Introduction to Digital Signatures

To trust that a mobile driver’s license is authentic and has not been tampered with, it needs to be digitally signed by the DMV. Due to advancements in cryptography, this type of digital signature is now possible. When the DMV issues a new mobile driver’s license, it will include a digital signature saying, “I am the DMV and I authorize this.” Other parties that will verify the driver’s licenses know what the signature looks like and in a way that there is an astronomical improbability that it can be forged.

The way this works is by using public-key infrastructure (PKI). PKI governs how digital certificates that protect sensitive data are issued, how access and identities are managed for users, devices, and applications, and enables secure end-to-end encrypted communications. This type of encryption is how many organizations today manage high-assurance security.

PKI uses asymmetric cryptography, or key-pair cryptography, which relies on mathematical computations that generate two different cryptographic keys - a public key and a private key. The private key is related to the public key, but there is an effectively impossible probability that someone with just a public key would be able to reverse engineer to figure out the private key. The public key can be used by anyone to encrypt a message for a specific recipient, but only the holder of the private key (the message recipient) can decrypt that message. Similarly, only the private key can be used to create a digital signature, and anyone who has the corresponding public key can authenticate that the digital signature was made by the private key, without knowing the private key.

PKI issues and governs digital certificates which confirm the identity and privileges of people and devices that own specific private keys and the related public keys. This allows anyone to "verify" the authenticity of who issued a digital certificate - meaning, it would be immediately clear if a mobile driver's license is issued by the State of California DMV or the State of Clafornya DMV (an imposter of the official DMV).

In practice, a DMV would have a two-layer key system. There is a root key, which must be kept extremely safe, commonly using hardware security modules (HSMs). HSMs are tamper-resistant physical hardware devices that provide security for cryptographic functions, like storing keys, performing encryption and decryption of signatures, and other cryptographic processes. These can live as standalone units on server racks or within servers, or sometimes even as small USB sticks. HSMs come with different grades in terms of the security levels provided.

The security requirements for cryptographic modules are outlined in four levels by the Federal Information Processing Standards (FIPS) Publication 140. For example, the highest level of security might have sensors to detect if the vibrations of the earth are wrong to trigger an erasure, as someone might be attempting to extract from the HSM physically. HSMs are a common security requirement for high assurance work like state-level identity, specifically requiring compliance with FIPS 140-3 to meet requirements of federal agencies, like the TSA.

The root key will make signatures to authorize additional keys, such as document signer keys, that actually make the digital signatures to issue mobile driver’s licenses on behalf of the DMV. These document signer keys are assigned a certificate signed by the root key, where the root key says, “I hereby designate this signer key a duly appointed document signer key for the DMV” and the key can then be used to issue individual driver’s licenses. A single HSM can only do so many signings per second, which means in order to scale the output of issuance to meet the concurrent demand levels of all DMV offices, there would need to be a parallelized approach with multiple HSMs running concurrently.

To keep the signer keys secure, they need to be regularly rotated. In general, the more frequently a key is used, the more dangerous it can become. Therefore, it is recommended to set short-lived document signer keys in some models and refresh them regularly, such as every thirty days, to limit the scope of a compromised document signer key.

Even with regular refreshes of signer keys, we can expect to see a new class of detection systems arise to identify fraudulent uses of mobile driver’s licenses and identity forms. Zero-knowledge systems, for example, could identify the same driver’s license was used repeatedly in a short timeframe across different geographies or jurisdictions without creating surveillance of personally identifiable information (PII). This approach would allow law enforcement to catch fraudsters in the act, without relying on the creation of a centralized tracking database of all uses of driver’s licenses, infringing on individual privacy.

Other potential fraud vectors to consider might be if DMV employees collude with an attacker. As DMV staff members, they are allowed to provision licenses and could type in the information in the wrong way. This might lead to digital identity checks requiring increased collaboration, where multiple proofs of identity are required to corroborate one’s identity when they’re asking for benefits.

Continue with the next Knowledge Base article:

Introduction to Device Binding