Bernd Zwattendorfer

STORK: Architecture, Implementation and Pilots

Who one is on the Internet turns out essential once sensitive information is exchanged or transactions of value are carried out. Electronic identification and identity management provide the solutions. Governments are important players in the area, having a tradition of providing qualified means of identification of their citizens. However, migration to electronic identities often developed as national islands that are based on one country&3x2019;s domestic legal, administrative and socio-cultural tradition. Once the citizens are crossing borders electronically, these islands need to get connected and interoperability becomes an issue.

Cloud Computing in E-Government across Europe

Cloud computing has many advantages which also governments and public authorities can benefit from. Therefore, a couple of European countries have already adopted cloud computing in the public sector or are planning to do so. In this paper, we evaluate eight European countries on their use of cloud computing in e-Government and compare them. As a result, the dominant cloud computing deployment model in those countries is a so-called G-Cloud Governmental Cloud, a private or community cloud especially designed for national governmental use. In addition, no favored cloud service model has emerged, hence all standard cloud service models Infrastructure, Platform, and Software as a Service are adopted by most countries. Finally, half of the evaluated countries have anchored cloud computing in one of their national ICT strategies.

The Public Cloud for e-Government

Cloud computing and its flexible business model of consuming IT resources such as computing power or data storage just on demand promises a lot of benefits and advantages. These advantages also the public sector and governments can benefit from. Hence, cloud computing is already on the agenda of governmental policy and decision makers. Additionally, various countries have already adapted their IT strategies to support cloud computing for their governmental and public services. However, within the public sector the private cloud model currently constitutes the dominant deployed approach. Although this model offers high control it does not take full advantage of the economic benefits of cloud computing. Therefore, based on an evaluation of different cloud models and a comparison of different national cloud computing strategies the authors argue and show that public clouds are worth more than a peek for e-Government because of their tremendous cost savings potential.

Secure cloud authentication using eIDs

Identification and authentication are essential security functions for regulating access to protected data. Considering that, most cloud service providers rely on weak authentication mechanisms such as username/password schemes. While username/password authentication may be sufficient for simple customized applications, cloud applications in more sensitive areas such as in e-Government require more reliable and secure mechanisms. We close this gap for such cloud applications by applying the STORK framework for secure cloud authentication using eIDs. The STORK framework supports various national eID solutions and will be the relevant eID framework across Europe in future. We demonstrated our approach by enabling eID authentication at two selected public cloud service providers. Finally, we also moved the STORK framework to the cloud to apply the full cloud computing paradigm.

CREDENTIAL: A Framework for Privacy-Preserving Cloud-Based Data Sharing

Data sharing - and in particular sharing of identity information - plays a vital role in many online systems. While in closed and trusted systems security and privacy can be managed more easily, secure and privacy-preserving data sharing as well as identity management becomes difficult when the data are moved to publicly available and semi-trusted systems such as public clouds. CREDENTIAL is therefore aiming on the development of a secure and privacy-preserving data sharing and identity management platform which gives stronger security guarantees than existing solutions on the market. The results will be showcased close to market-readiness through pilots from the domains of eHealth, eBusiness, and eGovernment, where security and privacy are crucial. From a technical perspective, the privacy and authenticity guarantees are obtained from sophisticated cryptographic primitives such as proxy re-encryption and redactable signatures.

Secure and Privacy-Preserving Proxy Voting System

Voting is a frequent and popular decision making process in many diverse areas, targeting the fields of e-Government, e-Participation, e-Business, etc. In e-Business, voting processes may be carried out e.g. in order management, inventory management, or production management. In this field, voting processes are typically based on direct voting. While direct voting enables each eligible voter to express her opinion about a given subject, representative voting shifts this power to elected representatives. Declarative or proxy voting (based on liquid democracy) is a voting process situated in between these two approaches and allows a voter to delegate her voting power to a so called proxy, who actually casts the votes for all the represented voters. The most interesting aspect of this approach is that voters have the opportunity to skip the direct involvement when they trust the proxy to act within their best interest. Liquid democracy and proxy voting has been implemented in various software tools that facilitate the voting process. However, the current systems lack security features typically required by electronic voting systems. Therefore, we present a system that integrates cryptographic functionality and relies on qualified signatures created by the Austrian citizen card to solve the current security issues. This system can support e-Business processes and applications in decision making, enabling the delegation of votes.

On Privacy-Preserving Ways to Porting the Austrian eID System to the Public Cloud

Secure authentication and unique identification of Austrian citizens are the main functions of the Austrian eID system. To facilitate the adoption of this eID system at online applications, the open source module MOA-ID has been developed, which manages identification and authentication based on the Austrian citizen card (the official Austrian eID) for service providers. Currently, the Austrian eID system treats MOA-ID as a trusted entity, which is locally deployed in every service provider’s domain. While this model has indeed some benefits, in some situations a centralized deployment approach of MOA-ID may be preferable. In this paper, we therefore propose a centralized deployment approach of MOA-ID in the public cloud. However, the move of a trusted service into the public cloud brings up new obstacles since the cloud can not be considered trustworthy. We encounter these obstacles by introducing and evaluating three distinct approaches, thereby retaining the workflow of the current Austrian eID system and preserving citizens’ privacy when assuming that MOA-ID acts honest but curious.

Towards interoperability: an architecture for pan-European eID-based authentication services

In the last years several EU Member States have rolled out smartcard based electronic ID (eID) solutions to their citizens. Not all of these solutions are directly compatible to each other. However, with respect to the i2010 e-Government initiative and the upcoming EU Services Directive, cross-border identification and authentication is now on the agenda of all EU Member States. In this paper we present a smart-card based eID identification and authentication solution, which supports smart-cards from different Member States. The proposed solution can be easily integrated into existing authentication and identity management solutions and does not necessarily require any additional client software to be installed by citizens.

Secure and privacy-preserving eGovernment: best practice Austria

In the past, contact with public authorities often appeared as winding way for citizens. Enabled by the tremendous success of the Internet, public authorities aimed to react on that shortcoming by providing various governmental services online. Due to these services, citizens are not forced to visit public authorities during office hours only but have now the possibility to manage their concerns everywhere and anytime. Additionally, this user friendly approach also decreases costs for public authorities. Austria was one of the first countries that seized this trend by setting up a nation-wide eGovernment infrastructure. The infrastructure builds upon a solid legal framework supported by various technical concepts preserving security and privacy for citizens. These efforts have already been awarded in several international benchmarks that have reported a 100% online availability of eGovernment services in Austria. In this paper we present best practices that have been followed by the Austrian eGovernment and that have paved the way for its success. By virtually following a traditional governmental procedure and mapping its key stages to corresponding online processes, we provide an insight into Austrias comprehensive eGovernment infrastructure and its key concepts and implementations. This paper introduces the most important elements of the Austrian eGovernment and shows how these components act in concert in order to realize secure and reliable eGovernment solutions for Austrian citizens.

STORK e-privacy and security

The paper focuses on the legal, data security and privacy issues of the STORK (Secure idenTity acrOss boRders linKed) infrastructure and aims (a) to summarize the main findings and (b) to identify key points that the STORK consortium and stakeholders need to resolve in order to make the STORK security and privacy framework more robust, with the ambition to contribute to more strategic and far-reaching road-mapping and decision making in Europe in the field of electronic identification and authentication. Our findings are based on the roundtable discussion with experts and other stakeholders on the privacy and security legal challenges associated to cross-border use of national authentication solutions within STORK pilot projects.