Resources
- Identity Use Cases & Scenarios.
- FIDIS Deliverables.
- Identity of Identity.
- Interoperability.
- Profiling.
- Forensic Implications.
- HighTechID.
- D3.1: Overview on IMS.
- D3.2: A study on PKI and biometrics.
- D3.3: Study on Mobile Identity Management.
- D3.5: Workshop on ID-Documents.
- D3.6: Study on ID Documents.
- D3.7: A Structured Collection on RFID Literature.
- D3.8: Study on protocols with respect to identity and identification – an insight on network protocols and privacy-aware communication.
- D3.9: Study on the Impact of Trusted Computing on Identity and Identity Management.
- D3.10: Biometrics in identity management.
- D3.11: Report on the Maintenance of the IMS Database.
- D3.15: Report on the Maintenance of the ISM Database.
- D3.17: Identity Management Systems – recent developments.
- D12.1: Integrated Workshop on Emerging AmI Technologies.
- D12.2: Study on Emerging AmI Technologies.
- D12.3: A Holistic Privacy Framework for RFID Applications.
- D12.4: Integrated Workshop on Emerging AmI.
- D12.5: Use cases and scenarios of emerging technologies.
- D12.6: A Study on ICT Implants.
- D12.7: Identity-related Crime in Europe – Big Problem or Big Hype?.
- D12.10: Normality Mining: Results from a Tracking Study.
- Privacy and legal-social content.
- Mobility and Identity.
- Other.
- IDIS Journal.
- FIDIS Interactive.
- Press & Events.
- In-House Journal.
- Booklets
- Identity in a Networked World.
- Identity R/Evolution.
(S2) Scenario 2: Enhanced proximity card
The Access Ultra Inc. last year has issued a new proximity card. In this system in addition to traditional authentication of the used card the reader is authenticating itself with a relatively simple reader number to the card. The card has a limited storage in which performed access procedures are stored decentralised in addition to the central access management systems’ log.
The computing centre Calculations Inc. has introduced these proximity cards six months ago. Recently internal reviews uncovered, that a secured room was accessed in an authorised way, and property (in this case several storage tapes) was removed unauthorised. Very soon the number of the access card used for the access was identified, and the corresponding user, a system administrator, was arrested. The data log from his local card was compared with the central log. At this point it became clear, that his card was not used at the time. Most likely a cloned card had been used to facilitate an unauthorised access. This later also was confirmed by witnesses and a technical analysis. The innocent administrator was released immediately.
The system was reconfigured to set up an alarm in case this card number would be reused, and the innocent administrator received a new card. Two weeks later the attacker was arrested while trying to access another room unauthorised using a cloned proximity card. He told the police that he used a mobile reader to read out the data from the administrator’s card while standing in a queue in a shop and used this data for cloning the card. He had simply followed the man when he went to work, so he knew where to try an attack. The stolen tapes were found in the attacker’s home. They were not damaged. As the content was encrypted, the attacker had not been able to abuse the stored data from the tapes.
9 / 38 |