electronic citizen identities and strong authentication
play

Electronic Citizen Identities and Strong Authentication Sanna - PowerPoint PPT Presentation

Jun 24, 2023 •378 likes •507 views

Electronic Citizen Identities and Strong Authentication Sanna Suoranta, Lari Haataja, Tuomas Aura Department of Computer Science Aalto University Finland 21.10.2015 Sanna Suoranta sanna.suoranta@aalto.fi Content Motivation Situation

  1. Electronic Citizen Identities and Strong Authentication Sanna Suoranta, Lari Haataja, Tuomas Aura Department of Computer Science Aalto University Finland 21.10.2015 Sanna Suoranta sanna.suoranta@aalto.fi

  2. Content • Motivation • Situation around the world • Technical solutions • Usage around the world • Summary 21.10.2015

  3. Motivation Why is strong citizen authentication interesting? • OECD claim: lack of mature digital identities delays the development of Internet economy – But credit cards are widely used as payment methods without strong citizen authentication • Citizen id used for bootstrapping of other identities • Nordic countries as early adopters – Finland was the first country with smart cards for strong citizen authentication (1999), but few people use it – Estonia provides “electronic id” to anyone and waits this to boost its economic life Why the survey? • Background survey for our more technical research 21.10.2015

  4. Overview National eID projects Picture from http://www.nxp.com/documents/leaflet/939775017234_V9.pdf 21.10.2015

  5. Strong Citizen Authentication Two approaches: • A governmental organization as identity provider – Traditional source of identity (birth certificate -> passport) – Often used both offline and online • Outsourced to trusted non-governmental identity providers – E.g. banks, post offices, mobile phone operators – Already required to verify the customer identity strongly, e.g. “know your customer” rules for banks 21.10.2015

  6. Authentication by Smart Cards • Electronic identity cards with a micro chip – Contains e.g. X.509 certificates and biometric information – Targeted for both online and offline use – Contactless and contact cards • Bank cards may also be used in authentication if the bank is the identity provider – Banks may also provide card readers to their customers • Pros: considered to be uncopyable and tamperproof • Cons: requires chip reader or NFC capability • Deployed (or soon to be deployed) in many countries: – Argentina, Australia, Austria, Belgium, Brazil, China, Estonia, Finland, France, Germany, Indonesia, Italy, Japan, Mexico, Portugal, Russia, South Africa, Spain, Switzerland, Turkey etc 21.10.2015

  7. Password Authentication • Some countries use passwords as the authentication method – May be combined with another method – Pros: familiar and “easy” to use – Cons: may be weak, prone to phishing – Canada, India, New Zealand, South Korea, Saudi Arabia • Some banks offer citizen authentication using one-time- passwords – Delivered e.g. on paper – Pros: banks are considered to be trustworthy – Cons: the same credentials used for online bank login, your money at risk – Denmark, Finland, Sweden, Lithuania 21.10.2015

  8. Authentication with Mobile Phone • Typically as a part of two-method authentication – One-time code sent to the mobile phone – New Zealand • ETSI Mobile Certificate – Cryptographic keys stored on the SIM card – Used for authentication and digital signatures – Australia, Finland, Estonia, Lithuania, Netherlands, Norway, Poland, Slovenia Switzerland, and Turkey • Pros: trusted communication channel, personal device • Cons: mobile malware, currently on national level, lack of trust between operators internationally 21.10.2015

  9. Other Physical Tokens for Authentication • USB stick – Switzerland (post office as identity provider) • Pros: most of the computers have the USB port • Cons: cannot be connected to mobile phones 21.10.2015

  10. Usage around the World • Estimated that 33% of world’s population have an electronic identity card in 2009 – Highest numbers in Estonia: 90% has the card, 24% voted online in 2011 parliament election – e.g. in Spain 27% has the card, but only 2% has card reader and 5% have used the card • Mostly still used offline • Some countries do not have or have even abandoned their online citizen authentication projects – Fear of central database of sensitive information – Citizens trust private companies more than the government – E.g. United Kingdom, USA 21.10.2015

  11. Summary • Many citizen authentication projects are still early deployment phase • Technical solutions are quite mature • Use grows very slowly – Support from online services is lacking – Cross-border use is small – Alternative solutions have already filled the space • Citizens often concerned about privacy and liberty issues, and sometimes for good reasons 21.10.2015

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Strong Authentication without Tamper-Resistant Hardware and Application to Federated Identities

Strong Authentication without Tamper-Resistant Hardware and Application to Federated Identities

Strong Authentication without Tamper-Resistant Hardware and Application to Federated Identities Zhenfeng Zhang , Yuchen Wang , Kang Yang Institute of Software, Chinese Academy of Sciences; The Joint Academy of Blockchain

869 views • 25 slides
Digital ID Authentication & Online Citizen Engagement About PlaceSpeak Our Mission: To

Digital ID Authentication & Online Citizen Engagement About PlaceSpeak Our Mission: To

Digital ID Authentication & Online Citizen Engagement About PlaceSpeak Our Mission: To facilitate legitimate and defensible online citizen engagement by connecting the digital identity of participants to their physical location . City

364 views • 18 slides
Lecture Outline Finish broader notions relating to authentication: Multi-party identities

Lecture Outline Finish broader notions relating to authentication: Multi-party identities

Lecture Outline Finish broader notions relating to authentication: Multi-party identities (Ecommerce, web advertising) Bot-or-Not (CAPTCHAs) Project status reports Botnets: Basic structure More sophisticated

799 views • 65 slides
Digital Identities, Social Engineering & Mule Networks Dr Stephen Topliss, Vice President

Digital Identities, Social Engineering & Mule Networks Dr Stephen Topliss, Vice President

Digital Identities, Social Engineering & Mule Networks Dr Stephen Topliss, Vice President Product Strategy April 3 rd 2019 Digital Identities Building a Digital Identity Network Risk Based Authentication Events are processed in real

228 views • 22 slides
The eID/STORK EU project eID Implementation of an EU wide interoperable system for

The eID/STORK EU project eID Implementation of an EU wide interoperable system for

The eID/STORK EU project eID Implementation of an EU wide interoperable system for recognition of eID and authentication that will enable business, citizens and government employees to use national electronic identities in any Member

738 views • 8 slides
AUTHENTICATION AUTHENTICATION Authentication is the process by which you decide that someone is

AUTHENTICATION AUTHENTICATION Authentication is the process by which you decide that someone is

SECURITY TOPICS PART 2 AUTHENTICATION AUTHENTICATION Authentication is the process by which you decide that someone is who they say they are and therefore permitted to access the requested resources: getting entrance to a computer lab

833 views • 44 slides
Identities: Mirrors and Windows Our identities from our fingerprints and Facebook profile to

Identities: Mirrors and Windows Our identities from our fingerprints and Facebook profile to

Identities: Mirrors and Windows Our identities from our fingerprints and Facebook profile to our family trees fundamentally shape the ways that we think about, feel, and interact with the world. This neighborhood gives students the

657 views • 14 slides
Safeguarded Digital Identities Loretta ANANIA, EC STOA Digital Sovereign Identity Workshop Why

Safeguarded Digital Identities Loretta ANANIA, EC STOA Digital Sovereign Identity Workshop Why

Safeguarded Digital Identities Loretta ANANIA, EC STOA Digital Sovereign Identity Workshop Why safeguards are needed IN EUROPE PRIVACY IS A FUNDAMENTAL RIGHT THAT THE EU TREATY ASSIGNS TO EACH INDIVIDUAL CITIZEN EC SUCCESS STORIES: MAKE

323 views • 4 slides
HOST Authentication Overview ECE 525 Authentication Overview Authentication refers to the

HOST Authentication Overview ECE 525 Authentication Overview Authentication refers to the

HOST Authentication Overview ECE 525 Authentication Overview Authentication refers to the process of verifying the identity of the communicating principals to one another Usually sub-divided into Entity authentication Authentication

288 views • 10 slides
How to Achieve Rapid Electronic Authentication Kevin Kozlowski Vice President, Government

How to Achieve Rapid Electronic Authentication Kevin Kozlowski Vice President, Government

How to Achieve Rapid Electronic Authentication Kevin Kozlowski Vice President, Government Initiatives XTec Incorporated Technical Ramifications of 800-116 XTec has been a leader in Smart Card Physical Access Control for over 15

265 views • 13 slides
CS 4803 Computer and Network Security Servers Users How do users prove their identities when

CS 4803 Computer and Network Security Servers Users How do users prove their identities when

Many-to-Many Authentication ? CS 4803 Computer and Network Security Servers Users How do users prove their identities when requesting services from machines on the network? Alexandra (Sasha) Boldyreva Nave solution: every server knows

217 views • 5 slides
Put Identity at the Heart of Security Strong Authentication via Hitachi Biometric Technology

Put Identity at the Heart of Security Strong Authentication via Hitachi Biometric Technology

Put Identity at the Heart of Security Strong Authentication via Hitachi Biometric Technology Tadeusz Woszczyski Country Manager Poland, Hitachi Europe Ltd. 20 September 2017 Financial security in the old world The Perimeter Assets were

659 views • 31 slides
Authentication Most technical security safeguards have Authentication authentication as a

Authentication Most technical security safeguards have Authentication authentication as a

Authentication Most technical security safeguards have Authentication authentication as a precondition How to authenticate: Something you know Password, Secrets Something you have Smart Card, Token Something you are Biometrie

607 views • 4 slides
About us. Strong Electronic history background. Partnership in Chinese Manufacturers who

About us. Strong Electronic history background. Partnership in Chinese Manufacturers who

About us. Strong Electronic history background. Partnership in Chinese Manufacturers who specializes in the production of electronics components. Market Strength and growth is supported by developing office networks primarily in China, and now

824 views • 55 slides
SER Authentication with Radius and LDAP Nimal Ratnayake <nimalr@learn.ac.lk> Lanka

