Security Issues in Cross-border e-Authentication
The Agency has launched a new report on Security Issues in Cross-border Electronic Authentication. Improving the interoperability of electronic identification and authentication systems is a European task and a task for all Member States. ENISA analysed the current situation and assessed the security risks of electronic authentication in cross-border solutions. To visualize these risks, two different projects offering cross-border authentication have been examined and evaluated, Netcards/EHIC and Stork.
Published on February 25, 2010
The public services of egovernment and health care providers are increasingly offering citizens in EU Member States electronic access to these services. These e-services are usually tailored at a national level with specific technologies, security concepts and business logic. In addition, these e-services are governed by the data protection laws of the individual Member State.
Common goals
The goals of these systems are identical for all Member States: managing identities, improving administrative efficiency, improving accessibility and user-friendliness, reducing abuse and fraud and, above all, reduction of costs. Yet, in most cases, these systems can only be accessed from within the Member State and by citizens of that state.
Making the digital internal market functioning
European citizens who move freely through Member States face the problem that their eID documents from their home state do not allow access to electronic services of another Member State in which they are currently present. This may be an undue restriction on EU citizens’ use of these services. Administrations, at the other hand, cannot provide services to European citizens from other Member States with the same ease and efficiency as their own citizens. So there is a need to extend these digital services beyond national borders and beyond the user group of national citizens. At the same time, European and national data protection laws and regulations must be respected and may not be undermined by cross-border distribution of personal data.
Cross Border interoperability - A task for Europe
Improving the interoperability of electronic identification and authentication systems is thus a European task and a task for all Member States. This report visualizes the security risks of electronic authentication in cross-border solutions, in two different projects.
- The European Health Insurance Card (EHIC) facilitates access to health care services for insured European citizens during temporary stays abroad. NETC@RDS for eEHIC ID is a pan-European project supported by the EU eTEN programme. It facilitates medical treatment of European citizens by using an electronically readable European health insurance card.
- STORK (Secure idenTity acrOss boRders linKed) is a large-scale pilot project in the ICT Policy Support programme to simplify administrative formalities by providing secure online access to public services across EU borders.
Critical success factors:
· establishing the legal and contractual framework
· identifying the citizen through credentials
· authenticating system participants across borders
· making online connections secure
· bridging technological differences
· establishing and agreeing on a common security policy.
By covering these factors in electronic cross-border authentication, the national goals of eID solutions can be extended successfully to a pan-European solution.