Clarification on the implications of compromised device keys for option B and D
Our questions relate to the consequences of a secure element being compromised, either the secure element in the physical card or one built into a mobile device.
We think in the ECDH model proposed in B and D that if an attacker were to compromise a single secure element they could use the device keys from that device to impersonate any German citizen? Is this assumption correct or have we misunderstood the security model?
If this is the case we're wondering:
- Would this be an acceptable risk if these credentials were used for online login or account recovery, e.g for logging into online services such as Amazon or a bank. If an attacker were to compromise a single SE, could they potentially gain access to the online accounts of any German ID holder?
- What would be the 'incident response' story if a SE was found to be compromised? Would all verifiers need to stop trusting presentations from all users until new SEs were issued?
We may well be missing a key part of the security story which addresses this risk, but we'd like to get confirmation before providing more feedback on this approach.
Thanks Lee (Google).
Edited by Lee Campbell