A Holistic Approach to Enhanced Security and Privacy in Digital Health Passports
This addresses privacy and security concerns for governments and users deploying digital health passports, but appears incremental as it builds on existing cryptographic and hardware methods.
The paper tackled the privacy and security issues in digital health passports for Covid-19 by proposing a construction using distributed password-based token issuance, secret sharing, and smartphone secure hardware, resulting in a solution requiring constant asymmetric cryptographic operations and minimal communication rounds.
As governments around the world decide to deploy digital health passports as a tool to curb the spread of Covid-19, it becomes increasingly important to consider how these can be constructed with privacy-by-design. In this paper we discuss the privacy and security issues of common approaches for constructing digital health passports. We then show how to construct, and deploy, secure and private digital health passports, in a simple and efficient manner. We do so by using a protocol for distributed password-based token issuance, secret sharing and by leveraging modern smart phones' secure hardware. Our solution only requires a constant amount of asymmetric cryptographic operations and a single round of communication between the user and the party verifying the user's digital health passport, and only two rounds between the user and the server issuing the digital health passport.