2 Electronic Passports and Identity Cards

Transcription

1

2 2

3

4 Picture source: Paper based Passport Radio Frequency (RF) Chip Electronic Passport (E Pass) Biographic data Human readable Partially machine readable (optically) Conventional (visual) security features Biographic and biometric data Machine readable via RF interface Cryptographic security features Objectives Uniform interoperable security standard for machine readable travel documents (MRTDs) Improved security against forgery, cloning and manipulation of MRTDs Binding MRTDs to their holders (via biometrics) 4

5 Printed Data Machine readable zone See below Owner related data First and last name Birth date Gender Nationality Birth name Academic title Birth and living place Body height and eye color Biometric facial photo Owner s signature Passport related data Pass Type Country code Expiry date Serial number Issuing date Issuing authority Machine Readable Zone (MRZ) (optically readable) Electronically Stored Data All printed data Biometric data Biometric facial photo Fingerprints of both forefingers (alternatively of thumbs, middle finger or ring finger) Cryptographic keys and certificates Symmetric encryption key Symmetric authentication key (MAC) Signature key pair Certificate of the document signer (DS Certificate) Certificate of the Country Signing Certification Authority (CSCA Certificate) Pass Type Country Last name First name P<D<<MUSTERMANN<<ERIKA<<<<<<< D<< F < 5 Serial number Checksum Nationality Birth date Gender Checksum Expiry date Checksum

6 ? Passport holder epass Verifier Passport scanner ()?? 1. Manual verification of visual security features 2. Automatic verification of electronic security features and reading out of stored data 3. Manual comparison of printed and stored data 4. Automatic verification of stored and recorded biometric photo Videocamera Fingerprintreader Blacklist database? 5. Automatic comparison of stored and scanned fingerprints 6. Automatic comparison with blacklist database 6

7 Passive Authentication Digital signature of the passport manufacturer over the electronically stored data Protection against forgery and manipulation of the electronically stored data No protection against copying/cloning of the chip (signed data can be copied to another chip) Active Authentication Challenge response protocol to authenticate the chip to the terminal Protection against copying/cloning of the chip Assumption: Authentication key securely stored in the chip Access Control Protection of the electronically stored data against unauthorized access Basic Access Control (BAC) protocol for access control to less sensitive data (e.g., facial photo) Extended Access Control (EAC) protocol for access control to sensitive data (e.g., fingerprint) 7

8 Basic Access Control (BAC) Mutual authentication of passport and terminal (based on knowledge of MRZ) Authenticated key establishment between passport and terminal Extended Access Control (EAC) Strong mutual authentication of passport and terminal (based on digital certificates) Authenticated key establishment between passport and terminal Assumption: Knowledge of MRZ requires optically reading out the passport (i.e., physical access to passport) Based on symmetric cryptography Encryption Message Authentication Code (MAC) Assumption: Public key infrastructure for terminals exists Based on public key cryptography Digital certificates Diffie Hellman key exchange Digital signatures Mandatory for all electronic passports Up to now not mandatory on international level 8

9 Passport manufacturer (Document Signer, DS) e.g., Bundesdruckerei DS certifies CSCA Country Signing Certification Authority (CSCA) e.g., Bundesamt für Sicherheit in der IT certifies Stored in the passport: MRTD DS CSCA MRTD Data and keys electronically stored in the passport Authentically distributed to all terminals: (e.g., by electronic data transmission or by diplomatic mail) CSCA 9

10 Access rights of DV DV Document Verifier (DV) e.g., border control certifies CVCA Country Verifying Certification Authority (CVCA) e.g., an authority (can be identical to the CSCA) certifies To read foreign passports, DV must obtain a DV certificate from the CVCA of the corresponding country. Access rights of terminals Stored in the passport: (can be updated after deployment) CVCA e.g., passport reader 10

11 epass MRZ Optical read out of the MRZ (requires interaction of passport holder) MRZ data is used in key establishment protocol CSCA Encryption key Message authentication (MAC) key Authenticated key establishment e.g., using Basic Access Control (BAC) or Extended Access Control (EAC) Stored in the passport Establishment of a confidential and authentic channel MRTD DS Verification of the signature of the Document Signer (DS) on the passport data using the certificate of the Country Signing Certification Authority (CSCA) 11

12 epass MRZ 1. Optical read out of the MRZ 3. Read keys from secure storage of passport 2. Derive encryption and authentication key from MRZ Mutual authentication and key establishment Derive one time keys from long term keys 12

13 epass MRZ 1. Optical read out of MRZ? 2b. Read cryptographic keys from secure memory 3b. Create random nonce and partial session key 6. Verification of MAC 7. Decryption 2a. Derive encryption and signature key from MRZ 3a. Create random nonce and partial session key 4. Symmetric encryption 5. Message authentication (MAC)? 8. Verification of N p 9. Symmetric encryption 10. MAC 11. Verification of MAC 12. Decryption 13. Verification of N T 14. Create mutual session keys from K P, K T, N P and N T to encrypt and authenticate the passport data 13

14 epass Two protocol phases Authentication (TA) Strong authentication of the terminal to the passport Chip Authentication (CA) Strong authentication of the passport to the terminal Authenticated session key establishment 14

15 epass CVCA Access rights of terminal DV MRZ 1b. Read CVCA Zertifikats from passport memory 3. Verify certificate and extract public terminal authentication key 1a. Read certificates and secret authentication key from secure memory of terminal 2. Optical read out of MRZ 4. Create ephemeral DH key pair for Chip Authentiation (CA) protocol Access rights of terminal DV Hash Hash 6. Create random nonce 7. Hash public DH key Hash Hash authenticated 9. Verify signature with pk T 8. Sign with sk T Hash Use hash of public DH key and DH key pair in Chip Authentication (CA) protocol (see next slide) 15

16 Hash epass Use hash of public DH key and DH key pair from terminal Authentication (CA) protocol MRTD DS 1a. Read certificates and secret passport authentication key from secure passport memory 3. Create random nonce 1a. Read CSCA Certificate from terminal memory 2. Verify certificates and extract public passport authentication key MRTD CSCA DS 4. Create mutual session key from N P, sk P, pk P, ske T and pke T to encrypt and authenticate the passport data 5. Message authentication (MAC) 6. Verify MAC epass authenticated 16

17 Privacy Violations Unnoticed and unintended read out of the RF chip is possible Adversary directly reads out the passport (Skimming) Adversary eavesdrops on the communication of passport and terminal Security problems in Basic Access Control (BAC) Keys derived from MRZ, which can be guessed (MRZ is not random!) Only certain symbols allowed Includes public data (e.g., issuing date, nationality or holder s last name) Not statistically independent (e.g., sequential serial numbers or expiry date) Keys can be found in only minutes (exhaustive search) Communication between terminal and passport can be decrypted Particularly vulnerable are Belgian, Dutch and German electronic passports 17

18 Identity Theft Copying/Cloning of electronic passports possible BAC keys can be derived from MRZ and copied to blank chip (clone) Passport data can be copied to the blank chip (clone) as well Clone successfully bypasses electronic passport verification Cloning resistance depends only on classical (visual) security features Forgery resilient EAC requires complex and expensive public key infrastructure require authentic CSCA Certificates of each country (otherwise identity theft is possible) Exchange of CSCA Certificates often problematic in practice (these are typically exchanged electronically or by diplomatic mail) 18

19

20 Identity Verification (as with electronic passport) Improved security against forgery, cloning and manipulation Binding holder to identity card Proof of Identity over the Internet (eid) Mutual authentication of passport holder and service provider Pseudonymous authentication (protection of personal data) Age and residence verification (no disclosure of exact age and residence location) Legally Valid Digital Signatures As smartcard based signature 20

21 Identity Card Holder 5. PACE Browser eid Client 3. Start eid Client 6. EAC 7. Secure Channel 1. Start eid based authentication 2. Parameters 8. eid based authentication 4. Establish secure channel (e.g., SSL) E Business / E Government Service Provider Authentication completed Web Server eid Server 10. Data exchange 9. Comparison Blacklist database; public key infrastructure 21

22 Deactivated by default Must be activated on holder s request No disclosure of biometric data to service providers Access control on biographic data Service providers must be authorized by state Access restrictions to biographic data regulated by law Identity card holder can restrict access to biographic data Access to biographic data must be authorized by card holder Requires entering the holder s PIN 22

23 Electronically Stored Data Biographic Data First and last name Birth place and location Address and zip code Biometric Data Biometric facial photo Optionaly: Fingerprints of both forefingers (alternatively fingerprints of the thumbs, middle fingers or ring fingers) Identity card specific data Issuing and expiry date Issuing country Cryptographic keys and certificates Authentication key pair Document Signer (DS) certificate Country Signing Certification Authority (CSCA) certificate Checksum Serial number epa of BRD Birth date Checksum Expiry date Checksum Issuing country Machine Readable Zone (MRZ) Serial number Card Access Number (CAN) 23

24 Password Authenticated Connection Establishment (PACE) Authorization of terminal access to RF Chip by scanning/entering Machine Readable Zone (MRZ), Card Access Number (CAN) or Personal Identification Number (PIN) Extended Access Control (EAC) (as for epass) Strong mutual authentication of identity card and terminal based on certificates Session key establishment Passive Authentication (as for epass) Digital signature of the passport manufacturer on the data stored on the chip Protection against forgery and manipulation of the data stored in the chip 24

25 Electronic Identity Card PIN / CAN / MRZ Password Authenticated Connection Establishment (PACE) Establishment of a confidential and integrity protected channel Extended Access Control (EAC) und Chip Authentication Session key establishment PIN / CAN / MRZ used in the PACE protocol Confidential and authentic channel MRTD DS Verify the signature on the passport data 25

26 Electronic Identity Card PIN Card Holder 1. Read PIN key from secure memory of card 2. Create random challenge 3. Encrypt 8. Create random partial DH session key 4. Enter PIN 5. Derive PIN key from PIN 6. Decrypt 7. Create random partial DH session key 9. Create session keys 26 authenticated 10. Message authentication (MAC) 13. Verify MAC 11. Verify MAC 12. Message authentication (MAC) K V ánd K A are used to establish an authentic and confidential channel between terminal and card Card authenticated

27 Identity Card Holder Malware can eavesdrop on PIN: Simulate eid Client to deceive holder (Phishing) Eavesdrop on keyboard input (Key Logger) Standard without key pad to enter PIN PIN must be entered into eid Client software First version of German eid Client software was faulty: Adversary could use the update function of the eid client to install malware No weakness of the identity card but the infrastructure 27