Whitepaper: GlobalTester Prove IS

Similar documents
CONFORMITY TESTING OF EAC INSPECTION SYSTEMS

EU Passport Specification

Conformity and Interoperability Key Prerequisites for Security of eid documents. Holger Funke, 27 th April 2017, ID4Africa Windhoek

This paper focuses on the issue of increased biometric content. We have also published a paper on inspection systems.

BSI TR Part 1.1 A framework for Official Electronic ID Document conformity tests

Verifying emrtd Security Controls

Document reader Regula 70X4M

Legal Regulations and Vulnerability Analysis

The EAC for MRTD. 26 January 2010

Advanced Security Mechanisms for Machine Readable Travel Documents and eidas Token

LDS2 Concept and Overview: Exploring Possibilities in Travel Border Clearance

STATUS: For NP ballot for development as a Type 2 Technical Report.

Technology Advances in Authentication. Mohamed Lazzouni, SVP & CTO

Introduction to Electronic Identity Documents

Can eid card make life easier and more secure? Michal Ševčík Industry Solution Consultant Hewlett-Packard, Slovakia ITAPA, November 9 th, 2010

MDR-1 Mobile Document Reader

Roadmap for Implementation of New Specifications for MRTDs

The epassport: What s Next?

2 Electronic Passports and Identity Cards

Test Report. For the participants of the SDW InterOp Final Report, secunet Security Networks AG

COMPGA12 1 TURN OVER

Security of Biometric Passports ECE 646 Fall Team Members : Aniruddha Harish Divya Chinthalapuri Premdeep Varada

eid Consulting References

A National Public Key Directory

TECHNICAL ADVISORY GROUP ON MACHINE READABLE TRAVEL DOCUMENTS (TAG/MRTD)

How To Secure Electronic Passports. Marc Witteman & Harko Robroch Riscure 02/07/07 - Session Code: IAM-201

3D Face Project. Overview. Paul Welti. Sagem Défense Sécurité Technical coordinator. ! Background. ! Objectives. ! Workpackages

Security Target Lite SK e-pass V1.0

Chip Authentication for E-Passports: PACE with Chip Authentication Mapping v2

Certification Report. EAL 4+ (ALC_DVS.2) Evaluation of TÜBİTAK BİLGEM UEKAE. AKİS v1.4i PASAPORT

Machine Authentication of MRTDs for Public Sector Applications

An Overview of Electronic Passport Security Features

Test plan for eid and esign compliant smart card readers with integrated EACv2

Part 9: Deployment of Biometric Identification and Electronic Storage of Data in MRTDs

Security Target Lite for CEITEC epassport Module CTC21001 with EAC

Common Criteria Protection Profile

Overview of cryptovision's eid Product Offering. Presentation & Demo

Machine Assisted Document Security Verification

E-Passport Validation: A practical experience

cryptovision s Government Solutions Adam Ross, Ben Drisch cryptovision GmbH

Biometric Passport from a Security Perspective

Common Criteria Protection Profile

TECHNICAL ADVISORY GROUP ON MACHINE READABLE TRAVEL DOCUMENTS (TAG/MRTD)

Introduction of the Seventh Edition of Doc 9303

An Overview of Electronic Passport Security Features

A distributed mobile solution with three components: a Capture/Display device a Fullpage Passport scanner and a Central system

The New Seventh Edition of Doc Barry J. Kefauver Nairobi, Kenya November 2015

E-Passport validation: A practical experience

VALIDATING E-PASSPORTS AT THE BORDER: THE ROLE OF THE PKD R RAJESHKUMAR CHIEF EXECUTIVE AUCTORIZIUM PTE LTD

Security Target Lite for CEITEC epassport Module CTC21001 with BAC

E-PASSPORT SCHEME USING AUTHENTICATION PROTOCOLS ALONG WITH FACE, FINGERPRINT, PALMPRINT AND IRIS BIOMETRICS

Certification Report

JTC 1 SC 37 Biometrics International Standards

NFC. control time RFID. copy protection. Barcode. Security. App. Quick control. NFC eco system ISO Secure Element. Near Field Communication

