Hash-based Encryption Algorithm to Protect Biometric Data in e-passport

Transcription

1 Hash-based Encryption Algorithm to Protect Biometric Data in e-passport 1 SungsooKim, 2 Hanna You, 3 Jungho Kang, 4 Moonseog Jun 1, First Author Soongsil University, Republic of Korea, indielazy@ssu.ac.kr 2, Second Author Soongsil University, Republic of Korea, belover7@naver.com 3, Third Author Soongsil University, Republic of Korea, kjh7548@naver.com *4, Corresponding Author Soongsil University, Republic of Korea, mjun@ssu.ac.kr Abstract The electronic passport, also known as e-passport, includes an embedded integrated circuit (IC) chip to digitally and biometrically identify its holder. It allows immigration officials to verify the exact identity of travelers, thereby increasing the reliability of the authentication. However, the information stored in the IC chip is vulnerable to eavesdropping via wireless communication, resulting in leakage of personal information, as well as duplication, falsification, and forgery of the electronic passport. This paper proposes the consolidation of biometric data fields into a single data field to protect sensitive personal information and a biometric data protection algorithm, which protects the passport against loss and malicious eavesdropping attacks. The proposed algorithm creates an encrypted image by using a hash function to rearrange the biometric information, such as face, fingerprint, and iris images, and it then measures and evaluates the accuracy of the decrypted image. 1. Introduction Keywords: e-passport, Biometric Data, Image Encryption Traditional passports were very vulnerable to falsification and forgery, and immigration officials were not able to easily detect falsified or forged passports. The electronic passport improved the reliability and efficiency of checking the identity of passport holders by focusing on speedy passport reading and automating the immigration process. Electronic passports store personal and biometric information of the holder in the embedded integrated (IC) chip; however, problems such as falsification and forgery of electronic passports and duplication of IC chips have occurred [8]. The IC chip of an electronic passport consists of logical data structures that store personal information and passport information. This paper proposes the consolidation of several data groups that store sensitive biometric information into a single data group and a biometric data protection algorithm, which encrypts all biometric information into a single encrypted image. 2. E-Passport An electronic passport is a standard document established by the International Civil Aviation Organization (ICAO) and the International Organization for Standardization (ISO) for international travelers. The ISO/IEC standard and Document 9303 of the ISO/IEC JTC1 SC 17 standard defines a passport with an embedded IC chip, which stores personal and biometric information, such as images of the holder s face, fingerprints, and iris. The keys needed to authenticate the e-passport are electronically listed in [5]. The information listed in IC chip consists of data groups in logical data structures (LDS) [10]. Table 1. ISO/IEC international standard Feature ISO/IEC Type Type A / Type B Frequency 13.56MHz Distance < 10cm Crypto Algorithm DES/3DES, RSA, AES, ECC, MIFARE Transfer Speed > 106kbps Authentication Method Challenge / Response Read/Write Possible Anti-Collision Possible International Journal of Advancements in Computing Technology(IJACT) Volume5, Number13, September

2 Table 1 shows the international standard for contactless IC chips used in e-passport and Table 2 shows the LDS and the DG fields, which store the information in the e-passport. Detail(s) Recorded in MRZ Encoded Identification Feature(s) Displayed Identification Feature(s) Encoded Security Feature(s) Table 2. Logical data structure of e-passport Document Type Issuing State or Organization Name (of Holder) Document Number Check Digit Doc Number Nationality DG1 Date of Birth Check Digit DOB Sex Date of Expiry or Valid Until Date Check Digit DOE/VUD Optional Data Check Digit Optional Data Field Composite Check Digit Global Interchange Feature DG2 Encoded Face Additional Feature(s) DG3 Encoded Fingerprint(s) DG4 Encoded Eye(s) DG5 Displayed Portrait DG6 Reserved for Future Use DG7 Displayed Signature or Usual Mark DG8 Data Feature(s) DG9 Structure Feature(s) DG10 Substance Feature(s) DG11 Additional Personal Detail(s) DG12 Additional Document Detail(s) DG13 Optional Detail(s) DG14 Reserved for Future Use DG15 Active Authentication Public Key Info DG16 Person(s) to Notify 2.1. Security goals of e-passport Identification The e-passport and its reading system must verify the identity of the passport holder Data authentication The contents of the e-passport s IC chip must be compared with the information in the machinereadable zone (MRZ) and the images on the passport Integrity If the protocol for e-passport is implemented, data integrity must be confirmed by verifying the electronic signature. The reading system must check that the information stored has not been altered by validating the electronic signature in the document security object (SOD) and by comparing the check sums of the data in the LDS of the IC chip Mutual authentication The reading system and the e-passport need to authenticate each other. The e-passport must validate the reading system before providing the personal information and biometric data, and the reading system must validate the authenticity of the e-passport. 475

3 Data confidentiality The confidentiality of data must be guaranteed in communications between the e-passport and the reading system. Unauthorized reading systems must not gain access to the LDS and the security key of the e-passport, and the session key between the e-passport and the reading system must be kept confidential Data authentication The e-passport and the reading system must authenticate the messages received during communications Privacy The identity of the e-passport holder must be acquired through an authorized reading system after all e-passport protocols are completed [2] Security session key The e-passport and the reading system must exchange a session key to provide security for communications Non-repudiation The identity of the holder could be checked, and the digital information in the e-passport could be traced for non-repudiation of immigration in the future Key freshness and integrity If a session is established between the e-passport and the reading system, the freshness and integrity of the session key must be ensured. The e-passport session must be closed if a discarded session key is used [11] Certificate manipulation The reading system must verify the validity of the e-passport and detect any modification to the e- Passport certificate Security technology of e-passport E-Passport provides four security technologies to protect the IC chip, including basic access control, active authentication, passive authentication, and extended access control [1][6] Basic access control Basic access control (BAC) is a technology that forms a safe communication channel to prevent skimming attacks and eavesdropping of information transmitted between reading systems [13]. BAC is an essential requirement for ICAO. It uses the information listed in the MRZ of the physical booklet of the e-passport as an access key Active authentication Active authentication (AA) is performed between the reading system and the IC chip by using the challenge-response method with an active authentication private key and active authentication public key, which are stored in the IC chip. A clone of an e-passport IC chip can be detected by transmitting 476

4 an AA public key stored in DG15 to the reading system, which digitally signs a random number delivered to the IC chip using the AA personal key of the IC chip Passive authentication Passive authentication (PA) stores the SOD, which includes the hash values for all data groups in the LDS of the e-passport. The SOD compares the digital signature with the personal key of the issuing authority to discover any falsification of LDS information [4] Extended access control Extended access control (EAC) protects the biometric information stored in the IC chip of the e- Passport [3]. It controls the access to the biometric information stored in the IC chip and also implements BAC. EAC can be implemented only in a reading system that holds a document verifier certificate (DVC) of the country that issued the e-passport [7]. 3. Security vulnerability of e-passport 3.1. Security threats to e-passport Skimming A skimming attack obtains the information from the e-passport through an unauthorized reader, which the passport holder assumes to be legitimate Eavesdropping An eavesdropping attack intercepts the information remotely while the user accesses an authorized reader Identity theft If the identification information in the IC chip is not encrypted, the personal information in the e- Passport could be stolen and used to impersonate the passport holder Cloning The IC could be cloned with the same information, and the e-passport could be duplicated Biometric data leakage The E-Passport stores personal information, such as images of the face, fingerprints, and the iris. Biometric information does not need to be encrypted in an environment where security is controlled physically; however, it could be easily leaked in an automated immigration system Vulnerability of security technology of e-passport BAC security vulnerability BAC implements a 3-DES encryption communication between the e-passport and the reading system, and the session key uses the MRZ information. ICAO recommends the security to be strengthened by creating a session key that is more than 56 bits. However, in practice, an e-passport uses less than 56 bits, because the serial number of an e-passport is a simple increase of issue numbers, the date of birth of the holder could be predicted, and the validity period is 10 years. Therefore, the actual security strength of e-passport is effectively only 35 bits. In addition, the problems of BAC 477

5 became prominent during a brute-force attack test, which was implemented to obtain the information in the e-passport [12] AA security vulnerability The AA public key preserves the integrity of the SOD, and the AA personal key is used to store the information in the secured memory area of the IC chip. The reading system creates 64-bit random numbers and transmits them to the e-passport, and then the e-passport uses the AA personal key to create the electronic signature, which it sends back to the reading system. However, the AA personal key could be illegally obtained when the AA personal key is retrieved from the memory of the e- Passport or when a key-conflict attack is launched. An attack that bypasses AA protocol has also been reported. Because the file that shows the properties of the e-passport is not included in the SOD, the property specifiers could be changed. If the verification procedure does not implement the AA protocol, the reader must delete the specifiers for potential properties of the AA protocol PA security vulnerability PA could verify data falsification in an e-passport, but it could not determine if the e-passport was duplicated. Therefore, ICAO recommends physical verification with the e-passport booklet; however, falsification is still possible, because an increasing number of countries are automating their immigration systems. Another problem with PA is the distribution of the public key. Each country issues a certificate that is used to verify the e-passport through PA, and this certificate is exchanged between the countries using a separate method or disclosed through PKD (Public Key Directory). If the certificate of the country is leaked because of the low level of security used, the e-passport could be falsified by using the information in the stolen certificate EAC security vulnerability With EAC, the SOD file could be obtained from the reader after BAC is performed. Information contained in the hash value of the fingerprints, which is stored in the SOD file, could be extracted through brute force Vulnerability in recognizing biometric information in e-passport Biometric information, such as the face image, fingerprints, and iris information, are stored in the e- Passport and used to verify the holder s identity in the immigration process. However, current biometric recognition technology is not able to reliably analyze damaged fingerprints. Fingerprint and face recognition have limited capabilities because of their FAR (False Acceptance Rate) and FRR (False Reject Rate). In particular, the face recognition rate is significantly low compared to that of other biometric information. If a low-quality image is used, FAR or FRR increases. The registered biometric information must be stored in order to issue the e-passport; however, the stored biometric information could differ from reality after some time. The existing encryption technology cannot provide security to the biometric information itself. Unmanned immigration systems were introduced to improve the immigration processing speed and to increase the convenience to e-passport holders; however, unmanned immigration systems must perform strict verification of biometric information. If the e-passport stores fingerprint information, the holder could pass through immigration easily if he/she has matching fingerprints. Thus, a security process is required to validate the authenticity of the biometric information in the e-passport [9]. 4. Biometric data protection technology ICAO reinforces the security by providing BAC and EAC technologies for e-passport; however, BAC, which is used for face recognition in the reading system, has low cryptographic complexity. EAC, which is used for fingerprint processing, must perform key management between the system of the issuing country and the immigration system. The security technology that processes iris information is not yet available. 478

6 In the proposed system, all data groups, including the face image, fingerprints, and iris information, are stored in a single biometric data group field, and an algorithm encrypts all biometric information into a single image Consolidation of biometric data The proposed LDS stores all biometric information in the integrated data group field DG BIO. Information stored in this data group field will be encrypted into a single image file. Detail(s) Recorded in MRZ Encoded Identification Feature(s) Displayed Identification Feature(s) Encoded Security Feature(s) Table 3. Proposed 'DG BIO' data group field Document Type Issuing State or Organization Name (of Holder) Document Number Check Digit Doc Number Nationality DG1 Date of Birth Check Digit DOB Sex Date of Expiry or Valid Until Date Check Digit DOE/VUD Optional Data Check Digit Optional Data Field Composite Check Digit Encoded Face Global Interchange Feature DG BIO Encoded Fingerprint(s) Encoded Eye(s) DG5 Displayed Portrait DG6 Reserved for Future Use DG7 Displayed Signature or Usual Mark DG8 Data Feature(s) DG9 Structure Feature(s) DG10 Substance Feature(s) DG11 Additional Personal Detail(s) DG12 Additional Document Detail(s) DG13 Optional Detail(s) DG14 Reserved for Future Use DG15 Active Authentication Public Key Info DG16 Person(s) to Notify 4.2 Biometric data encryption algorithm The proposed algorithm encrypts all biometric information stored in DG BIO into a single image by rearranging the information based on a hash function using information in the MRZ. Figure 1 shows the block diagram of the proposed biometric information image encryption algorithm. The MRZ information is used as the key for the encryption algorithm Integration of pixels of biometric information The face image, fingerprints, and iris information are combined into a single integrated image by the proposed encryption algorithm. All three images are segmented before the encryption. The total number of pixels of a single encryption image is defined as the EP value by measuring all biometric information and is calculated in order to determine the number of horizontal pixels (M E) and the number of vertical pixel (N E). 479

