Verifying emrtd Security Controls

Size: px

Start display at page:

Download "Verifying emrtd Security Controls"

Christiana Burke
5 years ago
Views:

4 emrtd Specifications ICAO Travel Document - Doc 9303 Core Specifications set by the International Civil Aviation Organisation (ICAO) NTWG / SC17 collaboration Supplemented by BSI ASM for emrtds (EAC) Authenticated emrtds provide identity verification of emrtd holder Issuing Authorities in nation states or Int l bodies e.g. INTERPOL as enhanced identity security documents Commonly issued emrtds include national epassports and eid Cards but also Seafarers documents, Biometric Residence Permits use same specifications 4 3M All Rights Reserved.

14 Datagroup 2 Encoded photograph to ISO Standard to ensure quality of data image Access is protected by Basic Access Control Images encoded in JPEG or JPEG2000 formats Photographs are standardised to ensure visual comparison and automated biometric verification Images to overcome interoperability challenges (different biometric verification algorithms) 14 3M All Rights Reserved.

17 Datagroup 3 Fingerprints and Iris are a second generation feature of emrtds Sensitive Data protected by EAC as an enhancement to BAC Access is protected by Extended Access Control (separate PKI authorisation scheme) Images encoded in JPEG or JPEG2000 formats to overcome biometric interoperability problems No International Standard yet 17 3M All Rights Reserved.

18 EF.COM Data Contains a map of the tags, lengths values present in the file Is not protected (digitally signed) by issuing authority Cannot be trusted unless authenticated to EF.SOD 18 3M All Rights Reserved.

19 emrtd Decomposed EF.SOD Contains the hash values of all the data groups Hash values signed by a document signing authority with private key (SOD = Digital Signature) May contain the Document Signer Certificate (DSC) that corresponds public key element used the create the SOD or reference to DSC. Can be trusted provided the Document Signer Certificate is validated 19 3M All Rights Reserved.

23 Verifying EF.SOD Part of the Passive Authentication process Verify the ASN.1 Structure Verify the hash values present Verify the signature against the public key element contained in related Document Signer Certificate Authenticate the Document Signer Certificate Verify the certificate chain of the DSC against the CSCA Certificate dynamically Pre-validated DSCs in protected Certificate Cache Store 23 3M All Rights Reserved.

26 epassport Infrastructure 1 st Generation ICAO PKD CSCA Authority National Infrastructure Document Signer Service Registration Authority Inspection System Issuance Verification 26 3M All Rights Reserved.

Second Generation Extensions SPOC CVCA DVCA Issuance Registration

29 ICAO Public Key Directory Global repository of certificates used to validate emrtds Relies on Issuing Authority subscribers uploading data to the PKD Regularly updated with Document Signer Certificates CRLs Null CRLs MasterLists Serves as a trust anchor on emrtds 29 3M All Rights Reserved.

34 emrtd Verification Process Holder provides emrtd MRTD to Be Inspected Perform Physical Checks Physical Check Y Extract MRZ Validate MRZ MRZ Valid Y Record Result N N Query against whitelist Y Record Result Perform BAC using MRZ Record Result BAC Sucessful N Perform Facial Checks Extract Data Y Record Result AA Present Perform AA Y Perform PA Checks Record Result N Record Result Perform EAC Y Contains 2 nd Gen Features N Produce Result EAC Sucessful N Perform Fingerprint matching Y 34 3M All Rights Reserved.

41 Facial Biometrics Match the holder to the DG2 using facial biometrics DG2 is required to meet certain standards Used in some countries including Portugal Australia UK (Trial) 41 3M All Rights Reserved.

43 Passive Authentication Check the validity of EF.SOD Check the hash values of the datagroups Check the signature of SOD Check the chain of the document signer certificate Check against null and non null CRLs ICAO PKD Maintains Certificates for subscribers 43 3M All Rights Reserved.

45 Passive Authentication CSCAs can be exchanged By diplomatic channels Using CSCA MasterLists A CSCA is a trust anchor and can identify the emrtd Issuing Authority Inspection System Integrity and Performance Security controls must ensure that bogus CSCAs cannot be inserted during the verification process Inspection System Architecture designed to requirements (not one fits all) depends upon operating environment, devices, key management strategy, network reliability 45 3M All Rights Reserved.

46 Extended Access Control Consists of the following Chip Authentication Terminal Authentication Provides the following Mutual authentication between the chip and the terminal Some indication of the issuer of the emrtd Privacy of the fingerprints on the passport 46 3M All Rights Reserved.

47 Second Generation Features EAC requires the implementation of the EAC infrastructure to ensure verification EAC Protects the privacy of the fingerprints on the epassport EAC proves the issuer of the epassport EAC Ensures that only authorised terminals can read fingerprints 47 3M All Rights Reserved.

48 Fingerprint matching DG3 Contains the fingerprint 0 10 digits can be stored depending on the country where fingerprints are captured Fingerprint image contained (not a template) 48 3M All Rights Reserved.

58 Usability Challenges Use their terminology Counterfeit (not PA has failed) Falsified (not Digital Signature is not verified) Cloned (not Active Authentication has been subverted) Access denied (Terminal Authentication does not have appropriate CV chains) Simplicity by design User Interface design aligns with tasks Clear feedback on processing State of device (security) Case Studies Engage with Users 58 3M All Rights Reserved.

60 Conclusion emrtds are complex documents and need to be verified appropriately Partial checking of some features is not enough to guarantee that the document is authentic Various designs and physical layouts of documents from various countries can easily lead to confusion although the electronic features are standardised and the same User interface design for emrtd verification apps should provide a result in a clear and concise manner 60 3M All Rights Reserved.

62 References Myths about epassports - ICAO 9303 Passport Standards - Wikipedia entry on biometric passports ID Documen ts/electronic Passport/Datenschutz en.html ICAO emrtd Report Volume 203 Number %20No.%202,% pdf UK ID Card - EAC Specification version _v202_pdf Golden Reader Tool for Reading emrtds - node.html 62 3M All Rights Reserved.

The epassport: What s Next?

The epassport: What s Next? Justin Ikura LDS2 Policy Sub-Group Co-chair Tom Kinneging Convenor of ISO/IEC JTC1 SC17 WG3 International Organization for Standardization (ISO) Strengthening Aviation Security