Friday, 26 February 2010

Cross border authentication - security issues - ENISA report

ENISA have been busy lately. They've just released a report on Security Issues in Cross-border Electronic Authentication (by Dirk Hartmann and Stephan K├Ârting, HJP Consulting GmbH, 63 pgs), see summary.

These issues are clearly important given the EU goal of improving the interoperability of electronic identification and authentication systems with a view to enabling cross border management of citizens' identities, improving administrative efficiency, accessibility and user-friendliness, and reducing abuse and fraud as well as costs.

Their report analyses the current position (highlighting legal i.e. mainly data protection as well as technical issues), evaluating the security risks of electronic authentication in cross-border solutions by reference to 2 case studies (on which more below).

Not surprisingly, they conclude that data protection differences and the legal and contractual framework pose a challenge, but so do secure credentials, cross border authentication of system participants (service providers), the general security of online connections, technological differences, and agreeing a common security policy for (application-specific) electronic cross-border transactions.

The report looked at two projects offering cross-border authentication, as case studies:

  • Netcards/EHIC (European Health Insurance Card) - electronically readable European health insurance card to facilitate access to health care services for insured European citizens during temporary stays abroad, and
  • Stork (Secure idenTity acrOss boRders linKed) - pilot project to simplify administrative formalities by providing secure online access to public services across EU borders.

See also ENISA's Nov 2009 position paper on privacy & security risks when authenticating on the internet with European ID cards.

©WH. This work is licensed under a Creative Commons Attribution Non-Commercial Share-Alike England 2.0 Licence. Please attribute to WH, Tech and Law, and link to the original blog post page. Moral rights asserted.