ENISA publishes good practices on Remote ID Proofing

Through this report, ENISA aims to enhance stakeholder awareness, facilitate risk analysis in evolving threat landscapes, and bolster trustworthiness in remote identity proofing methods (RIPD). The goal of this report is to provide an updated, inclusive view on attack techniques against RIDP mechanisms, validate the security controls proposed in the previous ENISA report for presentation attacks and provide further practical countermeasures to mitigate new types of attacks.

The purpose of this study is to build upon previous ENISA studies on RIDP and focus on new developments, security recommendations and good practices, when RIDP is used in the context of the eIDAS regulation, the 6th EU anti-money laundering directive or any other context where trust in the identity of a natural or legal person is essential.

Identity verification in Europe is undergoing a period of intense transformation. Since the COVID-19 pandemic outbreak, RIDP has been under an intense evolution; from face-to-face verification in stores to synchronous and asynchronous remote identity document and biometric verification that can also be processed automatically. The upcoming eIDAS 2.0 regulation and the introduction of the EUDIW, with the ambition that 80 % of EU citizens will make regular use of the wallet by 2030, will extend the cases requiring identity verification with a high level of assurance.

Similar developments are also taking place at the global level, with numerous efforts to design and develop decentralised digital identity wallets.

Through this report, ENISA attempts to accomplish the following strategic goals, in the domain
of trust services and electronic identification:

. to increase stakeholders’ awareness;

. to assist in the risk analysis practices in the rapidly changing threat landscape of identity
proofing;

. to contribute to the development of stronger countermeasures, enhancing the trustworthiness
and reliability of remote identity proofing (RIDP) methods.
The motivating factors to produce this report were:

. the recent developments in the attack landscape, causing concerns about the trustworthiness
of identity proofing;

. requests from various stakeholders regarding up-to-date information and guidance on
defensive good practices.

Based on the above, the scope of this report builds and expands on the 2022 ENISA report Remote Identity Proofing – Attacks & Countermeasures, in an effort to bring novel types of threats and wider ecosystem concerns to the foreground.

The information and data analysis phase, which consisted of a literature review, two surveys
and subsequent rounds of interviews, identified the following major attacks:

. biometric presentation and injection attacks against a human subject’s face;

. presentation and injection attacks against an identity document.

The report briefly examines attacks relating to identity documents that take place during the
evidence validation and information binding phase of RIDP. The two most prominent good
practices for defending identity documents were the status lookups in various identity document
registries and the scanning of the near-field communication (NFC) chip (where available).

Both practices have their own obstacles in the course of their full realisation. Many of the
identity document registries are maintained on a voluntary basis and a central, up-to-date
registry with all the latest document versions of each Member State does not currently exist.

On the other hand, while scanning the NFC chip to verify the holder´s personal information and
biometric photo could eliminate several of the synthetic attacks, it is not currently legally and
consistently permitted for private entities (trust service providers (TSPs), RIDP providers) across
the EU. The inconsistent state of NFC-reading can be thought of as a part of the wider scattered
regulatory landscape across the EU relating to the recognition of the remote nature of identity
proofing and the assurance level it can provide.

Finally, the report highlights wider concerns of the landscape, unrelated to attacks or technical
topics, but capable of affecting the secure adoption and execution of RIDP methods across the
EU.

Download – PDF document, 4.07 MB