Cryptography Reference
In-Depth Information
its validity. Note that any future relying party does not need to verify Alice's
original signature, but does have to trust the TTP. This process assumes that:
• The TTP's verification key has a longer lifetime than Alice's. On expiry of the TTP's
verification key, Alice can always ask the TTP to resign the archived signature
with its new signature key.
• No flaws are subsequently found in any of the processes or algorithms used to
generate or validate Alice's digital signature.
12.6.6
Security issues
The eID card scheme represents a relatively straightforward use of cryptography.
Its primary function is to issue citizens with smart cards that have digital
signature capability. These applications can then engage with this cryptographic
functionality in order tomeet their own security requirements. The main 'security
issues' are thus likely to arise from the specific ways in which these applications
interact with eID cards. Since the eID card scheme supports digital signatures, it is
also important to be aware of the many security issues that we discussed regarding
the use of digital signatures in Section 7.4.
The main security issues for the eID cards themselves arise from the key
management. Card issuing is a fairly complex and controlled process, since the
implications of eID cards being either fraudulently issued, or issued with incorrect
data, are potentially very serious. Certificate revocation is managed in a scalable
way and it is up to individual applications to make sure that they obtain the latest
revocation data in order to verify data signed using an eID card.
12.6.7
Design issues
The main design issues concerning the eID card scheme are as follows:
Use of public-key cryptography
. While eID cards are issued within a closed
environment, they are intended for use in open environments. Thus the use of
public-key cryptography is appropriate.
Use of publicly known algorithms
. To increase confidence and support
interoperability, the eID card scheme uses the well-respected RSA digital
signature scheme.
Use of certification hierarchies
. The eID card scheme's national reach lends itself
very naturally to a certification hierarchy, with central CAs supporting regional
registration authorities.
Specific data handling
. The eIDcard design demonstrates that in real applications
different data items may require different management. This is reflected in
the way that card data is digitally signed, which recognises that address data
normally changes much more frequently than other types of personal data.
