Introduction
This project focuses on designing and implementing a secure and privacy-preserving authentication system leveraging the principles of eIDAS 2.0 and Verifiable Credentials (VCs). The system will demonstrate how VCs, issued based on eIDAS aligned electronic identification, can be used to authenticate users to online services while minimizing data sharing and maximizing user control.
Project Objectives
The project will allow students to Understand the core concepts of eIDAS 2.0, particularly related to electronic identification and trust services; Understand the principles and specifications of Verifiable Credentials; Design and implement an authentication system using VCs; Integrate or simulate eIDAS-compliant electronic identification for VC issuance; Utilize cryptographic techniques for secure credential handling and authentication; Implement privacy-enhancing techniques, such as selective disclosure and zero-knowledge proofs (where feasible); Develop a robust and secure application with attention to potential vulnerabilities.
Project Description
The project aims to create an environment that mimics the eIDAS 2.0 ecossystem, making use of Verifiable Credentials (VCs). Additionally exploring selective disclosure capabilities. This should be achieved through the creation of simulated components of an eIDAS ecossystem. Strict compliance with eIDAS 2.0 messages and APIs is not required, but there should be some level of alignment.
The project has two delivery moments. The first delivery considers a report, with up to 10 pages, shall include:
- Identification of the specific use case for the authentication system (e.g., accessing government services, online banking, educational platforms, driving license checks).
- Design the system architecture, including user interface, backend logic, VC issuer, verifier, and data stores.
- Identification of the apropriate technologies and libraries for implementation (e.g., programming language, cryptographic libraries, VC libraries).
- Identification of the data model for the VCs and the security requirements.
- Identification of the Privacy Preserving mechanisms to implement.
The second delivery considers a report and the code for the following components:
- VC Issuer: Implement a service that can issue VCs based on (simulated or, if accessible, real) eIDAS-compliant electronic identification. This may involve also simulating a Qualified Trust Service Provider (QTSP) for issuing electronic identity credentials.
- VC Holder (User): Develop a component (e.g., a browser extension, mobile app or application) that can store and manage VCs.
- VC Verifier (Service Provider): Implement a service that can verify VCs presented by the user. It may grant access to a system, or simply present the result of the validation.
- Authentication Flow: Implement the complete authentication flow, from VC issuance to verification and authorization.
- Privacy Enhancements: Explore and implement privacy-enhancing techniques, such as selective disclosure (allowing users to share only necessary attributes) or, if time permits, investigate the use of zero-knowledge proofs for attribute verification.
Write a project report detailing the design, implementation, testing, and evaluation of the system. In this same report, include an analysis of the
Project development and delivery
This project is to be implemented by groups of $3$ students. The project can be coded in any programming language, using a Github Classroom repository as provided by your professor.
An initial report, with no more than 10 pages, must be provided with the use case, system architecture, description of the services to be implemented, general authentication flows, and APIs.
A final report, with no more than 30 pages, describing the system implemented. Such description must include the data structures stored, the structure of the messages exchanged and the message flows, the interfaces used and their parameters, some relevant implementation details (not complete copies of the code!), and the results achieved (use cases and/or captures of the system operating).
The results should demonstrate the effectiveness of the system to correctly authenticate users, while perserving their privacy.
The final report must state the percentage of effort devoted by each group member to the project.
Evaluation
TBD