-
Notifications
You must be signed in to change notification settings - Fork 63
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for active authentication #62
Comments
How can we identify a passport holder exectly own this passport? Can we authenticate the public key of the passport holder in chip by using active authentication? |
Hi, |
OK, thank you |
Just found another problem about the active authentication. The length of the challenge to be signed is just 8 bytes which is not enough for most use cases. Do you have any idea about this problem? |
Hi |
I think the problem is that an attacker may be able to combine four signatures for 8 bytes. And then pass all the signatures verification step. |
Very interesting question. My guess is the following:
|
I am new to this project, so I apologize for lack of knowledge on the implementation of the authentication scheme. Without government cooperation, I understand one of the only plausible alternate means of identity verification for initial setup would be comparing the picture in the passport to the picture of the current physical owner--a verification which could likely be bypassed on many mobile devices by simply uploading images readily available on the internet, rather than taking a live picture. This issue could be mitigated if there was a means to enforce the policy that a single passport can only be registered with open passport once. Thus, the initial holder, before the passport is stolen or used by an alternate individual, could register their passport via some means that verifies it has never previously been registered. What measures are in place to ensure the physical passport can not be used by multiple individuals? Passports are most susceptible to theft or access when they are actually being used--which is the purpose of having them in the first place--so this also presents the most risk of malicious cloning. |
Correct. |
Right now, we only use passive authentication by checking the passive attestation placed by country signing authorities in the SOD file. This has a drawback: it's possible for an attacker to copy the data and generate a proof of passport without physically owning the passport anymore.
We want to support active auth and/or chip auth. See country coverage here.
The active auth pubkey is in the DG15 of the SOD file which can be easily checked like the DG1 is currently.
The FreedomTool team has worked on this in circom.
It's apparently also been done in Noir by Michael here.
See here too.
The text was updated successfully, but these errors were encountered: