Citizen Electronic Identities using TPM 2.0

Electronic Identification (eID) is becoming commonplace in several European countries. eID is typically used to authenticate to government e-services, but is also used for other services, such as public transit, e-banking, and physical security access control. Typical eID tokens take the form of physical smart cards, but successes in merging eID into phone operator SIM cards show that eID tokens integrated into a personal device can offer better usability compared to standalone tokens. At the same time, trusted hardware that enables secure storage and isolated processing of sensitive data have become commonplace both on PC platforms as well as mobile devices. Some time ago, the Trusted Computing Group (TCG) released the version 2.0 of the Trusted Platform Module (TPM) specification. We propose an eID architecture based on the new, rich authorization model introduced in the TCGs TPM 2.0. The goal of the design is to improve the overall security and usability compared to traditional smart card-based solutions. We also provide, to the best our knowledge, the first accessible description of the TPM 2.0 authorization model.

[1]  Tobias Mahler,et al.  Governance Models for Interoperable Electronic Identities , 2011 .

[2]  Helmut Reimer,et al.  ISSE 2013 Securing Electronic Business Processes , 2013, Springer Fachmedien Wiesbaden.

[3]  Ahmad-Reza Sadeghi,et al.  SmartTokens: Delegable Access Control with NFC-Enabled Smartphones , 2012, TRUST.

[4]  Norberto Nuno Gomes de Andrade,et al.  Electronic Identity in Europe: Legal challenges and future perspectives , 2013 .

[5]  Brian R. Richardson Uefi Secure Boot in Modern Computer Security Solutions , 2013 .

[6]  Bart De Decker,et al.  Trusted Computing to Increase Security and Privacy in eID Authentication , 2014, SEC.

[7]  Thomas Myhr Legal and organizational challenges and solutions for achieving a pan-European electronic ID solution: or I am 621216-1318, but I am also 161262-43774. Do you know who I am? , 2008, Inf. Secur. Tech. Rep..

[8]  Giles Hogben,et al.  Privacy Features: Privacy features of European eID card specifications , 2008 .

[9]  N. Asokan,et al.  The Untapped Potential of Trusted Execution Environments on Mobile Devices , 2013, IEEE Security & Privacy.

[10]  Arjen K. Lenstra,et al.  Selecting Cryptographic Key Sizes , 2000, Journal of Cryptology.

[11]  Georg Carle,et al.  Preventing identity theft with electronic identity cards and the trusted platform module , 2009, EUROSEC '09.

[12]  Rolf Lindemann,et al.  The Evolution of Authentication , 2013, ISSE.

[13]  Tarvi Martens,et al.  Electronic identity management in Estonia between market and state governance , 2010 .

[14]  Jiangtao Li,et al.  Flexible and scalable digital signatures in TPM 2.0 , 2013, CCS.