Security of Estonian ID card software distribution and update mechanisms
Organization
Cybersecurity
Abstract
As of 2019, the Estonian ID card software is used in approximately 600 000 computers, therefore the security of the software is of great importance to Estonian society.
From the security perspective, it is important to not only ensure that the software has no flaws, but to also ensure the security of the process by which the software is delivered to the end-user's computer.
The aim of this work is to study the security of the ID card software distribution and update mechanisms.
Possible research questions:
- What are the most popular channels from which the ID card software is installed?
- What security measures are used to provide integrity and authenticity of installation files?
- What update mechanisms are provided and how do they work?
-- How frequently are automatic updates checked?
-- How is the integrity and authenticity for updates provided?
-- Are downgrade attacks possible?
-- Is there a kill switch functionality? How does it work?
-- What update mechanisms have been historically used over the years?
From the security perspective, it is important to not only ensure that the software has no flaws, but to also ensure the security of the process by which the software is delivered to the end-user's computer.
The aim of this work is to study the security of the ID card software distribution and update mechanisms.
Possible research questions:
- What are the most popular channels from which the ID card software is installed?
- What security measures are used to provide integrity and authenticity of installation files?
- What update mechanisms are provided and how do they work?
-- How frequently are automatic updates checked?
-- How is the integrity and authenticity for updates provided?
-- Are downgrade attacks possible?
-- Is there a kill switch functionality? How does it work?
-- What update mechanisms have been historically used over the years?
Graduation Theses defence year
2019-2020
Supervisor
Arnis Paršovs
Spoken language (s)
English
Requirements for candidates
Level
Keywords
Application of contact
Name
Arnis Paršovs
Phone
E-mail
See more