Towards a Personal Security Device | SpringerLink
Skip to main content
Springer Nature Link
Log in

Towards a Personal Security Device

  • Conference paper
  • First Online:
Security and Trust Management (STM 2016)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9871))

Included in the following conference series:

  • 687 Accesses

Abstract

In Europe, eID and e-signature solutions are basic building blocks of many transactional e-government services, especially in citizens-to-government communication. Many European countries issue smart cards to provide eID and e-signature functionality on a high assurance level. However, to access these tokens, security-critical code has to be executed on the client platform of the user. If the client platform is compromised, an attacker may gain access to credentials of the user and subsequently be able to issue electronic signatures or access protected resources. To address this problem, we present the concept of a personal security device. It is an isolated, low-cost, single-purpose device to execute security-critical code of eID and e-signature tasks. We developed a concrete implementation on a RaspberryPI and evaluated the solution via an external application. Our solution increases the security of eID and e-signature processes by mitigating the impact of a compromised client platform.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
¥17,985 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
JPY 3498
Price includes VAT (Japan)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
JPY 5719
Price includes VAT (Japan)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
JPY 7149
Price includes VAT (Japan)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. A-SIT: Mobile Phone Signature & Citizen Card. http://www.buergerkarte.at

  2. Centner, M., Orthacker, C., Bauer, W.: Minimal-Footprint Middleware for theCreation of Qualified Signatures. In: Institute for Systems and Technologies of Information, Control and Communication (ed.) Proceedings of the 6th International Conference onWeb Information Systems and Technologies, pp. 64–69. INSTICC - Institute for Systems and Technologies of Information, Control and Communication, Portugal (2010)

    Google Scholar 

  3. CWA 14170: Security requirements for signature creation applications (2004)

    Google Scholar 

  4. Cock, D., Wouters, K., Preneel, B.: Introduction to the Belgian EID card. In: Katsikas, S.K., Gritzalis, S., López, J. (eds.) EuroPKI 2004. LNCS, vol. 3093, pp. 1–13. Springer, Heidelberg (2004). doi:10.1007/978-3-540-25980-0_1

    Chapter  Google Scholar 

  5. Ducastel, N.: International Comparison eID Means. Technical report PBLQ (2015)

    Google Scholar 

  6. ecsec: Open eCard App. https://www.openecard.org. Accessed 11 April 2016

  7. ETSI: Electronic Signatures and Infrastructures (ESI); PDF Advanced Electronic Signatures (PAdES); TS 102 778. Technical report, European Telecommunication Standards Institute (2009)

    Google Scholar 

  8. ETSI: Electronic Signatures and Infrastructures (ESI); XML Advanced Electronic Signatures (XAdES); TS 101 903. Technical report, European Telecommunication Standards Institute (2010)

    Google Scholar 

  9. ETSI: Electronic Signatures and Infrastructures (ESI); CMS Advanced Electronic Signatures (CAdES); TS 101 733. Technical report, European Telecommunication Standards Institute (2013)

    Google Scholar 

  10. European Parliament: Directive 95/46/EC. In: Official Journal of the European Communities, vol. 38, pp. 31–50. European Commision (1995)

    Google Scholar 

  11. European Parliament: eIDAS - Regulation (EU) No 910/2014. In: Official Journal of the European Union, vol. 57, pp. 73–114. European Commision (2014)

    Google Scholar 

  12. Eurosmart: Landscape of eID in Europe in 2013. Technical report, Eurosmart (2014)

    Google Scholar 

  13. FEDICT: eID Belgium

    Google Scholar 

  14. IDABC: Study on eID Interoperability for PEGS: Update of Country Profiles (2009)

    Google Scholar 

  15. ID.ee: ID Card (2016)

    Google Scholar 

  16. ISO, IEC 24727: Identification cards - Integrated circuit card programming interfaces, Part 1–6

    Google Scholar 

  17. Leitold, H., Hollosi, A., Posch, R.: Security architecture of the Austrian citizen card concept. In: 18th Annual Computer Security Applications Conference, Proceedings, pp. 391–400 (2002)

    Google Scholar 

  18. OASIS: Digital signature services core protocols, elements, and bindings (2007)

    Google Scholar 

  19. Orthacker, C., Centner, M., Kittl, C.: Qualified mobile server signature. In: IFIP Advances in Information and Communication Technology. vol. 330, pp. 103–111 (2010)

    Google Scholar 

  20. Panda Security: Pandalabs’ Annual Report 2015

    Google Scholar 

  21. Spalka, A., Cremers, A.B., Langweg, H.: Trojan horse attacks on software for electronic signatures. Informatica (Slovenia) 26(2) (2002)

    Google Scholar 

  22. Sun Microsystems Inc.: JSR 268: Java Smart Card I/O API (2006)

    Google Scholar 

  23. Zefferer, T., Teufl, P.: Leveraging the adoption of mobile eID and e-Signature solutions in Europe. In: Kő, A., Francesconi, E. (eds.) EGOVIS 2015. LNCS, vol. 9265, pp. 86–100. Springer, Heidelberg (2015). doi:10.1007/978-3-319-22389-6_7

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Graz University of Technology, Institute of Applied Information Processing and Communications, 8010, Graz, Austria

    Christof Rath, Thomas Niedermair & Thomas Zefferer

Authors
  1. Christof Rath
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Thomas Niedermair
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Thomas Zefferer
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Christof Rath .

Editor information

Editors and Affiliations

  1. IMDEA Software Institute , Pozuelo de Alarcón, Madrid, Spain

    Gilles Barthe

  2. Dept Comp Sci, Vassilika Vouton, Univ of Crete Dept Comp Sci, Vassilika Vouton, Heraklion, Crete, Greece

    Evangelos Markatos

  3. Dipto di Informatica, Univ degli Studi di Milano Dipto di Informatica, Crema, Italy

    Pierangela Samarati

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing AG

About this paper

Cite this paper

Rath, C., Niedermair, T., Zefferer, T. (2016). Towards a Personal Security Device. In: Barthe, G., Markatos, E., Samarati, P. (eds) Security and Trust Management. STM 2016. Lecture Notes in Computer Science(), vol 9871. Springer, Cham. https://doi.org/10.1007/978-3-319-46598-2_1

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-46598-2_1

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-46597-5

  • Online ISBN: 978-3-319-46598-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics