SMART ID Cards – How would it work?

The British have had ID cards before, during WWII and right up to their scrapping in 1952 – a period of 13 years. They were introduced for good reason by the National Registration Act 1939, lets take a look.

Following the bill being introduced, all British citizens were required to carry a National Registration Identity Card at all times: 
  • Purpose: The cards were used to track the population, ration supplies, and identify people who were injured or killed. 
  • Who was required to carry a card: Every person in the UK, including children, was required to carry a card. 
  • What was on the card: The card included the cardholder’s name, age, occupation, address, and military status. 
  • When were they issued: The first cards were issued on September 29, 1939, as part of a wartime census. 
  • What did the cards look like? The cards came in different colors depending on the cardholder’s age and role:
    • Children: Manila-colored cards for children under 16, and buff cards for newborns 
    • Adults: Buff cards until 1943, when green cards were issued 
    • Civil Defence: Pale blue NR107A cards with extra space for a photograph and details of the cardholder’s role 
    • Armed services: Blue cards for those in the armed services or who were temporarily displaced

Here is an image that shows what one looked like and was issued to Civil Defence and ARP (Air Raid Precautions) Wardens.

Civil Defence and ARP Warden National Identity Card from WWII

 

We are not proposing cardboard ID cards, we are also mindful that the last time ID cards attempted to be introduced they recieved considerable political and national resistance, serious and genuine concerns were raised, some of the concerns raised or discussed in the media sowed confusion and suspicion in many, this cannot be allowed to happen should we go down this road. Online data security is a serious and significant issue, fraud is costing the nation and people signifcant sums of money, voter registration and the prevention of voter fraud, mistakes and interference by external “bad actors” are all reasons for the nation to have a joined up and adult conversation on the topic of ID security.

In 2023, the UK lost £1.7 billion to fraud, whilst a 4% decrease from 2022, it is still a significant figure, however, the National Crime Agency estimates that only 13% of financial fraud is reported to Action Fraud or the Police. If this estimate is correct, that means that the true cost of fraud in the UK via identity theft and card theft is a approaching £7 billion per year.
  • Unauthorised fraud: The amount of unauthorised fraud prevented increased by 7% to £1.25 billion. 
  • Authorised push payment (APP) fraud: Losses were £459.7 million, a 5% decrease from 2022. This is down to increased security by operators of push payment systems, such a 2FA.  
  • Card ID theft: Losses were 53% higher than in 2022, and cases rose by 74%This type of fraud accounted for 14% of all payment card losses
  • 1.9 million British residents reported that their identity had been stolen and used to open fraudulent account in 2023
  • Stop ID Fraud reports that research shows that 24% of UK citizens have been a victim of identity fraud, which is the highest figure in Europe, plus a further 75% have been exposed to scams used by identity fraudsters.
  • £200 BIllion per year – that is the estimated cost of investigating and prosecuting and punishing identity theft and personal finance fraud in the UK – that is more than the NHS Budget for 2023/2024 (£171 Billion) and is around 8% (~ £2.535 Trillion) of the Gross Domestic Product (GDP) of the entire country in 2023!!
  • Just think what else this money could be spent on if we can stamp out ID theft and personal financial fraud associated with it. 

Clearly, ID fraud is and should be a serious concern for all British residents as well as the authorities, this is not a subject we can dismiss or simply play “lip service” to.

Thus, when planning any national ID card system we must first ensure that it designed to be robust, stands up to any attempt to circumvent security procedures and ensures that the system is trusted by the public and authorities alike for without public and institutional trust the system cannot function in the way the nation requires.

We are envisaging an ID Card based on the UK Driver license, it is a format everyone is familiar with, there are currently some 34.2 Million of these currently in circulation, with a further 9.1 million in circulation that are “Provisional” licenses. This is not a new concept, and many drivers actually carry their D/L with them – well the legal drivers anyway.

So what are we proposing – for discussion and investigation only at this stage.

The National ID card would replace existing Drivers Licences and would state their driver categories and information on the rear as is currently done on existing drivers license.

  • Rear of ID Card – Details of Driving elligability as is currently on the rear of drivers license.
  • Front of ID Card
    • Photo of Holder
    • First, Middle and Surname
    • Date of Birth
    • Home address
    • Driving Licence Number – these are already unique and thus would provide a handy cross reference without reinventing the wheel.
    • Hologram with high security embedded data.
    • Embedded High Security chip.
  • In the High security chip we would propopse that the following information be held – securely with 256 bit AES encryption or better -we would be led by National Security and Cryptosecurity experts on best this must be implemented to ensure security of data.
    • Digitised image of the holder.
    • Digitised image of 4 fingerprints.
    • Personal identity information
      • Eye Colour
      • Height
      • Hair Colour
      • Medical Gender (Not what you may recognise yourself as, but as a medical professional would ascribe your gender – only MALE or FEMALE are allowable. If you have medically changed your gender, it will indicate your new chosen gender.
      • Blood Type.
      • Home Address
    • The Card would have an encrypted 6 digit pin that the user would be required to enter when they recieve the ID card and it is activated, the pin would need to be a secure number that was not part of the holder birth date, NI number, NHS number or Driving Licence/ID number. It could not be 123456 nor 654321 and no two numbers could be used more than twice and not consecutively. This pin would then form the last 6 digits of the unique, one time use, “handshake” encryption key the chip would use to open communications with an ID checking terminal.

Creating a smart ID card with such extensive data poses significant challenges in terms of security, privacy, and ethical considerations. However, with proper design and implementation, the data on such a card can be made highly secure. Here’s a breakdown of how this could be achieved and the potential vulnerabilities to address:

Security Measures

  1. Encryption Standards:
    • Use industry-standard encryption algorithms like AES-256 to secure data on the card.
    • Each card should have a unique cryptographic key pair (public/private key) to ensure secure communication.
  2. Tamper-Resistant Hardware:
    • Store sensitive data in a tamper-resistant chip, such as those used in modern payment cards (e.g., EMV chips).
    • Implement physical protections like coatings that destroy the chip if tampering is detected.
  3. Biometric Authentication:
    • Require biometric verification (e.g., fingerprint or facial recognition) to access the card’s sensitive data.
    • The card should store a hashed version of biometric data to prevent direct access.
  4. Access Control:
    • Use multi-factor authentication (MFA) for high-level data access, combining:
      • Something you have (the card itself).
      • Something you know (a PIN or passcode).
      • Something you are (biometric verification).
  5. Data Segmentation and Tokenisation:
    • Partition data by access level. For example, blood group might be accessible to medical professionals, while NI numbers are restricted to government agencies.
    • Use tokenisation to replace sensitive data with non-sensitive equivalents for certain uses.
  6. Secure Communication Protocols:
    • Use protocols like TLS for any external data exchange (e.g., with government or medical systems).
    • Implement mutual authentication between the card and the reader to prevent spoofing.
  7. Regular Updates:
    • Allow firmware updates over secure channels to patch vulnerabilities.
  8. Blockchain Technology (Optional):
    • Use blockchain to record all access and modifications to the data, creating a transparent, tamper-proof log.

 

 

Preventing Illegal Access

  1. Authentication Requirements:
    • Require a PIN or biometric authentication even for offline access to non-sensitive data.
  2. Reader Security:
    • Only allow authorised readers to access the data, verified via certificates or secure tokens.
    • Disable the card if unauthorised access attempts are detected.
  3. Geofencing (Optional):
    • Restrict data access based on location (e.g., only within the UK or specific zones).
  4. Audit Logs:
    • Keep encrypted logs of every access or modification attempt, retrievable only by authorised personnel.

Preventing Data Tampering

  1. Write-Once Memory:
    • Store critical data (e.g., NI number, NHS number) in write-once memory to prevent alterations.
  2. Digital Signatures:
    • Digitally sign all data stored on the card using the issuing authority’s private key.
    • Verify these signatures before any data is accepted as valid.
  3. Version Control:
    • Maintain versioned data with cryptographic checksums to detect any unauthorised changes.

