Electronic Identity Documents Security During the Document Transfer Phase
DOI:
https://doi.org/10.64915/RADAP.2025.102.%25pKeywords:
electronic identification, eID, eMRTD, mDL, security, PQC, data security, cyber threatsAbstract
The subject matter of the article is security of electronic documents. Electronic documents security importance rises with the creation of new international standards for electronic identification (eID) and their adoption across the world. The eID security is crucial for both citizens and the government to ensure mutual trust and provide confidentiality, integrity and availability. Previous researches provide either a too general view on eID security without a required level of technical details, or analyze deeply a single specific domestic solution that doesn’t have worldwide interoperability. The goal is to evaluate security for the main electronic documents implementations compliant with the international standards, perform their comparative analysis, and provide security improvements.
The tasks to be solved are to provide the eID security evaluation framework for assessing and comparing different implementation options of electronic identification solutions. Electronic identification security was analyzed only in the document transfer phase, and security targets like the holder documents storage authentication, the eavesdropping avoidance, the document cloning prevention, and verifier authentication were considered. The Electronic Machine Readable Travel Document (eMRTD), according to the ICAO Doc 9303, and the Mobile Driver License (mDL), according to the ISO/IEC 18013-5, solutions' security were analyzed. The main used method is a comparative analysis. Comparative analysis was provided for these implementation options to illustrate differences in reaching the same security targets, evaluate the overall security level, and emphasize existing trade-offs. The following results were obtained: security improvements were proposed to mitigate security threats like post-quantum cryptography attacks, attacks on the Diffie-Hellman key exchange, and hash collision attacks. Conclusions: Study findings can be used to improve the next revisions of ICAO of ISO/IEC specifications for electronic identification or to consider in the security design in a domestic server-based solution.
References
References
1. ISO/IEC 7810:2019 Identification cards — Physical characteristics. (2019). International Organization for Standardization (ISO).
2. Doc 9303 Machine Readable Travel Documents. (2021). International Civil Aviation Organization (ICAO).
3. ISO/IEC 18013-5:2021 Personal identification — ISO-compliant driving licence. Part 5: Mobile driving licence (mDL) application. (2021). International Organization for Standardization (ISO).
4. Mobile Driver License. American Association of Motor Vehicle Administrators (AAMVA).
5. AAMVA’s Mobile Driver License Digital Trust Service is Now Live. (2025). AAMVA News.
6. Virginia Added to AAMVA’s Digital Trust Service. (2025). AAMVA News.
7. Directive (EU) 2025/2205 — Union standard specifications on driving licences and mutual recognition. 22 Oct., (2025). Official Journal of the European Union.
8. February 2025: acceleration for the European digital driving licence. (2025). Digital-Identity-Wallet.eu.
9. Mee-yoo, K. (2022). Korea launches mobile driver’s license trial. The Korea Times.
10. Liang, L.-H. (2025). South Korea’s ETRI sets sights on international standard for digital ID wallets. Biometric Update.
11. Mobile drivers licenses to launch in Hong Kong in 2025. (2024). Biometric Update.
12. Astrakhantsev, A., & Pedan, S. (2024). Improving user security during a call. Radioelectronic and Computer Systems, Vol. 2024, No. 2, pp. 173–185. doi:10.32620/reks.2024.2.14.
13. Akouhar, M., Abarda, A., El Fatini, M., & Ouhssini M. (2025). Enhancing credit card fraud detection: the impact of oversampling rates and ensemble methods with diverse feature selection. Radioelectronic and Computer Systems, Vol. 2025, No. 1, pp. 85–101. doi:10.32620/reks.2025.1.06.
14. Benadjila, R., Feneuil T., & Rivain, M. (2024). MQ on my Mind: Post-Quantum Signatures from the Non-Structured Multivariate Quadratic Problem. 2024 IEEE 9th European Symposium on Security and Privacy (EuroS&P), pp. 468-485, doi: 10.1109/EuroSP60621.2024.00032.
15. Tsap, V. (2022). eID Public Acceptance: Success Factors, Citizen Perception, and Impact of Electronic Identity, doctoral thesis. TALLINN UNIVERSITY OF TECHNOLOGY, 175 p.
16. Tok, Y. C., & Chattopadhyay, S. (2023). Identifying threats, cybercrime and digital forensic opportunities in Smart City Infrastructure via threat modeling. Forensic Science International: Digital Investigation, Vol. 45, 301540. doi:10.1016/j.fsidi.2023.301540.
17. Sharif, A., Ranzi, M., Carbone, R., Sciarretta, G., Marino, F. A., & Ranise, S. (2022). The eIDAS Regulation: A Survey of Technological Trends for European Electronic Identity Schemes. Applied Sciences, Vol. 12, Iss. 24, 12679. doi:10.3390/app122412679.
18. Edu, J., Hooper, M., Maple, C., & Crowcroft, J. (2023). Exploring the Risks and Challenges of National Electronic Identity (NeID) System. IET Conference Proceedings CP846, Vol. 2023, No. 14, pp. 118-123, doi:10.48550/arXiv.2310.15813.
19. Edu, J., Hooper, M., Maple, C., & Crowcroft, J. (2023). An Impact and Risk Assessment Framework for National Electronic Identity (eID) Systems. International Conference on AI and the Digital Economy, Vol. 2023, pp. 124-133, doi:10.48550/arXiv.2310.15784.
20. Pöhn, D., Grabatin, M., & Hommel, W. (2023). Modeling the Threats to Self-Sovereign Identities. Open Identity Summit 2023, pp. 85-96, doi:10.18420/OID2023_07.
21. Kingo, T., & Aranha, D. F. (2023). User-centric security analysis of MITID: The Danish passwordless Digital Identity Solution. Computers & Security, Vol. 132, 103376, doi:10.1016/j.cose.2023.103376.
22. Bærentzen, M. S., Ulstrand, C., & Andersen, B. (2023). MitID: A Security Investigation of eID Deployment in a Modern Society. ResearchGate, preprint, doi:10.13140/RG.2.2.12472.11521.
23. Nyári, N., & Kerti, A. (2024). A Risk Assessment of the Hungarian Eid Card. Scientific Bulletin, Vol. 29, Iss. 1, pp. 91–102. doi:10.2478/bsaft-2024-0010.
24. Parsovs, A. (2022). Security improvements for the Estonian ID card. Estonian Cyber Security News Aggregator.
25. Correa-Marichal, J., Caballero-Gil, P., Rosa-Remedios, C., & Sarwat-Shaker, R. (2022). Study and security analysis of the Spanish identity card. World Congress in Computer Science, Computer Engineering, and Applied Computing. Book of Abstracts CSCE 22. American Council on Science and Education, doi:arXiv.2210.04064.
26. Radutoiu, A.-T., Bassit, A., Veldhuis, R., & Busch, C. (2024). A Study on the Next Generation of Digital Travel Credentials. Christoph Busch’s website.
27. Aichinger, T. (2022). Security Target - ACOS-IDv2.1 eMRTD (A) EAC/PACE Configuration. Common Criteria for Information Technology Security Evaluation. www.commoncriteriaportal.org.
28. Koziel, P. (2023). PACE and PACE CAM: Security Issues and Protocol Extensions, doctoral dissertation. Wrocław University of sience and Technology.
29. Fischlin, M., von der Heyden, J., Margraf, M., Morgner, F., Wallner, A., & Bock, H. (2023). Post-quantum security for the Extended Access Control Protocol. Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13895)). Security Standardisation Research, pp. 22–52, Springer. doi:10.1007/978-3-031-30731-7_2.
30. Alnahawi, N., Schmitt, N., Wiesmaier, A., & Zok, C.-M. (2024). Toward Next Generation Quantum-Safe eIDs and eMRTDs: A Survey. ACM Transactions on Embedded Computing Systems, Vol. 23, No. 2, pp. 1–28. doi:10.1145/3585517.
