see 2021
MasterClass / Identity for Security

How can eID Cards Improve the Security and Usability of Authentication Protocols? From the Design to the Security and Risk Analysis

Wednesday, June 23
7:30am - 8:20am MDT

When dealing with sensitive online services such as Public Administration, eHealth or eBanking, a proper and secure authentication is strictly required more than ever. However, the design of an authentication infrastructure must find a proper balance between the degree of security it attests and the level of usability it offers to the users: protocols requiring many complex steps may discourage users from accessing a service. Among all the authenticators that are currently spreading (especially in the European Union), eID cards are quite promising in this regard: they are issued by Governments after a careful check of the person’s identity, and are usually equipped with contactless chips featuring NFC and cryptographic capabilities enabling these documents to take part in sophisticated yet usable authentication solutions. Based on our experience with Italian eID cards in a joint project with the Italian Government Printing Office and Mint (Poligrafico e Zecca dello Stato Italiano), we will investigate how these can be used within authentication flows to enhance the overall security while keeping an adequate level of usability for different use case scenarios such as accessing Public Administration services and private enterprise services. We will also detail the methodology that we have developed to analyze the security and risks of such protocols, finally providing some examples of both basic and more complex attacks detected by the different levels of our analysis.