The work in the research project IT Security for Citizens (ITSCI) aims at better and more usable security. This is expected to result in technology that is easy to use for citizens with a limited knowledge of IT and computers, yet is more secure than systems typically in use today.
The project aims to solve two basic problems: first, existing hard- and softwareproducts often do not communicate security in a way that ordinary users can understand and relate to. This can degrade security because users take security-related decisions based on incomplete or wrong information.
Second, security-related solutions such as digital signature systems or netbank systems are often tied to one particular computer, and thus mobility and flexibility suffer. Also, this type of solution can often be broken by a sufficiently severe attack on only a single machine.
Today, Danish citizen can get access to a range of services in both the private and the public sector using digital signatures. While the server side of these systems is usually quite reliable, the private citizen's PC is much less secure.
ITSCI's solution to these security and mobility problems is to use a mobile unit to store a share of the key that grants access, while another share of the key is stored on the server side, and will only be used on request of the user. The mobile unit can, for instance, be a mobile phone or a PDA.
Based on this set-up, the user can generate digital signatures that follow normal standards. Yet, a stolen mobile unit cannot be used to forge signatures, nor can the server generate signatures on its own, since neither side on its own knows the private user key.
Slideshow presenting the ITSCI project (in english)
Video explaining the ITSCI project (in danish)