Nothing Special   »   [go: up one dir, main page]
Skip to main content
Springer Nature Link
Log in

Encryption-Based Second Authentication Factor Solutions for Qualified Server-Side Signature Creation

  • Conference paper
Electronic Government and the Information Systems Perspective (EGOVIS 2015)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 9265))

  • 1233 Accesses

Abstract

Electronic identity (eID) and electronic signature (e-signature) are key concepts of transactional e-government solutions. Especially in Europe, server-based eID and e-signature solutions have recently gained popularity, as they provide enhanced usability while still complying with strict security requirements. To implement obligatory two-factor user-authentication schemes, current server-based eID and e-signature solutions typically rely on one-time passwords delivered to the user via short message service (SMS). This raises several issues in practice, as the use of SMS technology can be cost-effective and insecure. To address these issues, we propose an alternative two-factor user-authentication scheme following a challenge-response approach. The feasibility and applicability of the proposed user-authentication scheme is evaluated by means of two concrete implementations. This way, we show that the proposed authentication scheme and its implementations improve both the cost effectiveness and the security of server-based eID and e-signature solutions.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    http://www.emc.com/security/rsa-securid.htm.

  2. 2.

    https://www.vasco.com/products/products.aspx.

  3. 3.

    http://tools.ietf.org/html/rfc6238.

  4. 4.

    http://tools.ietf.org/html/rfc4226.

  5. 5.

    https://code.google.com/p/google-authenticator/.

  6. 6.

    http://barada.sourceforge.net/.

  7. 7.

    http://www.handy-signatur.at.

  8. 8.

    http://sqrl.pl.

  9. 9.

    https://fidoalliance.org/.

References

  1. Recommendation for Pair-Wise Key-Establishment Schemes Using Discrete Logarithm Cryptography (2007). http://csrc.nist.gov/publications/nistpubs/800-56A/SP800-56A_Revision1_Mar08-2007.pdf. Accessed March 2015

  2. Check Point Software Technologies Ltd.: Media Alert: Check Point and Versafe Uncover New Eurograbber Attack (2012). http://www.checkpoint.com/press/2012/120512-media-alert-cp-versafe-eurograbber-attack.html

  3. Diffie, W., Hellman, M.: New directions in cryptography. IEEE Trans. Inf. Theory 22(6), 644–654 (1976). http://dx.doi.org/10.1109/TIT.1976.1055638

    Article  MathSciNet  Google Scholar 

  4. Fairchild, A., de Vuyst, B.: The Evolution of the e-ID card in Belgium: Data Privacy and Multi-Application Usage. In: The Sixth International Conference on Digital Society, pp. 13–16. Valencia (2012)

    Google Scholar 

  5. Leitold, H., Hollosi, A., Posch, R.: Security Architecture of the Austrian Citizen Card Concept. In: 18th Annual Computer Security Applications Conference, 2002, Proceedings, pp. 391–400 (2002)

    Google Scholar 

  6. Mulliner, C., Borgaonkar, R., Stewin, P., Seifert, J.-P.: SMS-based one-time passwords: attacks and defense (short paper). In: Rieck, K., Stewin, P., Seifert, J.-P. (eds.) DIMVA 2013. LNCS, vol. 7967, pp. 150–159. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  7. National Institute of Standards and Technology: Advanced Encryption Standard (AES) (2001). http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf

  8. Orthacker, C., Centner, M., Kittl, C.: Qualified mobile server signature. In: Rannenberg, K., Varadharajan, V., Weber, C. (eds.) SEC 2010. IFIP AICT, vol. 330, pp. 103–111. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  9. Rath, C., Roth, S., Schallar, M., Zefferer, T.: A secure and flexible server-based mobile eID and e-signature solution. In: Proceedings of the 8th International Conference on Digital Society, ICDS 2014, Barcelona, Spain. pp. 7–12. IARIA (2014)

    Google Scholar 

  10. The European Parliament and the Council of the European Union: DIRECTIVE 1999/93/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 13 December 1999 on a Community framework for electronic signatures (1999). http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2000:013:0012:0020:EN:PDF

  11. Zefferer, T., Krnjic, V.: Usability evaluation of electronic signature based E-Government solutions. In: Proceedings of the IADIS International Conference WWW/INTERNET 2012, pp. 227–234 (2012)

    Google Scholar 

Download references

Acknowledgements

The authors have been supported by the European Commission Seventh Framework Programme through project FutureID, grant agreement number 318424.

Author information

Authors and Affiliations

  1. Institute for Applied Information Processing and Communications, Graz University of Technology, Graz, 8010, Austria

    Christof Rath, Simon Roth, Harald Bratko & Thomas Zefferer

Authors
  1. Christof Rath
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Simon Roth
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Harald Bratko
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Thomas Zefferer
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Christof Rath .

Editor information

Editors and Affiliations

  1. Corvinus University of Budapest, Budapest, Hungary

    Andrea Kő

  2. Institute of Legal Information Theory and Techniques, Florence, Italy

    Enrico Francesconi

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Rath, C., Roth, S., Bratko, H., Zefferer, T. (2015). Encryption-Based Second Authentication Factor Solutions for Qualified Server-Side Signature Creation. In: Kő, A., Francesconi, E. (eds) Electronic Government and the Information Systems Perspective. EGOVIS 2015. Lecture Notes in Computer Science, vol 9265. Springer, Cham. https://doi.org/10.1007/978-3-319-22389-6_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-22389-6_6

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-22388-9

  • Online ISBN: 978-3-319-22389-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation