A Holistic Approach to Enhanced Security and Privacy in Digital Health Passports

TL;DR

This paper presents a comprehensive method for creating secure, privacy-preserving digital health passports using distributed protocols and smartphone hardware, ensuring efficiency and minimal cryptographic operations.

Contribution

It introduces a novel protocol combining distributed password-based token issuance, secret sharing, and smartphone secure hardware for privacy-preserving digital health passports.

Findings

Achieves secure passport issuance with minimal cryptographic operations.

Ensures privacy by design through distributed protocols and hardware security.

Reduces communication rounds between users and verification/issuance parties.

Abstract

As governments around the world decide to deploy digital health passports as a tool to curb the spread of Covid-19, it becomes increasingly important to consider how these can be constructed with privacy-by-design. In this paper we discuss the privacy and security issues of common approaches for constructing digital health passports. We then show how to construct, and deploy, secure and private digital health passports, in a simple and efficient manner. We do so by using a protocol for distributed password-based token issuance, secret sharing and by leveraging modern smart phones' secure hardware. Our solution only requires a constant amount of asymmetric cryptographic operations and a single round of communication between the user and the party verifying the user's digital health passport, and only two rounds between the user and the server issuing the digital health passport.