Encryption-based Second Authentication Factor Solutions for Qualified Server-side Signature Creation

Christof Rath; Simon Roth; Harald Bratko; Thomas Zefferer

doi:10.1007/978-3-319-22389-6_6

Encryption-based Second Authentication Factor Solutions for Qualified Server-side Signature Creation

Christof Rath^*
, Simon Roth
, Harald Bratko
, Thomas Zefferer

^*Corresponding author for this work

Institute of Information Security (7050)

Research output: Chapter in Book/Report/Conference proceeding › Conference paper › peer-review

Abstract

Electronic identity (eID) and electronic signature (e-signature) are key concepts of transactional e-government solutions. Especially in Europe, server-based eID and e-signature solutions have recently gained popularity, as they provide enhanced usability while still complying with strict security requirements. To implement obligatory two-factor user-authentication schemes, current server-based eID and e-signature solutions typically rely on one-time passwords delivered to the user via short message service (SMS). This raises several issues in practice, as the use of SMS technology can be cost-effective and insecure. To address these issues, we propose an alternative two-factor user-authentication scheme following a challenge-response approach. The feasibility and applicability of the proposed user-authentication scheme is evaluated by means of two concrete implementations. This way, we show that the proposed authentication scheme and its implementations improve both the cost effectiveness and the security of server-based eID and e-signature solutions.

Original language	English
Title of host publication	Electronic Government and the Information Systems Perspective. EGOVIS 2015
Subtitle of host publication	4th International Conference, EGOVIS 2015, Valencia, Spain, September 1-3, 2015, Proceedings
Place of Publication	Cham
Publisher	Springer
Pages	71-85
ISBN (Print)	978-3-319-22388-9
DOIs	https://doi.org/10.1007/978-3-319-22389-6_6
Publication status	Published - 2015
Event	4th International Conference on Electronic Government and the Information Systems Perspective : EGOVIS 2015 - Valencia, Spain Duration: 1 Sept 2015 → 4 Sept 2015

Publication series

Name	Lecture Notes in Computer Science
Publisher	Springer
Volume	9265

Conference

Conference	4th International Conference on Electronic Government and the Information Systems Perspective
Abbreviated title	EGOVIS 2015
Country/Territory	Spain
City	Valencia
Period	1/09/15 → 4/09/15

Fields of Expertise

Information, Communication & Computing

Access to Document

10.1007/978-3-319-22389-6_6

chp_253A10.1007_252F978-3-319-22389-6_6Final published version, 1.33 MB

Electronic Government (E-government)
Tauber, A. (Attendee), Leitold, H. (Coordinator), Stranacher, K. (Attendee), Ivkovic, M. (Attendee), Zefferer, T. (Attendee), Zwattendorfer, B. (Attendee), Knall, T. (Attendee), Neuherz, E. (Attendee), Danner, P. (Attendee), Bonato, M. (Attendee), Posch, R. (Coordinator), Orthacker, C. (Attendee), Bauer, W. (Attendee), Rössler, T. (Coordinator), Posch, K.-C. (Attendee) & Teufl, P. (Attendee)
1/01/05 → 15/06/19
Project: Research area

COST CALCULATION IN PREFABRICATED TIMBER CONSTRUCTION - PROCESS ANALYSIS ON SITE AND APPLICABILITY F
Koppelhuber, J., Schlagbauer, D. & Heck, D.
23/11/15
1 Media contribution
Press/Media: Press / Media

Cite this

Rath, C., Roth, S., Bratko, H., & Zefferer, T. (2015). Encryption-based Second Authentication Factor Solutions for Qualified Server-side Signature Creation. In Electronic Government and the Information Systems Perspective. EGOVIS 2015: 4th International Conference, EGOVIS 2015, Valencia, Spain, September 1-3, 2015, Proceedings (pp. 71-85). (Lecture Notes in Computer Science; Vol. 9265). Springer. https://doi.org/10.1007/978-3-319-22389-6_6

Encryption-based Second Authentication Factor Solutions for Qualified Server-side Signature Creation. / Rath, Christof; Roth, Simon; Bratko, Harald et al.
Electronic Government and the Information Systems Perspective. EGOVIS 2015: 4th International Conference, EGOVIS 2015, Valencia, Spain, September 1-3, 2015, Proceedings. Cham: Springer, 2015. p. 71-85 (Lecture Notes in Computer Science; Vol. 9265).

Research output: Chapter in Book/Report/Conference proceeding › Conference paper › peer-review

Rath, C, Roth, S, Bratko, H & Zefferer, T 2015, Encryption-based Second Authentication Factor Solutions for Qualified Server-side Signature Creation. in Electronic Government and the Information Systems Perspective. EGOVIS 2015: 4th International Conference, EGOVIS 2015, Valencia, Spain, September 1-3, 2015, Proceedings. Lecture Notes in Computer Science, vol. 9265, Springer, Cham, pp. 71-85, 4th International Conference on Electronic Government and the Information Systems Perspective , Valencia, Spain, 1/09/15. https://doi.org/10.1007/978-3-319-22389-6_6

Rath C, Roth S, Bratko H , Zefferer T. Encryption-based Second Authentication Factor Solutions for Qualified Server-side Signature Creation. In Electronic Government and the Information Systems Perspective. EGOVIS 2015: 4th International Conference, EGOVIS 2015, Valencia, Spain, September 1-3, 2015, Proceedings. Cham: Springer. 2015. p. 71-85. (Lecture Notes in Computer Science). doi: 10.1007/978-3-319-22389-6_6

Rath, Christof ; Roth, Simon ; Bratko, Harald et al. / Encryption-based Second Authentication Factor Solutions for Qualified Server-side Signature Creation. Electronic Government and the Information Systems Perspective. EGOVIS 2015: 4th International Conference, EGOVIS 2015, Valencia, Spain, September 1-3, 2015, Proceedings. Cham : Springer, 2015. pp. 71-85 (Lecture Notes in Computer Science).

@inproceedings{2801e896750640a2aa05ed7eb2d9da31,

title = "Encryption-based Second Authentication Factor Solutions for Qualified Server-side Signature Creation",

abstract = "Electronic identity (eID) and electronic signature (e-signature) are key concepts of transactional e-government solutions. Especially in Europe, server-based eID and e-signature solutions have recently gained popularity, as they provide enhanced usability while still complying with strict security requirements. To implement obligatory two-factor user-authentication schemes, current server-based eID and e-signature solutions typically rely on one-time passwords delivered to the user via short message service (SMS). This raises several issues in practice, as the use of SMS technology can be cost-effective and insecure. To address these issues, we propose an alternative two-factor user-authentication scheme following a challenge-response approach. The feasibility and applicability of the proposed user-authentication scheme is evaluated by means of two concrete implementations. This way, we show that the proposed authentication scheme and its implementations improve both the cost effectiveness and the security of server-based eID and e-signature solutions.",

author = "Christof Rath and Simon Roth and Harald Bratko and Thomas Zefferer",

year = "2015",

doi = "10.1007/978-3-319-22389-6\_6",

language = "English",

isbn = "978-3-319-22388-9",

series = "Lecture Notes in Computer Science",

publisher = "Springer",

pages = "71--85",

booktitle = "Electronic Government and the Information Systems Perspective. EGOVIS 2015",

address = "United States",

note = "4th International Conference on Electronic Government and the Information Systems Perspective : EGOVIS 2015, EGOVIS 2015 ; Conference date: 01-09-2015 Through 04-09-2015",

}

TY - GEN

T1 - Encryption-based Second Authentication Factor Solutions for Qualified Server-side Signature Creation

AU - Rath, Christof

AU - Roth, Simon

AU - Bratko, Harald

AU - Zefferer, Thomas

PY - 2015

Y1 - 2015

N2 - Electronic identity (eID) and electronic signature (e-signature) are key concepts of transactional e-government solutions. Especially in Europe, server-based eID and e-signature solutions have recently gained popularity, as they provide enhanced usability while still complying with strict security requirements. To implement obligatory two-factor user-authentication schemes, current server-based eID and e-signature solutions typically rely on one-time passwords delivered to the user via short message service (SMS). This raises several issues in practice, as the use of SMS technology can be cost-effective and insecure. To address these issues, we propose an alternative two-factor user-authentication scheme following a challenge-response approach. The feasibility and applicability of the proposed user-authentication scheme is evaluated by means of two concrete implementations. This way, we show that the proposed authentication scheme and its implementations improve both the cost effectiveness and the security of server-based eID and e-signature solutions.

AB - Electronic identity (eID) and electronic signature (e-signature) are key concepts of transactional e-government solutions. Especially in Europe, server-based eID and e-signature solutions have recently gained popularity, as they provide enhanced usability while still complying with strict security requirements. To implement obligatory two-factor user-authentication schemes, current server-based eID and e-signature solutions typically rely on one-time passwords delivered to the user via short message service (SMS). This raises several issues in practice, as the use of SMS technology can be cost-effective and insecure. To address these issues, we propose an alternative two-factor user-authentication scheme following a challenge-response approach. The feasibility and applicability of the proposed user-authentication scheme is evaluated by means of two concrete implementations. This way, we show that the proposed authentication scheme and its implementations improve both the cost effectiveness and the security of server-based eID and e-signature solutions.

U2 - 10.1007/978-3-319-22389-6_6

DO - 10.1007/978-3-319-22389-6_6

M3 - Conference paper

SN - 978-3-319-22388-9

T3 - Lecture Notes in Computer Science

SP - 71

EP - 85

BT - Electronic Government and the Information Systems Perspective. EGOVIS 2015

PB - Springer

CY - Cham

T2 - 4th International Conference on Electronic Government and the Information Systems Perspective

Y2 - 1 September 2015 through 4 September 2015

ER -

Encryption-based Second Authentication Factor Solutions for Qualified Server-side Signature Creation

Abstract

Publication series

Conference

Fields of Expertise

Access to Document

Fingerprint

Projects

Electronic Government (E-government)

Press/Media

COST CALCULATION IN PREFABRICATED TIMBER CONSTRUCTION - PROCESS ANALYSIS ON SITE AND APPLICABILITY F

Cite this