Security of Biometric Passports ECE 646 Fall Team Members : Aniruddha Harish Divya Chinthalapuri Premdeep Varada

Similar documents
2 Electronic Passports and Identity Cards

Biometric Passport from a Security Perspective

Advanced Security Mechanisms for Machine Readable Travel Documents and eidas Token

Verifying emrtd Security Controls

Security Mechanism of Electronic Passports. Petr ŠTURC Coesys Research and Development

Security Target Lite SK e-pass V1.0

An Overview of Electronic Passport Security Features

Hash-based Encryption Algorithm to Protect Biometric Data in e-passport

The epassport: What s Next?

Introduction to Electronic Identity Documents

An Overview of Electronic Passport Security Features

Chip Authentication for E-Passports: PACE with Chip Authentication Mapping v2

The EAC for MRTD. 26 January 2010

MACHINE READABLE TRAVEL DOCUMENTS

Security Mechanisms and Access Control Infrastructure for e-passports and General Purpose e-documents

How To Secure Electronic Passports. Marc Witteman & Harko Robroch Riscure 02/07/07 - Session Code: IAM-201

EU Passport Specification

Conformity and Interoperability Key Prerequisites for Security of eid documents. Holger Funke, 27 th April 2017, ID4Africa Windhoek

An emrtd inspection system on Android. Design, implementation and evaluation

Security Target Lite for CEITEC epassport Module CTC21001 with EAC

E-PASSPORT SCHEME USING AUTHENTICATION PROTOCOLS ALONG WITH FACE, FINGERPRINT, PALMPRINT AND IRIS BIOMETRICS

Can eid card make life easier and more secure? Michal Ševčík Industry Solution Consultant Hewlett-Packard, Slovakia ITAPA, November 9 th, 2010

Electronic passports

Past & Future Issues in Smartcard Industry

HOST Authentication Overview ECE 525

E-Passport: Cracking Basic Access Control Keys with COPACOBANA

Cryptographic Concepts

Technology Advances in Authentication. Mohamed Lazzouni, SVP & CTO

L13. Reviews. Rocky K. C. Chang, April 10, 2015

XSmart e-passport V1.2

A practical integrated device for lowoverhead, secure communications.

Public Key Cryptography

ICT 6541 Applied Cryptography Lecture 8 Entity Authentication/Identification

Lecture 5: Protocols - Authentication and Key Exchange* CS 392/6813: Computer Security Fall Nitesh Saxena

This paper focuses on the issue of increased biometric content. We have also published a paper on inspection systems.

(2½ hours) Total Marks: 75

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 11 Basic Cryptography

Authentication. Chapter 2

LDS2 Concept and Overview: Exploring Possibilities in Travel Border Clearance

SECURITY TARGET LITE FOR IDEAL PASS V2.0.1 EAC WITH PACE APPLICATION

Password Authenticated Key Exchange by Juggling

The New Seventh Edition of Doc Barry J. Kefauver Nairobi, Kenya November 2015

Authentication Technologies

Cryptography CS 555. Topic 16: Key Management and The Need for Public Key Cryptography. CS555 Spring 2012/Topic 16 1

User Authentication. Modified By: Dr. Ramzi Saifan

(a) Symmetric model (b) Cryptography (c) Cryptanalysis (d) Steganography

6.857 L17. Secure Processors. Srini Devadas

ECEN 5022 Cryptography

Whitepaper: GlobalTester Prove IS

A SECURE PASSWORD-BASED REMOTE USER AUTHENTICATION SCHEME WITHOUT SMART CARDS

Common Criteria Protection Profile. Machine Readable Travel Document with ICAO Application, Extended Access Control BSI-CC-PP-0056

COMPGA12 1 TURN OVER

A Multi-Application Smart-Card ID System for George Mason University. - Suraj Ravichandran.

