Aim:
The aim of this paper is to define stringent cryptographic requirements for government-issued digital IDs and provide guidelines for designing robust verifiable credential systems.
Abstract:
Verifiable Credentials have become the standard for digital credentials, with digital identity documents being one of their most critical applications. However, there is often a lack of precision and coherence in defining these credentials and their use cases. We contend that government-issued digital IDs, in particular, demand more rigorous cryptographic requirements than those typically considered in general use cases. Additionally, we explore potential cryptographic implementations to meet these security needs, focusing on the widely-used authentication protocol, AnonCreds. This comprehensive set of cryptographic requirements can guide the design, development, and analysis of verifiable credential systems.
Existing System:
The common approach to build such systems is to rely on an existing authentication protocol, which handles the cryptographic interactions between issuer, holder and verifier. We believe that any authentication system based on veri-fiable credentials aiming to offer digital IDs should fulfill at least the security properties of existing non-digital IDs. non-duplication restrain holders from creating arbitrary ID cards or valid copies of their existing ID cards, ensuring that there can only exist a unique instantiation of each ID card which was indeed provided by the issuer.
Disadvantage:
Different systems and standards might not be fully compatible with each other. This can lead to difficulties in ensuring that verifiable credentials issued by one entity can be universally accepted and verified by others, potentially limiting their usability. Such vulnerabilities can undermine the security of the entire system, leading to potential breaches and misuse of digital identities. The need to balance transparency and privacy can be difficult. Users might be concerned about how their data is used and stored, especially in systems where extensive personal information is managed. Cryptographic protocols and digital identity systems can be complex for end-users to understand and use effectively.
Proposed System:
The Aadhaar card is scanned using a scanner, and the byte data is extracted. This data is then converted and extracted. It is then matched with the user registration data. If the data matches correctly, an OTP is generated for the user and verified. This is the proposed process in the paper. Constructions based on the widely-used authentication proto-col AnonCreds do not comprehensively fulfill all proposed requirements. In our estimation, the requirements of non-duplication and repudiation seem to be particularly challenging, as they involve additional research areas like hardware security through integration of tamper-resistant hardware.
Advantage:
- Verifiable credentials are cryptographically signed by the issuer, making it impossible to forge credentials without access to the issuer’s private key.
- Credentials cannot be duplicated, ensuring that each credential is unique and tied to a specific holder.
- Verifiable credentials allow holders to disclose only the necessary information required for a specific verification process, reducing the risk of unnecessary data exposure.
- Multiple authentication attempts using the same credential cannot be linked, preventing tracking and profiling of the holder.
Reviews
There are no reviews yet.