Skip to main content
SpringerLink
Log in

Pseudonymous Signature on eIDAS Token – Implementation Based Privacy Threats

  • Conference paper
  • First Online:
Information Security and Privacy (ACISP 2016)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9723))

Included in the following conference series:

Abstract

We investigate eIDAS Token specification for Pseudonymous Signature published recently by German security authority BSI, German Federal Office for Information Security. We analyze how far the current specification prevents privacy violations by the Issuer by malicious or simply careless implementation. We find that, despite the declared design goal of protecting privacy of the citizens, it is quite easy to convert the system into a “Big Brother” system and enable spying the citizens by third parties.

We show that there is a simple and elegant way for preventing all attacks of the kind described. Moreover, we show that it is possible with relatively small amendments to the scheme.

This research has been supported by the Polish National Science Centre, project HARMONIA, DEC-2013/08/M/ST6/00928.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    We change the notation from [5] and indicate explicitly the key owner.

  2. 2.

    The description of NymVf contains a misprint: y should be replaced by \(g_2\), which corresponds to \(\textit{PK}_M\) in [5].

References

  1. Bao, F., Deng, R.H., Zhu, H.: Variations of Diffie-Hellman problem. In: Qing, S., Gollmann, D., Zhou, J. (eds.) ICICS 2003. LNCS, vol. 2836, pp. 301–312. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  2. Bender, J., Dagdelen, Ö., Fischlin, M., Kügler, D.: Domain-specific pseudonymous signatures for the German identity card. IACR Cryptology ePrint Archive 2012, 558 (2012)

    Google Scholar 

  3. Bender, J., Dagdelen, Ö., Fischlin, M., Kügler, D.: Domain-specific pseudonymous signatures for the German identity card. In: Gollmann, D., Freiling, F.C. (eds.) ISC 2012. LNCS, vol. 7483, pp. 104–119. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  4. Bringer, J., Chabanne, H., Lescuyer, R., Patey, A.: Efficient and strongly secure dynamic domain-specific pseudonymous signatures for ID documents. In: Christin, N., Safavi-Naini, R. (eds.) FC 2014. LNCS, vol. 8437, pp. 252–269. Springer, Heidelberg (2014)

    Google Scholar 

  5. BSI: Advanced Security Mechanisms for Machine Readable Travel Documents and eIDAS Token 2.20. Technical Guideline TR-03110-2 (2015)

    Google Scholar 

  6. European Parliament the Council: Regulation (EU) No 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC (2014)

    Google Scholar 

  7. Hanzlik, L., Kutyłowski, M.: Insecurity of anonymous login with German personal identity cards. In: Security and Privacy in Social Networks and Big Data (SocialSec), pp. 39–43. IEEE Computer Society (2015)

    Google Scholar 

  8. Kluczniak, K.: Anonymous authentication using electronic identity documents. Ph.D. Dissertation, submitted (2016)

    Google Scholar 

  9. Kluczniak, K.: Domain-specific pseudonymous signatures revisited. IACR Cryptology ePrint Archive 2016, 70 (2016)

    Google Scholar 

  10. NIST: Annex C: Approved random number generators for FIPS PUB 140–2, security requirements for cryptographic modules, January 2016. http://csrc.nist.gov/publications/fips/fips140-2/fips1402annexc.pdf

Download references

Author information

Authors and Affiliations

  1. Faculty of Fundamental Problems of Technology, Politechnika Wrocławska, Wrocław, Poland

    Mirosław Kutyłowski, Lucjan Hanzlik & Kamil Kluczniak

Authors
  1. Mirosław Kutyłowski
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Lucjan Hanzlik
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Kamil Kluczniak
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Mirosław Kutyłowski .

Editor information

Editors and Affiliations

  1. Monash University , Melbourne, Victoria, Australia

    Joseph K. Liu

  2. Monash University , Melbourne, Victoria, Australia

    Ron Steinfeld

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing Switzerland

About this paper

Cite this paper

Kutyłowski, M., Hanzlik, L., Kluczniak, K. (2016). Pseudonymous Signature on eIDAS Token – Implementation Based Privacy Threats. In: Liu, J., Steinfeld, R. (eds) Information Security and Privacy. ACISP 2016. Lecture Notes in Computer Science(), vol 9723. Springer, Cham. https://doi.org/10.1007/978-3-319-40367-0_31

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-40367-0_31

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-40366-3

  • Online ISBN: 978-3-319-40367-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation