This is so good and important to show that these identity schemes are more about surveillance than security, as the security guarantees are limited and insufficient for any long period of time. An additional approach I might recommend for exploration would be to find the "offline mode," where it would have to re-use IVs and challenges over a short window when the app can't validate against the back end service. Other similar schemes I have seen implemented a single-use-key as a re-used limited-use-key to enable that use case.<p>The card he tested was apparently live in production, but one of the main vulnerabilities in protocols like these is in the 'personalization' stage of the setup, where each card gets a set of default 'provisioning keys,' which are used to register the card and get unique user keys for it. A sample of unpersonalized blanks would yield that, and the costs associated with mitigating this with batch specific keys for provisioning is typically too much complexity.<p>There may be a DoS vulnerability in some card schemes where you can use 'torn' NFC connections to get the key and transaction counter on the card applet to increment and desynchronize from the counter recorded on the server, bricking the card - or potentially many en masse with some SDR equipment.<p>Given the physical user enrollment costs, there are some basic impossibilities in these protocols that will always reduce their security to a set of trade-offs that depend on economics and obscurity. Security research like this acts as a check on the efficacy of totalitarian controls like digital id, and it is important work to continually demonstrate that there are risks and costs to the regimes that impose them. I am very grateful this researcher has done work to discredit this scheme.
The idea is terrible even from the first lines, relying on the hardware key attestation means giving up the id card to Google and Apple approved devices which is absolutely <i>not</i> what you want as a country.
I wonder why do they need the whole secure channel thing instead of making the card hold a client certificate and use standard mutual TLS with their backend server.
Noob question: why don't governments issue a private key to every citizen so that they can identify themselves "easily" in web forms and the like? The government would keep the corresponding public key.<p>You could go in person to any government building and request a new private key to override the previous one if needed.
I cannot understand, seriously, how we could have built a system where you have to have French documents in order to identify yourself to various services.<p>A friend's of mine dad is Polish. He is retired and worked for years in France. Now he cannot access all of his retirement data because some sites require France Connect and he does not have any French papers anymore.<p>When asked about that, France Connect's support basically replied "fuck you" (in French).<p>There must be thousands of people in his situation and yet, nobody cares.
Does anyone know why a private govtech business like Palantir doesn’t take over all these use cases? Governments are notoriously bad at tech, why isn’t there a massive private corporation catering to all these use cases and ensuring state of the art security? Instead of hiring local clowns that release half baked solutions like this.
I am far from understanding the technical details.<p>But it feels like they severly violated the rule of not running your own cryptography. If they had used TLS the MITM would have been much less likely as long as the app does not accept user-defined cerificates?