The Community for Technology Leaders
RSS Icon
Subscribe
Issue No.01 - January/February (2009 vol.7)
pp: 34-41
Kjell J. Hole , University of Bergen
André N. Klingsheim , NoWires Group AS
Lars-Helge Netland , NoWires Group AS
Yngve Espelid , Bouvet ASA
Thomas TjØstheim , EDB Business Partner
VebjØrn Moen , GE Money Bank
ABSTRACT
In Norway, BankID is the banking industry's public-key infrastructure of choice for authenticating Internet customers, and it might soon become the government's national ID infrastructure as well. But do BankID's differences from standard PKIs make it a riskier choice? This assessment, based on both publicly available information and usage experiences, addresses that question.
CITATION
Kjell J. Hole, André N. Klingsheim, Lars-Helge Netland, Yngve Espelid, Thomas TjØstheim, VebjØrn Moen, "Risk Assessment of a National Security Infrastructure", IEEE Security & Privacy, vol.7, no. 1, pp. 34-41, January/February 2009, doi:10.1109/MSP.2009.17
REFERENCES
1. K.J. Hole, V. Moen, and T. Tj⊘stheim, "Case Study: Online Banking Security," IEEE Security and Privacy, vol. 4, no. 2, 2006, pp. 14–20.
2. K.J. Hole et al., "Lessons from the Norwegian ATM System," IEEE Security and Privacy, vol. 5, no. 6, 2007, pp. 25–31.
3. A. Calder and S.G. Watkins, Information Security Risk Management for ISO27001/ISO17799, IT Governance Publishing, 2007.
4. C. Adams and S. Lloyd, Understanding PKI, 2nd ed., Addison-Wesley, 2003.
5. W. Stallings, Cryptography and Network Security, 4th ed., Prentice Hall, 2006.
6. S.T. Kent and L.I. Millett eds., Who Goes There? Nat'l Academies Press, 2003.
7. S.A. Thomas, , SSL and TLS Essentials, Wiley, 2000.
8. J. Zhou, Non-Repudiation in Electronic Commerce, Artech House, 2001.
9. The Norwegian Banks' Payment and Clearing Centre (BBS), BankID FOI White Paper, release 2.0.0, 2006 (in Norwegian).
10. Bankenes Standardiseringskontor, Norsk BankID Sertifikatpolicy for Banklagrede Kvalifiserte Sertifikater Til Personkunder, version 1.1, 2005 (in Norwegian).
11. RSA Laboratories, PKCS #12 v1.0: Personal Information Exchange Syntax Standard, 1999.
12. Y. Espelid et al., "Robbing Banks with Their Own Software—An Exploit against Norwegian Online Banks," Proc. 23rd Int'l Information Security Conf. (SEC 2008), Springer, 2008, pp. 63–77.
13. J.D. Meier et al., Improving Web Application Security: Threats and Countermeasures, Microsoft, 2003.
14. J. Mirkovic et al., Internet Denial of Service, Prentice Hall, 2005.
15. L. James, Phishing Exposed, Syngress, 2005.
16. Y. Espelid et al., "A Proof-of-Concept Attack against Norwegian Internet Banking Systems," Proc. 12th Int'l Conf. on Financial Cryptography and Data Security (FC 08), LNCS 5143, Springer Verlag, 2008, pp. 197–201.
17. K. Gj⊘steen, "Weaknesses in BankID, A PKI-substitute Deployed by Norwegian Banks," Public Key Infrastructure, LNCS 5057, Springer Verlag, 2008, pp. 196–206.
6 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool