Fuse PKI

The pandemic has proven the need for more remote interactions with legal consequences, such as signing contracts, participating in tenders, requesting official documents, or accessing personal data maintained by the government.

E-Governance initiatives solve this need by implementing digital identity with various success in adoption and various levels of security. Non-secure solutions are more easily adopted by users, while PKI solutions based on hardware devices, such as cryptography tokens or SIM cards, offer strong security, but have higher costs and distribution problems.

We propose a solution that maintains the security of PKI but eliminates the need for hardware devices and physical contacts for enrollment. Using advanced cryptography techniques, the solution enables users to control their part of the private key in a secure manner. The other part is kept by the server and they are fused for higher security.

PKI-based solutions have been proven to be secure.

Besides technical complexity, the most common issues with PKI is that practical implementation requires physical handover of the PKI device, such as a smart card, USB stick (which come with cumbersome drivers and additional software) or a special purpose SIM card that can securely store the private key of the user. These devices come with relatively high price tags and distribution costs.

Software solutions that do not involve a hardware device for private key storage and can be used offline (i.e. without any online trust verification) do not guarantee the same level of security as special hardware does, as they are susceptible to private key cloning and offline PIN guessing without user awareness.

In contrast, the proposed solution is seen by the user as a simple mobile or desktop application that the user controls. This app generates and stores only a part of the private key, thus alleviating the risks of private key attacks. The other part of the private key is stored on the server, ensuring identity verification, PIN locking, certificate revocation and other advanced security features.

The solution can be deployed at various levels, from clients of a bank to residents of a country. Being deployed at a national level and having the appropriate legal mandate, especially if based on foundational ID data, the solution significantly simplifies the implementation of Digital Identity, which is one of the main pillars of a country-wide e-Government implementation.

A cost-effective solution for digital identity is very important, as is it the basis for all electronic interactions of the citizens with the public sector (such as requesting information, documents, registering a company and requesting a license) and the private sector (from opening a bank account to signing contracts, invoices, transfers and leave requests).

This conclusion is based on our extensive experience in implementing e-Government for over 10 years in various sectors and at national level, including platform-level services, such as authentication, digital signature, payment, notifications, etc.

Having secure PKI-based a solution that concentrates the complexity, expertise and costs in one place, while enabling a cost-effective remote enrollment for users, provides an easy-to-use infrastructure for digital identity with less compromises. The level of provided security matches the requirements of advanced qualified signatures, as seen by European eIDAS Regulation.

Without the need for a device, remote enrollment eliminates travel costs, distribution centers and requires no physical contact. For enrollment, just need a foundational ID and a smartphone or desktop computer with an internet connection.

Based on proven cryptography techniques, the basic idea of the solution is that the effective private key is not actually materialized in any place at any point in time.

The effective private key is a composite of 2 RSA key pairs, generated separately and safely stored in 3 places:

• App key pair - generated by the app installed on user's device during enrollment. The private key is then split into:
  • device share of the app private key, stored only on user's device, encrypted using a PIN that cannot be compromised using offline attacks
  • server share of the app private key, stored in encrypted form on server-side and combined on demand with device share of the app private key for identity verification
• Server key pair - generated and securely stored by an HSM and used for applying digital signatures after user verification.

Any use of the private key requires the participation of both sides, app (meaning user awareness) and server. This enables key locking (in case of insuccessive attempts), certificate revocation check during use and other techniques for improved security.

Resulting signature verification uses standard RSA algorithm and is based on the effective public key, which is computed as a combination of 2 public keys and certified using traditional certificate authority procedures. These can be easily combined with blockchain technologies to improve data integrity on CA side.

The proposed solution is independently implemented at the level of proof-of-concept by the authors of this submission and based on publicly available information.

While being in a proof-of-concept phase, the mathematics of the proposed solution are sound and technically proven based on well-known theorems and algorithms, particularly the RSA algorithm (for keys generation and signature verification), Fermat's little theorem, Bezout's identity, Chinese remainder theorem, Extended Euclidean algorithm and basic modular arithmetic.

We have implemented all required parts of the solution and have proven it's correctness by running an extensive set of tests.

The proof-of-concept includes a mobile application in Xamarin Forms (tested only on Android) and an ASP.NET Core site that exposes the mobile backend and demo functionality of enrollment, authentification, signature application and verification.

