Leveraging Intel SGX and Hybrid Design for Secure National ID Systems

No Thumbnail Available

Date

2025-01

Journal Title

Journal ISSN

Volume Title

Publisher

Addis Ababa University

Abstract

Globally, 1.1 billion individuals, including 21 million refugees, lack proof of legal identity, disproportionately affecting children and women in rural areas of Asia and Africa. Without official identification, access to essential services such as education, healthcare, banking, and public distribution systems becomes nearly impossible. The increasing reliance on digital identity management systems demands robust security measures to safeguard sensitive personal data. The Modular Open-Source Identity Platform (MOSIP) is a widely adopted solution due to its flexibility and scalability. However, protecting sensitive data during National ID enrollment, registration, and authentication processes remains a significant challenge. Specifically, decrypting biometric data before feature comparison in server environments exposes this data to critical vulnerabilities, increasing the risk of potential attacks. The reliance on software-based Software Development Kits (SDKs) for biometric matching exacerbates the issue, as these SDKs often operate alongside other software modules, expanding the attack surface. Software-based approaches are inherently risky due to the high likelihood of exploitable bugs, which attackers can use to compromise data integrity or gain unauthorized access. This study addresses these security challenges by integrating Trusted Execution Environments (TEEs) to enhance data protection during processing. A hybrid architecture is proposed, incorporating an SGX-based solution named SGX-BioShield to improve the security and hybrid architecture for performance enhancement. A prototype of the proposed security solution has been developed and tested, demonstrating that SGX-BioShield significantly reduces the risk of unauthorized access and data breaches by isolating sensitive operations within a hardware-protected environment. Intel SGX ensures that data remains secure even if the operating system or hypervisor is compromised. This research contributes to the field of identity management by presenting a novel approach to securing platforms like MOSIP. It provides practical insights into improving data security and overall system performance through the implementation of a hybrid architecture in digital identity systems.

Description

Keywords

Identity management systems, MOSIP, Intel SGX, SGX-Bioshield, data security, open-source software, secure enclaves, digital identity

Citation