This paper focuses on the issue of increased biometric content. We have also published a paper on inspection systems.

Similar documents
Verifying emrtd Security Controls

EU Passport Specification

Whitepaper: GlobalTester Prove IS

Conformity and Interoperability Key Prerequisites for Security of eid documents. Holger Funke, 27 th April 2017, ID4Africa Windhoek

The epassport: What s Next?

Advanced Security Mechanisms for Machine Readable Travel Documents and eidas Token

2 Electronic Passports and Identity Cards

Future Expansion for emrtd PKI Mark Joynes, Entrust

CONFORMITY TESTING OF EAC INSPECTION SYSTEMS

Chip Authentication for E-Passports: PACE with Chip Authentication Mapping v2

Can eid card make life easier and more secure? Michal Ševčík Industry Solution Consultant Hewlett-Packard, Slovakia ITAPA, November 9 th, 2010

LDS2 Concept and Overview: Exploring Possibilities in Travel Border Clearance

Security Target Lite for CEITEC epassport Module CTC21001 with EAC

The EAC for MRTD. 26 January 2010

Legal Regulations and Vulnerability Analysis

A National Public Key Directory

Introduction to Electronic Identity Documents

An Overview of Electronic Passport Security Features

How To Secure Electronic Passports. Marc Witteman & Harko Robroch Riscure 02/07/07 - Session Code: IAM-201

Overview of cryptovision's eid Product Offering. Presentation & Demo

Security of Biometric Passports ECE 646 Fall Team Members : Aniruddha Harish Divya Chinthalapuri Premdeep Varada

An Overview of Electronic Passport Security Features

A Trust Infrastructure for epassports

Security Mechanism of Electronic Passports. Petr ŠTURC Coesys Research and Development

Common Criteria Protection Profile. Machine Readable Travel Document with ICAO Application, Extended Access Control BSI-CC-PP-0056

Technology Advances in Authentication. Mohamed Lazzouni, SVP & CTO

E-PASSPORT SCHEME USING AUTHENTICATION PROTOCOLS ALONG WITH FACE, FINGERPRINT, PALMPRINT AND IRIS BIOMETRICS

Getting to Grips with Public Key Infrastructure (PKI)

Biometric Passport from a Security Perspective

3D Face Project. Overview. Paul Welti. Sagem Défense Sécurité Technical coordinator. ! Background. ! Objectives. ! Workpackages

Hash-based Encryption Algorithm to Protect Biometric Data in e-passport

Common Criteria Protection Profile. Machine Readable Travel Document using Standard Inspection Procedure with PACE (PACE PP)

SECURITY TARGET LITE FOR IDEAL PASS V2.0.1 EAC WITH PACE APPLICATION

An emrtd inspection system on Android. Design, implementation and evaluation

Roadmap for Implementation of New Specifications for MRTDs

Introduction Morpho The Art of Identification

Security Target Lite

Document reader Regula 70X4M

Machine Readable Travel Document with ICAO Application", Basic Access Control

Paul A. Karger

SafeNet Authentication Client

Security Mechanisms and Access Control Infrastructure for e-passports and General Purpose e-documents

Common Criteria Protection Profile

Electronic passports

Past & Future Issues in Smartcard Industry

Common Criteria Protection Profile

Requiring Digital Signatures and Certificates

Security Target Lite for CEITEC epassport Module CTC21001 with BAC

Single Secure Credential to Access Facilities and IT Resources

Certification Report

Security Target Lite SK e-pass V1.0

Certification Report. EAL 4+ (ALC_DVS.2) Evaluation of TÜBİTAK BİLGEM UEKAE. AKİS v1.4i PASAPORT

September OID: Public Document

VALIDATING E-PASSPORTS AT THE BORDER: THE ROLE OF THE PKD R RAJESHKUMAR CHIEF EXECUTIVE AUCTORIZIUM PTE LTD

Electronic Commerce Working Group report

The SafeNet Security System Version 3 Overview

ISO/IEC INTERNATIONAL STANDARD

Der elektronische Personalausweis Mehr oder weniger Sicherheit?

Identity & security CLOUDCARD+ When security meets convenience

SECURITY TARGET LITE FOR MICAO ON IDEALCITIZ TM OS 2.1 BAC CONFIGURATION

German eid based on Extended Access Control v2

ID Security Made in Germany Holistic Solutions for Biometric Systems and Identity Documents

egov & PKI By: Alaa Eldin Mahmoud Aly YOUR LOGO

Towards e-passport Duplicate Enrolment Check in the European Union

MACHINE READABLE TRAVEL DOCUMENTS

hidglobal.com HID ActivOne USER FRIENDLY STRONG AUTHENTICATION

A Quick Guide to EPCS. What You Need to Know to Implement Electronic Prescriptions for Controlled Substances

Security Target. SOMA-c003 Electronic Passport EAC-SAC-AA

CONTENTS. Introduction 4. Overview 5. A detailed look under the hood 8. Conclusions 11. Traveler experience overview 12. Definition of terms 13

BSI TR Part 1.1 A framework for Official Electronic ID Document conformity tests

This document is a preview generated by EVS

CSE 565 Computer Security Fall 2018

MULTIAPP V2 PACE - SAC PUBLIC SECURITY TARGET

Next Generation Physical Access Control Systems A Smart Card Alliance Educational Institute Workshop

PKI Services. Text PKI Definition. PKI Definition #1. Public Key Infrastructure. What Does A PKI Do? Public Key Infrastructures

NETWORK ACCESS CONTROL OVERVIEW. CONVENIENCE. SECURITY.

Understanding modern security controllers. - which chip do you need for your identity document?

Security Target Bundesdruckerei Document Application

WORKSHARE SECURITY OVERVIEW

A1 Information Security Supplier / Provider Requirements

Federated Authentication for E-Infrastructures

SafeNet Authentication Client

(More) cryptographic protocols

This document is a preview generated by EVS

5. The technology risk evaluation need only be updated when significant changes or upgrades to systems are implemented.

SafeNet Authentication Client

The European Union approach to Biometrics

SafeNet Authentication Client

SafeNet Authentication Client

XSmart e-passport V1.2

The Key Principles of Cyber Security for Connected and Automated Vehicles. Government

Introduction of the Seventh Edition of Doc 9303

The New Seventh Edition of Doc Barry J. Kefauver Nairobi, Kenya November 2015

Biometrics problem or solution?

Transportation Worker Identification Credential (TWIC) Steve Parsons Deputy Program Manager, TWIC July 27, 2005

ID-One epass V2.2 on NXP In Supplemental Access Control (SAC) configuration With AA. Public Security Target. 1 FQR Ed1

A Multi-Application Smart-Card ID System for George Mason University. - Suraj Ravichandran.

TECHNICAL ADVISORY GROUP ON MACHINE READABLE TRAVEL DOCUMENTS (TAG/MRTD)

ICBWG Guide on Procurement of MRTD-related Systems Introduction to the What and the Why of the Guide

E-passport 72K V1.0. Public Security Target. Oberthur Card Systems. E-passport 72K - Public Security Target. Ref: V1.

Transcription:

White Paper

1 INTRODUCTION As ICAO 1 -compliant epassports come into widespread use in Q4 of 2006, it is an appropriate moment to review some of the initiatives required for the next stage of development. In an initiative as ambitious as ICAO s epassport, it was necessary to start with a relatively simple implementation and build on this in a series of phases. The first phase added a contactless integrated circuit chip containing a standardised facial image and a degree of cryptographic security to the familiar passport book, preserving all the existing security features. The next phases, probably overlapping in time, include: Border Control Inspection systems to take advantage of the features of epassports evisas using the same type of contactless chip technology National eidentity documents Increased biometric content in epassports or either of the above This paper focuses on the issue of increased biometric content. We have also published a paper on inspection systems. Extended Access Control (EAC) has been introduced as the means by which more sensitive biometric content to be added to the next generation of European epassports will be protected against unauthorised use. Specifically, finger images will need to be protected because, if captured and subsequently abused by the bad guys, some unpalatable scenarios could arise. 2 WHAT IS EAC AND WHERE DOES IT FIT? EAC is a member of the family of security measures introduced by ICAO. EAC, being the most advanced and (currently) being optional, is not yet fully specified. However, a very comprehensive proposal 2 from the German national IT standards body BSI provides most of the detail needed by prospective implementors. The family of ICAO security measures includes: Passive Authentication (PA) allowing readers to check that the epassport has been signed by an appropriate issuing authority, i.e. that it is genuine. Basic Access Control (BAC) protecting against reading the passport without the holder s involvement. Without BAC the epassport contents could potentially be skimmed when the holder least expected it. Active Authentication (AA) protecting the uniqueness and authenticity of the IC chip within the epassport. This should be used only where BAC is already established. Extended Access Control (EAC) restricting access to certain elements of the epassport s contents to authorised parties, such as border control, only. This capability will be used to protect fingerprints, iris scans, etc. Uniquely, the EAC protocol requires authorisation from the epassport issuer to allow certain specific data groups to be read by specified groups of readers. Without this protection anyone with the necessary technical skills could read the whole passport. When implemented, EAC will have the effect of strengthening all the other security measures because the protocol will not operate stand-alone. EAC-equipped readers will link back to national Public Key Directories (PKD) so Passive Authentication need no longer blindly trust the document signer 1 International Civil Aviation Organisation www.icao.org which covers, inter alia, aviation safety and security 2 BSI TR-03110 Technical Guideline: Advanced Security Mechanisms for MRTDs Extended Access Control v1.0 2

