Securing Digital Identity: How the German National EUDI Wallet Tackles Mobile Device Vulnerabilities

The German National EUDI Wallet has introduced a comprehensive Mobile Device Vulnerability Management (MDVM) concept that addresses one of the most critical challenges in digital identity verification: ensuring the integrity and security of mobile devices used for high-assurance authentication.

The wallet system provides authentication mechanisms that can be bound to multiple identification means through public/private key pairs. When issuing credentials like the PID (Personal Identification), the Wallet Backend (WB) confirms to the Provisioning Party (PP) via OpenID4VCI Key Attestation that the keys are controlled by authentication means meeting specific security requirements. This is particularly crucial for electronic identification at assurance level high, as required by Implementing Regulation (EU) 2015/1502.

The Two Critical Assurances

The authentication means provides two fundamental assurances:

1. Protection against duplication and tampering attacks - The system protects against attackers with high attack potential attempting to compromise the key store
2. Protection against attacks on user authentication mechanisms - Ensures credentials cannot be misused by attackers with high attack potential

The first assurance can be achieved through hardware security modules (HSMs) that create and process keys in a secure environment. However, the second assurance depends entirely on the security of the user's mobile device, which presents a significant challenge.

The Mobile Device Vulnerability Challenge

Mobile devices present unique security challenges because:

• They combine possession factors (secured by the device's Hardware Key Store) and knowledge factors (entered via the device)
• The security of these factors depends on exploitable vulnerabilities in the device's Hardware Key Store or operating system
• There's no practical way to perform comprehensive vulnerability certification for mobile devices
• Historical evidence shows that relevant vulnerabilities frequently become known for mobile devices

The MDVM Solution

To address these challenges, the MDVM system provides four key functions:

1. Verify device/app security posture - Provides verified information about device integrity, authenticity, and wallet app integrity
2. Identify device class - Determines the device model, operating system version, and Hardware Key Store
3. Verify vulnerabilities for device classes - Maintains up-to-date information on relevant vulnerabilities
4. Decide on device/app usage - Prevents the use of insecure devices or apps based on security assessments

Signal Collection and Threat Mapping

The system collects various signals from multiple sources to assess device security:

Android KeyAttestation Signals

KeyAttestation provides hardware-enforced signals including:

• SecurityLevel - Identifies HKS type (TrustedEnvironment or StrongBox)
• attestationIdModel/Product/Device - Identifies device model
• osVersion/osPatchLevel - Identifies OS version and security patch level
• RootOfTrust.deviceLocked - Identifies bootloader state
• RootOfTrust.verifiedBootState - Identifies Verified Boot state
• AttestationApplicationId - Identifies app package and version

These signals help mitigate threats like device emulation, app cloning, downgrade attacks, and rooting via unlocked bootloader.

Android PlayIntegrity Verdict Signals

PlayIntegrity provides additional signals including:

• appIntegrity.appRecognitionVerdict - Whether the app is recognized as original and unmodified
• deviceIntegrity.deviceRecognitionVerdict - Device trust level (MEETS_STRONG_INTEGRITY)
• deviceIntegrity.deviceAttributes.sdkVersion - Android SDK API level
• environmentDetails.appAccessRiskVerdict - Detection of capturing or controlling apps

iOS DCDeviceCheck.AppAttest Signals

iOS provides attestation through:

• attestationObject - CBOR object proving key generation in Secure Enclave
• credentialId - 32-byte opaque identifier for the App Attest key
• assertionObject - Signature over challenge and state
• counter - Usage count for the attestation key

Runtime Application Self-Protection (RASP)

Since platform mechanisms alone cannot detect all threats, the system incorporates RASP solutions that provide:

• App Hooking/Debugging Detection - Monitors for debugger attachment and instrumentation frameworks
• App Repackaging Detection - Detects modifications to the app bundle
• App Tampering Detection - Identifies binary patches and altered code segments
• UD Rooting Detection - Detects rooting indicators and elevated OS capabilities
• UD Emulation Detection - Identifies execution in virtualized environments

Implementation Strategy

The MDVM system works by:

1. Collecting and verifying signals from platform attestations and RASP
2. Using these signals to identify the device class
3. Querying vulnerability databases to check for known vulnerabilities
4. Making decisions about whether to allow the use of keys secured by the Remote Wallet Secure Cryptographic Device (RWSCD)

If vulnerabilities are known that could compromise the user's authentication mechanism with high attack potential, the system prevents the use of RWSCD keys, ensuring the WB's confirmation to the PP remains valid.

The Bigger Picture

This sophisticated approach to mobile device vulnerability management represents a significant advancement in securing digital identity systems. By combining hardware-backed attestations, runtime protection, and continuous vulnerability monitoring, the German National EUDI Wallet creates a robust defense against the evolving threats to mobile device security.

The system acknowledges that perfect security is impossible but implements a pragmatic approach that significantly reduces risk while maintaining usability. This balance between security and practicality is essential for widespread adoption of digital identity systems.

As mobile devices continue to be the primary means of accessing digital services, solutions like the MDVM will become increasingly important in ensuring the integrity and security of our digital identities.