Abstract
The purpose of this research is to provide a detailed description of the 2017 ROCA (Return of the Coppersmith’s Attack) case in Estonia and to explore what implications this large-scale security risk poses on a fully rolled-out state-provided eID scheme. The analysis focuses on three areas, i.e., (i) the state’s political tasks and responsibilities, (ii) the role of the ICT industry in the eID provision process; and, (iii) the opportunities and obligations for the end users, including the state itself as the primary end user of the eID. We have conducted a thematic analysis of 32 semi-structured interviews of 41 Estonian high-level experts closely involved in solving the 2017 ROCA vulnerability case in Estonia. These interviews provide a deep insight into the crisis management process as well as into the characteristics of the Estonian eID area. Based on the insights from the Estonian case, we suggest a paradigm shift of eID management that recognises eID as the citizens’ right and its provision as the state’s obligation.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
- 11.
- 12.
- 13.
References
Bharosa, N., Lips, S., Draheim, D.: Making e-government work: learning from the Netherlands and Estonia. In: Hofmann, S., et al. (eds.) ePart 2020. LNCS, vol. 12220, pp. 41–53. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-58141-1_4
Braun, V., Clarke, V.: Using thematic analysis in psychology. Qual. Res. Psychol. 3(2), 77–101 (2006)
Buldas, A., et al..: Id-kaardi kaasuse õppetunnid. Tallinn University of Technology, School of Information Technolgy, Technical Report (2018)
Compton, M., Hart, P.: Great policy successes. Oxford University Press, Oxford (2019)
van Dijck, J., Jacobs, B.: Electronic identity services as sociotechnical and political-economic constructs. New Media Soc. 22(5), 896–914 (2020)
Hedström, K., Wihlborg, E., Gustafsson, M.S., Söderström, F.: Constructing identities-professional use of eID in public organisations. Transf. Govt: People Process Policy 9(2), 143–158 (2015)
Information System Authority: Estonia offers recommendations in the light of eID vulnerability (2018). https://www.ria.ee/en/news/estonia-offers-recommendations-light-eid-vulnerability.html
Kattel, R., Mergel, I.: Estonia’s digital transformation: mission mystique and the hiding hand. In: Compton, M., Hart, P. (eds.) Great Policy Successes, pp. 143–160. Oxford University Press, Oxford (2019)
Koppenjan, J., Groenewegen, J.: Institutional design for complex technological systems. Int. J. Technol. Policy Manag. 5(3), 240–257 (2005)
Latour, B.: Technology is society made durable. Sociol. Rev. 38(1), 103–131 (1990)
Lips, S., Aas, K., Pappel, I., Draheim, D.: Designing an effective long-term identity management strategy for a mature e-state. In: Kő, A., Francesconi, E., Anderst-Kotsis, G., Tjoa, A., Khalil, I. (eds.) EGOVIS 2019. LNCS, vol. 11709, pp. 221–234. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-27523-5_16
Lips, S., Bharosa, N., Draheim, D.: eIDAS implementation challenges: the case of Estonia and the Netherlands. In: Chugunov, A., Khodachek, I., Misnikov, Y., Trutnev, D. (eds.) EGOSE 2020. CCIS, vol. 1349, pp. 75–89. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-67238-6_6
Lips, S., Pappel, I., Tsap, V., Draheim, D.: Key factors in coping with large-scale security vulnerabilities in the eID field. In: Kő, A., Francesconi, E. (eds.): EGOVIS 2018. LNCS, vol. 11032 , pp. 60–70. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-98349-3_5
Muldme, A., Pappel, I., Lauk, M., Draheim, D.: A survey on customer satisfaction in national electronic id user support. In: Proceedings of ICEDEG 2018 - the 5th International Conference on eDemocracy & eGovernment. pp. 31–37. IEEE (2018)
Nemec, M., Sys, M., Svenda, P., Klinec, D., Matyas, V.: The return of Coppersmith’s attack: practical factorization of widely used RSA moduli. In: Proceeding of the 2017 ACM SIGSAC Conference on Computer and Communications Security, pp. 1631–1648 (2017)
Parsovs, A.: Solving the Estonian ID card crisis: the legal issues. In: Proceeding of ISCRAM’2020 - the 17th International Conference on Information Systems for Crisis Response and Management, pp. 459–471 (2020)
Pedak, M.: ID-1 formaadis dokumentide funktsionaalsuse uuring. Tech. rep., e-Governance Academy (2013)
Produit, B.: Optimization of the ROCA (CVE-2017-15361) Attack. Master’s thesis, University of Tartu, Institute of Computer Science, Estonia (2019)
Saputro, R., Pappel, I., Vainsalu, H., Lips, S., Draheim, D.: Prerequisites for the adoption of the X-Road interoperability and data exchange framework: a comparative study. In: Proceeding of ICEDEG’2020 - the 7th International Conference on eDemocracy & eGovernment, pp. 216–222. IEEE (2020)
Tsap, V., Lips, S., Draheim, D.: Analyzing eID public acceptance and user preferences for current authentication Options in Estonia. In: Kő, A., Francesconi, E., Kotsis, G., Tjoa, A.M., Khalil, I. (eds.) EGOVIS 2020. LNCS, vol. 12394, pp. 159–173. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-58957-8_12
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Valtna-Dvořák, A., Lips, S., Tsap, V., Ottis, R., Priisalu, J., Draheim, D. (2021). Vulnerability of State-Provided Electronic Identification: The Case of ROCA in Estonia. In: Kö, A., Francesconi, E., Kotsis, G., Tjoa, A.M., Khalil, I. (eds) Electronic Government and the Information Systems Perspective. EGOVIS 2021. Lecture Notes in Computer Science(), vol 12926. Springer, Cham. https://doi.org/10.1007/978-3-030-86611-2_6
Download citation
DOI: https://doi.org/10.1007/978-3-030-86611-2_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-86610-5
Online ISBN: 978-3-030-86611-2
eBook Packages: Computer ScienceComputer Science (R0)