Headerbild_CybersecurityBlog_Fraunhofer AISEC_Stellungnahme SSI Marian Margraf_klein

Digital identities — a statement by our expert Marian Margraf for the German Federal Parliament’s Committee on Digital Affairs

On July 4, 2022, the Committee on Digital Affairs held a public hearing on “Digital identities” at the German Federal Parliament (Bundestag). Our expert Marian Margraf, Head of Secure Systems Engineering at Fraunhofer AISEC and Professor at Freie Universität Berlin, was invited to the event. He addressed in particular the use of the self-sovereign identity (SSI) principle in current solutions, for example in mobile end devices. In addition to the challenges presented by the widespread use of digital identities, he also outlined possible solutions for electronic trust services that are both secure and socially accepted. This blog article is an abridged transcript of his statement.

In principle, I consider the implementation of the self-sovereign identity principles such as inclusion, access, transparency, security, privacy and minimization to be desirable for both digital identities and certificates. However, the solutions currently implemented are still not fully developed from a security perspective.

Criticisms of existing SSI solutions

One major criticism is the lack of distinction between digital identities and certificates (e.g., diplomas). With a digital identity, I can prove that I am Marian Margraf; with my degree certificate, I can only prove that Marian Margraf has a degree. The technical security requirements are therefore different. For example, the holder’s certificates may be copied. However, digital identities linked to the respective person must under no circumstances be copied. Furthermore, I consider the unilateral focus on blockchain technologies to be ineffective. SSI should be researched and developed following a technology-neutral approach.

Other valid criticisms of current SSI solutions are that

a) no security proofs exist for the cryptographic protocols in place;

b) services do not have to authenticate themselves to users;

c) services obtain data including additional information so that it can be proven to third parties that the data is genuine; and

d) there is hitherto no technical solution for implementing digital identities on smartphones that implements the device binding security requirement (to prevent digital identities being copied) without using a unique characteristic (a public key) that is always sent to the service.

However, users can be tracked across different services using this unique characteristic; for example, even if provider A only verifies their age, provider B is sent other identity data such as name and address. This undermines the principles of privacy and minimization.

The aforementioned problems do not exist for the online ID function introduced in 2010.

Implementation of digital identities on mobile end devices

The secure implementation of digital identities on smartphones remains a great challenge. In this respect, the German Federal Office for Information Security (BSI) has already laid the preparatory groundwork and, for example, has set out in Technical Guideline TR-03159 the security requirements for digital identities on mobile end devices that will ensure the assurance level ‘substantial’ in line with the EU eIDAS Regulation on electronic identification and trust services, which is sufficient for most use cases. Specifically, security elements that securely store cryptographic key material and that enable cryptographic algorithms to be carried out securely must be used for this purpose. These are included in most mid- to high-range smartphones and would also be installed in low-range smartphones if appropriate business models are established for smartphone manufacturers (security elements themselves are not expensive). However, it is currently difficult to predict whether smartphone manufacturers would actually allow security elements (including eSIMs) to be used for digital identities. I therefore think that it is sensible to implement digital identities on the basis of the security functions already provided on smartphones and to work with manufacturers to improve their functionality for the use of digital identities. A good example of this is the implementation of the standard for mobile driving licenses (ISO 18013-5) in Apple and Google’s smartphone operating systems.

Vulnerability management for mobile end devices

In contrast to the card-based online ID function for which only a very limited number of security elements (with the corresponding operating system and software) are used, the number of hardware and software versions for mobile end devices is significantly higher. As a result, the possibility of security vulnerabilities being introduced in the future cannot be ruled out, thereby threatening the security of digital identities implemented on mobile end devices. Vulnerability management should therefore be established for these devices, enabling the operator of the overall system to identify and evaluate security vulnerabilities and to introduce appropriate countermeasures, such as excluding individual devices from further use in serious cases.

Prerequisites for the widespread use of digital identities

German citizens will use digital identities if the respective processes are greatly simplified. However, this is also dependent on a wide range of services being available. In this respect, one driver could be the German Online Access Act (OZG), which requires the federal, state and local governments to also provide their administrative services in digital form, although its implementation is significantly delayed. Our studies in this field also support this conclusion: German citizens have a very positive attitude towards digital identities, but they criticize the lack of use cases.

Another essential prerequisite is the harmonization of regulatory requirements regarding digital identities for different sectors, for example healthcare, insurance, finance and public administration. This is the only way to ensure that a great many services can be used with a single digital identity. Harmonization also includes the unambiguous interpretation of attributes. For example, mutual recognition of authenticated digital identities under the eIDAS Regulation is legally binding for all Member States. Databases are planned for semantic definitions of individual attributes. This should be implemented not only for digital identities within the scope of eIDAS but for all digital identities and additionally where certificates are used in an SSI context (e.g., through a voluntary commitment by the solutions provider).

