Security Issues in the Context of Authentication Using Mobile Devices (Mobile eID)

Mobile devices, like smart phones and PDAs, will play an increasingly important role in the digital environment. However, the pervasive use of mobile devices also brings new security and privacy risks. Persons who make extensive use of mobile devices continuously leave traces of their identities and transactions, sometimes even by just carrying the devices around in their pockets. Throughout this paper we will look at different use-cases for electronic authentication using mobile devices. We will identify the security risks which need to be overcome, give an opinion about their relevance, and present mechanisms that help mitigate these risks.

Publication date: Nov 11, 2008

Authors:
Ingo Naumann, ENISA, EU
Giles Hogben, ENISA, EU
Raúl Benito, Isdefe, Spain
Roger Dean, EEMA, Belgium
Lothar Fritsch, Norwegian Computing Center, Norway
Jonathon Gould, Asia-Pacific Connections Pte Ltd, Singapore
Jaap-Henk Hoepman, TNO and Radboud University Nijmegen, The Netherlands
Steve Lazar, Texas Instruments, USA
Herbert Leitold, Zentrum für sichere Informationstechnologie Austria (A-SIT), Austria
Greg Pote, Asia Pacific Smart Card Association (APSCA), China
Heiko Roßnagel, Fraunhofer Institute for Industrial Engineering (IAO), Germany
Arnim von Schwedler, Judge, 9 Senat Gericht, Berlin, Brandenburg, Germany
Daniele Vitali, Reply, Italy
Frank Zimmermann, Hewlett-Packard, Switzerland
André Årnes, Oracle Norway / NISlab, Gjøvik University College, Norway

Downloads

Full report: enisa_pp_mobile_eid.pdf — PDF document, 882Kb

Language: English