Improved security in MitID

Two years ago, bachelor student Thomas Kingo started a project aiming to analyze the security of the Danish electronic identification (eID) solution MitID. Thomas, and his supervisor Diego Aranha, identified several potential security threats and presented their findings to the team behind MitID.

Bachelor student Thomas Kingo and supervisor Diego Aranha.

The project and their findings are described in this article. Subsequently, MitID has been updated several times - the latest update being in June 2023. 

We have asked Thomas and Diego about their thoughts on the current security of MitID. They believe the latest update will finally solve the issues they identified back in December 2021. 

Thomas said: "We have been eagerly waiting for a proper solution to both Denial of Service and Social Engineering, as we found both of these attacks to be feasible in the solution back in December 2021."

Diego added: "In particular, the QR codes introduced to verify that the user has both issued an authentication request and verified it is a great improvement for the security. This is also something we suggested implementing back in December 2021". 

If you are interested in getting to know more about the project and the two researchers' findings, you can read more about it in this article recently published in 'Computers & Security' ➡ https://doi.org/10.1016/j.cose.2023.103376