Early involvement of civil society

Parts of civil society are skeptical of the German federal government’s major digitalization projects, partly because the government is pursuing divergent interests. That is why, for example, the introduction of the online ID function in 2010 received a very negative response from the Chaos Computer Club (CCC). Above all, there were fears that the government could use the online ID function to spy on citizens and that it was not capable of designing a secure, privacy-friendly solution. However, critical feedback on such projects should be viewed as an opportunity to involve citizens at an early stage and improve the solution, thereby increasing overall social acceptance, particularly with a view to security and data protection issues.

The entire development process as well as subsequent maintenance and further development should therefore be completely transparent and heavily involve civil society. This means that all implementation concepts (e.g., architecture, crypto and security concepts as well as guidelines for secure software development) must be discussed with the public and made accessible to them from the very start. Proposed amendments should be evaluated and, most importantly, any rejected amendments should be clearly justified. In addition, software development should be structured as an open-source project under a suitable open-source license and the community should be invited to contribute to it. This includes the software components developed as part of the project, smartphone apps and secure element applets.

To that end, an internet portal should be provided — or existing services (e.g., GitHub or GitLab) used — on which all information on the development process, documents and software are listed and the opportunities for participation presented. A key feature of the portal would be the ability of the community to process proposed amendments to documentation and software and the public evaluation of these by project management and the community (acceptance/rejection including justification).

The aforementioned processes and open-source publication in general should meet the standards and best practices of the open-source community (see the publication strategy of the Corona-Warn-App, for example).

Author
Marian_Margraf_Blog_Autor_CybersecurityBlog Fraunhofer AISEC
Marian Margraf

Marian Margraf is a professor of information security at Freie Universität Berlin and a department head at Fraunhofer AISEC. He has more than 15 years of experience in the field of information security. He first started his IT security career as a cryptologist at the German Federal Office for Information Security (BSI), where he worked from 2003 to 2008. He then took up the position of senior government official at the German Federal Ministry of the Interior (BMI) in 2008 and contributed to developing the German federal government’s key strategies for information security. He has been a professor since 2013. His research focuses on cryptography, mobile security and information security management. Marian Margraf heads the Secure Systems Engineering department at Fraunhofer AISEC, which specializes in electronic identities, post-quantum cryptography and the development of secure IT systems as well as the increasingly important topic of usable privacy and security. He is often invited to the German Bundestag as a subject expert, educating members of parliament on different issues concerning information security.

Most Popular

Never want to miss a post?

Please submit your e-mail address to be notified about new blog posts.
 
Bitte füllen Sie das Pflichtfeld aus.
Bitte füllen Sie das Pflichtfeld aus.
Bitte füllen Sie das Pflichtfeld aus.

* Mandatory

* Mandatory

By filling out the form you accept our privacy policy.

Leave a Reply

Your email address will not be published. Required fields are marked *

Other Articles

Anomaly Detection with Quantum Machine Learning – Identifying Cybersecurity Issues in Datasets

Since the release of ChatGPT, the popularity of Machine Learning (ML) has grown immensely. Besides Natural Language Processing (NLP) anomaly detection is an important branch of data analysis whose goal is to identify observations or events that deviate from the rest of the data. At Fraunhofer AISEC, cybersecurity experts explore Quantum Machine Learning methods for anomaly detection. One approach is based on the classification of quantum matter while a second method uses a type of Quantum Support Vector Machine with a kernel that is calculated on a quantum computer. This blog post explains the fundamentals of anomaly detection and shows the two approaches being pursued by the Quantum Security Technologies group at Fraunhofer AISEC.

Read More »

Towards Automated Cloud Security Certification

Obtaining a cloud security certification requires a lot of preparation time, which mainly involves manual processes that are prone to error. In other words, several employees cannot perform their usual duties during an audit preparation. Our Clouditor tool aims to improve this process by making audit preparations more systematic and automatable. This makes it possible to continuously monitor cloud services and check their compliance with a cloud security catalog such as BSI C5[1], EUCS[2], or the CCM[3].

Read More »

gallia – An Extendable Pentesting Framework

gallia is an extendable pentesting framework with the focus on the automotive domain, developed by Fraunhofer AISEC under the Apache 2.0 license. The scope of the toolchain is conducting penetration tests from a single ECU up to whole cars. Currently, the main focus lies on the UDS interface but is not limited to it. Acting as a generic interface, the logging functionality implements reproducible tests and enables post-processing tasks.
The following blog post introduces gallia’s architecture, its plugin interface, and its intended use case. The post covers the interaction between its components and shows how gallia can be extended for other use cases.

Read More »

Android App Link Risks

Android App Links enable linking web content to mobile apps. The provided systems have been shown to have several issues, discovered by Tang et al. back in 2020, primarily link hijacking by three different means. Throughout the years there has been little information on the state of these issues, whether they were fixed and when. This post aims to provide information on exactly that.

Read More »