Technical Documentation

How It Works

A deep dive into the cryptographic protocols that make serverless identity verification possible.

Section 1

Overview

It's Me is a serverless identity verification system designed to combat deepfake impersonation attacks. The core insight is that while AI can perfectly replicate someone's voice and face, it cannot replicate a cryptographic secret that was exchanged in person.

The system works by establishing a shared secret between two people when they meet face-to-face. This secret is then used to generate synchronized, time-based verification codes that both parties can compare over any communication channel.

🛡️ Key Properties

Serverless: No backend infrastructure required. All cryptography happens on-device.
Offline: Verification works without internet connectivity.
Per-contact: Each relationship has unique encryption keys.
Time-based: Codes rotate every 30 seconds, preventing replay attacks.

Section 2

Threat Model

It's Me is designed to protect against impersonation attacks where an adversary attempts to convince you they are someone you know and trust.

Attacks We Defend Against

  • Voice cloning: AI-generated audio that perfectly mimics a known person's voice
  • Video deepfakes: Real-time or pre-recorded video impersonation
  • Caller ID spoofing: Falsified phone numbers or identities
  • Account compromise: Attackers using stolen accounts to message as someone else
  • Social engineering: Urgent requests exploiting trust relationships
⚠️ Important Limitation

This system cannot verify identity if the initial exchange was compromised (e.g., you added an impersonator thinking they were someone else). The security model assumes trust at the point of in-person contact establishment.

Section 3

Key Exchange Protocol

When two users want to become contacts, they perform an in-person key exchange using QR codes. This establishes a unique shared secret between them.

QR Code Contents

// Each QR code contains: { "version": 1, "name": "Alice", "fingerprint": "A1B2C3D4", "publicKey": "base64-encoded-ephemeral-key" }

Exchange Flow

Key Exchange Process
Alice
Shows QR
Bob
Scans QR
Bob
Shows QR
Alice
Scans QR
Both
Shared Secret

Shared Secret Derivation

// ECDH key agreement let sharedSecret = try myPrivateKey.sharedSecretFromKeyAgreement( with: theirPublicKey ) // Derive verification seed using HKDF let verificationSeed = sharedSecret.hkdfDerivedSymmetricKey( using: SHA256.self, salt: sortedFingerprints, info: "itsme-verification-seed-v1", outputByteCount: 32 )
Section 4

Code Generation

Verification codes are generated using a time-based one-time password (TOTP) scheme with custom formatting for easy verbal communication.

Code Generation Flow
Seed
32 bytes
HKDF
+ time window
HMAC
+ fingerprint
Code
ECHO 512

NATO Phonetic Alphabet

Words are chosen from the NATO phonetic alphabet for clarity over voice channels:

ALFA, BRAVO, CHARLIE, DELTA, ECHO, FOXTROT, GOLF, HOTEL, INDIA, JULIET, KILO, LIMA, MIKE, NOVEMBER, OSCAR, PAPA, QUEBEC, ROMEO, SIERRA, TANGO, UNIFORM, VICTOR, WHISKEY, XRAY, YANKEE, ZULU

Section 5

Security Analysis

Why Deepfakes Can't Bypass This

An attacker using AI to impersonate someone faces an impossible challenge: they need to know the verification code, but the code is derived from a secret they don't have access to.

Attack Result
Attacker clones voice and asks for code ❌ Attacker can't provide matching code back
Attacker intercepts network traffic ❌ No codes transmitted; derived locally
Attacker records and replays old codes ❌ Codes expire after 30 seconds
Attacker compromises server ❌ No server exists
Attacker steals victim's phone ⚠️ Requires Face ID to access app
Section 6

Algorithms & Standards

Component Algorithm Standard
Identity Key Pair Curve25519 RFC 7748
Key Agreement ECDH (X25519) RFC 7748
Key Derivation HKDF-SHA256 RFC 5869
Code Generation HMAC-SHA256 RFC 2104
Key Storage iOS Keychain Apple Security Framework
Biometric Auth Face ID / Touch ID LocalAuthentication
Export Encryption AES-256-GCM NIST SP 800-38D
💻 Open Design

The protocol is intentionally simple and uses well-established cryptographic primitives. Security comes from the mathematical properties of these algorithms, not from obscurity.

Section 7

Device Transfer

When switching to a new phone, your cryptographic identity needs to be transferred securely. Your contacts will sync automatically, but the identity (stored in the secure iOS Keychain) requires explicit export.

Why Transfer is Needed

Your identity is stored with kSecAttrAccessibleWhenUnlockedThisDeviceOnly, which means it's bound to your physical device and won't transfer via iCloud backup. This is a security feature — but it means you need to explicitly export when switching phones.

Export Process (Old Phone)

  1. Go to Settings → Export Identity
  2. Create a PIN (4+ digits) to protect the export
  3. A QR code is generated containing your encrypted identity

Import Process (New Phone)

  1. Install It's Me on your new phone
  2. The app detects your synced contacts and prompts for import
  3. Scan the QR code from your old phone
  4. Enter your PIN to decrypt and restore your identity
Device Transfer Flow
Old Phone
Export + PIN
QR Code
AES-GCM
New Phone
Scan + PIN
Result
Identity Restored

Export Security

The export QR code contains your identity encrypted with AES-GCM. The encryption key is derived from your PIN using SHA-256 with a fixed salt. Without the correct PIN, the data cannot be decrypted.

// Key derivation for export let keyMaterial = pinData + "itsme-export-v1" let encryptionKey = SHA256(keyMaterial) // Encrypt identity with AES-GCM let encrypted = AES.GCM.seal(identityJSON, using: encryptionKey) let qrData = encrypted.base64Encoded()
⚠️ Don't Lose Your PIN

If you forget your export PIN, you'll need to create a new identity and re-add all contacts in person. There's no recovery mechanism by design.