|[TAKEN]Forward secrecy for Estonian ID card encryption scheme[/TAKEN]|
|Kokkuvõte||Estonian ID card provides file encryption use case, allowing to encrypt files such that only the respective cardholder can decrypt them. The recent vulnerability affecting the security of ID card private keys compromised the confidentiality of the data encrypted for the affected ID cards. The aim of the thesis is to propose technical solution that would provide forward secrecy feature for the current ID card encryption scheme, i.e., preserve the confidentiality of encrypted data even after the cardholder's private key is compromised.|
The solution would involve additional trusted parties holding shares of the symmetric data encryption key, which would be dispensed after authenticating the cardholder. The confidentiality of the shares could be protected using various encryption schemes, including quantum-safe algorithms, thereby providing post-quantum security for the ID card encryption scheme. The result of the thesis should be detailed description of the protocol and the security analysis describing the threat model under which the scheme is secure. As an additional contribution, the proof-of-concept software implementation can be presented.
Technical specification of currently used file encryption scheme: https://www.id.ee/public/SK-CDOC-1.0-20120625_EN.pdf
|Lõputöö kaitsmise aasta||2018-2019|