Security Architecture of the Latvian eParaksts mobile
Date
2022
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
Tartu Ülikool
Abstract
The eParaksts mobile is a Latvian eID solution that is used for authentication and electronic signature creation with more than 187 000 users. It can be used to access government e-services in Latvia and create qualified electronic signatures with the same legal strength as handwritten signatures. Since eParaksts mobile is not an open-source solution, there is no publically available information describing the architecture of eParaksts mobile.
Therefore, in this thesis, network traffic analysis is performed to understand and describe how the authentication and electronic signature creation schemes are implemented. This analysis depicts in detail the enrollment, authentication and electronic signature creation processes and shows that eParaksts mobile has a hybrid architecture – partly device-based, partly server-based. The private key for the authentication scheme is kept on the user’s device, while the private key for signature creation is kept on an HSM on the server-side.
Additionally, a discussion of security implications emerging from the architecture of eParaksts mobile is provided. Moreover, this thesis provides a foundation for future studies of security analysis of the eParaksts mobile solution.
Description
Keywords
Authentication, cloud-based digital signature, electronic signature, eParaksts mobile, mobile eID, remote QSCD, trusted execution environment (TEE)