7 Figure 1. Structure of proposed biometric data encryption algorithm Figure 2. Conceptual scheme of segments to encrypt Face Image (FI) = Horizontal Pixels (M 1) Vertical Pixels (N 1) (1) Fingerprint (FP) = Horizontal Pixels (M 2) Vertical Pixels (N 2) (2) Iris (IR) = Horizontal Pixels (M 3) Vertical Pixels (N 3) (3) FI+FP+IR = M E N E = Number of Pixels Required for Encryption (EP) (4) Creation of key length The key length is needed for encryption and depends on the total number of pixels in the image to be encrypted. Total key length (TL) is obtained as follows, where the number of pixels in the horizontal axis is M E, the number of pixels in the vertical axis is N E, and the key length required for a 1 1-pixel segment is L: ME NE L = Total Key Length (TL) Needed for Encryption Image (5) 480

8 Table 4 shows the pseudocode that determines the key length (TL) required to encrypt a 1 1-pixel segment of an image. Table 4. Pseudocode to determine the key length (TL) if (Image_Width or Image_Height) < (16 pixel) then TL = pixel_length = 1 * 2(x, y) else if (Image_Width or Image_Height) < (256 pixel) then pixel_length = 2 * 2(x, y) else if (Image_Width or Image_Height) < (4096 pixel) then pixel_length = 3 * 2(x, y) else if (Image_Width or Image_Height) >= (4096 pixel) then pixel_length = 4 * 2(x, y) The pseudocode in Table 4 uses the information from the MRZ of the e-passport, and it obtains the key length using the one-way SHA-512 function. Figure 3. Key length creation algorithm The required key length (TL 16) is determined by calculating the first hash value ( H 1 ) of the information in the MRZ of the e-passport using the SHA-512 function arithmetic and repeating SHA- 512 arithmetic Hash-based biometric image encryption algorithm The algorithm encrypts all biometric information into a single image using the generated key length (TL). It rearranges all biometric information to be encrypted as 1 1-pixel segments, and it determines the arrangement position coordinates (x, y) based on the total number of pixels of images to be encrypted using key length (TL). Figure 4 shows the process of rearranging the images to be encrypted. The target coordinates are determined based on the TL value. First, the encryption algorithm moves the segment from position FI(0,0) of the face image to the target coordinates of the TL value 4D14 (4D 16, 14 16), the segment from position FP(0,0) of the fingerprint image to the target coordinates of C2D4 (C2 16, D4 16), and the segment from position IR(0,0) of the iris image to the target coordinates of EA12 (EA 16, 12 16). Each original biometric information image is rearranged one segment at a time by cycling through the face image, fingerprints, and iris information, row by row. That is, the second segment from the face image is moved from position FI(1,0) to the target coordinates of the TL value 92C5 (92 16, C5 16), the segment from position FP(1,0) of the fingerprint image is moved to the target coordinates of 7B15 (7B 16, 15 16), and the segment from position IR(1,0) of the iris image is moved to the target coordinates of D6B2 (D6 16, B2 16). A new single encryption image is created after rearranging all segments (M FI- >FP->IR, N FI->FP->IR3) of each original biometric image. 481

9 Figure 4. Rearrangement of the encryption algorithm key length creation algorithm Storage of integrated data group All biometric information is encrypted into a single image using the proposed algorithm and stored in the DG BIO field of the IC chip; however, the information for the algorithm, which creates the key length and rearranges the images, is not stored. 5. Performance evaluation The accuracy of the proposed algorithm was measured by performing basic encryption and decryption process and encryption by pixel size and by comparing the times for decryption and of the color value (histogram) differences between the decrypted biometric information and the original biometric information Performance evaluation of encryption algorithm The information in the MRZ of the e-passport is used as the key for the encryption algorithm. The decryption process is performed using the same MRZ information. If the MRZ information is not used correctly, the biometric information cannot be decrypted properly Evaluation of encryption and decryption time based on segment size We measured the time required for encryption according to the size of the rearranged segments. The 1 1-pixel segment had longer encryption and decryption times than the 8 8-pixel segment; however, it appeared to have higher security strength for biometric information. 482

