Improve mobile driving license data transfer security via Ble/Wi-Fi aware with UWB ranging

Abstract

A Mobile Driving License (mDL) solution, according to ISO 18013-5, is a digital representation of the information contained in a physical driver’s license, including personal details, driving privileges, and vehicle class. The mDL solution is spreading rapidly worldwide, and countries are adopting this standard. The ISO 18013-5 specification covers most of the security concerns like protection against forgery, protection against cloning, protection against eavesdropping, and protection against unauthorized access. However, some gaps in a security model are present, which are related to device location. Both mDL reader and holder can be sure that an opponent device is placed right near them only while transferring documents via NFC because of the usage range of the NFC technology and the necessity of a physical tap. Data transfer using BLE and Wi-Fi Aware is more convenient for users in most cases as it doesn’t require the physical closeness of two devices, and connection stability is much higher as it doesn’t depend on a device placement by the user. On the other hand, data transfer using BLE or Wi-Fi Aware cannot guarantee that an opponent’s device placement is in sight. This creates a possibility of performing a data transfer to a malicious opponent device located out of sight. Several solutions can address the reader/holder relative location issue for BLE and Wi-Fi Aware data transfer. Still, most don’t cover all use cases or have significant drawbacks. Such solutions include biometric verification, visual session identifiers, and NFC authentication. To resolve the relative location issue for other use cases, this paper proposes UWB usage in fusion with BLE or Wi-Fi Aware to ensure that reader and holder devices are located in the expected place for use cases that don’t involve NFC communication. The NFC communication can be avoided intentionally to increase data transfer stability or unintentionally as some holder devices can have no NFC technology support. Additionally, this paper proposes integrating the UWB messaging with the mDL session encryption to defend from MITM attacks and provide additional protection even for service messaging.