Advertisement

Secure and Privacy-Preserving Cross-Border Authentication: The STORK Pilot ‘SaferChat’

  • Thomas Knall
  • Arne Tauber
  • Thomas Zefferer
  • Bernd Zwattendorfer
  • Arnaldur Axfjord
  • Haraldur Bjarnason
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6866)

Abstract

Secure user authentication, provision of identity attributes, privacy preservation, and cross-border applicability are key requirements of security and privacy sensitive ICT based services. The EU large scale pilot STORK provides a European cross-border authentication framework that satisfies these requirements by establishing interoperability between existing national eID infrastructures. To allow for privacy preservation, the developed framework supports the provision of partial identity information and pseudonymization. In this paper we present the pilot application SaferChat that has been developed to evaluate and demonstrate the functionality of the STORK authentication framework. SaferChat makes use of age claim based authentication mechanisms that allow for an online environment where kids and teenagers are able to communicate with their peers in a safe way. We first identify relevant prerequisites for the SaferChat pilot application and then give an introduction to the basic architecture of the STORK authentication framework. We finally show how this framework has been integrated into the SaferChat pilot application to meet the identified requirements and to implement a secure and privacy preserving cross-border user authentication mechanism.

Keywords

e-ID interoperability authentication privacy security e-Learning Moodle STORK 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    European Commission: The European eGovernment Action Plan 2011-2015, COM(2010) 743, Brussels (2010) Google Scholar
  2. 2.
    European Commission: A Digital Agenda for Europe, COM(2010) 215 final/2, Brussels (2010) Google Scholar
  3. 3.
    Leitold, H., Zwattendorfer, B.: STORK: Architecture, Implementation and Pilots. Securing Electronic Business Processes. In: ISSE (2010) Google Scholar
  4. 4.
  5. 5.
    Ferraiolo, D.F., Cugini, J.A., Kuhn, D.R.: Role-based access control (RBAC): Features and motivations. NIST (1995) Google Scholar
  6. 6.
    Kessler, G.C.: Passwords – Strengths and Weaknesses. In: Cavanagh, J.P. (ed.) Internet and Networking Security, Auerbach (1997)Google Scholar
  7. 7.
    Yang, G., Wong, D., Wang, H., Deng, X.: Two-factor mutual authentication based on smart cards and passwords, vol. 74, pp. 1160–1172 (2008) Google Scholar
  8. 8.
    Berbecaru, D., et al.: D5.7.2 Functional Design for PEPS, MW models and interoperability. STORK Deliverable (2010) Google Scholar
  9. 9.
    OASIS, Security Assertion Markup Language (SAML), http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=security
  10. 10.
    Alcalde-Morano, J., Hernández-Ardieta, J.L., Johnston, A., Martinez, D., Zwattendorfer, B., Stern, M.: D5.8.1b Interface Specification. STORK Deliverable (2009) Google Scholar
  11. 11.
    Bjarnason, H., Knall, T., Axfjörð, A.F.: D6.2.1 SaferChat - Functional Specification. STORK Deliverable (2009) Google Scholar
  12. 12.
    Bjarnason, H., Knall, T., Axfjörð, A.F, Jónsson, G. K.: D6.2.3 SaferChat Detailed Planning. STORK Deliverable (2009) Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Thomas Knall
    • 1
  • Arne Tauber
    • 2
  • Thomas Zefferer
    • 2
  • Bernd Zwattendorfer
    • 2
  • Arnaldur Axfjord
    • 3
  • Haraldur Bjarnason
    • 3
  1. 1.Datentechnik Innovation GmbHUnterpremstättenAustria
  2. 2.E-Government Innovation CenterGrazAustria
  3. 3.Ministry of FinanceReykjavíkIceland

Personalised recommendations