SIMple ID: QR Codes for Authentication Using Basic Mobile Phones in Developing Countries

Abstract

Modern foundational electronic IDentity (eID) systems commonly rely on biometric authentication so as to reduce both their deployment costs and the need for cryptographically capable end-user devices (e.g., smartcards, smartphones). However, this exposes the users to significant security and privacy risks. We introduce SIMple ID which uses existing infrastructure, Subscriber Identity Module (SIM) cards and basic feature phones, to realise modern authentication protocols without the use of biometrics. Towards this goal, we extend the international standard for displaying images stored in SIM cards and show how this can be used to generate QR codes on even basic no-frills devices. Then, we introduce a suite of lightweight eID authentication protocols designed for on-SIM execution. Finally, we discuss SIMple ID’s security, benchmark its performance and explain how it can enhance the security and privacy offered by widespread foundational eID platforms such as India’s Aadhaar.