Papers
Topics
Authors
Recent
Search
2000 character limit reached

Failures of public key infrastructure: 53 year survey

Published 10 Jan 2024 in cs.DC and cs.CR | (2401.05239v2)

Abstract: The Public Key Infrastructure existed in critical infrastructure systems since the expansion of the World Wide Web, but to this day its limitations have not been completely solved. With the rise of government-driven digital identity in Europe, it is more important than ever to understand how PKI can be an efficient frame for eID and to learn from mistakes encountered by other countries in such critical systems. This survey aims to analyze the literature on the problems and risks that PKI exhibits, establish a brief timeline of its evolution in the last decades and study how it was implemented in digital identity projects.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (67)
  1. Overview of the german identity card project and lessons learned, 2020.
  2. Pacing europe’s progress towards the digital decade targets: Jrc reports help to shape our way forward, 2023.
  3. K Abhijeet. Decrypting aadhaar. 2021.
  4. Sunil Abraham. Building trust: Lessons from canada’s approach to digital identity. ORF Issue Brief No. 367, Observer Research Foundation, 2020.
  5. Ali M Al-Khouri. Pki in government digital identity management systems. European Journal of ePractice, 4(4), 2012.
  6. Towards practical attribute-based identity management: The irma trajectory. In Policies and Research in Identity Management: Third IFIP WG 11.6 Working Conference, IDMAN 2013, London, UK, April 8-9, 2013. Proceedings 3, pages 1–3. Springer, 2013.
  7. Credential design in attribute-based identity management. 2013.
  8. Irma: practical, decentralized and privacy-friendly identity management using smartphones. In 10th Workshop on Hot Topics in Privacy Enhancing Technologies (HotPETs 2017), pages 1–2, 2017.
  9. Gary Anthes. Estonia: a model for e-government. Communications of the ACM, 58(6):18–20, 2015.
  10. Siddhartha Arora. National e-id card schemes: A european overview. Information Security Technical Report, 13(2):46–53, 2008.
  11. Canadian Bankers Association et al. Canada’s digital id future-a federated approach. Canadian Bankers Association, Tech. Rep, 2018.
  12. Shweta Banerjee. Aadhaar: Digital inclusion and public services in india. World Development Report, pages 81–92, 2016.
  13. The keynote trust-management system version 2. Technical report, 1999.
  14. Dan Boneh et al. Twenty years of attacks on the rsa cryptosystem. Notices of the AMS, 46(2):203–213, 1999.
  15. Andre Boysen. Decentralized, self-sovereign, consortium: The future of digital identity in canada. Frontiers in Blockchain, page 11, 2021.
  16. Stefan Brands. Rethinking public key infrastructures and digital certificates: building in privacy. Mit Press, 2000.
  17. Garrison Breckenridge. A brief history of digital identity, June 2018.
  18. Implementing advanced electronic signature by public digital identity system (spid). In Electronic Government and the Information Systems Perspective: 5th International Conference, EGOVIS 2016, Porto, Portugal, September 5-8, 2016, Proceedings 5, pages 289–303. Springer, 2016.
  19. Enhancing public digital identity system (spid) to prevent information leakage. In Electronic Government and the Information Systems Perspective: 4th International Conference, EGOVIS 2015, Valencia, Spain, September 1–3, 2015, Proceedings 4, pages 57–70. Springer, 2015.
  20. Keyless signatures’ infrastructure: How to build global distributed hash-trees. In Nordic Conference on Secure IT Systems, pages 313–320. Springer, 2013.
  21. Bruce Schneier Carl Ellison. Ten risks of pki: What you’re not being told about public key infrastructure. Computer Security Journal, 16(1):1–7, 2000.
  22. THE EUROPEAN COMMISSION. Commission recommendation (eu) on a common union toolbox for a coordinated approach towards a european digital identity framework. Official Journal of the European Union, June 2021.
  23. Backup and Recovery of IRMA Credentials. PhD thesis, Master’s thesis, Radboud University Nijmegen, 2019.
  24. New directions in cryptography. In Democratizing Cryptography: The Work of Whitfield Diffie and Martin Hellman, pages 365–390. 2022.
  25. Pam Dixon. A failure to “do no harm”–india’s aadhaar biometric id program and its inability to protect privacy in relation to measures in europe and the us. Health and technology, 7(4):539–567, 2017.
  26. William Echikson. Europe’s digital identification opportunity, 2020.
  27. James H Ellis. The possibility of secure non-secret digital encryption. UK Communications Electronics Security Group, 8, 1970.
  28. Matthew Henry Fredette. An implementation of SDSI: the simple distributed security infrastructure. PhD thesis, Massachusetts Institute of Technology, 1997.
  29. Identification revolution: Can digital ID be harnessed for development? Brookings Institution Press, 2018.
  30. Miguel Goede. E-estonia: The e-government cases of estonia, singapore, and curacao. Archives of Business Research, 7(2), 2019.
  31. Draft nist special publication 800-63-3 digital identity guidelines. World Bank, 2017.