Common Criteria Protection Profile. Machine Readable Travel Document with ICAO Application, Extended Access Control BSI-CC-PP-0056

Security Mechanisms and Access Control Infrastructure for e-passports and General Purpose e-documents

BIOFLEX. Applications

Presentation of the Interoperability specification for ICCs and Personal Computer Systems, Revision 2.0

Electronic passports

Comprehensive Study on Cybercrime

An emrtd inspection system on Android. Design, implementation and evaluation

Security Mechanism of Electronic Passports. Petr ŠTURC Coesys Research and Development

SWAMID Person-Proofed Multi-Factor Profile

MULTIAPP V2 PACE - SAC PUBLIC SECURITY TARGET

This document is a preview generated by EVS

Hash-based Encryption Algorithm to Protect Biometric Data in e-passport

Air Transport & Travel Industry. Principles, Functional and Business Requirements PNRGOV

1. Publishable Summary

10. Software Testing Fundamental Concepts

Market Trends and Veridos solutions for epassports & ID Documents

Thirteenth Symposium on the ICAO Traveller Identification Programme

Past & Future Issues in Smartcard Industry

National Biometric Security Project

Q&A Genuine-ID. Answers. Questions

MACHINE READABLE TRAVEL DOCUMENTS

Towards a better solution for Border Guards. D.I. Bernhard Strobl Department Digital Safety and Security

General Data Protection Regulation April 3, Sarah Ackerman, Managing Director Ross Patz, Consultant

Java Card Approach to Emulate The Indonesian National Electronic ID Smart Cards

SPass NX V1.0 on S3CT9KW/S3CT9KC/S3CT9K9 Certification Report

Integrated Aeronautical Information database

Interoperability Specification for ICCs and Personal Computer Systems

Biometric Enrolment for the European Visa Informationsystem (VIS)

Towards e-passport Duplicate Enrolment Check in the European Union

Common Criteria Protection Profile. Machine Readable Travel Document using Standard Inspection Procedure with PACE (PACE PP)

The European Union approach to Biometrics

Interview with Fernando Podio Chair of ISO/IEC JTC 1 SC 37 Subcommittee on Biometrics

ID-Star 4054 epassport Reader

Information technology Security techniques Telebiometric authentication framework using biometric hardware security module

SEVIS Name Changes and Social Security Information Fact Sheet

World-Check One. Quick Reference Guide Screening and Case Manager

ID Security Made in Germany Holistic Solutions for Biometric Systems and Identity Documents

Testing and Certification Procedure

ISO/IEC INTERNATIONAL STANDARD. Identification cards Machine readable travel documents Part 3: Machine readable official travel documents

The Future of Smart Cards: Bigger, Faster and More Secure

TWIC Readers What to Expect

White Paper Implementing mobile electronic identity

CREDENTSYS CARD FAMILY

Thirteenth Symposium and Exhibition on the ICAO Traveller Identification Programme (TRIP)

IS23SC4439 Preliminary. 1K bytes EEPROM Contactless Smart Card Conform to ISO/IEC 14443A Standard. Table of contents

Introduction to the ENTSOG Common Data Exchange Solutions

Transcription:

