Towards Electronic Identification and Trusted Services for Biometric Authenticated Transactions in the Single Euro Payments Area

  • Nicolas Buchmann
  • Christian Rathgeb
  • Harald Baier
  • Christoph Busch
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8450)

Abstract

On 14th October 2013 the European Parliament Committee on Industry, Research and Energy (ITRE) paved the way on the regulation and harmonisation for electronic identification, authentication and trust services (eIDAS) between EU member states. This upcoming regulation will ensure mutual recognition and acceptance of electronic identification across borders, which also provides an opportunity to establish trusted electronic transactions in the Single Euro Payments Area (SEPA). The contribution of the presented paper is twofold: on the one hand we discuss the adaption of the upcoming eIDAS standard towards trusted banking transactions and outline resulting security and privacy enhancements; on the other hand we extend the eIDAS standard by biometric authenticated transactions which not only boost user convenience, trust and confidence towards eBanking and eBusiness, but suggest to integrate state-of-the-art privacy compliant biometric technologies into the security ecosystem, which is promoted by both, the European Payment Council (EPC) and the European Banking Union (EBU). As a result we identify eIDAS as highly suitable for banking transactions since it is solely based on security protocols and infrastructure which have been for more than ten years proven secure in the civil aviation domain.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Adler, A., Youmaran, R., Loyka, S.: Towards a measure of biometric information. In: Canadian Conference on Electrical and Computer Engineering (CCECE 2006), pp. 210–213 (2006)Google Scholar
  2. 2.
    Ahlswede, S., Gaab, J.: eIDS in Europe – Not (yet) yielding profits for the cross-border financial services sector. Deutsche Bank Research (September 2010)Google Scholar
  3. 3.
    Bender, J., Fischlin, M., Kügler, D.: Security analysis of the pace key-agreement protocol. In: Samarati, P., Yung, M., Martinelli, F., Ardagna, C.A. (eds.) ISC 2009. LNCS, vol. 5735, pp. 33–48. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  4. 4.
    BSI: Technical Guideline TR-03110-1 Advanced Security Mechanisms for Machine Readable Travel Documents - Part 1 – eMRTDs with BAC/PACEv2 and EACv1, 2.10 (March 2012)Google Scholar
  5. 5.
    BSI: Technical Guideline TR-03110-2 Advanced Security Mechanisms for Machine Readable Travel Documents and eIDAS Token - Part 2 – Protocols for electronic IDentification, Authentication and trust Services (eIDAS), 2.20 beta edn. (September 2013)Google Scholar
  6. 6.
    BSI: Technical Guideline TR-03110-4 Advanced Security Mechanisms for Machine Readable Travel Documents and eIDAS Token - Part 4 – Application and Profiles, 2.20 beta edn. (September 2013)Google Scholar
  7. 7.
    BSI: Technical Guideline TR-03139 Common Certificate Policy for the Extended Access Control Infrastructure for Passports and Travel Documents issued by EU Member States, 2.1 edn. (May 2013)Google Scholar
  8. 8.
    Buchmann, N., Peeters, R., Baier, H., Pashalidis, A.: Security considerations on extending PACE to a biometric-based connection establishment. In: 2013 International Conference of the Biometrics Special Interest Group (BIOSIG), pp. 1–13 (2013)Google Scholar
  9. 9.
    Cavoukian, A., Stoianov, A.: Biometric encryption. In: Encyclopedia of Biometrics. Springer (2009)Google Scholar
  10. 10.
    Cavoukian, A., Stoianov, A.: Biometric encryption: The new breed of untraceable biometrics. In: Biometrics: Fundamentals, Theory, and Systems. Wiley (2009)Google Scholar
  11. 11.
    Committee on Industry, Research and Energy: EU e-signature plan to make electronic deals safer and easier (October 2013), http://www.europarl.europa.eu/pdfs/news/expert/infopress/20131014IPR22239/20131014IPR22239_en.pdf
  12. 12.
    Dagdelen, Ö., Fischlin, M.: Security analysis of the extended access control protocol for machine readable travel documents. In: Burmester, M., Tsudik, G., Magliveras, S., Ilić, I. (eds.) ISC 2010. LNCS, vol. 6531, pp. 54–68. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  13. 13.
    Daugman, J.: Probing the uniqueness and randomness of iriscodes: Results from 200 billion iris pair comparisons. Proc. of the IEEE 94(11), 1927–1935 (2006)CrossRefGoogle Scholar
  14. 14.
