Security and Privacy Improvements for the Belgian eID Technology

Verhaeghe, Pieter; Lapon, Jorn; Decker, Bart De; Naessens, Vincent; Verslype, Kristof

doi:10.1007/978-3-642-01244-0_21

Cited by 6 publications

(15 citation statements)

References 1 publication

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The eID card contains three files: (1) a digital picture of the citizen, (2) an identity file which contains the basic identity information and a hash value of the picture file; this file is signed by the National Registry, (3) an address file which contains the citizen's current residence; it is signed by the National Registry together with the identity file to guarantee the link between both files.…”

Section: Belgian Electronic Identity Card Technologymentioning

confidence: 99%

“…The message consists of a header 'KEYGEN', the NRN, the serial number of the eID card and possibly some other user information, making the message card specific. The hash of the message, hash M (keyGenMsg) is then signed with the signature key on the eID card resulting in a 1024 bit signature Sig (2). The fixed format prevents that an adversary obtains Sig by requesting a signature on a forged message; any message to be signed by the eID card should not match this format, except in this protocol.…”

Section: Constructionmentioning

confidence: 99%

“…When the data has been stored on the remote server, it can be retrieved by the owner from everywhere (see Table II). First, the message keyGenMsg is reconstructed (1) and signed with the eID card (2). With the signature Sig, the secret key K T (3) is regenerated for encrypting the secret tag (4).…”

Section: Retrieveconfidentialdata(tag)mentioning

confidence: 99%

“…lack of essential functionality and, more importantly, real killer applications. Moreover, the use of the current eID card involves a few security and privacy hazards [2,3].A recent survey on the use of the Belgian eID card in corporate environments ‡ suggests one of the main obstacles for using the eID card is the mistrust in the technology. While about 99% of the Belgian citizens possess a Belgian eID card, 56% of the respondents never used it.…”

mentioning

confidence: 99%

“…lack of essential functionality and, more importantly, real killer applications. Moreover, the use of the current eID card involves a few security and privacy hazards [2,3].…”

mentioning

confidence: 99%

See 4 more Smart Citations

Building advanced applications with the Belgian eID

Lapon

Naessens

Verdegem

et al. 2010

Security Comm Networks

Self Cite

View full text Add to dashboard Cite

The Belgian Electronic Identity Card (eID) was introduced in 2002. The card enables Belgian citizens to digitally prove their identity and to sign electronic documents. Today, only a limited number of citizens really use the card in electronic applications. An important reason is the lack of killer functionality and killer applications.This paper presents two reusable extensions to the Belgian eID technology that opens up new opportunities for application developers. First, a secure and ubiquitously accessible remote storage service is presented. Second, it is shown how the eID card can be used to issue new certificates. The feasibility and reusability of both extensions are validated through the development of several applications in different domains. ‡ SAP Survey: Belgen verdeeld over gebruik van eID op het werk (sept. 2009 by Indigov). lack of essential functionality and, more importantly, real killer applications. Moreover, the use of the current eID card involves a few security and privacy hazards [2,3].A recent survey on the use of the Belgian eID card in corporate environments ‡ suggests one of the main obstacles for using the eID card is the mistrust in the technology. While about 99% of the Belgian citizens possess a Belgian eID card, 56% of the respondents never used it. The most important applications for which the eID was used, were personal eGovernment

show abstract

Section: Belgian Electronic Identity Card Technologymentioning

confidence: 99%

Section: Constructionmentioning

confidence: 99%

Section: Retrieveconfidentialdata(tag)mentioning

confidence: 99%

mentioning

confidence: 99%

“…lack of essential functionality and, more importantly, real killer applications. Moreover, the use of the current eID card involves a few security and privacy hazards [2,3].…”

mentioning

confidence: 99%

See 3 more Smart Citations

Building advanced applications with the Belgian eID

Lapon

Naessens

Verdegem

et al. 2010

Security Comm Networks

Self Cite

View full text Add to dashboard Cite

show abstract

Security and Privacy in Mobile Information and Communication Systems

Schmidt

Russello²,

Lioy

et al. 2009

Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

View full text Add to dashboard Cite

The Belgian Electronic Identity Card was introduced in 2002. The card enables Belgian citizens to prove their identity digitally and to sign electronic documents. Today, only a limited number of citizens really use the card in electronic applications. A major reason is the lack of killer functionality and killer applications. This paper presents two reusable extensions to the Belgian eID technology that opens up new opportunities for application developers. First, a secure and ubiquitously accessible remote storage service is presented. Second, we show how the eID card can be used to issue new certificates. To demonstrate the applicability and feasibility of both extensions, they are combined in the development of a secure e-mail application. The proposed solution offers strong privacy, security and key management properties while increasing the accessibility of confidential e-mail compared to existing solutions (such as PGP and S/MIME).

show abstract