31. Nomis, E. M., Jasim, K. S., & Al-Janabi, S. (2024). Face Morphing Attacks Detection Approaches: A Review. Mesopotamian Journal of Big Data, pp. 82–101. doi:10.58496/mjbd/2024/007.
32. Yildiz, H., Küpper, A., Thatmann, D., Göndör, S., & Herbke, P. (2022). A Tutorial on the Interoperability of Self-sovereign Identities. TechRxiv, preprint, doi: 10.36227/techrxiv.20430825.v1.
33. ISO/IEC 23220-1:2023 Cards and security devices for personal identification — Building blocks for identity management via mobile devices, Part 1: Generic system architectures of mobile eID systems. (2023). International Organization for Standardization (ISO).
34. Ackermann E., Bober K.L., Jungnickel V., & Lehmann A. (2024). SEKA: Secretless Key Exchange and Authentication in LiFi Networks. 2024 IEEE 9th European Symposium on Security and Privacy (EuroS&P), pp. 633-657, doi: 10.1109/EuroSP60621.2024.00041.
35. Mitra, S., Das, S., & Kule, M. (2020). Prevention of the man-in-the-middle attack on Diffie–Hellman Key Exchange Algorithm: A Review. Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 1255)). Proceedings of International Conference on Frontiers in Computing and Systems, pp. 625–635, Springer, doi:10.1007/978-981-15-7834-2_58.
36. Raymond, J.-F., & Stiglic, A. (2002). Security Issues in the Diffie-Hellman Key Agreement Protocol. IEEE Transactions on Information Theory, 22.
37. Stevens, M., Bursztein, E., Karpman, P., Albertini, A., & Markov, Y. (2017). The First Collision for Full SHA-1. Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10401)). Advances in Cryptology – CRYPTO 2017, pp. 570–596, Springer, doi: 10.1007/978-3-319-63688-7_19.
38. Leurent, G., & Peyrin, T. (2019). From Collisions to Chosen-Prefix Collisions Application to Full SHA-1. Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11478)). Advances in Cryptology – EUROCRYPT 2019, pp. 527–555, Springer. doi:10.1007/978-3-030-17659-4_18.
39. Kara, M., Laouid, A., AlShaikh, M., Bounceur, A., & Hammoudeh, M. (2021). Secure Key Exchange Against Man-in-the-Middle Attack: Modified Diffie-Hellman Protocol. Jurnal Ilmiah Teknik Elektro Komputer dan Informatika, Vol. 7, No. 3, pp. 380-387. doi:10.26555/jiteki.v7i3.22210.
40. Rawat A. S., & Deshmukh M. (2019). Efficient Extended Diffie-Hellman Key Exchange Protocol. 2019 International Conference on Computing, Power and Communication Technologies (GUCON).
41. Aryan, Kumar, C., & Durai Raj Vincent, P. M. (2017). Enhanced Diffie-Hellman algorithm for reliable key exchange. IOP Conference Series: Materials Science and Engineering, 263, 042015. doi:10.1088/1757-899x/263/4/042015.
42. Pal, O., Alam, B. (2017). Diffie-Hellman key exchange protocol with entities authentication. International Journal Of Engineering And Computer Science, Vol. 6, Iss. 4, pp. 20831-20839. doi:10.18535/ijecs/v6i4.06.
43. Taparia, A., Panigrahy, S. K., & Jena, S. K. (2017). Secure Key Exchange using enhanced Diffie-Hellman protocol based on string comparison. 2017 Interna-tional Conference on Wireless Communications, Signal Processing and Networking (WiSPNET), pp. 722–726. doi:10.1109/wispnet.2017.8299856.
Downloads
Published
Issue
Section
License
Copyright (c) 2025 А. В. Леляк , А. А. Астраханцев
This work is licensed under a Creative Commons Attribution 4.0 International License.
Authors who publish with this journal agree to the following terms:
- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).
