Design and Evaluation of a Proof-of-Concept for an Electronic Personnel Security Clearance (e-PSP) on the Swiss e-ID Infrastructure
4.4 MB
avoin
Julkaisu on tekijänoikeussäännösten alainen. Teosta voi lukea ja tulostaa henkilökohtaista käyttöä varten. Käyttö kaupallisiin tarkoituksiin on kielletty.
Pysyvä osoite
Verkkojulkaisu
DOI
Tiivistelmä
Personnel Security Clearances (PSPs) are high-trust credentials vital to Swiss national security. Despite the comprehensive background checks and regulations they are based on, their real-life verification process is often lacking or vulnerable. Current practices partially rely on ad-hoc information exchange, the manual checks of physical notification letters, or in extreme cases, simply asking subjects about their clearance status. The emergence of SWIYU, the Swiss national trust infrastructure, presents a timely opportunity to modernize this imperfect system by transitioning to verifiable digital credentials (e-PSPs) built upon hybrid Self-Sovereign Identity (SSI) principles.
Using a design-science methodology, this thesis designs, implements, and evaluates a complete proof-of-concept (PoC) for such a solution. To enforce data minimization in verifiable credentials, the research introduces a reusable three-layer model isolating identity, authorization, and lifecycle attributes, which guides the design of e-PSPs. Furthermore, recognizing that the ultimate security of SWIYU-based systems hinges on the application layer of the verifier to a much greater extent than one might assume, this component of the PoC is presented as a security-hardened reference implementation. This Backend-for-Frontend (BFF) architecture advocates for strict server-side enforcement policies, a formally defined state machine, and session isolation mechanisms.
The evaluation of the completed artifact and the analysis of the trust infrastructure validate that SWIYU’s hybrid approach between SSI-inspired decentralization and centralized, government-backed trust guarantees can serve as a solid technical foundation for high-trust credentials. The developed prototype can execute full credential lifecycles, covering issuance, revocation, and verification. The development and testing of the PoC also served as an active battle-test for SWIYU’s public beta, not only by generating actionable bug reports but by also being the first project to try multiple security-critical features in production.
In spite of the above, a broader socio-technical assessment reveals that Switzerland is not immediately ready for the universal adoption of SWIYU-based e-PSPs. Resolving open legal and operational questions, clarifying organizational responsibilities, and lowering public skepticism towards the technology are important prerequisites. Nevertheless, these current blockers do not invalidate the general idea. This research provides the analytical and engineering foundations required once Switzerland is ready to transfer its high-security credentials to a new era.