nach oben

Erschienen in:

2018 | OriginalPaper | Buchkapitel

Key Factors in Coping with Large-Scale Security Vulnerabilities in the eID Field

verfasst von : Silvia Lips, Ingrid Pappel, Valentyna Tsap, Dirk Draheim

Erschienen in: Electronic Government and the Information Systems Perspective

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

In 2017, the encryption vulnerability of a widespread chip led to major, nation-wide eID card incidents in several EU countries. In this paper, we investigate the Estonian case. We start with an analysis of the Estonian eID field in terms of stakeholders and their responsibilities. Then, we describe the incident management from the inside perspective of the crisis management team, covering the whole incident timeline (including issues in response, continuity and recovery). From this, we are able to derive key factors in coping with large-scale security vulnerabilities in the eID field (public-private partnership, technical factors, crisis management, documentation), which encourages further research and systematization.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Improving Opinion Analysis Through Statistical Disclosure Control in eVoting Scenarios

Nächstes Kapitel Discovering and Analyzing Alignment Problems in a Public Organization

https://www.mkm.ee/en.

https://www.ria.ee/en/.

https://www.gemalto.com/.

https://www.smit.ee/.

http://vm.ee/en.

https://www.tja.ee/en.

https://e-estonia.com/solutions/e-identity/id-card/.

https://www.eesti.ee/en/.

Marsalek, A., Zefferer, T., Reimair, F., Karabat, Ç., Soykan, E.U.: Leveraging the adoption of electronic identities and electronic-signature solutions in Europe. In: Proceedings of the Symposium on Applied Computing, SAC 2017, pp. 69–71. ACM, New York (2017)

Luna-Reyes, L.F., Sandoval-Almazan, R., Puron-Cid, G., Picazo-Vela, S., Luna, D.E., Gil-Garcia, J.R.: Understanding public value creation in the delivery of electronic services. In: Janssen, M., et al. (eds.) EGOV 2017. LNCS, vol. 10428, pp. 378–385. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-64677-0_31CrossRef

Muldme, A., Pappel, I., Lauk, M., Draheim, D.: A survey on customer satisfaction in national electronic ID user support. In: 2018 International Conference on eDemocracy eGovernment (ICEDEG), pp. 31–37, April 2018

Tsap, V., Pappel, I., Draheim, D.: Key success factors in introducing national e-identification systems. In: Dang, T.K., Wagner, R., Küng, J., Thoai, N., Takizawa, M., Neuhold, E.J. (eds.) FDSE 2017. LNCS, vol. 10646, pp. 455–471. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70004-5_33CrossRef

Republic of Estonia: Electronic identification and trust services for electronic transactions act. https://www.riigiteataja.ee/en/eli/527102016001/

Pappel, I., Pappel, I., Tepandi, J., Draheim, D.: Systematic digital signing in estonian e-government processes. In: Hameurlain, A., Küng, J., Wagner, R., Dang, T.K., Thoai, N. (eds.) Transactions on Large-Scale Data- and Knowledge-Centered Systems XXXVI. LNCS, vol. 10720, pp. 31–51. Springer, Heidelberg (2017). https://doi.org/10.1007/978-3-662-56266-6_2CrossRef

European Union: Regulation (EU) no. 910/2014 of the European Parliament and of the council of 23 july 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing directive 1999/93/EC (2014)

Republic of Estonia: Identity documents act. https://www.riigiteataja.ee/en/eli/521062017003/

Republic of Estonia: Aliens act. https://www.riigiteataja.ee/en/eli/501112017003/

10.

E-Governance Adacemy: e-Estonia - e-governance in practice. eGA, Tallinn (2016). https://goo.gl/JfpwNN

11.

Nemec, M., Sys, M., Svenda, P., Klinec, D., Matyas, V.: The return of coppersmith’s attack: practical factorization of widely used RSA moduli. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, CCS 2017, pp. 1631–1648. ACM, New York (2017)

12.

Svenda, P., et al.: The million-key question - investigating the origins of RSA public keys. In: 25th USENIX Security Symposium, pp. 893–910. USENIX Association (2017)

13.

První certifikační autorita: Safety of starcos cards. I.CA News Feed, November 2017. http://www.ica.cz/News?IdNews=363

14.

Meyer, D.: ID card security - Spain is facing chaos over chip crypto flaws. ZDNet, November 2017. https://goo.gl/8xWizW

15.

Leyden, J.: Confusion reigns over crypto vuln in Spanish electronic ID smartcards - certs revoked, but where are the updates? The register, November 2017

16.

Paide, K., Pappel, I., Vainsalu, H., Draheim, D.: On the systematic exploitation of the Estonian data exchange layer X-road for strengthening public private partnerships. In: 11th International Conference on Theory and Practice of Electronic Governance, ICEGOV 2018. ACM (2018)

17.

British Standards Institution: Business continuity management - part 1: code of practice, British Standard BS 259991:2006. BSI Group, London (2006)

18.

British Standards Institution: Societal security - business continuity management systems - requirements. BSI Group, London (2014)

19.

Draheim, D.: Smart business process management. In: 2011 BPM and Workflow Handbook, Digital Edition. Future Strategies, Workflow Management Coalition, pp. 207–223 (2012)

20.

Draheim, D., Pirinen, R.: Towards exploiting social software for business continuity management. In: Workshops on Database and Expert Systems Applications (DEXA), pp. 279–283. IEEE Press, September 2011

21.

Buldas, A., Saarepera, M.: Are the current system engineering practices sufficient to meet cyber crime? In: Tryfonas, T. (ed.) HAS 2017. LNCS, vol. 10292, pp. 451–463. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-58460-7_31CrossRef

Titel: Key Factors in Coping with Large-Scale Security Vulnerabilities in the eID Field
verfasst von: Silvia Lips
Ingrid Pappel
Valentyna Tsap
Dirk Draheim
Verlag: Springer International Publishing
Buch: Electronic Government and the Information Systems Perspective
Print ISBN: 978-3-319-98348-6

Electronic ISBN: 978-3-319-98349-3

Copyright-Jahr: 2018
DOI: https://doi.org/10.1007/978-3-319-98349-3_5

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner