal Security Device",

abstract = "In Europe, eID and e-signature solutions are basic building blocks of many transactional e-government services, especially in citizens-to-government communication. Many European countries issue smart cards to provide eID and e-signature functionality on a high assurance level. However, to access these tokens, security-critical code has to be executed on the client platform of the user. If the client platform is compromised, an attacker may gain access to credentials of the user and subsequently be able to issue electronic signatures or access protected resources. To address this problem, we present the concept of a personal security device. It is an isolated, low-cost, single-purpose device to execute security-critical code of eID and e-signature tasks. We developed a concrete implementation on a RaspberryPI and evaluated the solution via an external application. Our solution increases the security of eID and e-signature processes by mitigating the impact of a compromised client platform.",

keywords = "Electronic Identity, Electronic Signatures, Signature creation application, Trustworthy user device",

author = "Christof Rath and Thomas Niedermair and Thomas Zefferer",

year = "2016",

doi = "10.1007/978-3-319-46598-2_1",

language = "English",

isbn = "9783319465975",

volume = "9871 LNCS",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer",

pages = "1--16",

booktitle = "Security and Trust Management",

note = "12th International Workshop on Security and Trust Management, STM 2016 ; Conference date: 26-09-2016 Through 27-09-2016",

}

TY - GEN

T1 - Towards a Personal Security Device

AU - Rath, Christof

AU - Niedermair, Thomas

AU - Zefferer, Thomas

PY - 2016

Y1 - 2016

N2 - In Europe, eID and e-signature solutions are basic building blocks of many transactional e-government services, especially in citizens-to-government communication. Many European countries issue smart cards to provide eID and e-signature functionality on a high assurance level. However, to access these tokens, security-critical code has to be executed on the client platform of the user. If the client platform is compromised, an attacker may gain access to credentials of the user and subsequently be able to issue electronic signatures or access protected resources. To address this problem, we present the concept of a personal security device. It is an isolated, low-cost, single-purpose device to execute security-critical code of eID and e-signature tasks. We developed a concrete implementation on a RaspberryPI and evaluated the solution via an external application. Our solution increases the security of eID and e-signature processes by mitigating the impact of a compromised client platform.

AB - In Europe, eID and e-signature solutions are basic building blocks of many transactional e-government services, especially in citizens-to-government communication. Many European countries issue smart cards to provide eID and e-signature functionality on a high assurance level. However, to access these tokens, security-critical code has to be executed on the client platform of the user. If the client platform is compromised, an attacker may gain access to credentials of the user and subsequently be able to issue electronic signatures or access protected resources. To address this problem, we present the concept of a personal security device. It is an isolated, low-cost, single-purpose device to execute security-critical code of eID and e-signature tasks. We developed a concrete implementation on a RaspberryPI and evaluated the solution via an external application. Our solution increases the security of eID and e-signature processes by mitigating the impact of a compromised client platform.

KW - Electronic Identity

KW - Electronic Signatures

KW - Signature creation application

KW - Trustworthy user device

UR - http://www.scopus.com/inward/record.url?scp=84989968332&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-46598-2_1

DO - 10.1007/978-3-319-46598-2_1

M3 - Conference paper

AN - SCOPUS:84989968332

SN - 9783319465975

VL - 9871 LNCS

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 1

EP - 16

BT - Security and Trust Management

PB - Springer

T2 - 12th International Workshop on Security and Trust Management, STM 2016

Y2 - 26 September 2016 through 27 September 2016

ER -

Towards a Personal Security Device

Abstract

Publication series

Conference

Access to Document

Other files and links

Cite this