Whitepaper: GlobalTester Prove IS Testing of EAC inspection systems By HJP Consulting GmbH Introduction There have been a lot of activities in standardization to define conformity tests for e-passports. Already in April 2007, the ICAO published their testing standards. As these technical reports only covered the mandatory functionality of e-passports, the European Union had set up its own test specification for EAC based passports, which digitally store sensitive fingerprint data. This conformance test specification is stable now. All these activities focus on improving the passports' interoperability. But what does "interoperability" mean? According to IEEE's glossary, "interoperability" is regarded as the ability of two components to exchange information and to use the information that has been exchanged. Thus, full interoperability cannot be achieved without testing the terminals. Although this statement is quite obvious, it has been deemed sufficient to test the terminals' interoperability at different test events. When we study other smart card systems like EMV schemes or the digital tachograph system to name only a few, we can easily observe that cards and terminals are subject to conformance testing and security evaluation before any interoperability test is run. Moreover, the number of possible EAC passport options selected cryptography and data group configurations has simply become too high to handle the problem with passport samples only and the internal status of these samples changes permanently during the tests. Status of conformance testing To achieve interoperability in border control systems it is necessary to test not only passports but also inspection systems. The first test specifications concerning inspection systems were limited to lower levels. The main specifications are BSI-TR03105 (Federal Office for Information Security, BSI) and RF protocol and application test standard for epassports Part 4 (International Civil Aviation Organization, ICAO). Both test specifications include tests of the electrical interface and the contactless ISO 14443 transmission protocol (layers 2-4). In any inspection system, a number of different components have to undergo testing. HJP Consulting 2010 Page 1 of 6

Currently, there is a test standard published by ICAO which defines tests for the electrical interface of the terminal and the contactless ISO 14443 transmission protocol. This technical report is referred to as part 3 of the e-passport test standard and is mainly based on the ISO 10373-6 standard for proximity cards. Working group 8 of ISO/SC17 revises ISO 10373-6 with the contents of this part 3. Besides the electrical communication, it is necessary to ensure that the data page contents, especially the machine-readable zone, are correctly read by the terminal. Currently, there are no test specifications available to verify that the passport s data page conforms to the ICAO standard DOC 9303 or to verify that the optical reader correctly retrieves this information from a data page. All these test specifications are insufficient since they can only guarantee that information is correctly exchanged between passport and reader. It is also necessary to verify that the terminal correctly uses the information exchanged. Thus, a test specification for the application of an inspection system is still missing in order to ensure interoperability. The German BSI and Brussels Interoperability Group (BIG) have recognized this unresolved issue and put it on their agenda. A first version (1.0) of this test specification with more than 200 test cases was discussed at two BIG meetings in 2008. Currently, version 1.2 of TR 03105-5 is available as a complete redesign of the technical guidelines in version 2.0 at the BSI website. General test concepts for inspection systems The wide variety of inspection systems available for use in different scenarios constitutes the main obstacle to a common test specification. There are different types of systems with varying workflows on the market. Test specifications have to cover stand-alone inspection terminals, client-server architectures with centrally managed security as well as mobile inspection solutions. Optical readers could be scanners, cameras or external swipe readers. And there could be an undefined number of external devices, backend and biometric verification systems connected to the system. The question therefore arises: is it practical to have one set of conformity tests for a diverse pool of inspection systems? We can overcome this problem by making the test model as generalized as possible and reusing concepts from existing test strategies where applicable. First of all, we define the device under test. Due to several different inspection system designs, we have to create a functional model (as shown in figure 1) and define which of the functions should be subject to testing and which should not be considered because they do not contribute to interoperability. The inspection application is regarded as the core of the inspection system which defines the functionality of the system, its internal workflow and user interaction. It also handles the inspection HJP Consulting 2010 Page 2 of 6

procedure itself. This procedure is a well defined function according to the technical report TR 03110, which is fundamental to all new EU passports. We have to distinguish between: the standard inspection procedure (SIP), for BAC encoded passports, and the advanced inspection procedure (AIP), for EAC encoded passports. In order to communicate with the e-passport, the inspection procedure makes use of the optical and electrical reading devices as well as a private key storage. It might have an optional test interface, which is used to automate the test procedures. Figure 1: General functional model of an inspection system The inspection application controls a man-machine interface which replicates the interaction with the border control officer. We assume the existence of such an interface because the system must somehow display to the officer the decision as to whether or not the passport is valid. HJP Consulting 2010 Page 3 of 6

