> Some sort of public/private key repository kept by licensing authorities would be a more preferable solution to me at an initial glance.
Everyone in possession of an ICAO 9303-compliant ID card / password (so, at least everyone in Europe) already has such a thing. These cards can be read by any NFC enabled smartphone that can act as a reader, and the chips themselves can act as a a secure element capable of a range of cryptography functions.
The problem is that while ICAO 9303 is a standard to retrieve and verify the data, it's fundamentally based on the assumption that it is just used to retrieve the data written in cleartext on the card as well as the biometric data so that you can build a staff-less boarding solution for air and sea ports. It's just a read-only dump of the data, signed with a certificate from the card issuer.
We'd additionally need a standard similar to what Germany and Croatia have done that allows a person to use their computer or phone as an NFC reader "proxy" to create a digital signature against a service-provided challenge that can then be traced back to the government's PKI.
Or, to put it in SSL terms, each government has a root CA, that issues a sub-CA certificate to the card producers ("can issue certificates for #.de"), who in turn have the card provision its own public/private keypair, and then sign the card's public key to use as a sub-CA ("can issue certificates for #.person-identifier.de").
>We'd additionally need a standard similar to what Germany and Croatia have done that allows a person to use their computer or phone as an NFC reader "proxy" to create a digital signature against a service-provided challenge that can then be traced back to the government's PKI.
Why bother with NFC if the phone itself has secure enclave and a biometry check to lock it down too?
And the best part of course, the federal government of US doesn't just have a standard, but actively uses all that for quite some time, just explicitly without NFC.
> Why bother with NFC if the phone itself has secure enclave and a biometry check to lock it down too?
There have been a lot secure-enclave exploits against both Apple [1] and everyone else [2], and fingerprint readers can also be bypassed. The Secure Enclave itself has a giant attack surface and is highly complex. (That however does not stop dreams of "digital driver's licenses" and whatnot, though, but that's another question)
In contrast to that, ISO 7816 smartcard stuff has been in use for decades, and (unless it's Javacard...) a very limited complexity. It's rare to see something else other than sidechannel attacks.
Fair enough. So the attack scenario is having a rogue state-sponsored app installed on everybody's device (think tik-tok), which steals everybody's private keys ... and does what? Registers an account on coinbase to launder money? Applies for a childcare subsidy and wires the money to insert country here?
> Fair enough. So the attack scenario is having a rogue state-sponsored app installed on everybody's device (think tik-tok), which steals everybody's private keys
The German AusweisApp2 is fully open-source (to protect against the first scenario), and it might be possible to do it in a web app assuming Web NFC gets more widely supported [1].
The second scenario is protected against by the keys being provisioned on the smartcard during manufacture (or, if the user so desires, at the touchpoint where they get handed over the ID card) and being unable to be exposed, at least not without either destructive methods or side-channel attacks.
Malware can go and dump the keys from the Secure Enclave. It's just the same mechanism that pirates use to crack the Widevine decryption, just that it's the strong digital identity of a person towards a government at stake here.
Everyone in possession of an ICAO 9303-compliant ID card / password (so, at least everyone in Europe) already has such a thing. These cards can be read by any NFC enabled smartphone that can act as a reader, and the chips themselves can act as a a secure element capable of a range of cryptography functions.
The problem is that while ICAO 9303 is a standard to retrieve and verify the data, it's fundamentally based on the assumption that it is just used to retrieve the data written in cleartext on the card as well as the biometric data so that you can build a staff-less boarding solution for air and sea ports. It's just a read-only dump of the data, signed with a certificate from the card issuer.
We'd additionally need a standard similar to what Germany and Croatia have done that allows a person to use their computer or phone as an NFC reader "proxy" to create a digital signature against a service-provided challenge that can then be traced back to the government's PKI.
Or, to put it in SSL terms, each government has a root CA, that issues a sub-CA certificate to the card producers ("can issue certificates for #.de"), who in turn have the card provision its own public/private keypair, and then sign the card's public key to use as a sub-CA ("can issue certificates for #.person-identifier.de").