Leveraging Intel SGX and Hybrid Design for Secure National ID Systems
No Thumbnail Available
Date
2025-01
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
Addis Ababa University
Abstract
Globally, 1.1 billion individuals, including 21 million refugees, lack proof of legal identity,
disproportionately affecting children and women in rural areas of Asia and Africa. Without official
identification, access to essential services such as education, healthcare, banking, and public
distribution systems becomes nearly impossible. The increasing reliance on digital identity
management systems demands robust security measures to safeguard sensitive personal data.
The Modular Open-Source Identity Platform (MOSIP) is a widely adopted solution due to its
flexibility and scalability. However, protecting sensitive data during National ID enrollment,
registration, and authentication processes remains a significant challenge. Specifically, decrypting
biometric data before feature comparison in server environments exposes this data to critical
vulnerabilities, increasing the risk of potential attacks. The reliance on software-based Software
Development Kits (SDKs) for biometric matching exacerbates the issue, as these SDKs often
operate alongside other software modules, expanding the attack surface. Software-based
approaches are inherently risky due to the high likelihood of exploitable bugs, which attackers can
use to compromise data integrity or gain unauthorized access. This study addresses these security
challenges by integrating Trusted Execution Environments (TEEs) to enhance data protection
during processing. A hybrid architecture is proposed, incorporating an SGX-based solution named
SGX-BioShield to improve the security and hybrid architecture for performance enhancement. A
prototype of the proposed security solution has been developed and tested, demonstrating that
SGX-BioShield significantly reduces the risk of unauthorized access and data breaches by
isolating sensitive operations within a hardware-protected environment. Intel SGX ensures that
data remains secure even if the operating system or hypervisor is compromised. This research
contributes to the field of identity management by presenting a novel approach to securing
platforms like MOSIP. It provides practical insights into improving data security and overall
system performance through the implementation of a hybrid architecture in digital identity
systems.
Description
Keywords
Identity management systems, MOSIP, Intel SGX, SGX-Bioshield, data security, open-source software, secure enclaves, digital identity