Authentication on Android using platform authentication methods

[justinbrickell]

The ARF describes when users must authenticate using “user authentication mechanisms” but says very little about what these mechanisms are. Many EUDI wallets for the Android platform will use a “Local WSCD” (described in Section 4.3) and when that WSCD architecture is chosen, by necessity the user authentication mechanism will be the Android device unlock (either a class-3 biometric, or the “lock screen knowledge factor” (LSKF))

We would like to suggest 3 ARF edits that will make this more clear.

Edit 1: Section 4.3

Original text:

Local Wallet Secure Cryptographic Device (Local WSCD): This architecture refers to a scenario where the Wallet Secure Cryptographic Device is integrated directly within the User's device. This includes solutions like eSIM/eUICC and eSE. In these scenarios, the WSCA (e.g., a Java Card applet) might be deployed by the Wallet Provider. Other examples are based on native solutions, such as StrongBox (Google) and SecureEnclave (Apple), in which access to the WSCD is facilitated via the operating system of the User device.

Proposed new text:

Local Wallet Secure Cryptographic Device (Local WSCD): This architecture refers to a scenario where the Wallet Secure Cryptographic Device is integrated directly within the User's device. This includes solutions like eSIM/eUICC and eSE. In these scenarios, the WSCA (e.g., a Java Card applet) might be deployed by the Wallet Provider. Other examples are based on native solutions, such as StrongBox (Google) and SecureEnclave (Apple), in which the user authentication mechanism to access the WSCD is facilitated via the operating system of the User device.

Purpose of change: Makes it more clear that when a WSCD is used, the operating system itself is responsible for the user authentication mechanism.

Edit 2: Section 6.5.3

Original text:

The Wallet Instance requests the User to set up a User authentication mechanism. User authentication is necessary when (or before) the Wallet Instance asks the User for approval to present some attributes to a Relying Party, see section 6.6.3.4. User authentication can be done by the Wallet Instance itself or by the WSCD. The latter is required before the WSCD performs any operations with cryptographic keys belonging to the Wallet Instance or to a PID or to an attestation.

Proposed new text:

The Wallet Instance requests the User to set up a User authentication mechanism. User authentication is necessary when (or before) the Wallet Instance asks the User for approval to present some attributes to a Relying Party, see section 6.6.3.4. User authentication is done can be done by the Wallet Instance itself or by the WSCD. The latter is required before the WSCD performs any operations with cryptographic keys belonging to the Wallet Instance or to a PID or to an attestation.

Purpose of change: Makes it clear that user authentication is always the responsibility of the WSCD. User authentication performed outside of the WSCD cannot be trusted as it is done outside of the secure area

Edit 3: Section 4.2

Original text:

• Wallet Secure Cryptographic Device (WSCD): This is trusted hardware providing a secure environment and storage for cryptographic assets (such as keys) and for running the WSCA. This includes the keystore but also the environment where the security-critical functions are executed. The WSCD is tamper-proof and duplication-proof. One WSCD may be used by multiple Wallet Instances, e.g. in case of an HSM. The WSCD consists of two parts: the WSCD hardware covers the hardware issued by the WSCD vendor and the WSCD firmware covers security-related software, such as operating system and cryptographic libraries provided by the WSCD vendor.
• Wallet Secure Cryptographic Application (WSCA): This is the secure application running on and utilizing the WSCD. One WSCA is associated with at most one Wallet Instance, and manages assets, such as keys, for this specific Wallet Instance.

Proposed new text:

• Wallet Secure Cryptographic Device (WSCD): This is trusted hardware providing a secure environment and storage for cryptographic assets (such as keys) and for running the WSCA. This includes the keystore but also the environment where the security-critical functions are executed. The WSCD is tamper-proof and duplication-proof. One WSCD may be used by multiple Wallet Instances, e.g. in case of an HSM. The WSCD consists of two parts: the WSCD hardware covers the hardware issued by the WSCD vendor and the WSCD firmware covers security-related software, such as operating system and cryptographic libraries provided by the WSCD vendor.
• Wallet Secure Cryptographic Application (WSCA): This is the secure application running on and utilizing the WSCD. One WSCA is associated with at most one Wallet Instance, and manages assets, such as keys, for this specific Wallet Instance.

Purpose of change: The separation between WSCD and WSCA doesn’t map very well to the reality of an Android keystore. The Android Strongbox consists of both the secure element hardware and an applet running on it; it is therefore both a WSCD and a WSCA in one. However, the same applet is used for all applications on the device, so the sentence “One WSCA is associated with at most one Wallet Instance, and manages assets, such as keys, for this specific Wallet Instance.” does not make sense. We believe that getting rid of the WSCA concept and simply referring to the secure area as a WSCD (that can have many different architecture choices) will make the ARF easier to understand and to map to devices in the market today.

[ad-Orange]

Hello, I agree with all changes for the exact reasons you mention except for Edit 2. For edit 2, instead of “is done by the WSCD”, I would write “must include the WSCD”. The justification of that is schemes like BBS# that combine WSCD “classic” signature (like ECDSA, ECSDSA) with an additional processing on the wallet instance side. Of course the private key used in the WSCD never leaves it, even in the BBS# kind of case. One could argue that if the processing on the wallet instance side is done by e.g. the keystore, then we’re looking at some kind of “multi-WSCD” processing but I think the depiction of it as a joint processing between the WSCD and the wallet instance is already good enough.

[sander]

Re: 2, note that the user authentication mechanism may have two purposes:

• Protecting access to data on the Wallet Instance, e.g. by making available a key locally for decrypting attribute values;
• Protecting a document’s device binding key, e.g. by authorising the creation of a signature.

A Wallet Solution may use a (remote or local) WSCD for the second, and local OS functionality for the first. In such a case, the user authentication mechanism set up in § 6.5.3 seems to be about the first (e.g. face recognition), after which another user authentication mechanism must be applied in case of LoA High attributes (e.g. PIN entry on a WSCD).

---

Re: 3, the WSCA seems to be a useful abstraction for remote HSM-based WSCD solutions. Typically, the HSM is already an EAL4+ certified device, which will host or remotely be connected to a client application providing multi-tenant WSCA services, which may be validated at a lower assurance level.

In the Strongbox case, the WSCA would be the SE applet. Since the SE is used as a possession factor for user authentication, it must be used only by a single EU Digital Identity. This does not preclude using the Strongbox for non-EUDI applications.

---

For the edit suggested by @ad-Orange, see also https://github.com/eu-digital-identity-wallet/eudi-doc-architecture-and-reference-framework/issues/283.

[ad-Orange]

Re 2, I agree with the remark of @sander. The sentence « The latter is required before the WSCD performs any operations with cryptographic keys belonging to the Wallet Instance or to a PID or to an attestation. » would make it somehow clear that it refers to the second case but I agree that it’s not explicit and probably should be for the reasons mentioned.

re 3, I don’t see why the WSCA shouldn’t be certified at a high level like the WSCD.