Risk Assessment of a National Security Infrastructure

	This Article
	Subscribers, please Login Purchase article: $19 PDF HTML IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Kjell J. Hole Articles by André N. Klingsheim Articles by Lars-Helge Netland Articles by Yngve Espelid Articles by Thomas TjØstheim Articles by VebjØrn Moen

January/February 2009 (vol. 7 no. 1)

pp. 34-41

	ASCII Text	x
	Kjell J. Hole, André N. Klingsheim, Lars-Helge Netland, Yngve Espelid, Thomas TjØstheim, VebjØrn Moen, "Risk Assessment of a National Security Infrastructure," IEEE Security and Privacy, vol. 7, no. 1, pp. 34-41, January/February, 2009.

	BibTex	x
	@article{ 10.1109/MSP.2009.17, author = {Kjell J. Hole and André N. Klingsheim and Lars-Helge Netland and Yngve Espelid and Thomas TjØstheim and VebjØrn Moen}, title = {Risk Assessment of a National Security Infrastructure}, journal ={IEEE Security and Privacy}, volume = {7}, number = {1}, issn = {1540-7993}, year = {2009}, pages = {34-41}, doi = {http://doi.ieeecomputersociety.org/10.1109/MSP.2009.17}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - MGZN JO - IEEE Security and Privacy TI - Risk Assessment of a National Security Infrastructure IS - 1 SN - 1540-7993 SP34 EP41 EPD - 34-41 A1 - Kjell J. Hole, A1 - André N. Klingsheim, A1 - Lars-Helge Netland, A1 - Yngve Espelid, A1 - Thomas TjØstheim, A1 - VebjØrn Moen, PY - 2009 VL - 7 JA - IEEE Security and Privacy ER -

Kjell J. Hole, University of Bergen

André N. Klingsheim, NoWires Group AS

Lars-Helge Netland, NoWires Group AS

Yngve Espelid, Bouvet ASA

Thomas TjØstheim, EDB Business Partner

VebjØrn Moen, GE Money Bank

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2009.17

In Norway, BankID is the banking industry's public-key infrastructure of choice for authenticating Internet customers, and it might soon become the government's national ID infrastructure as well. But do BankID's differences from standard PKIs make it a riskier choice? This assessment, based on both publicly available information and usage experiences, addresses that question.

1. 34 K.J. Hole, V. Moen, and T. Tj⊘stheim, "Case Study: Online Banking Security," IEEE Security and Privacy, vol. 4, no. 2, 2006, pp. 14–20.2. K.J. Hole et al., "Lessons from the Norwegian ATM System," IEEE Security and Privacy, vol. 5, no. 6, 2007, pp. 25–31.3. A. Calder and S.G. Watkins, Information Security Risk Management for ISO27001/ISO17799, IT Governance Publishing, 2007.4. C. Adams and S. Lloyd, Understanding PKI, 2nd ed., Addison-Wesley, 2003.5. W. Stallings, Cryptography and Network Security, 4th ed., Prentice Hall, 2006.6. S.T. Kent and L.I. Millett eds., Who Goes There? Nat'l Academies Press, 2003.7. S.A. Thomas, , SSL and TLS Essentials, Wiley, 2000.8. J. Zhou, Non-Repudiation in Electronic Commerce, Artech House, 2001.9. The Norwegian Banks' Payment and Clearing Centre (BBS), BankID FOI White Paper, release 2.0.0, 2006 (in Norwegian).10. Bankenes Standardiseringskontor, Norsk BankID Sertifikatpolicy for Banklagrede Kvalifiserte Sertifikater Til Personkunder, version 1.1, 2005 (in Norwegian).11. RSA Laboratories, PKCS #12 v1.0: Personal Information Exchange Syntax Standard, 1999.12. Y. Espelid et al., "Robbing Banks with Their Own Software—An Exploit against Norwegian Online Banks," Proc. 23rd Int'l Information Security Conf. (SEC 2008), Springer, 2008, pp. 63–77.13. J.D. Meier et al., Improving Web Application Security: Threats and Countermeasures, Microsoft, 2003.14. J. Mirkovic et al., Internet Denial of Service, Prentice Hall, 2005.15. L. James, Phishing Exposed, Syngress, 2005.16. Y. Espelid et al., "A Proof-of-Concept Attack against Norwegian Internet Banking Systems," Proc. 12th Int'l Conf. on Financial Cryptography and Data Security (FC 08), LNCS 5143, Springer Verlag, 2008, pp. 197–201.17. K. Gj⊘steen, "Weaknesses in BankID, A PKI-substitute Deployed by Norwegian Banks," Public Key Infrastructure, LNCS 5057, Springer Verlag, 2008, pp. 196–206.

Citation:

Kjell J. Hole, André N. Klingsheim, Lars-Helge Netland, Yngve Espelid, Thomas TjØstheim, VebjØrn Moen, "Risk Assessment of a National Security Infrastructure," IEEE Security and Privacy, vol. 7, no. 1, pp. 34-41, Jan./Feb. 2009, doi:10.1109/MSP.2009.17

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.