Towards a Personal Security Device

  • Christof Rath
  • Thomas Niedermair
  • Thomas Zefferer
Conference paper

DOI: 10.1007/978-3-319-46598-2_1

Part of the Lecture Notes in Computer Science book series (LNCS, volume 9871)
Cite this paper as:
Rath C., Niedermair T., Zefferer T. (2016) Towards a Personal Security Device. In: Barthe G., Markatos E., Samarati P. (eds) Security and Trust Management. STM 2016. Lecture Notes in Computer Science, vol 9871. Springer, Cham

Abstract

In Europe, eID and e-signature solutions are basic building blocks of many transactional e-government services, especially in citizens-to-government communication. Many European countries issue smart cards to provide eID and e-signature functionality on a high assurance level. However, to access these tokens, security-critical code has to be executed on the client platform of the user. If the client platform is compromised, an attacker may gain access to credentials of the user and subsequently be able to issue electronic signatures or access protected resources. To address this problem, we present the concept of a personal security device. It is an isolated, low-cost, single-purpose device to execute security-critical code of eID and e-signature tasks. We developed a concrete implementation on a RaspberryPI and evaluated the solution via an external application. Our solution increases the security of eID and e-signature processes by mitigating the impact of a compromised client platform.

Keywords

Electronic identity Electronic signature Signature creation application Trustworthy user device 

Copyright information

© Springer International Publishing AG 2016

Authors and Affiliations

  • Christof Rath
    • 1
  • Thomas Niedermair
    • 1
  • Thomas Zefferer
    • 1
  1. 1.Graz University of TechnologyInstitute of Applied Information Processing and CommunicationsGrazAustria

Personalised recommendations