LiNe 6.5.24, 7.5.24, 10.5.24, 13.5.24, 14.5.24, 15.5.24, 19.9.24
Introduction
A reference implementation of the EUDI Wallet was recently published on Github .github/profile/reference-implementation.md at main · eu-digital-identity-wallet/.github · GitHub
and refers to the Reference Architecture: eudi-doc-architecture-and-reference-framework/docs/arf.md at main · eu-digital-identity-wallet/eudi-doc-architecture-and-reference-framework · GitHub
It states:
„3.1 Identification and authentication to access online services
The primary purpose of the EUDI Wallet is to offer secure identification and authentication of users at a high Level of Assurance (LoA) for both public and private online services. This essential functionality ensures that Relying Parties can confidently verify that they are interacting with the correct User.“
The architecture description uses OpenID4VP, OpenID4VCI and SIOPv2.
The security analysis respecting the requirements showed the following 7 challenges
Challenge 1 – key management
SIOPv2 requires the Relying Party (RP) to authenticate token IDs using signature verification. Referenced RFC 7515 describes the consequences of missing key management used for signing. Key management is not described, let alone implemented and validated.
Authentication deadlock?
The reference architecture requires: „authentication of users at a high Level of Assurance (LoA)“
In contrast, SIOPv2 together RFC 7515 requires: „must authenticate the origin of the key“.
Authentication requires authentication.
Challenge 2 – cryptographic agility
RFC 7515, referring to RFC 7518, also mentions another security feature of the cryptography used. „Implementers should be aware that cryptographic algorithms become weaker with time.“
Using eID and EUDI Wallet is a long-term issue. It can be expected that the performance of computers will increase during the human lifetime and there will be many innovations in cryptographic algorithms. E.g. significant changes can be expected in connection with the development of quantum computers and quantum-resistant algorithms.
Challenge 3 – Data channel binding
Both OpenID4VP and SIOPv2 describe a possible attack resulting from the lack of linking of transmitted data with the used data channel.
„To perform a Session Fixation attack, an attacker would start the process using a Verifier executed on a device under his control, capture the Authorization Request and relay it to the device of a victim.“
„A known attack in cross-device Self-Issued OP is an Authorization Request replay attack, where a victim is tricked to send a response to an Authorization Request that an RP has generated for an attacker.“
Challenge 4 - Advanced dynamic authentication
The reference architecture requires high Level of Assurance (LoA). eIDAS requires dynamic authentication starting at the Substantial level.
OpenID4VP describes the need for replay attack protection „12.1. Preventing Replay of the VP Token - Implementers of this specification MUST implement the controls as defined in this section to detect such an attack“.
SIOPv2 requires the RP (Client) to perform nonce verification and reply attack detection. But it does not describe the method of detection and leaves it to individual implementation.
Challenge 5 - Protection against copying wallet content
The keys and person identification data (PID) used must be protected against copying by an attacker. If an attacker got hold of a copy of these keys and/or PIDs, they could successfully exploit them and impersonate the victim.
The issue of protection is described only indirectly and incompletely.
Challenge 6 - Key rotation
Key security is not permanent. Therefore, the keys are used securely only for a limited time.
The period of use of the EUDI Wallet should be longer than several months, i.e. the keys used should rotate.
Challenge 7 - Replacement of EUDI Wallet hardware, redundancy
With long-term use, additional requirements arise that conflict with the requirement for copy protection and WSCD properties.
Every device sometimes becomes obsolete and is replaced by a new, more modern one. Any device can break down, be destroyed or stolen.
How is the functionality of the EUDI Wallet to be ensured even in such situations with acceptable security?
Libor Neumann
Senior Architecture Consultant
+420 724 427 724
ADUCID | Lomnickeho 1742/2a, 140 00 Prague 4 | Czech Republic
www.aducid.com | Find us on LinkedIn and Twitter
Comments