It might be connected to other systems such as biometric verification systems or backend databases but these functions do not form part of the testing scope. With this model, we do not presume any specific architectural design or implementation. The scope of conformance testing can now be narrowed to the functionality that is directly involved in the communication between the passport and the inspection system: The contactless reader (proximity coupling device) implementing communication layers 1 to 4. This device should conform to ISO 10373-6 and is functionally tested by the ICAO e- passport test standard, part3. The inspection procedure implementing communication layers 6 and 7 specified by TR 03110. Tests are supposed to be specified by the Brussels Interoperability Group. Optical reading of the MRZ specified by DOC 9303. Tests for this interface will be specified by ISO/SC17/WG3. All other features of the inspection have to tested but not with respect to conformance to the standards and interoperability. With this test approach, the test cases must be in line with the normal inspection procedure. Thus, tests cannot be performed command by command but the test cases always have to run through the whole inspection procedure. Consequently, tests have to be pure black box test. For testing the inspection system, HJP follows the concept of an upper and lower tester as defined in ISO 10373-6 and enhance this concept to test the application layers. The test environment is illustrated in figure 2. Figure 2: Enhanced ISO 10373-6 test environment HJP Consulting 2010 Page 4 of 6

In this test environment, the test engineer starts a test case by placing a simulated passport, i.e. a data page with antenna, in the inspection system. The device under test performs a "normal" inspection procedure and sends commands to the simulated passport, which has been configured to fulfil the requirements of the selected test case. The simulator returns a well-defined response to the system. The observed result (passport valid or not) is entered by the tester into a test management system, which finally generates a test report. With this concept, it is also possible to formally verify the commands sent by the device for a further analysis. The BSI has introduced this test approach in their technical guideline TR-03105, part 5. The essential part of the whole test approach is the passport simulator that can emulate different configurations and behaviour of passports. The concept described above is implemented by HJP Consulting in their product GT Prove IS. This test tool includes a hardware simulator based on Comprion s CLT one product and complete implementation of all test cases from TR-03105, Part 5. This simulator has become the central building block of the GlobalTester Prove IS test tool that provides conformance testing for passport inspection systems according to TR-03105, part 5. The feasibility of the test approach had first been demonstrated at the Prague interoperability test event in 2008 using exactly GT Prove IS. The GT Prove IS has thus become the world's first conformance test tool for inspection systems. Supporting system tests for border control and air travel procedures The verification of e-passports, will primarily take place at border control checkpoints of international sea, land and air borders. E-passports can only be beneficial, if the encrypted information, stored on the chip, is also being read and verified. This requires an interface to a local certification authority (CA), since the inspection system must know the country signing and document signing certificates for each particular e-passport to be able to verify validity and authenticity 1. The amount of data needed and to be verified may depend on the actual application, e.g. may differ for check-in 2 compared to primary border control and secondary border control. To insure interoperability at border control points 1 HJP published a comprehensive white paper which covers the processes for key management and certification exchange in detail. The document has been developed on behalf of ICAO ICBWG to promote the ICAO Public Key Directory and is called A Primer on the ICAO Public Key Directory. The white paper can be downloaded from HJP s website at https://www.hjpconsulting.com/news. 2 The use of e-passport data for other applications than border control may differ by country based on data protection laws. HJP Consulting 2010 Page 5 of 6

worldwide, ICAO has set a number of standards for e-passports and e-passport inspection systems. To insure, that inspection systems perform as required, whereby the handling of encrypted data is of specific concern, test standards for the testing of e-passport inspection systems are in place. HJP s test tools conduct all required conformance tests for inspection systems based on latest ICAO/BSI test standards for the chip application, layer 6-7, which is the core component to verify next generation e-passports. The test tool, GT Prove IS, can be very beneficial for system integrators in the field of border control and air travel security throughout the integration testing of inspection systems. It is specifically designed to test the e-passport application component of the inspection system, thus insure interoperability towards the implementation into the overall border management or air travel security system. The test tool from HJP is based on an open source approach. Besides the standard test cases provided for the inspection system, the system integrator can further configure additional test procedures for layer 6-7 based on the GT platform using the Eclipse development environment for other test routines needed referring to a particular border control or airport specific test standard. HJP Consulting 2010 Page 6 of 6

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback