Improving Estonian ID card encryption scheme

Organisatsiooni nimi
Cybersecurity
Kokkuvõte
Estonian ID card provides file encryption use case, allowing to encrypt files such that only the respective cardholder can decrypt them. The recent vulnerability affecting the security of ID card private keys compromised the confidentiality of the data encrypted for the affected ID cards. The aim of the thesis is to propose technical solution that would provide forward secrecy feature for the current ID card encryption scheme, i.e., preserve the confidentiality of encrypted data even after the cardholder's private key is compromised.

The solution would involve additional trusted parties holding shares of the symmetric data encryption key, which would be dispensed after authenticating the cardholder. The confidentiality of the shares could be protected using various encryption schemes, including quantum-safe algorithms, thereby providing post-quantum security for the ID card encryption scheme. The result of the thesis should be detailed description of the protocol and the security analysis describing the threat model under which the scheme is secure. As an additional contribution, the proof-of-concept software implementation can be presented.

Links:
Technical specification of currently used file encryption scheme: https://www.id.ee/public/SK-CDOC-1.0-20120625_EN.pdf
Lõputöö kaitsmise aasta
2018-2019
Juhendaja
Arnis Paršovs
Suhtlemiskeel(ed)
inglise keel
Nõuded kandideerijale
Tase
Märksõnad
#acs

Kandideerimise kontakt

 
Nimi
Arnis Paršovs
Tel
E-mail
arnis@ut.ee
Vaata lähemalt
https://acs.cs.ut.ee/