SER Authentication with Radius and LDAP Nimal Ratnayake <nimalr@learn.ac.lk> Lanka

SER Authentication with Radius and LDAP Nimal Ratnayake <nimalr@learn.ac.lk> Lanka Education and Research Network (LEARN) and Department of Electrical & Electronic Engineering, University of Peradeniya 1 SER Authentication

1.03k views • 22 slides
OPAQUE: A Strong Asymmetric PAKE Protocol Secure Against Pre-Computation Attacks Stanislaw

OPAQUE: A Strong Asymmetric PAKE Protocol Secure Against Pre-Computation Attacks Stanislaw

OPAQUE: A Strong Asymmetric PAKE Protocol Secure Against Pre-Computation Attacks Stanislaw Jarecki, Hugo Krawczyk, Jiayu Xu Motivation: Password Authentication Passwords are the prevalent tool for authentication Passwords are vulnerable

481 views • 22 slides
SSMs ANNUAL DIALOGUE KUALA LUMPUR 2015 SSMS UPDATES DOING BUSINESS 2016 REPORT DOING

SSMs ANNUAL DIALOGUE KUALA LUMPUR 2015 SSMS UPDATES DOING BUSINESS 2016 REPORT DOING

SSMs ANNUAL DIALOGUE KUALA LUMPUR 2015 SSMS UPDATES DOING BUSINESS 2016 REPORT DOING BUSINESS 2016 REPORT The World Bank Doing Business 2016 Report was issued on 28 October 2015. Malaysia's overall position 18 th out of 189

496 views • 15 slides
Evidence about the value of public sector audit to stakeholders Carolyn Cordery, Victoria

Evidence about the value of public sector audit to stakeholders Carolyn Cordery, Victoria

Evidence about the value of public sector audit to stakeholders Carolyn Cordery, Victoria University of Wellington David Hay, University of Auckland / Aalto University 8 December 2016 2 Why evidence about the value of public audit to

417 views • 39 slides
Minimum Levels of Componentisation for Road Infrastructure Assets 11 September 2018 1 Todays

Minimum Levels of Componentisation for Road Infrastructure Assets 11 September 2018 1 Todays

Minimum Levels of Componentisation for Road Infrastructure Assets 11 September 2018 1 Todays moderator Eliz Esteban Communications Officer Austroads P: +61 2 8265 3302 E: eesteban@austroads.com.au 2 About Austroads The peak

939 views • 80 slides
BNP Paribas Swiftly delivering on adaptation Well positioned for growth Jean-Laurent Bonnaf

BNP Paribas Swiftly delivering on adaptation Well positioned for growth Jean-Laurent Bonnaf

BNP Paribas Swiftly delivering on adaptation Well positioned for growth Jean-Laurent Bonnaf Chief Executive Officer B Barclays Conference, New York l C f N Y k 12 September 2012 1 Disclaimer Figures included in this presentation

598 views • 39 slides
Programme Budgeting course Lec ectu turer: Hra rachya Zak akoyan BASIC INFORMATION PROGRAMME

Programme Budgeting course Lec ectu turer: Hra rachya Zak akoyan BASIC INFORMATION PROGRAMME

GAVAR STATE UNIVERSITY Programme Budgeting course Lec ectu turer: Hra rachya Zak akoyan BASIC INFORMATION PROGRAMME BU BUDGETING TIT ITLE OF F THE COURSE TEACHERS Hrachya Zakoyan YEAR OF F THE COURSE First Year SE SEMESTER OF F

504 views • 25 slides
Text Mining and Geo-referencing Historical Text Beatrice Alex Edinburgh Language Technology

Text Mining and Geo-referencing Historical Text Beatrice Alex Edinburgh Language Technology

Text Mining and Geo-referencing Historical Text Beatrice Alex Edinburgh Language Technology Group School of Informatics balex@inf.ed.ac.uk @bea_alex DCHRN Workshop Cultural Heritage Sparks, Edinburgh, Jan 29th 2016 EDINBURGH LTG Language

288 views • 12 slides
Welcome IN TRODUCTION TO MON GODB IN P YTH ON Donny Winston Instructor JavaScript Object

Welcome IN TRODUCTION TO MON GODB IN P YTH ON Donny Winston Instructor JavaScript Object

Welcome IN TRODUCTION TO MON GODB IN P YTH ON Donny Winston Instructor JavaScript Object Notation (JSON) Objects {} Arrays [] String keys & values Series of values [value1, value2,...] {'key1':value1, 'key2':value2,...} Order of values

267 views • 24 slides
Lecture 5: Convolution Princeton University COS 495 Instructor: Yingyu Liang Convolutional

Lecture 5: Convolution Princeton University COS 495 Instructor: Yingyu Liang Convolutional

Deep Learning Basics Lecture 5: Convolution Princeton University COS 495 Instructor: Yingyu Liang Convolutional neural networks Strong empirical application performance Convolutional networks: neural networks that use convolution in

997 views • 31 slides

More recommend