    Deufel, B., Mueller, C., Duffy, G., Kevenaar, T.: BioPACE – Biometric passwords for next generation authentication protocols for machine-readable travel documents. Datenschutz und Datensicherheit - DuD 37(6), 363–366 (2013)CrossRefGoogle Scholar
  15. 15.
    European Payments Council (EPC): SEPA - Key Figures, http://www.europeanpaymentscouncil.eu/ (November 2013)
  16. 16.
    Hartung, D., Busch, C.: Biometric transaction authentication protocol: Formal model verification and “Four-eyes” principle extension. In: Danezis, G., Dietrich, S., Sako, K. (eds.) FC 2011 Workshops 2011. LNCS, vol. 7126, pp. 88–103. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  17. 17.
    ICAO: Doc 9303 Part 1 Machine Readable Passports Volume 2 Specifications for Electronically Enabled Passports with Biometric Identification Capability. International Civil Aviation Organization (ICAO), sixth edn. (2006)Google Scholar
  18. 18.
    ICAO: Supplemental Access Control for Machine Readable Travel Documents. International Civil Aviation Organization (ICAO), 1.01 edn. (November 2010)Google Scholar
  19. 19.
    ICAO: Technical Advisory Group on Machine Readable Travel Documents (TAG/MRTD) – Twenty-First Meeting – Montreal. International Civil Aviation Organization (ICAO) (November 2012)Google Scholar
  20. 20.
    ICAO: SUPPLEMENT to Doc 9303. International Civil Aviation Organization (ICAO), 13 edn. (October 2013)Google Scholar
  21. 21.
    ISO/IEC JTC 1 /SC 27 Security Techniques: ISO/IEC 24745:2011. Information Technology - Security Techniques - Biometric Information Protection. International Organization for Standardization (2011)Google Scholar
  22. 22.
    ISO/IEC JTC 1/SC 31 - Automatic identification and data capture techniques: Information technology – Automatic identification and data capture techniques – Data Matrix bar code symbology specification. ISO/IEC 16022:2006 (2006)Google Scholar
  23. 23.
    ISO/IEC JTC 1/SC 31 - Automatic identification and data capture techniques: Information Technology – Automatic Identification and Data Capture Techniques – QR Code 2005 Bar Code Symbology Specification. ISO/IEC 18004:2006 (2006)Google Scholar
  24. 24.
    ISO/IEC TC JTC1 SC37 Biometrics: ISO/IEC 19795-1:2006. Information Technology – Biometric Performance Testing and Reporting – Part 1: Principles and Framework. International Organization for Standardization and International Electrotechnical Committee (March 2006)Google Scholar
  25. 25.
    Jain, A.K., Nandakumar, K., Nagar, A.: Biometric template security. EURASIP J. Adv. Signal Process 2008, 1–17 (2008)CrossRefGoogle Scholar
  26. 26.
    Jain, A.K., Ross, A., Prabhakar, S.: An introduction to biometric recognition. IEEE Trans. on Circuits and Systems for Video Technology 14, 4–20 (2004)CrossRefGoogle Scholar
  27. 27.
    NORMA, C.T.: CSN 36 9791 ed. A – Information technology - Country Verifying Certification Authority Key Management Protocol for SPOC (December 2009)Google Scholar
  28. 28.
    Ratha, N.K., Connell, J.H., Bolle, R.M.: Enhancing security and privacy in biometrics-based authentication systems. IBM Systems Journal 40, 614–634 (2001)CrossRefGoogle Scholar
  29. 29.
    Ratha, N.K., Connell, J.H., Bolle, R.M.: An analysis of minutiae matching strength. In: Bigun, J., Smeraldi, F. (eds.) AVBPA 2001. LNCS, vol. 2091, pp. 223–228. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  30. 30.
    Rathgeb, C., Busch, C.: Multibiometric template protection: Issues and challenges. In: New Trends and Developments in Biometrics. pp. 173–190. InTech (2012)Google Scholar
  31. 31.
    Rathgeb, C., Uhl, A.: A survey on biometric cryptosystems and cancelable biometrics. EURASIP Journal on Information Security 2011(3) (2011)Google Scholar
  32. 32.
    Sousedik, C., Busch, C.: Presentation attack detection methods for fingerprint recognition systems: A survey. IET Biometrics (January 2014)Google Scholar
  33. 33.
    Tractis – Negonation: World Map of eID deployments, https://www.tractis.com/help/?p=3670 (December 2012)
  34. 34.
    Uludag, U., Pankanti, S., Prabhakar, S., Jain, A.K.: Biometric cryptosystems: issues and challenges. Proc. of the IEEE 92(6), 948–960 (2004)CrossRefGoogle Scholar
  35. 35.
    Viveros, R., Balasubramanian, K., Balakrishnan, N.: Binomial and negative binomial analogues under correlated bernoulli trials. The American Statistician 48(3), 243–247 (1984)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Nicolas Buchmann
    • 1
  • Christian Rathgeb
    • 1
  • Harald Baier
    • 1
  • Christoph Busch
    • 1
  1. 1.da/sec – Biometrics and Internet Security Research Group, Hochschule DarmstadtDarmstadtGermany

Personalised recommendations