CSC 774 Network Security

Security Target Bundesdruckerei Document Application

Security Target Lite for CEITEC epassport Module CTC21001 with BAC

The Cryptographic Sensor

Evolution of Electronic Passport Scheme using Cryptographic Protocol along with Biometrics Authentication System

CSC/ECE 774 Advanced Network Security

(More) cryptographic protocols

Lecture 9 User Authentication

Data Security and Privacy. Topic 14: Authentication and Key Establishment

SPass NX V1.0 on S3CT9KW/S3CT9KC/S3CT9K9 Certification Report

Document reader Regula 70X4M

Computer Security: Principles and Practice

Information Security CS 526

Public Key Algorithms

Key Agreement Schemes

9/30/2016. Cryptography Basics. Outline. Encryption/Decryption. Cryptanalysis. Caesar Cipher. Mono-Alphabetic Ciphers

SECURITY OF CPS: SECURE EMBEDDED SYSTEMS AS A BASIS

Implementation Based Security Analysis of the Electronic Passport

APNIC elearning: Cryptography Basics

Security Handshake Pitfalls

Introduction of the Seventh Edition of Doc 9303

Technological foundation

IEEE Std and IEEE Std 1363a Ashley Butterworth Apple Inc.

PRIVACY ISSUES OF ELECTRONIC PASSPORTS 1. INTRODUCTION

User Authentication. Modified By: Dr. Ramzi Saifan

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010

Der elektronische Personalausweis Mehr oder weniger Sicherheit?

Security Handshake Pitfalls

CS530 Authentication

CSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L

WHAT FUTURE FOR CONTACTLESS CARD SECURITY?

Lecture 9a: Secure Sockets Layer (SSL) March, 2004

Security Target Lite

Hash Proof Systems and Password Protocols

Towards e-passport Duplicate Enrolment Check in the European Union

MACHINE READABLE TRAVEL DOCUMENTS

RFID Authentication: Security, Privacy and the Real World

MULTIAPP V2 PACE - SAC PUBLIC SECURITY TARGET

ECE596C: Handout #9. Authentication Using Shared Secrets. Electrical and Computer Engineering, University of Arizona, Loukas Lazos

Cryptography Basics. IT443 Network Security Administration Slides courtesy of Bo Sheng

Security Handshake Pitfalls

Test plan for eid and esign compliant smart card readers with integrated EACv2

CSE 127: Computer Security Cryptography. Kirill Levchenko

BCA III Network security and Cryptography Examination-2016 Model Paper 1

Syllabus: The syllabus is broadly structured as follows:

T Cryptography and Data Security

Public-key Cryptography: Theory and Practice

Transcription:

Security of Biometric Passports ECE 646 Fall 2013 Team Members : Aniruddha Harish Divya Chinthalapuri Premdeep Varada

CONTENTS Introduction to epassports Infrastructure required for epassports Generations of epassports First generation Protocols Drawbacks and attacks Second generation Protocols Improvements over the previous generation Drawbacks and attacks Third generation Protocols Improvements over the previous generation Conclusion Questions

INTRODUCTION TO EPASSPORTS epassports are biometric identification documents that use RFID tags. Used for Border security. Based on ICAO(International Civil Aviation Organization) standards. RFID has cryptographic functionality. Goal is to enhance security, protect against forgery, manipulation of travel documents and ease of identity checks. Biometrics are used a form of individual recognition

INFRASTRUCTURE REQUIRED FOR EPASSPORTS 16 DG s are write protected A hash of DGs 1-15 are stored in the SDE. Each of these hashes should be signed by the issuing state. epassport Logical data structure

INFRASTRUCTURE REQUIRED FOR EPASSPORTS epassport PKI KPu CSCA KPr CSCA CVCA Nation A CVCA Nation B KPu DV KPr DV DV DV DV DV IS IS IS IS IS IS IS IS

FIRST GENERATION OF EPASSPORTS: PROTOCOLS 3 Cryptographic protocols Passive Authentication (mandatory) Active Authentication Basic Access Control

FIRST GENERATION OF EPASSPORTS : PROTOCOLS Passive Authentication (PA) : For the reader to verify that the data in the epassport is authentic. Signature on LDS Inspection System verifies on the epassport Hash values on SDE Reader computes hash of data elements and compares them with the hashed values stored on the SDE. If there is a match, then the data on the Tag was not manipulated.

FIRST GENERATION OF EPASSPORTS : PROTOCOLS Active Authentication(AA)(optional) To detect if a tag has been substituted or cloned. Tag stores a public key (KPu AA ) in DG15 and its hash in SDE. The (KPr AA ) is stored in the secure section of Tag memory. Tag Reader (random 64 bit string ) Tag Reader (sign-kpr AA ) Tag Reader (public key KPu AA from Data Group 15)

FIRST GENERATION OF EPASSPORTS : Basic Access Control PROTOCOLS It prevents eavesdropping. Reader needs to prove the knowledge of secret keys(access keys(k ENC ;K MAC ) ) that are derived from data on the Machine Readable Zone (MRZ) of the passport. MRZ : The Passport Number (Doc No), Date of Birth of the Passport Holder (DOB), Valid Until Date of Passport expiry (DOE). From these keys, a session key is obtained. The access keys are derived from : K seed =128msb(SHA 1(DOCNo DOB DOE C)) K ENC =128msb(SHA-1(K seed 1)) K MAC =128msb(SHA-1(K seed 2))

FIRST GENERATION OF EPASSPORTS : Basic Access Control PROTOCOLS Tag (Rt) Reader Reader receives Rt and generates Rr, Kr Reader Rr Rt Kr using K ENC. Reader MAC using K MAC. Tag Reader cipher and MAC Tag MAC and decrypts the cipher extracts Kr Tag Rt Rr Kt using K ENC Tag MAC using K MAC Tag Reader cipher and MAC Reader MAC and decrypts the cipher extracts Kt Tag Reader K seed =Kr^Kt K seed = Kr^Kt All communication is secured using these KS ENC and KS MAC keys.

FIRST GENERATION OF EPASSPORTS : ATTACKS Just the passive authentication?? Skimming attack and Eavesdropping attacks are possible Therefore Basic access control.

FIRST GENERATION OF EPASSPORTS : ATTACKS Privacy attack(because of the weakness in BAC): Dutch passport» Can be read from a distance of <0.5m» Hence can acquire the user s MRZ data» Static keys derived from MRZ (used in the key derivation for BAC(encryption key and session key)) DOE of epassport : 5 years : 5*365=1825 values DOB of the passport holder : 10*365 = 3650 values One character followed by 8 digits gives an entropy of 50 bits. Therefore 10^15 possible values. Passports were issued sequentially

ENTROPY CALCULATION Document Number 7 variable characters (letters + digits) (26 + 10)^7 36.19 bits Date of birth 2 digits for year 365*100 15.16 bits Date of expiry validity period of 5 years 5*365 10.83 bits Total 62.18 bits BAC of MRTD(machine readable travel document): Architecture consisting of RF based communication and for cryptanalysis in realtime a cost optimised parallel code breaker hardware (COPACOBANA) is used to trace the user.

PROTECTION AGAINST CLONING Active authentication for protection against cloning attack The authentication relies on a private key hidden in the chip s secure memory. Physical unclonable function(puf) can protect the key and prevent reverse engineering or cloning. PUFs are functions based on physical characteristics which are : Unique for each chip and practically impossible to duplicate. A characteristic that fluctuates can be turned into a PUF. SRAM-based- On powering the Smart Card IC each specific bit in SRAM getting zero or one as an initial value - is different for every individual chip Monitor the environment.

PHYSICAL UNCLONABLE FUNCTION Enrolment phase Key PUF Measurement circuit and error correction PUF data Activation code constructor Activation code Reconstruction phase PUF Measurement circuit and error correction PUF data key extractor Key Activation code

SECOND GENERATION OF EPASSPORTS : PROTOCOLS Extended Access Control : Tag and Reader authentication protocols. Implementation of secondary biometrics for additional security. To achieve mutual authentication : Chip Authentication and Terminal Authentication

SECOND GENERATION OF EPASSPORTS : PROTOCOLS Chip Authentication Replaces Active Authentication. It is the process of checking the possession of a private key in the chip of the passport by the reader. Uses a public key (in DG 14) and private key (in secure memory) (TK PuCA, TK PrCA ). Tag (TK PuCA, D) Reader Tag Reader (RK PuCA ) Tag(K seed ) Reader (K seed ) Verifies the correctness of the key using PA. Uses the data in D to generate its own RK PuCA and RK PrCA The new encryption and MAC keys are generated.

