Final Report Summary - EKSISTENZ (Harmonized framework allowing a sustainable and robust identity for European Citizens)
Executive Summary:
The mission of EKSISTENZ is to deliver a set of innovative and interoperable tools, procedures, methods and processes in response to the key issues of identity theft in the EU. The entire lifecycle of identity will be taken into account, starting from the first document issuance while preserving the privacy of the citizens. A proof of concept was developed for a specific scenario close to the citizen finance/banking), and has been proven to be scalable and deployable at the European level using eIDAS.
EKSISTENZ does not address identity management and identity in general, but focus on identity theft.
The concept of identity has evolved over the years, particularly with the development of technology and pervasive use of the Internet and social media. The evolution of society, particularly advances in information and communication technologies (ICT), poses a number of security challenges that can no longer be ignored. The increasing use of social networks and other forms of digital communication in everyday operations may lead us to question the future role of physical identities, and whether digital identities will change the ways in which people identify and authenticate themselves in order to obtain products and service.
“Secure identity for all EU citizens” was one of the key technical challenges of EKSISTENZ. The objectives were to research and to develop technologies and improved processes that cover the complete life cycle of a Primary Identity as well as the creation and management of Secondary Identities that anonimize citizen primary identity
The consortium defined a use case that addressed the complete life cycle of a National ID and a banking card. This use case described a realistic but fictive scenario involving several Member States thus giving the use case a European dimension. A key part of this use case was the opening of a bank account with a National ID Card from any Member State using hereby a mobile camera , NFC , facial recognition embedded on a smartphone. This device together with the National ID document was used for the creation of a software token (Secondary Identity) that was stored and used from the mobile device for different financial services.
EKSISTENZ analysed also the legal framework needed to ensure secure citizen identity and make suggestions to curtail the legal uncertainty with regard to identity theft; to clarify the use and processing of biometric data both by government and private sector parties and to clarify the distinction between anonymity and identification.
Project Context and Objectives:
The mission of EKSISTENZ is to deliver a set of innovative and interoperable tools, procedures, methods and processes in response to the key issues of identity theft in the EU. The entire lifecycle of identity will be taken into account, starting from the first document issuance while preserving the privacy of the citizens. A proof of concept will be developed for a specific scenario close to the citizen finance/banking), and will be proven to be scalable and deployable at the national level.
EKSISTENZ will not address identity management and identity in general, but will focus on identity theft.
The objectives of the EKSISTENZ project are:
• To develop innovative and interoperable components protecting citizen from identity thieves by strengthening the link between the citizen and the identity document.
• To assess the technical maturity of the tools by taking into account the outcome results of the proof of concept, in a linked governmental / services environment.
• To strengthen citizen privacy, notably by generating trusted and dedicated secondary identity in a way that avoids function creep and crossing information between identities.
• To provide to each MS the possibility to implement the solution at the national level, enabling each MS/AC to select which EKSISTENZ interoperable components to adopt.
• To create/enhance interoperability between MS/AC using the European secure network eIDAS.
• To inform the citizen through their MS on methods, procedures and possibilities to recover her or his identity after a theft.
• To detect identity fraud attempts, and respond appropriately.
• To serve as a policy advisor to EU Member States.
• To provide a common view for European identity protection, providing guidelines and assistance if required.
• To build an identity theft think-tank community in Europe and beyond, in cooperation with organization such as Interpol or Europol for instance.
• To lead the key actors to found the basis of a European Observatory on identity theft.
Project Results:
Project conclusions and novelties
The main objective of Identity theft scenarios in Europe is to provide a general view of what has be done in Europe both for providing identification to citizens as well as how it is related to ID theft:
- We provided information about primary and secondary ID means across eight countries in Europe, i.e: Estonia, Latvia, Germany, Netherlands, Belgium, UK, France, Italy and Spain. Information about how enrolment, renewal, revocation, etc is given, as well as physical countermeasures are described in this document. Several taxonomies of ID theft are proposed: according to the market where the ID theft is stolen, or considering how is used the ID stolen, either in the physical or the electronic world.
- Technical, social and legal aspects are studied as well as eIDAS regulation . In particular UK, France, Germany, Estonia, Italy and Spain are studied, as representative of different situations: no ID, paper-based ID, eID schemas with more or less deployment.
- A final effort has been done to propose different strategies for an interoperable scheme across IDs in Europe. Gaps both in physical and cyberworld have been studied, different proposals such as those recommendations made by STORK and STORK 2.0 projects as standardization activities are examined, and finally, risks and vulnerabilities of an interoperable scheme have been also described.
The concept of identity has evolved over the years, particularly with the development of technology and pervasive use of the Internet and social media. The evolution of society, particularly advances in information and communication technologies (ICT), poses a number of security challenges that can no longer be ignored. The increasing use of social networks and other forms of digital communication in everyday operations may lead us to question the future role of physical identities, and whether digital identities will change the ways in which people identify and authenticate themselves in order to obtain products and service.
However, physical identification of people will not be easily replaced in the short term, even in future scenarios where many services, both private and public, become available only online. However, any society needs to be able to identify its members as clearly and efficiently as possible, and new digital approaches should be utilized in order to achieve this. Indeed, with a larger number of states ready to embrace electronic identification means, physical documents can be substituted by their electronic counterparts. These changes will be even more effective if the relative legislations in the states are capable of promptly adapting to the evolutions we are witnessing; a concept that is the focus of the new eIDAS directive, which regulates online transactions, identification and authentication mechanisms.
eIDAS (and other national regulations) represents a significant step towards a single digital market, and paves the way for wider availability of digital services and a higher number of interactions between enterprises, governments and citizens. Despite the inherent advantages that a digitalised service ecosystem can bring to a society, it also provides new opportunities for criminal activities of various types, and potentially leads to new forms of criminal organisations. In fact, we are already observing criminal threats such as sophisticated and large-scale online financial fraud, in addition to the more traditional criminal activities that are now assisted by ICT.
Following the very recent tragic terrorist events, there are increasing reports of the sale of counterfeit passports and other physical identification documents at very low prices on the dark web. The presence of a virtual market offering specialised products and services is transforming the way in which cyber threats and other criminal activities are conducted. Criminal groups are now more geographically dispersed, fluid, and formed on the basis of specific plans. They tend to use professional cyber-criminal freelancers who sell skills and tools needed to carry out cyber attacks. In other words, crime-as-a-service is emerging, leading to more advanced capabilities of both cyber-criminals and criminals who do not have the technological skills to carry out cyber crimes by themselves.
Sensitive, identity-related data is a primary target for this new breed of criminal. Cloud storage, big data and Internet of Things paradigms, as well as the massive use of social networks and smart devices mean huge increases in data collection, processing and storage, and subsequently more points of access to the network and higher probabilities of intrusion. Typically, the infringement of these types of data is committed through traditional fraud related to credit cards or banks credentials, phishing, other blackmail operations or cyber-spying. It is also possible to obtain vast amounts of information about a potential victim simply by reading their social network profile. This information can then be exploited to commit crimes or to create fake accounts.
The review of financial damages carried out during the project aims at providing a framework to evaluate how the Internet will leverage both exchanges on the web and generate new form of criminal activities. We yet need to consider how to better regulate cyber exchanges and make use of advance technology to meet new forms of frauds so that internet becomes a suitable vehicle for trading and communicating between individuals or for business concerns.
“Secure identity for all EU citizens” was one of the two key technical work packages of EKSISTENZ. The objectives were to research and to develop technologies and improved processes that cover the complete life cycle of a Primary Identity as well as the creation and management of Secondary Identities. In WP4, the consortium selected
• the National ID card as a Primary ID token because this type of document affects - with the exception of the UK - all adult EU citizens,
• the banking sector for a Secondary Identity as ID Theft especially concerns this domain and is thus of high relevance for all adult EU citizens.
Based on these selections, the consortium defined a use case that addressed the complete life cycle of a National ID and a banking card. This use case described a realistic but fictive scenario involving several Member States thus giving the use case a European dimension. A key part of this use case was the opening of a bank account with a National ID Card from any Member State using hereby a mobile camera , NFC , facial recognition embedded on a smartphone. This device together with the National ID document was used for the creation of a software token (Secondary Identity) that was stored and used from the mobile device for different financial services. These services are defined and implemented within WP5. The key outcomes are:
EKSISTENZ-Tools: Implementation of a spectrum of tools that support securing current process implementations. These tools include :
• Secondary ID generation derived from a Primary ID, biometrics for user verification, duplicate checks, 3-factors authentication, liveness-checks in unsupervised scenarios, eIDAS nodes for transnational authorization, electronic token checks via eIDAS, ID Theft register, and digital signature.
Token:
• Definition of a chip-based Primary ID token (National ID card) that is compliant with the eIDAS regulation and that supports 3-factors authentication.
• Definition of a software token (Secondary ID) based on the Primary ID of a citizen; this software token is created and stored on a mobile device and supports 3-factors authentication.
Processes:
• The definition of improved processes that cover the complete life cycle of a Primary Identity as well as the creation of a Secondary Identity (banking card) that were proven to be more resistant against common ID Theft / Fraud scenarios.
• The improvements of the processes were mainly achieved by usage of the EKSISTENZ-Tools mentioned above.
• Usage of eIDAS nodes to enable secure and reliable authorization across borders in a European context. User verification and (Primary ID) token checks were performed to unlock the information stored in the token.
• Usage of a sign-me application for digital signature of a contract
• The definition of a set of recommended Privacy Enhancing Technologies for the life cycle of a Primary as well as a Secondary ID including biometric template protection mechanisms, anonymous tokens/credentials and privacy-preserving revocation mechanisms.
• Relevant parts of the proposed improved processes were implemented and demonstrated during the international PORVOO group conference (25-26 May 2017 Rome, Italy).
The infrastructure of Identity-As-A-Service has been defined, determining the functionalities of the components, and specifying the interfaces between components. Three types of requisites (User-related, System-related and Business-related) have been defined, taking into account the different levels of assurance that can be provided by the Identity documents within the EKSISTENZ use cases taking into account the mobile requirements for the online issuance and use of secondary identities.
The work performed includes discussions on the role and functionality of the Identity Theft Register and Identity Misuse Handler, analysis of documentation provided by other WPs. Within WP5 MPH investigated various privacy preserving techniques, in particular those that have been recently introduced by related projects (FIDELITY, LYRICS, ABC4TRUST). Related to those investigations, a research paper has been submitted and accepted to AFRICACRYPT 2016 on authentication with password robust against a compromised server.
For the Proof Of Concept the interfaces between all pairs of mutually communicating components in the ‘Identity As a Service’ infrastructure have been (functionally) specified. The context for the specification of the interfaces is the mobile banking use case that is implemented in the PoC of EKSISTENZ. In this way an integration of the techniques with a European platform is demonstrated. Some significant results were achieved in the field of biometric authentication and the insurance of the electronic signature in online contracts. The demonstrator contained two major developments:
• Usage of secondary ID to shop on a e-commerce website, by using the Where-Are-You-From server and a connection to the Morpho identity server, Morpho UI (mobile App) and use of the biometric solution with the different Level of Assurance.
• A user interface of a fake bank (YourBank), to show the working of a Web Service handling the revocation request, Connection to the Identity Manager, Notification to the ID Theft register and to the Morpho Authentication server used in the Usage of secondary ID Demonstrator.
The EKSISTENZ framework and the EKSISTENZ demonstrators has been also evaluated from the security, privacy and usability points of view. Security and privacy of the EKSISTENZ framework have been analysed, while the usability has been evaluated on the demonstrators. The main results and novelties obtained during the evaluation are:
• A common methodology for the evaluation of security and privacy.
• A methodology for the evaluation of the usability of the demonstrators.
• An extensive list of threats for the security and privacy protection.
• The evaluation of the EKSISTENZ framework security and privacy protection.
• The evaluation of the usability of the EKSISTENZ demonstrators.
• Main contributions from and to other EU projects regarding identity management.
From the evaluations, several conclusions have been derived:
• EKSISTENZ solves the threats and vulnerabilities detected in previous identity systems.
• The performance of the biometric algorithms, concerning both identification rates and throughput, are paramount for both privacy and security.
• Different research lines, mostly related with biometric technologies, are proposed for the future.
EKSISTENZ analysed also the legal framework needed to ensure secure citizen identity and make suggestions to curtail the legal uncertainty with regard to identity theft; to clarify the use and processing of biometric data both by government and private sector parties and to clarify the distinction between anonymity and identification.
In terms of criminal law measures tackling identity theft and identity fraud , the following findings and recommendations are particularly worthy of consideration: (1) EU member states have a positive obligation not only to criminalise identity theft but also to bring the identity thief to court and to restore a compromised identity; (2) Governments have to elaborate a legal framework that obliges third parties, in particular service providers, to cooperate with law enforcement; (3) Prior to taking data related to ID fraud offline, an assessment of the notified identity fraud should be made by an assessment centre with a high expertise in identification and ID fraud and this is where the EKSISTENZ project’s tools can be used to verify the identity of the person claiming to be an identity fraud victim; (4) As identity theft mostly happens online, it is often a cross-border crime, thus international cooperation is critical to tackle ID theft. The current framework is found unsatisfactory: measures in the fight against ID theft are excessively hindered by a lack of (enforcement) jurisdiction or by slow or inexistent mutual legal assistance.
In terms of recent developments in the use of biometric data for identification both from a government and private actors’ perspective, the following findings and recommendations are particularly noteworthy: (1) Three major future trends were identified in the use of biometric data: the growth of unsupervised biometric systems, accessed via mobile devices and verifying identity; the spread of ‘second-generation’ biometric technologies authenticating individuals in a clandestine manner; and the linking of biometric data with other types of ‘big data’ as part of profiling activities; (2) The General Data Protection Regulation (GDPR) has officially introduced the legal concept of ‘biometric data’ and connected it with a set of ‘graduated’ obligations in their processing, but at the same time it has failed to provide precise definitions which, in the long run, creates risk of confusion, misinterpretation and legal uncertainty; (3) Diverging practice of national data protection authorities and courts coupled with the discretion provided to Member States in the adoption of further conditions and limitations regarding the processing of biometric data, creates a risk of inconsistency and only deepens the problem of contradictory solutions; (4) The process of standardisation in biometrics could be recognised as the right way to go in order to ensure broad acceptability of existing and future biometric systems by end users. It could also incentivise vendors to create interoperable solutions that would be effectively implemented in the new environment of ‘fused’ biometric applications.
In terms of the clarification of the dichotomy between identification and anonymity , the following findings are particularly noteworthy: (1) GDPR introduced, or more precisely, clarified some concepts and encouraged a new discussion on anonymity, pseudonimity and identity in the European Union; (2) GDPR creates, even though not explicitly, a full spectrum of identifiability levels and tailors the data controllers’ obligations in accordance with the level of identifiability. As identifiability plays an ever more important role in the GDPR, it could now be regarded as a yardstick by data controllers which provides them with a practical tool for ensuring compliance in line with the purposes of data processing and the risks to the rights and freedoms of data subjects, namely de-identification; (3) De-identification, seen as a tool for reducing the identifiability of personal data and, consequently, the regulatory burden on the data controller, could offer data controllers an unprecedented power to ‘select’ the level of identifiability that is needed for the particular processing activity they are considering; (4) In order to ensure that de-identification becomes a strong tool in the hands of data controllers, the development of shared standards for de-identification should be encouraged by the regulators in the EU, taking into account recent efforts of the International Organisation for Standardisation (ISO), such as ISO/IEC CD20889, and other standardisation bodies.
In terms of the legal possibilities for a citizen to report a case of identity theft (Task 7.4) the following findings and recommendations are particularly worthy of consideration: (1) Only a few Member states have so far decided to criminalize identity-related offences with a specific provision in their laws where ID theft is defined as a crime (Finland, France, Latvia, Luxemburg, Poland, Sweden); (2) In most cases there are not any specific reporting mechanisms other than turning to the police and use general reporting mechanisms that are in place; (3) In the majority of the participating EU Member States in the survey, no specific methods are used by law enforcement institutions to investigate the identity theft so far; (4) Most of the countries have no established mechanisms to facilitate inter-institutional or international coordination on identity-related crime issues and effective gathering and sharing of identity crime information among law enforcement; (5) The “theft” of an identity or identity information is not always considered a crime, but rather it is the use made of the identity which is acquired illegitimately; (6) There do not currently exist any international legal standards in the fight against identity theft, as well as no common definition of term “identity theft” and thus a close cooperation between the different national law enforcement institutions has an important role as the Internet offers offenders the possibility to effectively conceal their identity.
EKSISTENZ studied, in an interdisciplinary manner, societal, ethical and legal aspects of identity theft; and advised EKSISTENZ in the development of technical tools to secure citizen identity. The current research stands apart from majority of privacy literature that deals with identity management and biometrics in its close interaction with actual technology design and development. This has allowed us to address the relevant technology choices in a much more detailed manner, and to advise the technology partners in their work.
EKSISTENZ mapped ID use patterns , and societal aspects of identity theft . A unique new data set was created, which covers six EU member states (AT, DE, ES, FR, IT, UK), and for comparative purposes also from the U.S.A. This data set allowed to analyse the ID use patterns, ID theft, and the views of the public on the novel forms of establishment and checking identity. It emerged from this research that 25-35% of the population of above countries has personally experienced ID theft in the last 36 months, whereas misuse of the various Internet accounts is responsible for a major share of the misuse of identity data in the above member states.
EKSISTENZ studied societal, ethical and legal aspects concerning the EKSISTENZ platform, considering both the earlier European Data Protection Law as well as the recently adopted Draft General Data Protection Regulation. More specifically, we analysed privacy and data protection requirements of the EKSISTENZ specific aspects of processing and storing biometric data in identity management in the context of national electronic identity cards and bankcards that are issued by commercial banks. EKSISTENZ analysed the requirements of a privacy impact assessment (PIA). The analysis provided criteria and core elements of a Privacy Impact Assessment/Data Protection Impact Assessment (DPIA) of EKSISTENZ in line with the requirements of the General Data Protection Regulation that could be used by data controllers to carry out a DPIA in a production environment when implementing EKSISTENZ (D9.5). It was established that DPIA is mandatory for EKSISTENZ under the GDPR. Accordingly, core elements of a data protection impact assessment of EKSISTENZ, i.e. study of context, controls, risks, and decision, were outlined. Also, clarifications were prepared for data controllers on how a full DPIA should be carried out.
Potential Impact:
The expected strategy for dissemination for such a project was developed and then implemented with the normal tools being utilised, focussed around the project website: www.eksistenz.eu We also concentrated on the evolution of the Observatory on Identity Theft and in creating a role for this within the wider eID movement. With the emergence of the eIDAS Observatory, our focus again shifted to supporting that and addressing whether a critical mass can be generated to influence the fast moving area of ID management in Europe, with its many actors and constraints. We worked towards creating a more joined-up set of networks in support of eIDAS and moving forward the eIdentity agenda whilst simultaneously opening up exploitation opportunities. Key to this was working with other initiatives such as eCRIME, ARIES, ATTPS, CREDENTIAL, DS-04-2016,EEMA, EIP SCC, EU-LISA, European Trust Foundation, FIDELITY, FUTURE ID, FUTURETRUST, INGRESS, KONFIDO, LIGHTest, ORIGINS, PORVOO Group, PRISMS, SSEDIC, STORK2.0/eIDAS Unit, TAS3, TREATS, TRUST IN DIGITAL LIFE and TURBINE.
Progress has been made with regard to liaison with standardization initiatives including the promotion of a new WG in CEN TC224 to handle standardisation for breeder documents (WG19) and contributions to MRTDs and Biometrics. Major progress was reached with 2382-37.rev1 - Harmonized Biometric Vocabulary to be published with the addition of 40 new terms, considering new data formats: 39794-16 (Full body photography) and 39794-17 (Gait representation) and work on 3rd generation of interoperable data formats: 39794-1 (Framework), 39794-4 (Finger image), 39794-5 (Face image), Finishing work on 29794-4 - Biometric sample quality - Part 4: Finger image data and approved NWIs on “testing of biometrics on mobile devices”
The academic partners published numerous papers whilst the industrial partners have integrated results into their current product offerings. For Morpho for example, specific emphasis has been on the technologies developed for usage of a software-based secondary ID on a smartphone, which is of great interest for a trusted on-line transactions use case, such as banking transfer or digital signing. MPH plans to sell products using the FIDO standard for secure authentication including results from EKSISTENZ like presentation attack detection and face matching on mobile devices. This could exploited in banking use cases. The areas which BDR see as being the most significant in terms of future exploitation are: the e-IDAS experience used on German notification, the potential for the Demonstrator to be deployed in a live environment and the Sign me portal. DPA will continue to work exploiting the results with its Latvian, Lithuanian, Estonian, Belarus, Ukrainian, Azerbaijani and Georgian clients.
Social impact on MS includes TNO continuing to focus on the Netherlands Government, as will IDP with the French Government and AGID with the Italian Government, whilst MIRL is the Latvian government. This complements the work of the industrial partners in Germany, France, UK, Latvia etc.
List of Websites:
www.eksistenz.eu
The mission of EKSISTENZ is to deliver a set of innovative and interoperable tools, procedures, methods and processes in response to the key issues of identity theft in the EU. The entire lifecycle of identity will be taken into account, starting from the first document issuance while preserving the privacy of the citizens. A proof of concept was developed for a specific scenario close to the citizen finance/banking), and has been proven to be scalable and deployable at the European level using eIDAS.
EKSISTENZ does not address identity management and identity in general, but focus on identity theft.
The concept of identity has evolved over the years, particularly with the development of technology and pervasive use of the Internet and social media. The evolution of society, particularly advances in information and communication technologies (ICT), poses a number of security challenges that can no longer be ignored. The increasing use of social networks and other forms of digital communication in everyday operations may lead us to question the future role of physical identities, and whether digital identities will change the ways in which people identify and authenticate themselves in order to obtain products and service.
“Secure identity for all EU citizens” was one of the key technical challenges of EKSISTENZ. The objectives were to research and to develop technologies and improved processes that cover the complete life cycle of a Primary Identity as well as the creation and management of Secondary Identities that anonimize citizen primary identity
The consortium defined a use case that addressed the complete life cycle of a National ID and a banking card. This use case described a realistic but fictive scenario involving several Member States thus giving the use case a European dimension. A key part of this use case was the opening of a bank account with a National ID Card from any Member State using hereby a mobile camera , NFC , facial recognition embedded on a smartphone. This device together with the National ID document was used for the creation of a software token (Secondary Identity) that was stored and used from the mobile device for different financial services.
EKSISTENZ analysed also the legal framework needed to ensure secure citizen identity and make suggestions to curtail the legal uncertainty with regard to identity theft; to clarify the use and processing of biometric data both by government and private sector parties and to clarify the distinction between anonymity and identification.
Project Context and Objectives:
The mission of EKSISTENZ is to deliver a set of innovative and interoperable tools, procedures, methods and processes in response to the key issues of identity theft in the EU. The entire lifecycle of identity will be taken into account, starting from the first document issuance while preserving the privacy of the citizens. A proof of concept will be developed for a specific scenario close to the citizen finance/banking), and will be proven to be scalable and deployable at the national level.
EKSISTENZ will not address identity management and identity in general, but will focus on identity theft.
The objectives of the EKSISTENZ project are:
• To develop innovative and interoperable components protecting citizen from identity thieves by strengthening the link between the citizen and the identity document.
• To assess the technical maturity of the tools by taking into account the outcome results of the proof of concept, in a linked governmental / services environment.
• To strengthen citizen privacy, notably by generating trusted and dedicated secondary identity in a way that avoids function creep and crossing information between identities.
• To provide to each MS the possibility to implement the solution at the national level, enabling each MS/AC to select which EKSISTENZ interoperable components to adopt.
• To create/enhance interoperability between MS/AC using the European secure network eIDAS.
• To inform the citizen through their MS on methods, procedures and possibilities to recover her or his identity after a theft.
• To detect identity fraud attempts, and respond appropriately.
• To serve as a policy advisor to EU Member States.
• To provide a common view for European identity protection, providing guidelines and assistance if required.
• To build an identity theft think-tank community in Europe and beyond, in cooperation with organization such as Interpol or Europol for instance.
• To lead the key actors to found the basis of a European Observatory on identity theft.
Project Results:
Project conclusions and novelties
The main objective of Identity theft scenarios in Europe is to provide a general view of what has be done in Europe both for providing identification to citizens as well as how it is related to ID theft:
- We provided information about primary and secondary ID means across eight countries in Europe, i.e: Estonia, Latvia, Germany, Netherlands, Belgium, UK, France, Italy and Spain. Information about how enrolment, renewal, revocation, etc is given, as well as physical countermeasures are described in this document. Several taxonomies of ID theft are proposed: according to the market where the ID theft is stolen, or considering how is used the ID stolen, either in the physical or the electronic world.
- Technical, social and legal aspects are studied as well as eIDAS regulation . In particular UK, France, Germany, Estonia, Italy and Spain are studied, as representative of different situations: no ID, paper-based ID, eID schemas with more or less deployment.
- A final effort has been done to propose different strategies for an interoperable scheme across IDs in Europe. Gaps both in physical and cyberworld have been studied, different proposals such as those recommendations made by STORK and STORK 2.0 projects as standardization activities are examined, and finally, risks and vulnerabilities of an interoperable scheme have been also described.
The concept of identity has evolved over the years, particularly with the development of technology and pervasive use of the Internet and social media. The evolution of society, particularly advances in information and communication technologies (ICT), poses a number of security challenges that can no longer be ignored. The increasing use of social networks and other forms of digital communication in everyday operations may lead us to question the future role of physical identities, and whether digital identities will change the ways in which people identify and authenticate themselves in order to obtain products and service.
However, physical identification of people will not be easily replaced in the short term, even in future scenarios where many services, both private and public, become available only online. However, any society needs to be able to identify its members as clearly and efficiently as possible, and new digital approaches should be utilized in order to achieve this. Indeed, with a larger number of states ready to embrace electronic identification means, physical documents can be substituted by their electronic counterparts. These changes will be even more effective if the relative legislations in the states are capable of promptly adapting to the evolutions we are witnessing; a concept that is the focus of the new eIDAS directive, which regulates online transactions, identification and authentication mechanisms.
eIDAS (and other national regulations) represents a significant step towards a single digital market, and paves the way for wider availability of digital services and a higher number of interactions between enterprises, governments and citizens. Despite the inherent advantages that a digitalised service ecosystem can bring to a society, it also provides new opportunities for criminal activities of various types, and potentially leads to new forms of criminal organisations. In fact, we are already observing criminal threats such as sophisticated and large-scale online financial fraud, in addition to the more traditional criminal activities that are now assisted by ICT.
Following the very recent tragic terrorist events, there are increasing reports of the sale of counterfeit passports and other physical identification documents at very low prices on the dark web. The presence of a virtual market offering specialised products and services is transforming the way in which cyber threats and other criminal activities are conducted. Criminal groups are now more geographically dispersed, fluid, and formed on the basis of specific plans. They tend to use professional cyber-criminal freelancers who sell skills and tools needed to carry out cyber attacks. In other words, crime-as-a-service is emerging, leading to more advanced capabilities of both cyber-criminals and criminals who do not have the technological skills to carry out cyber crimes by themselves.
Sensitive, identity-related data is a primary target for this new breed of criminal. Cloud storage, big data and Internet of Things paradigms, as well as the massive use of social networks and smart devices mean huge increases in data collection, processing and storage, and subsequently more points of access to the network and higher probabilities of intrusion. Typically, the infringement of these types of data is committed through traditional fraud related to credit cards or banks credentials, phishing, other blackmail operations or cyber-spying. It is also possible to obtain vast amounts of information about a potential victim simply by reading their social network profile. This information can then be exploited to commit crimes or to create fake accounts.
The review of financial damages carried out during the project aims at providing a framework to evaluate how the Internet will leverage both exchanges on the web and generate new form of criminal activities. We yet need to consider how to better regulate cyber exchanges and make use of advance technology to meet new forms of frauds so that internet becomes a suitable vehicle for trading and communicating between individuals or for business concerns.
“Secure identity for all EU citizens” was one of the two key technical work packages of EKSISTENZ. The objectives were to research and to develop technologies and improved processes that cover the complete life cycle of a Primary Identity as well as the creation and management of Secondary Identities. In WP4, the consortium selected
• the National ID card as a Primary ID token because this type of document affects - with the exception of the UK - all adult EU citizens,
• the banking sector for a Secondary Identity as ID Theft especially concerns this domain and is thus of high relevance for all adult EU citizens.
Based on these selections, the consortium defined a use case that addressed the complete life cycle of a National ID and a banking card. This use case described a realistic but fictive scenario involving several Member States thus giving the use case a European dimension. A key part of this use case was the opening of a bank account with a National ID Card from any Member State using hereby a mobile camera , NFC , facial recognition embedded on a smartphone. This device together with the National ID document was used for the creation of a software token (Secondary Identity) that was stored and used from the mobile device for different financial services. These services are defined and implemented within WP5. The key outcomes are:
EKSISTENZ-Tools: Implementation of a spectrum of tools that support securing current process implementations. These tools include :
• Secondary ID generation derived from a Primary ID, biometrics for user verification, duplicate checks, 3-factors authentication, liveness-checks in unsupervised scenarios, eIDAS nodes for transnational authorization, electronic token checks via eIDAS, ID Theft register, and digital signature.
Token:
• Definition of a chip-based Primary ID token (National ID card) that is compliant with the eIDAS regulation and that supports 3-factors authentication.
• Definition of a software token (Secondary ID) based on the Primary ID of a citizen; this software token is created and stored on a mobile device and supports 3-factors authentication.
Processes:
• The definition of improved processes that cover the complete life cycle of a Primary Identity as well as the creation of a Secondary Identity (banking card) that were proven to be more resistant against common ID Theft / Fraud scenarios.
• The improvements of the processes were mainly achieved by usage of the EKSISTENZ-Tools mentioned above.
• Usage of eIDAS nodes to enable secure and reliable authorization across borders in a European context. User verification and (Primary ID) token checks were performed to unlock the information stored in the token.
• Usage of a sign-me application for digital signature of a contract
• The definition of a set of recommended Privacy Enhancing Technologies for the life cycle of a Primary as well as a Secondary ID including biometric template protection mechanisms, anonymous tokens/credentials and privacy-preserving revocation mechanisms.
• Relevant parts of the proposed improved processes were implemented and demonstrated during the international PORVOO group conference (25-26 May 2017 Rome, Italy).
The infrastructure of Identity-As-A-Service has been defined, determining the functionalities of the components, and specifying the interfaces between components. Three types of requisites (User-related, System-related and Business-related) have been defined, taking into account the different levels of assurance that can be provided by the Identity documents within the EKSISTENZ use cases taking into account the mobile requirements for the online issuance and use of secondary identities.
The work performed includes discussions on the role and functionality of the Identity Theft Register and Identity Misuse Handler, analysis of documentation provided by other WPs. Within WP5 MPH investigated various privacy preserving techniques, in particular those that have been recently introduced by related projects (FIDELITY, LYRICS, ABC4TRUST). Related to those investigations, a research paper has been submitted and accepted to AFRICACRYPT 2016 on authentication with password robust against a compromised server.
For the Proof Of Concept the interfaces between all pairs of mutually communicating components in the ‘Identity As a Service’ infrastructure have been (functionally) specified. The context for the specification of the interfaces is the mobile banking use case that is implemented in the PoC of EKSISTENZ. In this way an integration of the techniques with a European platform is demonstrated. Some significant results were achieved in the field of biometric authentication and the insurance of the electronic signature in online contracts. The demonstrator contained two major developments:
• Usage of secondary ID to shop on a e-commerce website, by using the Where-Are-You-From server and a connection to the Morpho identity server, Morpho UI (mobile App) and use of the biometric solution with the different Level of Assurance.
• A user interface of a fake bank (YourBank), to show the working of a Web Service handling the revocation request, Connection to the Identity Manager, Notification to the ID Theft register and to the Morpho Authentication server used in the Usage of secondary ID Demonstrator.
The EKSISTENZ framework and the EKSISTENZ demonstrators has been also evaluated from the security, privacy and usability points of view. Security and privacy of the EKSISTENZ framework have been analysed, while the usability has been evaluated on the demonstrators. The main results and novelties obtained during the evaluation are:
• A common methodology for the evaluation of security and privacy.
• A methodology for the evaluation of the usability of the demonstrators.
• An extensive list of threats for the security and privacy protection.
• The evaluation of the EKSISTENZ framework security and privacy protection.
• The evaluation of the usability of the EKSISTENZ demonstrators.
• Main contributions from and to other EU projects regarding identity management.
From the evaluations, several conclusions have been derived:
• EKSISTENZ solves the threats and vulnerabilities detected in previous identity systems.
• The performance of the biometric algorithms, concerning both identification rates and throughput, are paramount for both privacy and security.
• Different research lines, mostly related with biometric technologies, are proposed for the future.
EKSISTENZ analysed also the legal framework needed to ensure secure citizen identity and make suggestions to curtail the legal uncertainty with regard to identity theft; to clarify the use and processing of biometric data both by government and private sector parties and to clarify the distinction between anonymity and identification.
In terms of criminal law measures tackling identity theft and identity fraud , the following findings and recommendations are particularly worthy of consideration: (1) EU member states have a positive obligation not only to criminalise identity theft but also to bring the identity thief to court and to restore a compromised identity; (2) Governments have to elaborate a legal framework that obliges third parties, in particular service providers, to cooperate with law enforcement; (3) Prior to taking data related to ID fraud offline, an assessment of the notified identity fraud should be made by an assessment centre with a high expertise in identification and ID fraud and this is where the EKSISTENZ project’s tools can be used to verify the identity of the person claiming to be an identity fraud victim; (4) As identity theft mostly happens online, it is often a cross-border crime, thus international cooperation is critical to tackle ID theft. The current framework is found unsatisfactory: measures in the fight against ID theft are excessively hindered by a lack of (enforcement) jurisdiction or by slow or inexistent mutual legal assistance.
In terms of recent developments in the use of biometric data for identification both from a government and private actors’ perspective, the following findings and recommendations are particularly noteworthy: (1) Three major future trends were identified in the use of biometric data: the growth of unsupervised biometric systems, accessed via mobile devices and verifying identity; the spread of ‘second-generation’ biometric technologies authenticating individuals in a clandestine manner; and the linking of biometric data with other types of ‘big data’ as part of profiling activities; (2) The General Data Protection Regulation (GDPR) has officially introduced the legal concept of ‘biometric data’ and connected it with a set of ‘graduated’ obligations in their processing, but at the same time it has failed to provide precise definitions which, in the long run, creates risk of confusion, misinterpretation and legal uncertainty; (3) Diverging practice of national data protection authorities and courts coupled with the discretion provided to Member States in the adoption of further conditions and limitations regarding the processing of biometric data, creates a risk of inconsistency and only deepens the problem of contradictory solutions; (4) The process of standardisation in biometrics could be recognised as the right way to go in order to ensure broad acceptability of existing and future biometric systems by end users. It could also incentivise vendors to create interoperable solutions that would be effectively implemented in the new environment of ‘fused’ biometric applications.
In terms of the clarification of the dichotomy between identification and anonymity , the following findings are particularly noteworthy: (1) GDPR introduced, or more precisely, clarified some concepts and encouraged a new discussion on anonymity, pseudonimity and identity in the European Union; (2) GDPR creates, even though not explicitly, a full spectrum of identifiability levels and tailors the data controllers’ obligations in accordance with the level of identifiability. As identifiability plays an ever more important role in the GDPR, it could now be regarded as a yardstick by data controllers which provides them with a practical tool for ensuring compliance in line with the purposes of data processing and the risks to the rights and freedoms of data subjects, namely de-identification; (3) De-identification, seen as a tool for reducing the identifiability of personal data and, consequently, the regulatory burden on the data controller, could offer data controllers an unprecedented power to ‘select’ the level of identifiability that is needed for the particular processing activity they are considering; (4) In order to ensure that de-identification becomes a strong tool in the hands of data controllers, the development of shared standards for de-identification should be encouraged by the regulators in the EU, taking into account recent efforts of the International Organisation for Standardisation (ISO), such as ISO/IEC CD20889, and other standardisation bodies.
In terms of the legal possibilities for a citizen to report a case of identity theft (Task 7.4) the following findings and recommendations are particularly worthy of consideration: (1) Only a few Member states have so far decided to criminalize identity-related offences with a specific provision in their laws where ID theft is defined as a crime (Finland, France, Latvia, Luxemburg, Poland, Sweden); (2) In most cases there are not any specific reporting mechanisms other than turning to the police and use general reporting mechanisms that are in place; (3) In the majority of the participating EU Member States in the survey, no specific methods are used by law enforcement institutions to investigate the identity theft so far; (4) Most of the countries have no established mechanisms to facilitate inter-institutional or international coordination on identity-related crime issues and effective gathering and sharing of identity crime information among law enforcement; (5) The “theft” of an identity or identity information is not always considered a crime, but rather it is the use made of the identity which is acquired illegitimately; (6) There do not currently exist any international legal standards in the fight against identity theft, as well as no common definition of term “identity theft” and thus a close cooperation between the different national law enforcement institutions has an important role as the Internet offers offenders the possibility to effectively conceal their identity.
EKSISTENZ studied, in an interdisciplinary manner, societal, ethical and legal aspects of identity theft; and advised EKSISTENZ in the development of technical tools to secure citizen identity. The current research stands apart from majority of privacy literature that deals with identity management and biometrics in its close interaction with actual technology design and development. This has allowed us to address the relevant technology choices in a much more detailed manner, and to advise the technology partners in their work.
EKSISTENZ mapped ID use patterns , and societal aspects of identity theft . A unique new data set was created, which covers six EU member states (AT, DE, ES, FR, IT, UK), and for comparative purposes also from the U.S.A. This data set allowed to analyse the ID use patterns, ID theft, and the views of the public on the novel forms of establishment and checking identity. It emerged from this research that 25-35% of the population of above countries has personally experienced ID theft in the last 36 months, whereas misuse of the various Internet accounts is responsible for a major share of the misuse of identity data in the above member states.
EKSISTENZ studied societal, ethical and legal aspects concerning the EKSISTENZ platform, considering both the earlier European Data Protection Law as well as the recently adopted Draft General Data Protection Regulation. More specifically, we analysed privacy and data protection requirements of the EKSISTENZ specific aspects of processing and storing biometric data in identity management in the context of national electronic identity cards and bankcards that are issued by commercial banks. EKSISTENZ analysed the requirements of a privacy impact assessment (PIA). The analysis provided criteria and core elements of a Privacy Impact Assessment/Data Protection Impact Assessment (DPIA) of EKSISTENZ in line with the requirements of the General Data Protection Regulation that could be used by data controllers to carry out a DPIA in a production environment when implementing EKSISTENZ (D9.5). It was established that DPIA is mandatory for EKSISTENZ under the GDPR. Accordingly, core elements of a data protection impact assessment of EKSISTENZ, i.e. study of context, controls, risks, and decision, were outlined. Also, clarifications were prepared for data controllers on how a full DPIA should be carried out.
Potential Impact:
The expected strategy for dissemination for such a project was developed and then implemented with the normal tools being utilised, focussed around the project website: www.eksistenz.eu We also concentrated on the evolution of the Observatory on Identity Theft and in creating a role for this within the wider eID movement. With the emergence of the eIDAS Observatory, our focus again shifted to supporting that and addressing whether a critical mass can be generated to influence the fast moving area of ID management in Europe, with its many actors and constraints. We worked towards creating a more joined-up set of networks in support of eIDAS and moving forward the eIdentity agenda whilst simultaneously opening up exploitation opportunities. Key to this was working with other initiatives such as eCRIME, ARIES, ATTPS, CREDENTIAL, DS-04-2016,EEMA, EIP SCC, EU-LISA, European Trust Foundation, FIDELITY, FUTURE ID, FUTURETRUST, INGRESS, KONFIDO, LIGHTest, ORIGINS, PORVOO Group, PRISMS, SSEDIC, STORK2.0/eIDAS Unit, TAS3, TREATS, TRUST IN DIGITAL LIFE and TURBINE.
Progress has been made with regard to liaison with standardization initiatives including the promotion of a new WG in CEN TC224 to handle standardisation for breeder documents (WG19) and contributions to MRTDs and Biometrics. Major progress was reached with 2382-37.rev1 - Harmonized Biometric Vocabulary to be published with the addition of 40 new terms, considering new data formats: 39794-16 (Full body photography) and 39794-17 (Gait representation) and work on 3rd generation of interoperable data formats: 39794-1 (Framework), 39794-4 (Finger image), 39794-5 (Face image), Finishing work on 29794-4 - Biometric sample quality - Part 4: Finger image data and approved NWIs on “testing of biometrics on mobile devices”
The academic partners published numerous papers whilst the industrial partners have integrated results into their current product offerings. For Morpho for example, specific emphasis has been on the technologies developed for usage of a software-based secondary ID on a smartphone, which is of great interest for a trusted on-line transactions use case, such as banking transfer or digital signing. MPH plans to sell products using the FIDO standard for secure authentication including results from EKSISTENZ like presentation attack detection and face matching on mobile devices. This could exploited in banking use cases. The areas which BDR see as being the most significant in terms of future exploitation are: the e-IDAS experience used on German notification, the potential for the Demonstrator to be deployed in a live environment and the Sign me portal. DPA will continue to work exploiting the results with its Latvian, Lithuanian, Estonian, Belarus, Ukrainian, Azerbaijani and Georgian clients.
Social impact on MS includes TNO continuing to focus on the Netherlands Government, as will IDP with the French Government and AGID with the Italian Government, whilst MIRL is the Latvian government. This complements the work of the industrial partners in Germany, France, UK, Latvia etc.
List of Websites:
www.eksistenz.eu