certificate held within the epassport. Instead, this certificate can be validated against the country signer certificate in the PKD. 3 HOW DOES EAC WORK? The diagram shows the workings in a highly simplified form. Fig. 1 Get permission to read Country A Public Key Directories Country B Verifier Any method of secure transmission Signer Inspection System Signer certificates Signer Country A Inspection System sensitive data Country B epassport Prove entitlement to read sensitive data Country A s inspection system is presented with an epassport issued by country B. A s inspection system wishes to access finger images in the epassport. The groundwork for this has been prepared ahead of time. Country B was asked for permission for this type of access and as a result, country A was able to issue an appropriate inspection system certificate. The inspection system first authenticates the epassport ( Chip Authentication ). A specially-adapted key-agreement 3 protocol is used to enable each end to independently generate the same secret key to secure the subsequent steps. This gives a much greater level of protection than that afforded by Basic Access Control, including resistance to man-in-the-middle attacks. The epassport then challenges the inspection system to prove its entitlement to read the sensitive data ( Terminal Authentication ). The inspection system provides a certificate chain back to the aforementioned inspection certificate that represents that entitlement. This is signed using the key from the Chip Authentication stage. When this is all verified the epassport can release the requested finger images. 3 A variant of Diffie-Hellmann key agreement described in reference TR-03110 Copyright Temporal S. Limited 2006 3 of 5

4 WHY IS EAC NOT BEING USED ALREADY? It should be clear from the above that the infrastructure required for implementation of EAC is non-trivial. The permission-to-read interaction could be done in many possible ways and there is, as yet, no ready-implemented, practical standard for this. The standards picture for the EAC protocols is not yet complete at a detailed level. As such, it would be risky for issuers to manufacture any EAC-enabled epassports or for the suppliers of inspection systems to build their solutions just yet. Many countries are working on their key and certificate management processes and supporting infrastructure. This is non-trivial because of the international scale of the necessary solution. Significant performance challenges are involved in routing current and timely information to inspection stations. These challenges are discussed in our paper on inspection systems. However, up to now, ensuring that the epassport production process runs smoothly has been the top priority. Inspection systems have necessarily been on a back burner. A deadline of 2008 has now been set for the issue of EAC-enabled epassports. The time is right, therefore, to establish the necessary infrastructure for certificate distribution. 5 WHAT IS BEING DONE TO ENABLE THE USE OF EAC? The custodian of EAC has until recently been the Essen Group 4 consisting of representatives from Germany, Netherlands and the UK. They have worked with the aforementioned proposal from BSI and brought that proposal to an agreed conclusion. From this point onwards a new gathering with broader European representation known as the Brussels Interoperability Group (BIG) has taken up the EAC mantle. This is the group that will take EAC forward to become an agreed standard with the necessary specifications, probably via ISO. Inevitably, with a complex proposal such as EAC, the devil is in the detail and there is much detail to be resolved. Nevertheless, it is reasonable to expect that this can proceed smoothly once the initial epassports move into full production in Q4 2006. At a review of BIG given at the recent epassport Interoperability conference in Berlin some challenging comments were heard from the United States (which country does not intend to implement EAC). As was stated in reply, EAC does represent a real challenge but its viability (or otherwise) can be proven within the available timescale. Technical insight into some of the issues to be resolved is contained in the many papers out there, including the aforementioned BSI document (TR-03110 v1.0). A paper from researchers at Columbia University 5 suggesting some further improvements is interesting but somewhat outside the fold at the moment. A number of organisations have already built proof-of-concept implementations of EAC. More of these implementations are probably needed to underpin the aforementioned standards-making and related test system development activities. Temporal S. is one of the organisations planning work in this area. 4 Website www.essen-group.org seems to be available in German only. 5 Preventing Attacks on MRTDs Gaurav and Karger, Columbia University 4

6 ABOUT TEMPORAL S. Founded in 2002 and based at Royal Holloway, England the world-renowned centre of excellence in information security Temporal S. delivers easy-to-use digital identity (ID) solutions that enable strong IT system security through packaged infrastructure and processes underpinned by Public Key (PK) encryption technology. Its solutions can be used to address the growing threat of data attack, (internal and external) and provide ID-based mechanisms to enforce, audit and prove compliance with regulatory requirements (e.g. ICAO). Temporal S. provides specialist support to those organisations producing and issuing epassports to help them implement ICAO-compliant PKI solutions. Specifically, Temporal S. is focused on the automation and simplification of the set-up and management of PK-enabled solutions - making them easier to use and reducing the service element of their operation. Temporal S. can provide solutions that address a broad range of ICAO-compliant epassport requirements, including: epassport interoperability and QA epassport inspection epassport personalisation Ease of deployment of epassport-enabling CAs and PKIs Extended Access Control (EAC). Temporal S. has worked closely with Government and commercial organisations involved in the production and issuance of epassports. As such, it has developed an extensive understanding of the technical and commercial implications associated with the incorporation of secure digital ID into physical business applications. For further information contact: Simon Lofthouse Temporal S. Limited enquiries@temporals.com www.temporals.com Copyright 2006 by Temporal S. Limited. All rights reserved. No part of this document may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic mechanical, photocopying, recording or otherwise without prior permission in writing of the copyright owner. Copyright Temporal S. Limited 2006 5 of 5

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback