Security analysis of RIA’s authentication service TARA

Abstract

Estonian Information System Authority (Riigi Infosüsteemi Amet - RIA) governs an authentication service called TARA. Many public sector e-services use the authentication service to authenticate users via ID-card, Mobile-ID, Smart-ID, or EU eID. The thesis aims to analyse the security of TARA, document the protocol, and analyse what could go wrong.