Community Research and Development Information Service - CORDIS

FP7

EKSISTENZ Report Summary

Project ID: 607049
Funded under: FP7-SECURITY
Country: France

Periodic Report Summary 2 - EKSISTENZ (Harmonized framework allowing a sustainable and robust identity for European Citizens)

Project Context and Objectives:

1-Project context and objectives:

The mission of EKSISTENZ is to deliver a set of innovative and interoperable tools, procedures, methods and processes in response to the key issues of identity theft in the EU. The entire lifecycle of identity will be taken into account, starting from the first document issuance while preserving the privacy of the citizens. A proof of concept will be developed for a specific scenario close to the citizen (finance/banking), and will be proven to be scalable and deployable at the national level.
EKSISTENZ will not address identity management and identity in general, but will focus on identity theft.

The objectives of the EKSISTENZ project are:
- To develop innovative and interoperable components protecting citizen from identity thieves by strengthening the link between the citizen and the identity document.
- To assess the technical maturity of the tools by taking into account the outcome results of the proof of concept, in a linked governmental / services environment.
- To strengthen citizen privacy, notably by generating trusted and dedicated secondary identity in a way that avoids function creep and crossing information between identities.
- To provide to each MS the possibility to implement the solution at the national level, enabling each MS/AC to select which EKSISTENZ interoperable components to adopt.
- To create/enhance interoperability between MS/AC using eIDAS nodes
- To inform the citizen through their MS on methods, procedures and possibilities to recover her or his identity after a theft.
- To detect identity fraud attempts, and respond appropriately.
- To serve as a policy advisor to EU Member States.
- To provide a common view for European identity protection, providing guidelines and assistance if required.
- To build an identity theft think-tank community in Europe and beyond, in cooperation with organization such as Interpol or Europol for instance.
- To lead the key actors to found the basis of a European Observatory on identity theft.

3. Project objectives for the period 2

• Coordinate the work of the partners (WP1)
• Study different strategies to achieve common ID verification in Europe, in particular (WP2)
• Assess the various threats that currently occur against both national and industry delivered IDs (WP3)
• Provide an evaluation of the economical consequences of the attacks against Ids for both individuals and the society (WP3)
-The evaluation will be done on a set of MS where figures are available for a detailed evaluation;
• Progress on the technical work regarding innovative technologies and processes for the protection of identities delivered by a MS (i.e. primary identity), and for the creation of secondary identities (related eID) (WP4)
• Define the requirements for an online Infrastructure as a Service, including use cases (WP5)
• Specify the information that is exchanged over the interfaces in IaaS infrastructure, taking into account citizen’s privacy (WP5)
• Prepare the assessment of the EKSISTENZ architecture and the technical mechanisms in terms of security, privacy and usability (WP 6)
- The analysis of the information collected in WP 2 and WP 3and other threat analysis
- The detection of potential attacks to EKSISTENZ architecture

• Analyze the legal approach to problems of identity theft (WP7):
• To Study existing criminal law related to the concept of ID theft in 8 MS
• To Study the concept of anonymity: Concept, terminology in the EU and US, anonymisation as a means for anonymity
• Continue the dissemination activities (WP8)
• Implement the dissemination strategy as defined in period 1
• Continue to maintain close liaison with other projects , eCRIME in particular
• To analyse societal risks and acceptability of EKSISTENZ (WP9)
• To study legal aspects concerning the EKSISTENZ platform in light of the existing as well as the forthcoming European Data Protection Law (WP9)

Project Results:
1- WP1 Management
The main achievements of the management activities are related to:
- The organization of the General Assembly ( in Tallin ,18-19 june 2015)
- The organization of the 1st Technical review (in Brussels on 6th-7th July 2015)
- The continuous management of EKSISTENZ with:
- Close monitoring of the project status
- Follow up of the financial aspect of the project (financial declaration and Use of Resources)

2 WP2 Inventory of Identity Theft scenarios in Europe

All WP2 activities and objectives have been completed within Period 2

The main achievement for the period was to define strategies for unified European citizen ID verification processes

3 WP3 Threat assessment and economical aspects
All WP 3 activities and objectives have been completed within Period 2.
The main achievements during the period were the following :
1- establish a taxinomy of both government and secondary ID theft /damages
2- Define a methodology to evaluate the financial consequences of id Theft

4 WP 4 Secure identity for all EU citizens

The main achievements are as follows:
As the STORK2.0 project ended on september 2015 ,the STORK integration initially planned has to be replaced by the so-called eIDAS Nodes " implementation".We modified the system architecture to take into account eIDAS nodes

We delivered the system architecture and ,the ongoing work on key tools continued (Weak Link Architecture (WLA) , ID Theft register, secondary ID generation, ....)

The WLA is not selected due to difficulties of implementation inside the EKSISTENZ budget.

5 WP 5 Trusted “Identity-As-A-Service”

The scope of this WP is for the usage of secondary identities that are created in WP4.

Main achievements were as follows:

-The Specification of interfaces in the IaaS infrastructure
-An Analysis of Privacy Enhancing Technologies in the IaaS infrastructure

6 WP 6 Security, privacy and usability evaluation of EKSISTENZ framework

The main achievements were:

- an agreement on a TVRA methodology
- a preliminary version of D6.1 EKSISTENZ evaluation method and threat model

7 WP 7 Legal study towards a secure citizen ID in the EU

During period 2, we produced:

• a comprehensive legal analysis of criminalisation of ID theft focusing on traditional criminal law provisions but also on cybercrime related provisions
• a comprehensive legal analysis of procedural criminal law measures aimed towards ending identity theft and mitigating the consequences in the aftermath of ID theft
• a study on the dichotomy between identification and anonymity in light of recent regulatory initiatives and in a comparative perspective with the US
• a preparation of a questionnaire on legal issues, ways of reporting of ID theft, and investigation (disseminated to all EU MS)

8 WP 8 Dissemination, standard, cooperation and prospective study

The main achievements are as follows:
- We have now a mature dissemination strategy with an European Observatory on Identity Theft taking shape
- We made progress regarding standardisation activities
- A collaboration has been set up with the European project e-CRIME
- The EKSISTENZ project has been presented to several conferences (EAB -RPC darmstadt, worleID congress Marseille,....)

9 WP 9 Privacy, ethical and societal studies
We analysed privacy and data protection requirements of the EKSISTENZ specific aspects of processing and storing biometric data in identity management in the context of national electronic identity cards and bank cards that are issued in commercial banks

The main achievements are that we have now a unique new data set for analysing ID usage patterns and ID theft and the various scenarios on establishment and use of ID in 6 EU Member states &United States of America.

Potential Impact:
Personal identity can be claimed in numerous different ways: in the physical world by means of documents, (e.g. identity cards, passports, driving licences, residence permits) and, in the virtual world by electronic credentials (e.g. username/password combinations, PINs codes, certificates, security tokens). Due to this diversity of means, identity theft is also diverse, and ranges from forging citizens' identity documents, to stealing certificates or guessing passwords or PINs codes.
The social and economic negative impacts caused by identity-related crimes and more specifically identity theft pose a major concern to all member states in Europe. Several ongoing national and EU initiatives already aim at addressing identity management, but not the subject of identity theft.
With the exponential growth in the use of digital identity over the Internet and across country borders, cyber crooks are taking over “classical” counterfeiters, making use of numerous techniques such as searching through recycled paper trash, phishing, scam email, spoofing and exploiting key-loggers, viruses and trojans. The overarching objective of EKSISTENZ is to protect EU citizen identity from major current threats.
EKSISTENZ will propose innovative solutions to create a real and strong link between the citizen and its primary identity document. To this end, EKSISTENZ will:
- Strengthen existing electronic-based primary identity document, and associated bearer authentication method, using biometric features and/or prior knowledge about the legitimate holder.
- Derive from the primary identity document some secondary identities, in controlled environments.
- Uniquely and easily verify primary and secondary identities and the bearers of such identities.
- Use the European network STORK in order to provide bilateral recognition solutions of primary identity between EU member states.
Based on the privacy-by-design principle, EKSISTENZ will develop novel technologies that place the citizen at the centre of attention. EKSISTENZ will first deeply analyse the identity theft phenomenon in Europe, uncovering the flaws in traditional “paper-based” procedures as well as in the existing electronic processes. The developed techniques will strengthen the citizen identity with its identity document while enhancing the level of privacy protection of the EU citizens. The project will use real-world scenarios to test and validate its techniques to address identity theft. In this way, it will establish the basis of a holistic system aiming to provide a secure, strong and sustainable European wide identity scheme that is adaptable to the particularities of each Member State (MS)/Associated Countries (AC).
EKSISTENZ proposes a response to the identity theft issue in Europe, by producing a diverse set of tools, including technical innovations, procedures and studies. Each MS can then choose to implement either the complete set of techniques, or adopt just a subset of it. EKSISTENZ techniques will ensure that the maximum possible level of interoperability will be retained between MS.
The EKSISTENZ consortium brings together different types of stakeholders involved in the identity chain (authorities, solution providers, businesses), specialised technology providers (all well experimented with identity theft issues and tools), as well as legal and data protection and privacy experts. In order to establish a robust identity theft response mechanism throughout Europe, EKSISTENZ could propose relevant updates to current regulations and the establishment of the legal foundations concerning the protection of identity in the EU. As a result, identity theft will not only become much harder to carry out, but also the expected benefit due to identity theft will be significantly reduced, de facto turning it into a non-profitable crime.

List of Websites:
http://eksistenz.eu

Contact

Sandra CANTON, (Administrative and financial)
Tel.: +33 130203053
Fax: +33 158118701
E-mail

Subjects

Safety
Record Number: 193429 / Last updated on: 2017-01-18
Follow us on: RSS Facebook Twitter YouTube Managed by the EU Publications Office Top