10 Figure 5. Ordinary encryption and decryption process Figure 6. Key value error in the decryption Table 4. Encryption time depending on segment size Segment Size Encryption Decryption ms 462ms ms 397ms ms 380ms ms 365ms ms 332ms ms 269ms ms 201ms 5.3. Comparison with original biometric information The decrypted biometric information must have the same RGB values as those of the original biometric information, i.e., neither encryption nor decryption of the images would cause any loss or corruption of RGB values. 483

11 Figure 7. Comparison analysis of RGB values We performed a histogram analysis of all original and decrypted biometric information images, and the histograms of the decrypted images showed the same RGB values as those of the original images indicating no loss or corruption of RGB values during encryption or decryption. 6. Conclusion Because an e-passport is accepted internationally, standard definitions and security technologies are actively studied and implemented. In addition, security technologies, such as RFID, PKI, biometric 484

12 recognition, and encryption, are used to prevent the duplication, falsification, and forgery of the e- Passport. The biometric information stored in e-passport is considered as sensitive personal information and therefore, must be protected from unauthorized access. The most severe damage is expected when the biometric information is duplicated but the existing e-passport standards cannot discern such duplication. In addition, because biometric information is stored in the e-passport without being encrypted, the e-passport is vulnerable to loss or attacks. Thus, the sensitive biometric information of the holder in IC chip of e-passport must be protected by encryption. This paper proposes a hash-based image encryption algorithm that prevents the falsification or duplication of biometric information stored in the e-passport. The algorithm rearranges the biometric information using the known MRZ information as the key value, but it does not store information about the encryption method in the IC chip. Because this algorithm encrypts unique biometric information, details about the encryption method must not be disclosed. In the future, if ICAO requires that the information about encryption by country be stored in the IC and made available to the immigration system, a decryption system would be needed to check the identity automatically through immediate transmission. The EAC security technologies of e-passport must be standardized, and the algorithm discussed in this paper is proposed to be adopted as the security technology used to protect biometric information in e-passports. 7. References [1] Marci Meingast, Jennifer King and Deirdre K.Mulligan, Security and Privacy Risks of Embedded RFID in Everyday Things: the e-passport and Beyond, JCM, vol.2, no.7, pp.36-48, [2] Serge Vaudenay, E-Passport Threats, IEEE Security & Privacy, vol.5, no.6, pp.61-64, [3] BSI, "Advanced Security Mechanisms for Machine Readable Travel Documents Extended Access Control(EAC)", TR-03110, Version 1.1, [4] Gaurav S., Kc and Paul A., Karger., Security and privacy issues in machine readable travel documents (MRTDs), IBM Technical Report (RC23575), IBM T. J., Watson Research Labs, [5] ICAO, Development of a Logical Data Structure-LDS for Optional Capacity Expansion Technologies, Revision 1.7, 2004 [6] ICAO, PKI for Machine Readable Travel Documents offering ICC Read-Only Access, Version 1.1, [7] NIST, "Recommendation for Key Management. Technical Report Special Publication Draft", [8] Ari Juels, David Molnar, and David Wagner, Security and Privacy Issues in E-passports, Security and Privacy for Emerging Areas in Communications Networks, pp.74-88, Mar [9] B.A.M. Schouten and B. Jacobs, Biometrics and their use in e-passports, Proceedings of Image Vision Computing, pp , [10] D. Lekkas and D. Gritzalis, e-passports as a means towards the first world-wide Public Key Infrastructure, In Proceedings of EuroPKI, pp.34-48, [11] T. Chothia and V. Smirnov, A Traceability Attack against e-passports, In Proceedings of Financial Cryptography, pp.20-34, [12] V. Pasupathinathan, J. Pieprzyk, and H. Wang, An On-Line Secure E-Passport Protocol, in Proceedings of ISPEC, pp.14-28, [13] Y. Liu, T. Kasper, K. Lemke-Rust, and C. Paar, E-Passport: Cracking Basic Access Control Keys, Proceedings of OTM Conferences, pp ,