Breaking e-ID Unlinkability using Metadata (RESERVED)
Category: Network security
Location: Zurich / Thun / Lausanne
Contact:
Martin Burkhart
Background
The Swiss e-ID is planed to go live in December 2026 and is based on self-sovereign identity (SSI) principles. A public beta of the future Swiss E-ID is already available. Similiary, The European Union plans to introduce SSI-based solutions for the European Digital Identity (EUDI) soon.
A central privacy requirement in the Swiss e-ID is the unlinkability of subsequent anonymous credential presentations. That is, if the same e-ID is presented twice to a verifier, the verifier must not be able to correlate the presentations as originating from the same source. Of course, this makes only sense if the disclosed attributes of the credential do not allow for correlation in the first place, e.g., because the user’s name and birthdate are disclosed. For achieving unlinkablility, privacy-preserving technologies, such as BBS+ signatures and Zero-Knowledge Proofs (ZKP) are discussed. The current implementation of the Swiss e-ID is based on batch issuance of one-time keys.
When advanced crypto is advertised for achieving unlinkability, one perspective is usually neglected or considered out of scope: The role of network metadata. When a verifier service is accessed through a browser session, metadata transmitted in HTTP requests - cookies, user agent, language, screen resolution, etc. - typically allow fingerprinting the client, no matter how fancy the crypto is. Moreover, network level metadata, such as IP addresses or AS number add to the pool of identifying metadata.
Goals of Thesis
The goal of this thesis is to empirically assess the potential of metadata for breaking e-ID unlinkability. Tasks include:
- Implementation of a test setup with a custom verifier based on the e-ID generic verifier component
- Statistical analysis of different metadata elements and their potential for uniqueness
- Analysis of simple countermeasures, e.g. using a privacy-aware browser such as Brave, private browsing modes, disabling Javascript, overriding settings etc.
- Analysis of network-level countermeasures, e.g., accessing the verifier through the TOR network
- What if the issuer and verifier collude to actively break unlinkability? Could they establish a channel using steganography?
The findings and countermeasures should be discussed with regard to effectiveness and applicability in everday life. For instance, are users free to choose a browser, modify browser settings or use TOR from their enterprise work places? When considering the high complexity and costs of cryptographic solutions, would countermeasures against metadata analysis provide a cheaper and more effective solution?
Requirements
- Interest in self-sovereign identity solutions
- Background on cryptography
- Implementation skills
- Knowledge of network protocols (IP, TCP, HTTP).