April 2017

Secure storage of mobile ID credentials

By Dr. Frank-Michael Kamm, Giesecke & Devrient GmbH, LIGHTest WP7

The usage of mobile identity credentials is subject to several practical challenges in the highly diverse mobile device market. Besides the initial user identification and the actual ID derivation process the secure storage of (derived) ID credentials on the mobile device is an essential building block of the overall system security and the achievable trust level. As an example, the eIDAS regulation refers to  the resistance against a certain attack potential for the strong authentication in order to reach one of the three eIDAS levels of assurance. As the different storage options for ID credentials on a mobile device range from software-only solutions to TEE-based solutions and hardware-backed solutions, the attack potential and thus the achievable level of assurance strongly depends on the type of environment that is available on the device.

In addition, it is essential for the relying party to assess the overall level of assurance of a mobile ID and thus to know and validate the strength of authentication and the type of authenticator used. Fortunately, there are strong authentication schemes available that already incorporate an attestation scheme which provides a cryptographic assertion about the type of authenticator. The FIDO strong authentication scheme is a good example. By knowing the authenticator that was used the relying party implicitly knows the security level of credential storage that was available on the mobile device. In conjunction with the LIGHTest infrastructure a relying part could then query the corresponding trust domain for information about the level of assurance that can be reached with this authenticator. Due to the flexibility of the LIGHTest solution these trust domains could be hierarchical and could be based on a combination of regional and industry sector domains. As an example, the national banking association in one of the EU member states could create an own domain for financial transactions in this member state and could publish the list of acceptable authenticators within the LIGHTest infrastructure.

The LIGHTest project currently addresses these challenges by looking at how to integrate the FIDO strong authentication scheme into a mobile ID solution that allows for trust propagation from the ID issuer to the relying party. The project also looks at the various security environments on mobile devices, the challenge to handle the large diversity of these environments, and ways to improve the security especially of software-based environments even further.