Past & Future Issues in Smartcard Industry
|
|
- Todd Pierce
- 5 years ago
- Views:
Transcription
1 Past & Future Issues in Smartcard Industry Ecrypt 2 Summer School Guillaume Dabosville Oberthur Technologies
2 Oberthur Technologies the group its divisions payment, mobile, transport and digital TV markets identity documents (e-passport, driving license, health, etc) design and printing of banknotes and passports ink staining technology Oberthur Technologies 2
3 Oberthur Technologies the group its revenues Oberthur Technologies 3
4 Oberthur Technologies the group the crypto team crypto & security team secure primitives certif practical evaluation CC-ready Oberthur Technologies 4
5 Oberthur Technologies smartcard industry the main use cases payment, mobile, transport and digital TV markets identity documents (e-passport, driving license, health, etc) design and printing of banknotes and passports ink staining technology Oberthur Technologies 5
6 agenda 1. from card to smart card short history nowadays why is it smart 2. payment industry issues in card authentication static data authentication - SDA dynamic data authentication DDA 3. mobile industry issues in radio control access 2G networks 3G networks 4. identity industry standardization body description security needs BAC / SAC / PACE 5. future issues 6. conclusion Oberthur Technologies 6
7 the card industry a short history appears in the 70 s in several countries (France, Germany, Japan, USA) several patents argue the ownership first uses prepaid card (memory only) credit cards (µ processor) Oberthur Technologies 7
8 the card industry nowadays plastic card ISO 7816 compliant card dimensions physical constraints (flexibilty, etc) positioning of the contacts communication protocols internal architecture of IC Oberthur Technologies 8
9 the card industry nowadays Oberthur Technologies 9
10 the smart card why is it smart? From Collins dictionary: smart ~ { brilliant, ingenious, intelligent, chic, elegant } + many words I do not understand brilliant / intelligent: DES, 3DES, AES, RSA (up to 2048 bits), ECC ingenious: virtual money lower risk of money theft, lower cost for cash management (transfer funds) chic / elegant secure Oberthur Technologies 10
11 the smart card how much is it smart? lost & stolen fraud Oberthur Technologies 11
12 the smart card how much is it smart? counterfeit fraud Oberthur Technologies 12
13 agenda 1. from card to smart card short history nowadays why is it smart 2. payment industry issues in card authentication static data authentication - SDA dynamic data authentication DDA 3. mobile industry issues in radio control access 2G networks 3G networks 4. identity industry standardization body description security needs BAC / SAC / PACE 5. future issues 6. conclusion Oberthur Technologies 13
14 payment industry the setting Issuer Acquirer Infrastructure cardholder merchant Oberthur Technologies 14
15 payment industry issues in a payment transaction card authentication is it a valid card? card authentication is it the cardholder? ask for and check PIN cardholder verification Generate AC transaction data Transaction Certificate transaction Oberthur Technologies 15
16 agenda 1. from card to smart card short history nowadays why is it smart 2. payment industry issues in card authentication static data authentication - SDA dynamic data authentication DDA 3. mobile industry issues in radio control access 2G networks 3G networks 4. identity industry standardization body description security needs BAC / SAC / PACE 5. future issues 6. conclusion Oberthur Technologies 16
17 payment industry static authentication - PKI Issuer CA Acquirer (PK I, SK I ) (PK CA, SK CA ) (PK CA ) Signed by Signed by Card Data PK I Cert CA (PK I ) Sign SKI (Card Data) Cert CA (PK I ) + Sign SKI (Card Data) PK CA Oberthur Technologies 17
18 payment industry static authentication security analysis used in B0 (1989) EMV (1995) as Static Data Authentication (SDA) subject to replay attacks (because it is static) mass attack subject to the yescard attack implemented by Serge Humpich in 1997 Sign SK is an RSA signature with a 96digit modulus n factorisation of n=p.q is feasible since 1991 [Lenstra91] can forge new cards with correct static signature pointing to non-existing accounts counterfeits cards always answer YES regardless of the entered PIN code last RSA factorisation: a 768bit modulus Oberthur Technologies 18
19 agenda 1. from card to smart card short history nowadays why is it smart 2. payment industry issues in card authentication static data authentication - SDA dynamic data authentication DDA 3. mobile industry issues in radio control access 2G networks 3G networks 4. identity industry standardization body description security needs BAC / SAC / PACE 5. future issues 6. conclusion Oberthur Technologies 19
20 payment industry dynamic authentication - PKI Issuer CA Acquirer (PK I, SK I ) (PK CA, SK CA ) (PK CA ) Signed by Signed by Card Data PK ICC PK I PK ICC, SK ICC, Cert I (PK ICC ), Cert CA (PK I ) TD: Term Data Sig Sign SKICC (Card Data,TD) Cert I (PK ICC ), Cert CA (PK I ), Sig PK CA Oberthur Technologies 20
21 payment industry dynamic authentication security analysis thwarts replay attacks thanks to challenge-response mass attack no longer relevant Oberthur Technologies 21
22 agenda 1. from card to smart card short history nowadays why is it smart 2. payment industry issues in card authentication static data authentication - SDA dynamic data authentication DDA 3. mobile industry issues in radio control access 2G networks 3G networks 4. identity industry standardization body description security needs BAC / SAC / PACE 5. future issues 6. conclusion Oberthur Technologies 22
23 mobile industry issues in radio control access SIM mobile BSS BTS BSC Visited Network MSC/VLR Home Network AuC/HLR usurpation of identity hijacking the connection phone-taping on the radio link [passive] phone-taping by simulating a false BSS [Man-in-the-middle] tracing SIM theft threats countermeasures user authentication integrity of routing data ciphering mutual authentication ciphering temporary identity and ciphering PIN code Oberthur Technologies 23
24 agenda 1. from card to smart card short history nowadays why is it smart 2. payment industry issues in card authentication static data authentication - SDA dynamic data authentication DDA 3. mobile industry issues in radio control access 2G networks 3G networks 4. identity industry standardization body description security needs BAC / SAC / PACE 5. future issues 6. conclusion Oberthur Technologies 24
25 mobile industry 2G network (GSM) - description SIM mobile BSS BTS BSC Visited Network MSC/VLR Home Network AuC/HLR K i K i TMSI TMSI TMSI TMSI RAND A3/A8 RAND RAND RAND RAND SRES Kc A3/A8 SRES Kc SRES SRES Kc verify SRES A5 A5 voice ciphered voice voice Oberthur Technologies 25
26 mobile industry 2G network security analysis ciphering is an option (activated by network decision only) no mutual authentication (only the user towards the network) risk of phone-taping supported by a man-in-the-middle attack false BTS genuine BTS K i K i no integrity check (may raise problems with regard to signalling messages) ciphering stops at the BTS no in-depth ciphering some implementations of A3/A8 and A5 algorithms are considered to be not at the state-of-the-art (COMP128 and A5/1, A5/2) Oberthur Technologies 26
27 agenda 1. from card to smart card short history nowadays why is it smart 2. payment industry issues in card authentication static data authentication - SDA dynamic data authentication DDA 3. mobile industry issues in radio control access 2G networks 3G networks 4. identity industry standardization body description security needs BAC / SAC / PACE 5. future issues 6. conclusion Oberthur Technologies 27
28 mobile industry 3G network (UMTS) - description SIM mobile BSS BTS BSC Visited Network MSC/VLR Home Network AuC/HLR K K TMSI TMSI TMSI RAND f1-f5 RAND, AUTN RAND, AUTN RAND, AUTN RAND AUTN verify AUTN f1-f5 RES CK voice IK f9 mac f8 RES ciphered voice, mac CK f8 IK RES CK, IK verify mac f9 voice,mac verify RES RES CK IK Oberthur Technologies 28
29 mobile industry 3G network security analysis ciphering along the whole radio subsystem still activated by network decision only, but the no ciphering order is authenticated integrity mechanism to protect signalling information mutual authentication of SIM and AuC Oberthur Technologies 29
30 agenda 1. from card to smart card short history nowadays why is it smart 2. payment industry issues in card authentication static data authentication - SDA dynamic data authentication DDA 3. mobile industry issues in radio control access 2G networks 3G networks 4. identity industry standardization body description security needs BAC / SAC / PACE 5. future issues 6. conclusion Oberthur Technologies 30
31 identity industry e-passport standardization ICAO: International Civil Aviation Organization international regulation authority harmonization of travelling documents provides a common framework for passports all over the world open standards for Governments and suppliers mandatory: identification data + integrity + authentication optional: biometry + other protection mechanisms Oberthur Technologies 31
32 identity industry description printed identifying data (eg owner s picture) printed machine readable data (MRZ, CAN) visual security features (eg holograms) MRZ contactless chip in the paperback chip contains all identifying data chip optionally contains biometrical data like fingerprints Oberthur Technologies 32
33 identity industry security needs contactless technologies bring on new issues invasion of privacy since a malicious reader can interact with the chip without the knowledge of the owner passport must be open to access the identity of the holder content should be protected by an access control policy Basic Access Control Supplemental Access Control Extended Access Control use the MRZ Oberthur Technologies 33
34 agenda 1. from card to smart card short history nowadays why is it smart 2. payment industry issues in card authentication static data authentication - SDA dynamic data authentication DDA 3. mobile industry issues in radio control access 2G networks 3G networks 4. identity industry standardization body description security needs BAC / SAC / PACE 5. future issues 6. conclusion Oberthur Technologies 34
35 identity industry Basic Access Control K choose r CHIP, K CHIP CHIP r CHIP IS read the MRZ optically derive K r IS, r CHIP, K IS =D K (e IS ) e IS choose r IS, K IS e IS = E K (r IS, r CHIP, K IS ) check r CHIP = r CHIP e CHIP =E K (r CHIP, r IS, K CHIP ) e CHIP check r IS = r IS Oberthur Technologies 35
36 identity industry BAC - security analysis recovery process 1. eavesdrop one BAC session 2. guess/recover through social network MRZ-information (ex: Date of birth, passport date of expiry, passport number) 3. derive the ciphering key (KDF is public) 4. decipher e IS and check for meaningful data thanks to r CHIP 5. go to step 2 until MRZ is found. MRZ entropy is very low: US 53 bits, Spain and Italy 51 bits, France 52 bits even less since field are not independent (date of expiry and passport number...) to be compared to entropy requirements: 80 bits up to 2010, 112bits then. BAC is weak to offline brute force attack Oberthur Technologies 36
37 identity industry BAC - security analysis addendum to the standard to improve access control alternative to the BAC in ICAO standard SAC based on the protocol Password Authenticated Connection Establishment (PACE) fixes the default of BAC Oberthur Technologies 37
38 identity industry PACE establishes Secure Channel between chip and IS uses strong session keys independent of the strength of the password π requires public key cryptography can take as a password either the MRZ (ICAO required) the CAN (ICAO optional) a PIN resists to offline attacks protects Privacy Oberthur Technologies 38
39 identity industry PACE SPA-resistant Oberthur Technologies 39
40 agenda 1. from card to smart card short history nowadays why is it smart 2. payment industry issues in card authentication static data authentication - SDA dynamic data authentication DDA 3. mobile industry issues in radio control access 2G networks 3G networks 4. identity industry standardization body description security needs BAC / SAC / PACE 5. future issues 6. conclusion Oberthur Technologies 40
41 future issues fraud in FR transaction vs. fraud progress Oberthur Technologies 41
42 future issues fraud in FR detailed fraud Oberthur Technologies 42
43 the issue at stake payment on the internet Oberthur Technologies 43
44 the issue at stake convergence Oberthur Technologies 44
45 the issue at stake RSA government recommendations/requirements on RSA key-size for long term crypto Protection period Symmetric cryptosystems Factorization and discrete-log cryptosystems (eg.rsa, DH, DSA) Elliptic-curve cryptosystems (eg. ECDH, ECDSA) Short term to to to >> RSA key cannot be used anymore for governmental applications (passports) ECC is the backup plan of RSA what is the backup plan of ECC? Oberthur Technologies 45
46 conclusion past issues authenticate a customer and a device to access a network for a service remote payment: cardholder + credit card mobile phone: subscriber + handset e-passport: control the access to the identity of the citizen to provide privacy future issues / new trends payment in not trusted environments (PC, smartphones) backup plan in case of a breakthrough in cryptanalysis of ECC smartcards helped to solve past issues can help to solve next issues using new form factors? µsd, USB stick new owners? the end-user? Oberthur Technologies 46
47 Thank you Ecrypt 2 Summer School Oberthur Technologies
2 Electronic Passports and Identity Cards
2 Picture source: www.bundesdruckerei.de Paper based Passport Radio Frequency (RF) Chip Electronic Passport (E Pass) Biographic data Human readable Partially machine readable (optically) Conventional
More informationAdvanced Security Mechanisms for Machine Readable Travel Documents and eidas Token
Technical Guideline TR-03110-1 Advanced Security Mechanisms for Machine Readable Travel Documents and eidas Token Part 1 emrtds with BAC/PACEv2 and EACv1 Version 2.20 26. February 2015 History Version
More informationSecurity of Biometric Passports ECE 646 Fall Team Members : Aniruddha Harish Divya Chinthalapuri Premdeep Varada
Security of Biometric Passports ECE 646 Fall 2013 Team Members : Aniruddha Harish Divya Chinthalapuri Premdeep Varada CONTENTS Introduction to epassports Infrastructure required for epassports Generations
More informationHow To Secure Electronic Passports. Marc Witteman & Harko Robroch Riscure 02/07/07 - Session Code: IAM-201
How To Secure Electronic Passports Marc Witteman & Harko Robroch Riscure 02/07/07 - Session Code: IAM-201 Other personal info on chip Other less common data fields that may be in your passport Custody
More informationBiometric Passport from a Security Perspective
Biometric Passport from a Security Perspective Gildas Avoine INSA Rennes/IRISA Institut Universitaire de France SUMMARY Passport Primer Memory Content Cryptographic Mechanisms defined by ICAO Additional
More informationThe EAC for MRTD. 26 January 2010
The EAC for MRTD Rafik Chaabouni Serge Vaudenay 26 January 2010 Outline MRTD? Standards - RFID - ICAO and BAC - EAC Solutions? 2 MRTD? Machine Readable Travel Document 3 Standards RFID ICAO and BAC EAC
More informationCan eid card make life easier and more secure? Michal Ševčík Industry Solution Consultant Hewlett-Packard, Slovakia ITAPA, November 9 th, 2010
Can eid card make life easier and more secure? Michal Ševčík Industry Solution Consultant Hewlett-Packard, Slovakia ITAPA, November 9 th, 2010 Content eid Primary Functions eid Privacy Features and Security
More informationSecurity Mechanism of Electronic Passports. Petr ŠTURC Coesys Research and Development
Security Mechanism of Electronic Passports Petr ŠTURC Coesys Research and Development Smartcard CPU 16/32 bit 3.57MHz (20MHz) 1.8 / 3/ 5 V ROM 16-300 kb RAM 1-8 kb EEPROM 8-128kB Contactless communication
More informationWHAT FUTURE FOR CONTACTLESS CARD SECURITY?
WHAT FUTURE FOR CONTACTLESS CARD SECURITY? Alain Vazquez (alain.vazquez@louveciennes.sema.slb.com) 1/27 AV Contents Major contactless features : summary Contactless major constraints Major security issues
More informationChip Authentication for E-Passports: PACE with Chip Authentication Mapping v2
v.2 Chip Authentication for s: with Chip Authentication Mapping v2 Lucjan Mirosław Wrocław University of Science and Technology, Poland ISC 2016, Honolulu Electronic Passport v.2 e-passport and ebooth:
More informationHash-based Encryption Algorithm to Protect Biometric Data in e-passport
Hash-based Encryption Algorithm to Protect Biometric Data in e-passport 1 SungsooKim, 2 Hanna You, 3 Jungho Kang, 4 Moonseog Jun 1, First Author Soongsil University, Republic of Korea, indielazy@ssu.ac.kr
More informationIntroduction to Electronic Identity Documents
Tutorial Introduction to Electronic Identity Documents Klaus Schmeh cryptovision I'm Klaus Schmeh, Chief Editor Marketing at cryptovision. I have published a number of books. Identity Documents Conventional
More informationQuestioning the Feasibility of UMTS GSM Interworking Attacks
Questioning the Feasibility of UMTS GSM Interworking Attacks Christoforos Ntantogian 1, Christos Xenakis 2 1 Department of Informatics and Telecommunications, University of Athens, Greece 2 Department
More informationCOMPGA12 1 TURN OVER
Applied Cryptography, COMPGA12, 2009-10 Answer ALL questions. 2 hours. Marks for each part of each question are indicated in square brackets Calculators are NOT permitted 1. Multiple Choice Questions.
More informationNon Person Identities After all, who cares about me? Gilles Lisimaque & Dave Auman Identification technology Partners, Inc.
Identities Non Person Identities After all, who cares about me? Gilles Lisimaque & Dave Auman Identification technology Partners, Inc. Device Identifiers Most devices we are using everyday have (at least)
More informationThe Open Protocol for Access Control Identification and Ticketing with PrivacY
The Open Protocol for Access Control Identification and Ticketing with PrivacY For Secure Contactless Transactions and Enabling Logical and Physical Access Convergence October 2010 Actividentity 2 OPACITY
More informationLecture 9 User Authentication
Lecture 9 User Authentication RFC 4949 RFC 4949 defines user authentication as: The process of verifying an identity claimed by or for a system entity. Authentication Process Fundamental building block
More informationSecurity Target Lite SK e-pass V1.0
Ref.: Security Target Lite SK e-pass V1.0 Table of Contents 1 INTRODUCTION... 6 1.1 ST AND ST-LITE IDENTIFICATION... 6 1.2 TOE IDENTIFICATION... 6 1.3 CC AND PP CONFORMANCE... 6 1.4 CONVENTIONS... 7 1.5
More informationMACHINE READABLE TRAVEL DOCUMENTS
MACHINE READABLE TRAVEL DOCUMENTS TECHNICAL REPORT Supplemental Access Control for Machine Readable Travel Documents Version 1.1 Date 15 April 2014 Published by authority of the Secretary General ISO/IEC
More informationAugust, Actividentity CTO Office
The Open Protocol for Access Control Identification and Ticketing with PrivacY For the Secure Enablement of converged Access and Contactless Transactions August, 2010 Actividentity CTO Office 2 What is
More informationSecurity functions in mobile communication systems
Security functions in mobile communication systems Dr. Hannes Federrath University of Technology Dresden Security demands Security functions of GSM Known attacks on GSM Security functions of UMTS Concepts
More informationIDCore. Flexible, Trusted Open Platform. financial services & retail. Government. telecommunications. transport. Alexandra Miller
IDCore Flexible, Trusted Open Platform financial services & retail enterprise > SOLUTION Government telecommunications transport Trusted Open Platform Java Card Alexandra Miller >network identity >smart
More informationNetwork Security: Cellular Security. Tuomas Aura T Network security Aalto University, Nov-Dec 2013
Network Security: Cellular Security Tuomas Aura T-110.5241 Network security Aalto University, Nov-Dec 2013 Outline Cellular networks GSM security architecture and protocols Counters UMTS AKA and session
More informationAn Overview of Electronic Passport Security Features
An Overview of Electronic Passport Security Features Zdeněk Říha Faculty of Informatics, Masaryk University, Botanická 68A, 602 00 Brno, Czech Republic zriha@fi.muni.cz Abstract. Electronic passports include
More informationThis paper focuses on the issue of increased biometric content. We have also published a paper on inspection systems.
White Paper 1 INTRODUCTION As ICAO 1 -compliant epassports come into widespread use in Q4 of 2006, it is an appropriate moment to review some of the initiatives required for the next stage of development.
More informationCOMPUTER NETWORK SECURITY
COMPUTER NETWORK SECURITY Prof. Dr. Hasan Hüseyin BALIK (3 rd Week) 3. User Authentication 3.Outline Electronic User Authentication Principles Password-Based Authentication Token-Based Authentication Biometric
More informationVerifying emrtd Security Controls
Blackhat Europe 2010 Verifying emrtd Security Controls Raoul D Costa 1 3M 2010. All Rights Reserved. Agenda Overview of ICAO / EU Specifications emrtds decomposed emrtd Infrastructure (PKI) Inspecting
More informationPaul A. Karger
Privacy and Security Threat Analysis of the Federal Employee Personal Identity Verification (PIV) Program Paul A. Karger karger@watson.ibm.com Outline Identify specific problem with FIPS 201 Problem of
More informationThe Future of Smart Cards: Bigger, Faster and More Secure
The Future of Smart Cards: Bigger, Faster and More Secure Joerg Borchert, Vice President, Secure Mobile Solutions July 16, 2003 Page 1 N e v e r s t o p t h i n k i n g. Infineon Technologies: Overview
More informationDocument reader Regula 70X4M
Document reader Regula 70X4M Full page passport reader with no moving parts inside. Automatic reading and authenticity verification of passports, IDs, visas, driver s licenses and other identification
More informationEU Passport Specification
Biometrics Deployment of EU-Passports EU Passport Specification (EN) 28/06/2006 (As the United Kingdom and Ireland have not taken part in the adoption of this measure, an authentic English version of the
More informationSmartCards as electronic signature devices Progress of standardization. Helmut Scherzer, CEN TC224/WG16 (Editor) IBM Germany
SmartCards as electronic signature devices Progress of standardization Helmut Scherzer, CEN TC224/WG16 (Editor) IBM Germany scherzer@de.ibm.com Active CEN working groups(today) TC224 : "Machine readable
More informationConformity and Interoperability Key Prerequisites for Security of eid documents. Holger Funke, 27 th April 2017, ID4Africa Windhoek
Conformity and Interoperability Key Prerequisites for Security of eid documents Holger Funke, 27 th April 2017, ID4Africa Windhoek Agenda 1. About secunet Security Networks AG 2. Timeline of interoperability
More informationAn Overview of Electronic Passport Security Features
An Overview of Electronic Passport Security Features Zdeněk Říha Faculty of Informatics, Masaryk University, Botanická 68A, 602 00 Brno, Czech Republic zriha@fi.muni.cz Abstract. Electronic passports include
More informationCREDENTSYS CARD FAMILY
CREDENTSYS CARD FAMILY Credentsys is a secure smart card family that is designed for national ID systems, passports, and multi-use enterprise security environments. The family is certified to FIPS 140-2
More informationAuthentication Technology for a Smart eid Infrastructure.
Authentication Technology for a Smart eid Infrastructure. www.aducid.com One app to access all public and private sector online services. One registration allows users to access all their online accounts
More informationSmart cards are made of plastic, usually polyvinyl chloride. The card may embed a hologram to prevent counterfeiting. Smart cards provide strong
Smart Cards By: Definition Smart cards, chip card, or integrated circuit card (ICC) are card with embedded integrated circuits that contain a computer chip capable of carrying out a cryptographic protocol.
More informationThe New Seventh Edition of Doc Barry J. Kefauver Nairobi, Kenya November 2015
The New Seventh Edition of Doc 9303 Barry J. Kefauver Nairobi, Kenya November 2015 July 2015 ICAO published the 7 th edition of Doc 9303 Part 1 Part 2 Part 3 Part 4 Part 5 Part 6 Part 7 Part 8 Part 9
More informationA Multi-Application Smart-Card ID System for George Mason University. - Suraj Ravichandran.
A Multi-Application Smart-Card ID System for George Mason University - Suraj Ravichandran. Current System Magnetic Swipe Card based ID The card has three tracks They each store the following: Name, G#
More informationBuilding on existing security
Building on existing security infrastructures Chris Mitchell Royal Holloway, University of London http://www.isg.rhul.ac.uk/~cjm 1 Acknowledgements This is joint work with Chunhua Chen and Shaohua Tang
More informationIntroduction of the Seventh Edition of Doc 9303
Introduction of the Seventh Edition of Doc 9303 Sjef Broekhaar Advisor ICAO TRIP IRAN SEMINAR Kish Island 17/05/2016 Footer 1 July 2015: ICAO publishes the 7th edition of Doc 9303 Part 1 Part 2 Part 3
More informationBEYOND TRADITIONAL PASSWORD AUTHENTICATION: PKI & BLOCKCHAIN
SESSION ID: GPS-R09B BEYOND TRADITIONAL PASSWORD AUTHENTICATION: PKI & BLOCKCHAIN Sid Desai Head of Business Development Remme.io @skd_desai Agenda Our relationship to our digital-selves Evolution of Authentication
More informationChapter 6. Stream Cipher Design
Chapter 6. Stream Cipher Design 1 Model for Secure Communications and Attacks 2 Shannon's Theory on Perfect Secrecy and Product Cryptosystems (self reading, Stinson s book, or Chapters 1 and 2 in Stalling's
More informationSecurity Mechanisms and Access Control Infrastructure for e-passports and General Purpose e-documents
Journal of Universal Computer Science, vol. 15, no. 5 (2009), 970-991 submitted: 1/8/08, accepted: 28/2/09, appeared: 1/3/09 J.UCS Security Mechanisms and Access Control Infrastructure for e-passports
More informationMarket Trends and Veridos solutions for epassports & ID Documents
Market Trends and Veridos solutions for epassports & ID Documents Ludger Holtmann, Senior Product & Portfolio Manager Michael Ruhland-Bauer, Head of Product Mangement Documents Agenda Introducing Veridos
More informationUsing existing security infrastructures
Using existing security infrastructures Chris Mitchell Royal Holloway, University of London http://www.isg.rhul.ac.uk/~cjm 1 Acknowledgements This is joint work with Chunhua Chen and Shaohua Tang (South
More informationPKI Credentialing Handbook
PKI Credentialing Handbook Contents Introduction...3 Dissecting PKI...4 Components of PKI...6 Digital certificates... 6 Public and private keys... 7 Smart cards... 8 Certificate Authority (CA)... 10 Key
More informationKey Agreement Schemes
Key Agreement Schemes CSG 252 Lecture 9 November 25, 2008 Riccardo Pucella Key Establishment Problem PK cryptosystems have advantages over SK cryptosystems PKCs do not need a secure channel to establish
More informationID-One Cosmo V7-a Smart Card Cryptographic Module
ID-One Cosmo V7-a Smart Card Cryptographic Module FIPS 140-2 Security Policy Public Version Oberthur Technologies of America 4250 Pleasant Valley Road Chantilly, VA 20151-1221 - USA Document Number: SPV7-a.0-n
More informationE-Passport: Cracking Basic Access Control Keys with COPACOBANA
E-Passport: Cracking Basic Access Control Keys with COPACOBANA Yifei Liu, Timo Kasper, Kerstin Lemke-Rust and Christof Paar Communication Security Group Ruhr University Bochum, Germany http://www.crypto.rub.de
More informationMeeting FFIEC Meeting Regulations for Online and Mobile Banking
Meeting FFIEC Meeting Regulations for Online and Mobile Banking The benefits of a smart card based authentication that utilizes Public Key Infrastructure and additional mechanisms for authentication and
More information2 nd ETSI Security Workshop: Future Security. Smart Cards. Dr. Klaus Vedder. Chairman ETSI TC SCP Group Senior VP, Giesecke & Devrient
2 nd ETSI Security Workshop: Future Security Smart Cards Dr. Klaus Vedder Chairman ETSI TC SCP Group Senior VP, Giesecke & Devrient ETSI TC SCP, the Smart Card Committee 19 Years of Dedication and Real-life
More informationCONFORMITY TESTING OF EAC INSPECTION SYSTEMS
CONFORMITY TESTING OF EAC INSPECTION SYSTEMS By Dr. Michael Jahnich, Technical Director, HJP Consulting GmbH Testing the conformance of inspection systems for epassports is an ongoing and open issue. One
More informationCSE484 Final Study Guide
CSE484 Final Study Guide Winter 2013 NOTE: This study guide presents a list of ideas and topics that the TAs find useful to know, and may not represent all the topics that could appear on the final exam.
More informationPRODUCT INFORMATION BULLETIN
PRODUCT INFORMATION BULLETIN ID-One PIV v2.3.2 The electronic Identity card compliant with US specifications for electronic Table of contents 1. Foreword... 3 2. Introduction to PIV cards features... 4
More informationDiffie-Hellman. Part 1 Cryptography 136
Diffie-Hellman Part 1 Cryptography 136 Diffie-Hellman Invented by Williamson (GCHQ) and, independently, by D and H (Stanford) A key exchange algorithm o Used to establish a shared symmetric key Not for
More informationBlackVault Hardware Security Platform SECURE TRUSTED INTUITIVE. Cryptographic Appliances with Integrated Level 3+ Hardware Security Module
BlackVault Hardware Security Platform SECURE TRUSTED INTUITIVE Cryptographic Appliances with Integrated Level 3+ Hardware Security Module The BlackVault hardware security platform keeps cryptographic material
More informationcryptovision s Government Solutions Adam Ross, Ben Drisch cryptovision GmbH
cryptovision s Government Solutions Adam Ross, Ben Drisch cryptovision GmbH cv cryptovision GmbH T: +49 (0) 209.167-24 50 F: +49 (0) 209.167-24 61 info(at)cryptovision.com 1 cryptovision cryptovision Gelsenkirchen
More informationVerification of security protocols introduction
Verification of security protocols introduction Stéphanie Delaune CNRS & IRISA, Rennes, France Tuesday, November 14th, 2017 Cryptographic protocols everywhere! they aim at securing communications over
More informationID-One PIV (Type A) FIPS Security Policy. (PIV Applet Suite on ID-One Cosmo V7-n) Public Version
ID-One PIV (Type A) (PIV Applet Suite on ID-One Cosmo V7-n) FIPS 140-2 Security Policy Public Version Oberthur Technologies of America 4250 Pleasant Valley Road Chantilly, VA 20151-1221 - USA Document
More informationWi-Fi Security for Next Generation Connectivity. Perry Correll Aerohive, Wi-Fi Alliance member October 2018
Perry Correll Aerohive, Wi-Fi Alliance member October 2018 1 Value of Wi-F1 The value Wi-Fi provides to the global economy rivals the combined market value of Apple Inc. and Amazon. The fact that Wi-Fi
More informationGLOBAL SYSTEM FOR MOBILE COMMUNICATION (2) ETI2511 Friday, 31 March 2017
GLOBAL SYSTEM FOR MOBILE COMMUNICATION (2) ETI2511 Friday, 31 March 2017 1 SYLLABUS GSM General architecture and interfaces of cellular system and the PSTN and Internet networks: BTS, MSC, Internetworking,
More informationALIKE: Authenticated Lightweight Key Exchange. Sandrine Agagliate, GEMALTO Security Labs
ALIKE: Authenticated Lightweight Key Exchange Sandrine Agagliate, GEMALTO Security Labs Outline: Context Description of ALIKE Generic description Full specification Security properties Chip Unforgeability
More informationDie Zukunft des M-Payment The future of m-payment NFC. Andreas Johne. Düsseldorf, 25. Januar 2008
Die Zukunft des M-Payment Düsseldorf, 25. Januar 2008 Andreas Johne Agenda Brief company presentation M-payment with Near Field Communication Success stories with Page 2 Giesecke & Devrient From Printing
More informationSecurity in NFC Readers
Security in Readers Public Content and security, a different kind of wireless Under the hood of based systems Enhancing the security of an architecture Secure data exchange Information security goals Cryptographic
More informationLegal Regulations and Vulnerability Analysis
Legal Regulations and Vulnerability Analysis Bundesamt für Sicherheit in der Informationstechnik (BSI) (Federal Office for Information Security) Germany Introduction of the BSI National Authority for Information
More informationFuture Expansion for emrtd PKI Mark Joynes, Entrust
Future Expansion for emrtd PKI Mark Joynes, Entrust 2013 MRTD Symposium 1 What are we trying to achieve Prevent: Production of credible false documents Tampering with legitimate documents Breach of sovereignty
More informationSecuring IoT devices with STM32 & STSAFE Products family. Fabrice Gendreau Secure MCUs Marketing & Application Managers EMEA Region
Securing IoT devices with STM32 & STSAFE Products family Fabrice Gendreau Secure MCUs Marketing & Application Managers EMEA Region 2 The leading provider of products and solutions for Smart Driving and
More informationAuthentication Technologies
Authentication Technologies 1 Authentication The determination of identity, usually based on a combination of something the person has (like a smart card or a radio key fob storing secret keys), something
More informationLecture 3 - Passwords and Authentication
CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Lecture 3 - Passwords and Authentication CSE497b - Spring 2007 Introduction Computer and Network Security Professor
More informationTest Conditions. Closed book, closed notes, no calculator, no laptop just brains 75 minutes. Steven M. Bellovin October 19,
Test Conditions Closed book, closed notes, no calculator, no laptop just brains 75 minutes Steven M. Bellovin October 19, 2005 1 Form 8 questions I m not asking you to write programs or even pseudo-code
More informationKeep your fingers off my keys today & tomorrow
SIGS SE February 2017 Keep your fingers off my keys today & tomorrow Marcel Dasen VP Engineering Securosys SA Keys? Encryption keys asymmetric e.g. RSA, ECC public/private key pairs for wrapping symmetric
More information3D Face Project. Overview. Paul Welti. Sagem Défense Sécurité Technical coordinator. ! Background. ! Objectives. ! Workpackages
3D Face Project Paul Welti Sagem Défense Sécurité Technical coordinator Overview! Background! Objectives! Workpackages 2 1 ! Biometric epassport Biometrics and Border Control! EU-Council Regulation No
More informationUsing Near-Field Communication for Remote Identity Proofing
Using Near-Field Communication for Remote Identity Proofing Francisco Corella and Karen Lewison October 29, 2016 Abstract This is the third of a series of papers describing the results of a project whose
More informationNFC embedded microsd smart Card - Mobile ticketing opportunities in Transit
NFC embedded microsd smart Card - Mobile ticketing opportunities in Transit July 2017 By: www.smk-logomotion.com Introduction Presentation is describing NFC enabled microsd smart card (LGM Card) Technical
More informationSecurity Requirements for Crypto Devices
Security Requirements for Crypto Devices Version 1.0 02 May 2018 Controller of Certifying Authorities Ministry of Electronics and Information Technology 1 Document Control Document Name Security Requirements
More informationGrenzen der Kryptographie
Microsoft Research Grenzen der Kryptographie Dieter Gollmann Microsoft Research 1 Summary Crypto does not solve security problems Crypto transforms security problems Typically, the new problems relate
More informationDATACARD PB6500 PASSPORT ISSUANCE SYSTEM ADVANCED TECHNOLOGY FOR HIGH-SECURITY PASSPORTS
DATACARD PB6500 PASSPORT ISSUANCE SYSTEM ADVANCED TECHNOLOGY FOR HIGH-SECURITY PASSPORTS A TRUSTED SOLUTIONS PROVIDER FOR GOVERNMENT Governments rely on Datacard Group to develop and deliver sophisticated
More informationPublic-Key Cryptography. Professor Yanmin Gong Week 3: Sep. 7
Public-Key Cryptography Professor Yanmin Gong Week 3: Sep. 7 Outline Key exchange and Diffie-Hellman protocol Mathematical backgrounds for modular arithmetic RSA Digital Signatures Key management Problem:
More informationStrong Authentication for Physical Access using Mobile Devices
Strong Authentication for Physical Access using Mobile Devices DoD Identity Protection and Management Conference May 15-17, 2012 Dr. Sarbari Gupta, CISSP, CISA sarbari@electrosoft-inc.com 703-437-9451
More informationSecurity of Cellular Networks: Man-in-the Middle Attacks
Security of Cellular Networks: Man-in-the Middle Attacks Mario Čagalj University of Split 2013/2014. Security in the GSM system by Jeremy Quirke, 2004 Introduction Nowadays, mobile phones are used by 80-90%
More informationSMART CARDS. Miguel Monteiro FEUP / DEI
SMART CARDS Miguel Monteiro apm@fe.up.pt FEUP / DEI WHAT IS A SMART CARD Distinguishable characteristics Can participate in automated electronic transactions Used primarily to add security Not easily forged
More informationWhitepaper: GlobalTester Prove IS
Whitepaper: GlobalTester Prove IS Testing of EAC inspection systems By HJP Consulting GmbH Introduction There have been a lot of activities in standardization to define conformity tests for e-passports.
More informationAuth. Key Exchange. Dan Boneh
Auth. Key Exchange Review: key exchange Alice and want to generate a secret key Saw key exchange secure against eavesdropping Alice k eavesdropper?? k This lecture: Authenticated Key Exchange (AKE) key
More informationNatural Security Alliance
Natural Security Alliance Business model and pilot projects ITU 14 & 15 October 2014 Philippe'Batard' Batard&&&Partners' Summary Natural Security Alliance: an initiative from retailers and banks The solution
More informationLecture 3 - Passwords and Authentication
Lecture 3 - Passwords and Authentication CMPSC 443 - Spring 2012 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse443-s12 What is authentication? Reliably verifying
More informationRajat Moona j CSE, IIT Kanpur October 11, Reach IIT K
Rajat Moona j CSE, IIT Kanpur October 11, 2010 Reach 2010 @ IIT K Identity Establishment Problem Smart Card Technology IIT Kanpur Contribution ID related applications DL/RC, MNIC, e Passport Protection
More informationDataTraveler 5000 (DT5000) and DataTraveler 6000 (DT6000) Ultimate Security in a USB Flash Drive. Submitted by SPYRUS, Inc.
Submitted by SPYRUS, Inc. Contents DT5000 and DT6000 Technology Overview...2 Why DT5000 and DT6000 Encryption Is Different...3 Why DT5000 and DT6000 Encryption Is Different - Summary...4 XTS-AES Sector-Based
More informationSystem to assure authentication and transaction security. Presentation of the concept and product May 2009
System to assure authentication and transaction security Presentation of the concept and product May 2009 AXSionics AG, Neumarktstrasse 27, 2503 Biel, Switzerland Information: Dr. Lorenz Müller Lorenz.mueller@axsionics.ch
More informationHOST Authentication Overview ECE 525
Authentication Overview Authentication refers to the process of verifying the identity of the communicating principals to one another Usually sub-divided into Entity authentication Authentication in real-time
More informationElectronic passports
Electronic passports Zdeněk Říha, Václav Matyáš, Petr Švenda Faculty of Informatics, Masaryk University, Brno, Czech Republic {zriha,matyas,svenda}@fi.muni.cz February 2008 A number of countries have been
More informationPayment Security: Attacks & Defences
Payment Security: Attacks & Defences Dr Steven J Murdoch University College London COMPGA03, 2014-12-02 UK fraud is going up again Chip & PIN deployment period Losses ( m) 0 50 100 150 200 250 300 Card
More informationSecure and Authentication Communication in GSM, GPRS, and UMTS Using Asymmetric Cryptography.
Secure and Authentication Communication in GSM, GPRS, and UMTS Using Asymmetric Cryptography T K Mohanta 1, R K Samantaray 2, S Panda 3 1. Dept.of Electronics & Communication.Engg, Sudhananda Engg & Research
More informationLecture 5: Protocols - Authentication and Key Exchange* CS 392/6813: Computer Security Fall Nitesh Saxena
Lecture 5: Protocols - Authentication and Key Exchange* CS 392/6813: Computer Security Fall 2009 Nitesh Saxena *Adopted from a previous lecture by Gene Tsudik Course Admin HW3 Problem 3 due Friday midnight
More informationProtecting Information Assets - Week 11 - Cryptography, Public Key Encryption and Digital Signatures. MIS 5206 Protecting Information Assets
Protecting Information Assets - Week 11 - Cryptography, Public Key Encryption and Digital Signatures MIS5206 Week 11 Identity and Access Control Week 10 continued Cryptography, Public Key Encryption and
More informationStudy on data encryption technology in network information security. Jianliang Meng, Tao Wu a
nd International Workshop on Materials Engineering and Computer Sciences (IWMECS 05) Study on data encryption technology in network information security Jianliang Meng, Tao Wu a School of North China Electric
More informationThis document is a preview generated by EVS
INTERNATIONAL STANDARD ISO/IEC 18013-3 Second edition 2017-04 Information technology Personal identification ISO-compliant driving licence Part 3: Access control, authentication and integrity validation
More informationDFARS Requirements for Defense Contractors Must Be Satisfied by DECEMBER 31, 2017
DFARS 252.204-7012 Requirements for Defense Contractors Must Be Satisfied by DECEMBER 31, 2017 As with most government documents, one often leads to another. And that s the case with DFARS 252.204-7012.
More informationBSI TR Part 1.1 A framework for Official Electronic ID Document conformity tests
BSI TR-03105 Part 1.1 A framework for Official Electronic ID Document conformity tests Version 1.04.1 14.11.2008 CONTENTS 1 INTRODUCTION... 4 2 DEFINITIONS AND REFERENCES... 4 2.1 Definitions... 4 2.2
More informationEfficient GSM Authentication and Key Agreement Protocols with Robust User Privacy Protection
Efficient GSM Authentication and Key Agreement Protocols with Robust User Privacy Protection Author: Jing-Lin Wu, Wen-Shenq Juang and Sian-Teng Chen Department of Information Management, Shih Hsin University,
More information