Experimental Integration of the Smart-ID Service Into Intel SGX Enclaves

Abstract

Privacy-preserving services are becoming increasingly important as they allow untrusted remote servers to process sensitive information while preserving the privacy of that information. To ensure the security and privacy of such services, strong authentication mechanisms based on public-key cryptography are required instead of password-based authentication. While there are several standardized authentication services available, such as Smart-ID and mobile-ID, they are not yet integrated with Sharemind HI, a development platform for privacy-preserving services. This thesis aims to address this gap by developing a proof-of-concept service that runs in a trusted execution environment and authenticates users using the Smart-ID service provider. By leveraging the existing public-key infrastructure, the proposed service would allow for the development of privacy-preserving applications on a national scale where sensitive data remains secure from remote untrusted servers and administrators. To achieve this goal, the prototype was developed on the Sharemind HI platform, which simplifies the development of privacy-preserving applications and is based on the Intel SGX platform. The prototype demonstrates the feasibility of securely communicating with the Smart-ID service provider from a trusted execution environment and integrating Smart-ID authentication into the Sharemind HI platform. However, further work is required to optimize the prototype in terms of time and space and to develop a scalable solution for integrating external authentication providers without adding unnecessary complexity to the core modules.