  32. Public key infrastructure for uae: A case study. In Proceedings of the 6th international conference on security of information and networks, pages 336–340, 2013.
  33. Nordic digital identification (eID). Nordic Council of Ministers, 2016.
  34. Nathan Heller. Estonia, the digital republic. The New Yorker, 18, 2017.
  35. An id card for the internet–the new german id card with “electronic proof of identity”. Computer Law & Security Review, 26(2):151–157, 2010.
  36. Improving the Public Key Infrastructure (PKI) for the World Wide Web. Internet-Draft draft-iab-web-pki-problems-05, Internet Engineering Task Force, October 2016. Work in Progress.
  37. Digital sovereignty and identity in the european union: A challenge for building europe. European Studies, 9(2):80–109, 2022.
  38. Gunther Pernul Javier Lopez, Rolf Oppliger. Why have public key infrastructures failed so far? Internet Research, 15(5):544–556, 2005.
  39. Estonia’s digital transformation: Mission mystique and the hiding hand, 2019.
  40. Sovrin: digital identities in the blockchain era. Github Commit by jasonalaw October, 17:38–99, 2017.
  41. Open banking in canada–the path to implementation. CD Howe Institute Commentary, 579, 2020.
  42. Philipp Liesbrock. The giant is lagging behind how the german electronic id fails to reap its potential. Degree project at the master’s level, Stockholm University, November 2022.
  43. eidas implementation challenges: the case of estonia and the netherlands. In International conference on electronic governance and open society: challenges in Eurasia, pages 75–89. Springer, 2020.
  44. Vance Michael Lockton. e-government and identity management in british columbia: implementation of the bceid. 2009.
  45. Tarvi Martens. Electronic identity management in estonia between market and state governance. Identity in the Information Society, 3(1):213–233, 2010.
  46. An implementation of a secure web client using spki/sdsi certificates. 07 2000.
  47. Alexander Morcos. A java implementation of simple distributed security infrastructure. PhD thesis, Massachusetts Institute of Technology, 1998.
  48. Self-sovereign identity: A comparison of irma and sovrin. Technical Report TNO2019R11011, Tech. Rep, 2019.
  49. The introduction of online authentication as part of the new electronic national identity card in germany. Identity in the Information Society, 3:87–110, 2010.
  50. Key management for blockchain technology. ICT express, 7(1):76–80, 2021.
  51. Arnis Parsovs. Solving the estonian id card crisis: The legal issues. In ISCRAM 2020 Conference Proceedings-17th International Conference on Information Systems for Crisis Response and Management, pages 459–471, 2020.
  52. eid and self-sovereign identity usage: an overview. Electronics, 10(22):2811, 2021.
  53. Requirements for a new peruvian electronic identity card. In 2020 IEEE XXVII International Conference on Electronics, Electrical Engineering and Computing (INTERCON), pages 1–4. IEEE, 2020.
  54. Aadhaar: governing with biometrics, 2019.
  55. The technical foundations of sovrin. The Technical Foundations of Sovrin, 2016.
  56. Sdsi – a simple distributed security infrastructure. See the SDSI web page at http://theory.lcs.mit.edu/ cis/sdsi.html, 08 1996.
  57. Srijoni Sen. A decade of aadhaar: Lessons in implementing a foundational id system. ORF Issue Brief No, 292, 2019.
  58. Paving a Digital Road to Hell? A Primer on the Role of the World Bank and Global Networks in Promoting Digital ID. Center for Human Rights and Global Justice, June 2022.
  59. Blockchain, digital identity, e-government. Business Transformation through Blockchain: Volume II, pages 233–258, 2019.
  60. Digital Technologies. Showcase programme “secure digital identities”, 2023.
  61. Government services and digital identity. Knowledge Media Institute of the Open University, 2018.
  62. Blockchain and aadhaar based electronic voting system. In 2020 4th International Conference on Electronics, Communication and Aerospace Technology (ICECA), pages 498–504. IEEE, 2020.
  63. Peter Watkins. Trust and identity management. 2007.
  64. Perspectives: Improving {{\{{SSH-style}}\}} host authentication with {{\{{Multi-Path}}\}} probing. In 2008 USENIX Annual Technical Conference (USENIX ATC 08), 2008.
  65. Digital identification: A key to inclusive growth. McKinsey Global Institute, April 2019.
  66. Phillip Windley. How sovrin works. Sovrin Foundation, pages 1–10, 2016.
  67. Phillip J Windley. Sovrin: An identity metasystem for self-sovereign identity. Frontiers in Blockchain, 4:626726, 2021.

Summary

No one has generated a summary of this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Sign Up to Summarize

Whiteboard

No one has generated a whiteboard explanation for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Sign Up to Generate

Open Problems

We haven't generated a list of open problems mentioned in this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Generate Now

Continue Learning

We haven't generated follow-up questions for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Generate Now

Collections

Sign up for free to add this paper to one or more collections.

User Circle Single Streamline Icon: https://streamlinehq.com Sign Up