EuroPKI'11 Proceedings of the 8th European conference on Public Key Infrastructures, Services, and Applications
Hi-index | 0.00 |
BankID is a PKI-substitute widely deployed by Norwegian banks to provide digital signatures and identification on the internet. We have performed a reverse-engineering of part of the BankID system and analysed the security protocols and the implementation of certain cryptographic primitives. We have found cryptographic weaknesses that may indicate security problems, protocol flaws facilitating man-in-the-middle attacks, and implementation errors facilitating strong insider attacks. We also note that the system suffers from severe privacy problems.