What is the best way to construct systems that give users the ability to carry Identity information in their mobile Digital communications devices?
"Around the world cellular connectivity is more ubiquitous than clean running water. " is how Phil Vachon starts his discussion of "The Identity in Everyone's Pocket" an article in the Communications of the ACM. This requires development of technology solutions for the creation, storage and verification of digital credentials in a manner that respects the user's needs and desires. This page is a summary of that article as it impacts developers of applications running in those three environments.
The goal of essential all Authentication of Identity is the Authorization of access to some resource that is important to the holder of the Credential. In the real-world a credential will have some means for identification of the user together with some attributes that are possessed by the user, such as the authority to driver a car or access state benefits.
While some folks say that their can be no digital identity, only digital identifiers, the range of credentials that can be stored on the phone will grow to the point where a large part of your identity is on your phone.
- The "Evil Maid Attack" is a house helper getting access to a computing device and cloning it. Mitigations do exist for this attack.
- Any co-resident app on the device might be able to connect to the local access point to acquire access to the user credentials as a trusted app (as it is in "localhost" origin.)
- There is always a tension between using the latest new security feature and providing support for the widest range of customers possible.
- A similar tension exists between the commerial push to sell a new product versus support for legacy systems.
- Succesful ecosystems try for a balance between support strategies for the existing communities with encouraging growth that will improve the overall health of the ecosystem as it moves into an uncertain future.
- With those tensions in mind here are some support strategies for the greatest spread of the benefit of technology for all:
- Accessibility - support for the widest possible range of human abilities.
- Some low cost solutions - support for all income groups and countries.
- Backwards compatibility - consistent with timely responses to new attack vectors - allow users to stay with their existing devices for both cost and sustainability reasons.
The issuer of the user credential will need to have the trust of both the holder and the verifier of the credential, each with very different requirements as addressed below.
The User Experience on their Smartphone of acquiring, retentions and release of the information from the credentials on their smart phone will determine the rate of adoption of any new technology. The Technology of the smartphone and its operating system will determine the limits on both the user experience and the security of the storage of the credential. While each type of smartphone will have its own working set of technologies, the three actors will all need to agree that those technologies will be appropriate to the levels of privacy, security and user experience. Likewise the application that uses those technologies will need to use them in manner that will provide real levels of security, privacy and user experience..
"The goal is simple: Make it as hard as possible for attackers to steal credentials and use them at their leisure. Let's even make it difficult for users to clone their own credentials to share with other users. In addition to this protection, let's ensure that adding extra factors such as biometric authentication provides a strong assurance of who the user is."
All modern smart phones include a Trusted Execution Environment that is either a separate TPM V1 chip or a software TPM V2 app running in the TEE that is part of the ARM hardware architecture. These TPMs will typically support signing and decryption operations within the TEE for the common FIPS approved algorithms of RSA and EC. That means that other encryption schemes, such as that used for Bitcoin can be stored hidden inside the TEE, but must be exported into the main process to run cryptographic processes.
The Relying Party adoption will determine the adoption of the technology. The reader of the data in the Smartphone may involve another human or be fully automated depending on the type of Authorization that the user is seeking.
- Phil Vachon, The Identity in Everyone's Pocket CACM 64 No. 1 (2021-01)