Key Factors in Coping with Large-Scale Security Vulnerabilities in the eID Field

被引：12

作者：

Lips, Silvia ^{[1
]}

Pappel, Ingrid ^{[2
]}

Tsap, Valentyna ^{[2
]}

Draheim, Dirk ^{[2
]}

机构：

[1] Politsei, Parnu Mnt 139, EE-15060 Tallinn, Estonia

[2] Tallinn Univ Technol, Large Scale Syst Grp, Akad Tee 15a, EE-12618 Tallinn, Estonia

来源：

ELECTRONIC GOVERNMENT AND THE INFORMATION SYSTEMS PERSPECTIVE, EGOVIS 2018 | 2018年 / 11032卷

关键词：

e-identity; e-governance; e-services; IT security Crisis management; Business continuity management;

D O I：

10.1007/978-3-319-98349-3_5

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

In 2017, the encryption vulnerability of a widespread chip led to major, nation-wide eID card incidents in several EU countries. In this paper, we investigate the Estonian case. We start with an analysis of the Estonian eID field in terms of stakeholders and their responsibilities. Then, we describe the incident management from the inside perspective of the crisis management team, covering the whole incident timeline (including issues in response, continuity and recovery). From this, we are able to derive key factors in coping with large-scale security vulnerabilities in the eID field (public -private partnership, technical factors, crisis management, documentation), which encourages further research and systematization.

引用

页码：60 / 70

页数：11

共 50 条

[1] A Large-Scale Study on the Security Vulnerabilities of Cloud Deployments
Iosif, Andrei-Cristian
Gasiba, Tiago Espinha
Zhao, Tiange
Lechner, Ulrike
Pinto-Albuquerque, Maria
[J]. UBIQUITOUS SECURITY, 2022, 1557 : 171 - 188
[2] PDGraph: A Large-Scale Empirical Study on Project Dependency of Security Vulnerabilities
Li, Qiang
Song, Jinke
Tan, Dawei
Wang, Haining
Liu, Jiqiang
[J]. 51ST ANNUAL IEEE/IFIP INTERNATIONAL CONFERENCE ON DEPENDABLE SYSTEMS AND NETWORKS (DSN 2021), 2021, : 161 - 173
[3] Security domains: Key management in large-scale systems
Michener, JR
Acar, T
[J]. IEEE SOFTWARE, 2000, 17 (05) : 52 - +
[4] STORK: a real, heterogeneous, large-scale eID management system
Ribeiro, Carlos
Leitold, Herbert
Esposito, Simon
Mitzam, David
[J]. INTERNATIONAL JOURNAL OF INFORMATION SECURITY, 2018, 17 (05) : 569 - 585
[5] STORK: a real, heterogeneous, large-scale eID management system
Carlos Ribeiro
Herbert Leitold
Simon Esposito
David Mitzam
[J]. International Journal of Information Security, 2018, 17 : 569 - 585
[6] KEY FACTORS FOR IMPROVING LARGE-SCALE HYDROLOGICAL MODEL PERFORMANCE
Andersson, J. C. M.
Pechlivanidis, I. G.
Gustafsson, D.
Donnelly, C.
Arheimer, B.
[J]. PROCEEDINGS OF THE 13TH INTERNATIONAL CONFERENCE ON ENVIRONMENTAL SCIENCE AND TECHNOLOGY, 2013,
[7] Large-Scale Empirical Study of Important Features Indicative of Discovered Vulnerabilities to Assess Application Security
Zhang, Mengyuan
de Carnavalet, Xavier de Carne
Wang, Lingyu
Ragab, Ahmed
[J]. IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, 2019, 14 (09) : 2315 - 2330
[8] A Large-Scale Study on Vulnerabilities in Linux using Vtopia
Shao, Yanjie
Wu, Yanjun
Yang, Mutian
Luo, Tianyue
Wu, Jingzheng
[J]. 2021 21ST INTERNATIONAL CONFERENCE ON SOFTWARE QUALITY, RELIABILITY AND SECURITY COMPANION (QRS-C 2021), 2021, : 1033 - 1042
[9] Field Note on IoT Security: Novel JIT Security for Large-Scale Heterogeneous IoT Deployments
Mozurkewich, Karl
[J]. DIGITAL THREATS: RESEARCH AND PRACTICE, 2022, 3 (04):
[10] Security Improvement on An Efficient Key Distribution Mechanism for Large-scale Wireless Sensor Network
Xue, Kaiping
Hong, Peilin
Lu, Hancheng
Zhu, Bin
Li, Le
[J]. 2008 2ND INTERNATIONAL CONFERENCE ON ANTI-COUNTERFEITING, SECURITY AND IDENTIFICATION, 2008, : 140 - 143

← 1 2 3 4 5 →