4

For my class in applied information security I'm asked to find a cryptographic solution to the following problem:

The government of country X wants to simplify the process of issuing driving licenses. The idea is that the person do not need to go physically to a driving institution to pick up a card, but instead they can download something that somehow certifies that the person has been granted a driving license. The validity of such ''something'' must be verifiable by public competent authorities at any point in time, for example, when stopping a driver and asking him/her for his/her license. On the other hand, it should not be possible to issue fake licenses. What cryptographic solution would you give to this situation?

(I'm sorry if the translation is not perfect, I hope it's clear). The first thing that came to my mind was digital signatures. I was thinking that the government could have a server with a database holding all social security numbers. To generate a license, the server would pick up the corresponding ID and generate some license information from it (like type of vehicles the person is allowed to drive), let's call this string LIC(ID). Then the server would hash this info H(LIC(ID)) with SHA-3 and then it would sign it with RSA Sign under a private signing key sk, obtaining a string s = Sign( H(LIC(ID)) ), which will be the string that the person with social security number ID can download.

Now, to verify a license, a device takes the verification key and runs the verification algorithm on ( LIC(ID), s ). This can be done offline, without any interaction with the server.

Intuitively, this solution works because generating fake licenses corresponds to forging signatures, which shouldn't be possible. However, I'm a bit concerned about some practicalities of this. For example, how could I handle licenses that will become invalid at some point in time? also, what happens if the secret key gets compromised? I was thinking that maybe it is too idealistic to think on a secret string keep being secret for many years, so I thought that renewing the key pair every year or so could be a good idea because in this case we could only accept licenses signed under the latest secret key, and old licenses just would get licensed again (people would need to download the string again).

How would this be handled in real life? is there a real-life analogue situation I could take a look at? I apologize, it's clear I'm not an expert on this, but I'm just trying to learn :)

Thank you so much for your time!

Cristina
  • 124
  • 8
  • 5
    Put an expiration date in the body to be signed? Anyways, many ideas from X.509 certificates can be re-used here. – SEJPM Jul 16 '17 at 14:55
  • @SEJPM Yes! for sure, we could simply append that to the license itself, along with whatever other restriction the person has. Thank you so much for the reference, I don't remember having studied these certificates, I'm going to take a look at it right now. Anyway, I would like to assess my solution because it's the one I submitted. How does it look? what would be the problem with that? any feedback is highly appreciated :) – Cristina Jul 16 '17 at 15:02
  • 2
    There is a EU standard for driving licenses that basically copies many of the aspects of ePassports. It's not just a certificate but a collection of signed data groups (and yes, those are signed using X.509 based PKI), containing the information. This is called "document signing". You could also use document signing for, for instance, PDF documents (similar to the signed certificates given by for instance Coursera). – Maarten Bodewes Jul 16 '17 at 19:40

0 Answers0