The solution is hosted on Azure and uses Azure KeyVault as HSM backend. This integration is easily swappable.

The solution uses BigInteger arithmetic, crypto-random number generation and SHA-256 available in .NET, along with standard RSA keys generation functions.

Remote user identification and verification is currently based on human operator that has access to national registry of citizens (i.e. foundational ID), including its latest documents and pictures.

For full remote enrollment, the solution will be enhanced by well-known KYC procedures, using available AI services applied on recorded video for face verification, head pose analysis and voice recognition, including enrollment time verification. After automated pre-verification, a human operator might review all the materials before final approval.

Our strategy is:

• Implement a cost-efficient, secure and easy-to-use digital identity
• So that citizens massivelly adopt digital identity to use it for digital authentication and signatures
• So that citizens use more public and private digital services, including remote interactions
• So that citizens are aware of advantages of ditigal economy
• So that citizens get more social inclusion and the economy flourish
• So that citizens demand even more digital services.

Marginalized or vulnerable groups, such as people living far away from cities or people that have their travel limited due to financial or movement constrains, can easily enroll remotely. There is no need to open registration offices in all regions to implement the solution.

The solution is also applicable to contexts in which people don't have enough trust in private or government bodies, as there is less trust needed to be granted compared to solutions that lean on protecting private keys by servers that under supervision and protection of such a body.

From the user point of view, the solution is quite friendly.

Users install a mobile app and register their identity key by passing a KYC procedure and setting up a PIN, which shall not take more than 30 minutes in total. When authenticating or applying a signature, users will receive a notification on the phone, unlock it, review the request, and enter the PIN to finalize the transaction.

The solution uses existing standard RSA key generation and SHA-256 implementations, implements standard RSASSA-PKCS1-v1_5 algorithm, while resulting signatures can be verified by using standard RSASSA-PKCS1-v1_5 verification procedure.

The solution can integrate any Hardware Security Module (HSM) using PKCS#11 API or can use a HSM SaaS solution, such as Azure KeyVault (as implemented in PoC). 

The solution can be integrated with any off-the-shelf Certification Authority and Timestamping Authority, that would expose standard implementation of Certificate Revocation List (CRL), Online Certificate Status Protocol (OCSP) and Time Stamp Protocol (TSP).

Being based on RSA, the solution can produce standard signatures in XAdES, CAdES and PAdES formats. The solution is combinable with application-level protocols for authentication (such as SAML and OICD) and digital signature (such as DSS).

It is important to note that, being an all software-based cryptography solution on user's side, it is quite easy to replace or improve the used algorithms via a simple software update. As an example, we would replace the RSA with a post-quantum cryptography algorithm when appropriate.

In conclusion, the solution is pretty much integrated in related open standards landscape.

While, during a secure remote enrollment (KYC), there is a need for somewhat better connectivity to upload photos or video recording, the solution does not require high bandwidth during usage, as user's device must retrieve and sign only the digital thumbprint (SHA-256 hash) of the document or data that is signed.

With remote enrollment and no hardware device distribution requirement, there is no need to travel, thus applicable to places with general lack of infrastructure such as reliable roads in rural areas and regions with difficult terrain. It is enough to establish a single operational center to deploy the solution in a country. This lowers the costs and significantly simplifies the implementation.

Additionally, high computer literacy is not required. From user perspective, there is no need to have card readers (as is the case of digital ID cards or smartcards) or install special software drivers except the actual app from a standard app store (Google Play, Apple App Store or Microsoft Store). The app is simple to use, as basically users have to only initiate the enrollment, pass the KYC procedure and enter a PIN (during enrollment, authentication and signature).

Being at proof-of-concept phase, the solution is not currently used in real deployments.

After it's implementation and integration with governmental services (MPass and MSign), the solution is expected to be used by the majority of current digital signature users in Republic of Moldova, i.e. 250K users. Remote enrollment and the elimination of the need for distribution centers, resulting in lower costs (potentially even free if backed up financially by the Government) and better use experience, shall lead to higher digital signature adoption, resulting in up to 2.5M users.

The solution is quite scalable, as the processing power and networking requirements are relatively low and scalable too. Additional instances of components (app server, CA read-only copies, HSM devices) can be added when needed.

We envision the potential to deploy the solution in other countries as well, based on usage level or maintenance contracts.