Challenges and Risks

  1. Physical Theft:
    • A lost or stolen card could be exploited if robust authentication measures are not in place.
  2. Side-Channel Attacks:
    • Attackers might exploit hardware vulnerabilities (e.g., power consumption analysis) to extract keys.
  3. Social Engineering:
    • Users or system operators could be tricked into revealing PINs or bypassing security measures.
  4. Government Overreach:
    • Centralising so much data increases the risk of misuse or abuse by unauthorised parties or government overreach – there must be secure controls in place to ensure this does not and cannot happen.
  5. Cyberattacks:
    • Centralised databases for card issuance or management could be targeted for data breaches. These would need to be made extremely secure.

 

 

How the Handshake System Works

  1. Initial Access Request:
    • When the card is accessed, it generates a temporary key pair (public/private) and sends the public key to the centralised computer over a secure channel (e.g., TLS 1.3).
  2. Key Generation and Exchange:
    • The centralised computer verifies the card’s authenticity and generates a session-specific key (e.g., a 256-bit symmetric encryption key).
    • This session key is encrypted with the card’s public key and sent back to the card.
  3. Key Storage and Use:
    • The card decrypts the session key using its private key and stores it for future use.
    • This key becomes the “current key” on the card and is required to match the next session key sent by the centralised computer for future authentication.
  4. Data Access:
    • During each access session, data is encrypted/decrypted using the session key. Only the card and the central computer can access the data because they share this key.
  5. Session Expiry:
    • The session key expires after a defined period or after a specified number of accesses.
    • A new handshake occurs for each new session, invalidating old keys and generating a new one.

 

Benefits of This System

  1. Dynamic Security:
    • Since each session uses a unique key, even if a key is compromised, it cannot be reused for future sessions.
    • Reduces the risk of replay attacks where intercepted credentials are reused by attackers.
  2. Centralised Control:
    • The centralised computer acts as the ultimate authority, ensuring only legitimate cards and users can access the data.
    • Allows for real-time monitoring and logging of all access attempts.
  3. Resilience Against Physical Attacks:
    • If a card is stolen, it cannot be accessed without a valid session key from the central computer.
    • Prevents cloning or misuse of stolen cards.
  4. Enhanced Authentication:
    • The requirement for matching session keys adds an additional layer of verification beyond standard PINs or biometrics.
  5. Protection Against Tampering:
    • Tampering with the card would invalidate the cryptographic key pair or prevent proper key exchange, rendering the card useless.

Additional Security Enhancements

  • Mutual Authentication:
    • The card should also verify the identity of the centralised computer using its certificate to prevent man-in-the-middle (MITM) attacks.
  • Hardware Root of Trust:
    • The card should contain a secure element to ensure the private key and session key cannot be extracted, even under physical attack.
  • Rate Limiting:
    • Limit the number of handshake attempts to prevent brute force attacks on session keys.
  • Outage Handling:
    • Store a limited number of pre-generated session keys securely on the card for offline scenarios, which are activated sequentially and synchronized later.

 

Challenges and Considerations

  1. Network Dependency:
    • Requires constant or frequent access to the centralised system. Offline operation would need secure fallback mechanisms.
  2. Centralised Vulnerabilities:
    • The centralised computer must be highly secure and redundant to prevent downtime or breaches.
  3. Latency:
    • Handshake processes might introduce delays, especially for large-scale deployments or high-frequency use.
  4. Scalability:
    • The system must be robust enough to handle millions of simultaneous handshakes if deployed nationally.

 

Feasibility

This approach is technically feasible and could provide excellent security. However, its success hinges on:

  • The security and resilience of the centralised computer system.
  • The adoption of tamper-resistant hardware on the card.
  • Public trust in the system’s privacy protections.

If these conditions are met, the handshake mechanism with dynamic session keys would create a secure, forward-thinking foundation for a national smart ID card system.

Node-Based Decentralisation

  1. Structure:
    • Each major city (or region) could host a node that serves as a local instance of the centralised system.
    • These nodes would be interconnected and synchronised in real-time using a distributed database system (e.g., blockchain or a distributed ledger) to ensure data consistency.
  2. Benefits:
    • Reduced Latency: Local nodes decrease the time required for card-handshaking and data verification, especially in high-traffic regions.
    • Fault Tolerance: If one node experiences downtime, other nodes can seamlessly take over without disrupting the system.
    • Load Balancing: Traffic can be distributed across nodes to prevent bottlenecks during peak usage times.
    • Geofencing and Localisation: Nodes can enforce localised access policies or support offline operations in case of temporary network outages.
  3. Security Considerations:
    • Use end-to-end encryption for inter-node communication to prevent interception.
    • Implement strong consensus mechanisms (e.g., Byzantine Fault Tolerance) to prevent rogue nodes from tampering with data.

 

AI Integration for Enhanced Security

  1. Role of AI:
    • Anomaly Detection: AI systems could analyse handshake requests in real-time to identify suspicious patterns, such as repeated access attempts from the same device or unusual geographic access.
    • Threat Prediction: Machine learning models could predict and mitigate potential threats (e.g., brute-force attacks or malware) by analysing historical data.
    • Dynamic Key Management: AI could optimise key generation and rotation schedules based on risk assessments, enhancing the randomness and security of cryptographic keys.
  2. Advantages:
    • Adaptive Security: AI can learn from new threats and dynamically adjust security protocols without manual intervention.
    • Fraud Prevention: AI could cross-reference access requests with behavioural data (e.g., typical usage patterns) to flag anomalies.
    • Scalability: AI systems can handle large volumes of requests while maintaining high accuracy in threat detection and authentication.
  3. Potential Risks:
    • Overreliance on AI: AI decision-making must be transparent and explainable to avoid unjust denial of access due to false positives.
    • Training Data Vulnerability: Poorly curated training data could lead to biases or vulnerabilities in the AI model.
    • AI-Driven Attacks: Sophisticated attackers might try to manipulate the AI system (e.g., adversarial attacks) to bypass security.

 

Technical and Operational Considerations

  1. Node Architecture:
    • Use a hybrid model with edge nodes for local operations and a central “master node” for coordination.
    • Employ distributed storage technologies like IPFS (Inter Planetary File System) to enhance data accessibility and redundancy.
  2. Synchronisation and Consensus:
    • Nodes should use consensus algorithms to ensure data integrity and consistency.
    • Employ periodic audits and cryptographic proofs to verify the correctness of distributed data.
  3. Scalability:
    • Design the system to handle millions of transactions per second (TPS) to accommodate national-scale usage.
    • Incorporate dynamic scaling to allocate resources based on demand.
  4. Regulatory Compliance:
    • Ensure compliance with privacy regulations (e.g., GDPR) by encrypting personally identifiable information (PII) and minimizing unnecessary data collection.
  5. Public Trust:
    • Transparent communication about how AI is used and robust oversight mechanisms can help build public confidence in the system.

 

Implementation Feasibility

A node-based system with AI integration is feasible but requires significant investment in infrastructure, technology, and expertise. Here’s a phased approach for implementation:

  1. Pilot Program:
    • Launch in a limited number of cities with a small-scale system to test performance and security.
  2. Incremental Rollout:
    • Gradually expand the network while refining the AI models and node synchronization processes.
  3. Public and Expert Feedback:
    • Engage the public and cybersecurity experts to identify and address concerns before full-scale deployment.
  4. Continuous Improvement:
    • Use real-world data to enhance AI models and node efficiency over time.

By combining a distributed node architecture with AI-driven security, the system would be fast, resilient, and capable of addressing modern cybersecurity challenges. This design would also future-proof the system as threats evolve.

Real-World Feasibility

While such a smart ID card is technologically feasible, ensuring its security requires a comprehensive ecosystem:

  • Secure issuance processes to prevent counterfeit cards.
  • Robust legal frameworks to prevent misuse and unauthorised access.
  • Public trust-building efforts, as such cards concentrate highly personal data.

With these measures, the card could be made secure against most current threats, but ongoing vigilance and adaptation to new vulnerabilities would remain crucial.