We investigate eIDAS Token specification for Pseudonymous Signature published recently by German security authority BSI, German Federal Office for Information Security. We analyze how far the current specification prevents privacy violations by the Issuer by malicious or simply careless implementation.We find that, despite the declared design goal of protecting privacy of the citizens, it is quite easy to convert the system into a "Big Brother" system and enable spying the citizens by third parties. We show that there is a simple and elegant way for preventing all attacks of the kind described. Moreover, we show that it is possible with relatively small amendments to the scheme.
CITATION STYLE
Kutyłowski, M., Hanzlik, L., & Kluczniak, K. (2016). Pseudonymous signature on eIDAS token - Implementation based privacy threats. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 9723, pp. 467–477). Springer Verlag. https://doi.org/10.1007/978-3-319-40367-0_31
Mendeley helps you to discover research relevant for your work.