Our goal is to finish the implementation of the solution, with fully-fledged off-the-shelf CA and HSM(s), develop regulatory and procedural documents, establish an operational center and pass the required national accreditation for a qualified digital signature.

Having the accreditation, the solution can easily be integrated with single sign-on (MPass) and digital signature (MSign) services. This will ensure visibility and uptake, as MPass and MSign already integrate with around a hundred most important public and some private services. The solution will be used as another alternative instrument, without any impact to integrated services. Because of easy-of-use and cost efficiency, we think this instrument will outperform the existing ones (national electronic ID, digital signature on USB sticks and mobile signature).

Having a proven home country implementation in 12 to 24 months, we are open and willing to implement this solution in other countries, such as Africa and Central Asia, where we have some connections and potential partners for implementation.

Currently, with appropiate financial support and giving it 12 to 24 months, there are no barriers that would trouble the final implementation of the solution. We are pretty sure that, having the working solution, we will easily get the national accreditation and integrate it with other services to get a high uptake.

I am currently employed by e-Governace Agency of Moldova as Enterprise Architect. Having implemented MPass and MSign, I clearly understand how this new technology can be rolled out in real world, first as an alternative to existing digital instrument with potential to become mainstream.

The research, mathematical validation and proof-of-concept was developed by myself in my spare time during the last year.

Although the proof-of-concept was developed by myself, a real implementation would require the involvment of minimum 2 other developers.

Working at e-Governance Agency of Moldova, we understand the needs and the required steps to implement it, including legal and regulatory changes needed to be in place to get this solution implemented at national level.

We developed and operate national platform-level authentication and authorization service called MPass (from 2012) and digital signature service called MSign (from 2013). They integrate multiple instruments for authentication and digital signature. While grown to more than 2 million transactions per month generated by around 200.000 digital signature owners (Moldova having 3.5 million population in total), existing instruments have multiple disadvantages that the proposed solution addresses.

This solution would easily integrate into those national services as another instrument along the others already available there without any impact to the services that are using them. This would allow residents of Republic of Moldova to easily switch from mobile signature, national electronic ID or digital signatures on USB sticks to the new instrument without losing any service accessibility.

From technical point of view, this solution is easily implementable in other countries or a private sector. Regulatory changes might be required to empower it with legal binding at national level, especially in countries which don't have laws related to digital signatures. Private sector, such as banks or  credit companies can implement it to add strong security to their customer accounts, including protecting from internal frauds.

We are currently discussing with Dekart, a company based in Republic of Moldova, experienced in delivering solutions related to PKI. This partner might be involved to provide standard and time-tested packages for CA and HSM components.

The solution primary target is national scale implementations. Thus the initiative shall be financially backed by the central Government, as it is the case in Republic of Moldova. We plan to implement the solution in home country via e-Governance Agency with capital expenses covered by a donor and operational expense by the Government.

Capital expenses include establishing legal and regulatory framework, acquiring on-premise hardware (HSMs) and deploying software and trainings. These shall total between $150K - $250K (excluding collateral expenses).

Operational expenses involve maintaining an operational office and call center staff that would offer support and enrollment validations. We estimate that an enrollment validation shall take under 5 minutes for an operator.

The operational expenses in a country not backed up financially by the Government could be covered by a relatively small fee for enrollment and re-enrollment (for cases when users loose their phone and app backup). This fee can be calculated by dividing total estimated operational expenses to the number of estimated enrollments during a selected number of years.

Having the proof-of-concept, we plan to raise investment capital from traditional funders of e-Governance initiatives in Republic of Moldova, such as World Bank, USAID, UNDP, etc.

To complete the solution implementation, at least one real HSM device and at least a MacBook and iPhone is required for iOS builds.

We estimate that this requires under $50K.

A fully-fledged solution requires at least 2 HSMs and hosting expenses, that shall total under $100K for the following 2 years.

Having the appropriate funds, we will continue to the full development of the technical solution and implement it first in Republic of Moldova. This will also involve defining clear procedures, establishing an operational center, and passing the national accreditation as qualified signature provider. We estimate this to take between 12 and 24 months, including the integration with existing single sign-on (MPass) and digital signature (MSign) services.

Having a proven solution, we are open and willing to implement the solution in other countries.

To implement this solution in other countries, we need strong business model and marketing support.