SECOND GENERATION OF EPASSPORTS :PROTOCOLS Terminal Authentication Access to more sensitive data (secondary biometrics). Allows Tag to validate the Reader used in CA. The Reader proves to the Tag using digital certificates that it has been authorized by the home and visiting nation to read epassport Tags. Tag Tag Extracts (RK PuTA ) from the IS certificate.. Tag(R) Tag Reader Inspection System certificate (which was received from the local DV) and the DV's certificate (which was received from the CVCA). Reader Reader computes hash of RK PuCA derived in the CA Reader signs the message (R SHA-1(RK PuCA )) with (RK PrTA ). R and RK PuCA using the key RK PuTA and grants access to secondary biometrics.

ADVANTAGES OVER FIRST GENERATION First Generation Use of static keys Biometrics not included Use of MRZ to derive the session key Less entropy Second Generation Ephemeral keys derived from Diffie Hellman Biometrics included MRZ data not used Comparatively more entropy

SECOND GENERATION OF EPASSPORTS: ATTACK Relay Attack on Active Authentication RF channel 1 RF channel 2 RF channel 3 Initialization File reading AA challenge S(WTX) AA response Challenge relay response relay Initialization AA challenge S(WTX) AA response Terminal Fake passport Fake terminal Passport

SECOND GENERATION OF EPASSPORTS: DRAWBACKS Vulnerability to attack by once valid readers - since a passive RFID tag doesn't have a clock, the clock still has the value it had when it was active the previous time. Since Terminal Authentication is performed after Chip Authentication, it is vulnerable to Denial of Service Attacks. It is still vulnerable to side channel attacks/skimming attacks.

THIRD GENERATION OF EPASSPORTS: PROTOCOLS Password Authenticated Connection Establishment(PACE) protocol as a replacement to BAC. Also updated CA and TA. Uses asymmetric cryptography CAN(Card access number) & MRZ types of passwords are used. CAN may be static or dynamic CA carried out after TA so that it can have the key pair generated in TA.

THIRD GENERATION E-PASSPORTS: PROTOCOL PACE(share a common password π ) TAG READER D, K π Encrypts s by K π Decrypts s by password Computes D' by D and S Computes D' by D and S Pu Tag (Pr Tag, Pu Tag ) Reader Pu Reader Tag (Pr Reader, Pu Reader ) K Seed K Seed Derive session keys K ENC and K MAC

BIOPACE It is implemented by using facial image, fingerprints, iris, etc Biometric reference comprising of a pseudonymous identifier PI and auxiliary data AD BioPACE claims that no unauthorised data retrieval is possible Faster verification Improving privacy

THIRD GENERATION E-PASSPORTS SOLUTION: WDDL Information related to the physical implementation of the device can be used to find the secret key in the side-channel attacks. Wave Dynamic Differential Logic (WDDL) is a practical technique to thwart side-channel attacks. Measurement based experimental results show that attack on a IC fabricated in CMOS does not disclose the entire secret key Side channel attacks can be mounted on to ASICs, FPGAs, DSPs. By using the Secure digital design flow we can have constant power dissipation by balancing the power consumption (independent of the signal ).

THIRD GENERATION E-PASSPORTS: DRAWBACK The password is picked up by users from a small space, and therefore the protocol is vulnerable to dictionary attacks. An online dictionary attack (guess the password and try to execute the protocol with one of the parties) can be prevented through latency or smart card blocking.

THIRD GENERATION E-PASSPORTS: SOLUTION AND CONCLUSION: PACE V2 PAKE is implemented using elliptic-curve cryptography Representing numeric values(here passwords) as points on an elliptic curve. Uses encoding functions(encoding passwords to curve points) for authenticated key agreement. Groups are defined with the points in such a way that the discrete-logarithm problem in that group (the problem of retrieving integer l from point G on the curve and lg = G + + G) is believed to be computationally hard. This means that elliptic-curve-based protocols can use shorter keys and more efficient arithmetic than protocols

THIRD GENERATION E-PASSPORTS: SOLUTION AND CONCLUSION: PACE V2 The two parties have therefore obtained a common high-entropy secret: point Z on the elliptic curve. Then the key is derived, confirmed, and a secure session is establishment. This encoding is more efficient and protects against side channel attacks.

QUESTIONS

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback