UBITECH successfully concluded the DOOR project (Hardware Roots of Trust as an Enabler of Trustworthiness in Digital Transactions) that empowers participating entities in the ESSIF-Framework to establish trust by providing strong verifiable evidence and assurances on the origin and integrity of the presented verifiable credentials. DOOR achieves this goal by building a trusted layer between interacting parties that is based on strong cryptographic privacy-preserving tools. In this way, DOOR can enable the handling of VCs requiring higher level of assurances locally at the holder’s wallet.
We achieve the above goal by providing a new component on the Holder side that enables the use of hardware-based keys and offers the possibility to bind Verifiable Credentials (VCs) to the wallet of the holder. This process, referred to as Device Binding, creates a differential security model by anchoring a hardware-generated secrete key to the credential. To enable this functionality we leverage Direct Anonymous Attestation (DAA) for ensuring the following properties:
– Proof of Knowledge: Proof that the wallet that produced the VC belongs to the intended holder, thus, ensuring that the presented VC really belongs to the claimed entity;
– Proof of Integrity: Proof that the holder device (where the wallet resides) has not been compromised when producing a VC or a subsequent Verifiable Presentation selectively disclosing some attributes; and,
– Proof of Unforgeability: Proof that a produced Verifiable Presentation is presented by the correct holder to whom the VC was issued.
In this way, we transfer the root of trust of the SSI ecosystem purely on the digital wallet by considering an underlying Trusted Component as part of the wallet, without making any assumptions on the trustworthiness of the other layers.
UBITECH worked together with Huawei, Germany, and Crossword Security, UK on creating a full implementation of a TPM-based Wallet that can work in any type of embedded system and mobile phone. All code is open-source and be found here.
A full demo of all DOOR artifacts can be found here.
