dr. kim nguyen, ecc workshop, bochum, 20.9.2004, 1 identity in the digital age travel documents...
Post on 18-Dec-2015
215 views
TRANSCRIPT
Dr. Kim Nguyen, ECC Workshop, Bochum, 20.9.2004, 1
Identity in the digital age
Travel documents & Cryptography
Dr. Kim NguyenBundesdruckerei GmbH, Berlin
ECC Workshop, Bochum2004-09-21
Dr. Kim Nguyen, ECC Workshop, Bochum, 20.9.2004, 2Bundesdruckerei GmbH, SH DP
ICAO & Machine Readable Travel DocumentsICAO & Machine Readable Travel Documents
ICAO LDSICAO LDS
Agenda
Integration of cryptographic concepts into MRTDsIntegration of cryptographic concepts into MRTDs
Dr. Kim Nguyen, ECC Workshop, Bochum, 20.9.2004, 3Bundesdruckerei GmbH, SH DP
History
From royal printing house to a leadingsupplier of high-security technology
2000 Privatisation of the Bundesdruckerei group
1879 Reichsdruckerei (Imperial Printing House)
1945 Staatsdruckerei (Government Printing House)
1951 Bundesdruckerei
1994 Bundesdruckerei GmbH
Dr. Kim Nguyen, ECC Workshop, Bochum, 20.9.2004, 4Bundesdruckerei GmbH, SH DP
Key Numbers
Bundesdruckerei in figures
Human resources Production
Currently, Bundesdruckerei employs1,429 persons of whom work in Berlin (as of 07/2003).
Revenue
In the year 2002, Bundesdruckereiincluding BIS (Bundesdruckerei International Services) generated revenue of around € 230 million - approx. 10 % from sales abroad.
In the year 2002, production included:
402 million banknotes3.5 billion postage stamps100 million revenue stamps8.5 million identity cards3.9 million passports3.3 million EU driving licences
plus a large number of patentdocuments and CD-ROMs.
August 2004:200 Million personalized
documents produced
Dr. Kim Nguyen, ECC Workshop, Bochum, 20.9.2004, 5Bundesdruckerei GmbH, SH DP
ICAO
November 1944:Convention on International Civil Aviation, also known as the Chicago Convention, provided the establishment of the International Civil Aviation Organization (ICAO)
Function: International body to guide and regulate international civil aviation
Dr. Kim Nguyen, ECC Workshop, Bochum, 20.9.2004, 6Bundesdruckerei GmbH, SH DP
Travel Documents
Range of requirements for efficient civil aviation operations (Annex 9, Chicago Convention):
Requirement for persons travelling by air ... to comply with immigration, customs and passport regulations
Requirement for States to facilitate border clearance ... and prevent unnecessary delays
Requirement for States to develop and adopt internationally standard procedures for immigration and customs clearance
Dr. Kim Nguyen, ECC Workshop, Bochum, 20.9.2004, 7Bundesdruckerei GmbH, SH DP
Travel Documents
MRTD Programme
1968: Establishment of a Panel on Passport Cards Machine readable standardized passport book,
initial issuance by Australia, Canada, USA
1984: Establishment of the TAG/MRTD Comprised of government officials, expansion to
specs for machine readable visa and cards
Dr. Kim Nguyen, ECC Workshop, Bochum, 20.9.2004, 8Bundesdruckerei GmbH, SH DP
Travel Documents
Co-operation
International Organization for Standardization (ISO) Technical and engineering advice to TAG/MRTD by
ISO Doc 9303, Part 1-3, have received endorsement by
ISO: ISO 7501 (1-3)
International Air Transport Association (IATA)
Airports Council International (ACI)
INTERPOL
Dr. Kim Nguyen, ECC Workshop, Bochum, 20.9.2004, 9Bundesdruckerei GmbH, SH DP
MRTDs
Machine Readable Travel Document (MRTD):
Official Document issued by a State or organization which is used by the holder for international travel (e.g. passport, visa, official document of identity) and which contains mandatory visual (eye readable) data and a seperate mandatory data summary in a format which is capable of being read by machine.
Dr. Kim Nguyen, ECC Workshop, Bochum, 20.9.2004, 10Bundesdruckerei GmbH, SH DP
MRTDs
Machine Readable Zone (MRZ)
Machine detectable feature
Holographic Shadow Picture
Holographic MRZ
3D Figure
Dr. Kim Nguyen, ECC Workshop, Bochum, 20.9.2004, 11Bundesdruckerei GmbH, SH DP
Advanced MRTDs
Optional expansion of machine readable data capacity
magnetic stripes (especially high density magnetic stripes)
IC chips with contacts, contactless IC chips
optical memoriesbar codes, especially 2D
bar codes
Dr. Kim Nguyen, ECC Workshop, Bochum, 20.9.2004, 12Bundesdruckerei GmbH, SH DP
Advanced MRTDs
Machine-assisted identity confirmation (i.e. biometrics) Displayed identity
features (portrait, signature, fingerprint)
Encoded identity features (face, signature, fingerprints, hand, voice, eyes)
Dr. Kim Nguyen, ECC Workshop, Bochum, 20.9.2004, 13Bundesdruckerei GmbH, SH DP
Advanced MRTDs
ICAO Evaluation and development of advanced MRTDs
Technical Report on Selection of a Globally Interoperable Biometric for Machine-assisted Identity Confirmation (2001) Compatibility and ranking of biometric
technologies with MRTDs Face: highest compatibility Finger, eyes: group 2 Signature, hand, voice: group 3
Dr. Kim Nguyen, ECC Workshop, Bochum, 20.9.2004, 14Bundesdruckerei GmbH, SH DP
Advanced MRTDs
Technical Report on Development of a Logical Data Structure (LDS) for Optional Capacity Expansion Technologies (2002)
ICAO „New Orleans Resolution“, March 2003
Dr. Kim Nguyen, ECC Workshop, Bochum, 20.9.2004, 15Bundesdruckerei GmbH, SH DP
New Orleans Resolution
ICAO TAG-MRTD/NTWG recognises that Member States currently and will continue to utilise the facial image as the primary identifier for MRTDs and as such endorses the use of standardised digitally stored facial images as the globally interoperable biometric to support facial recognition technologies for machine assisted identity verification with machine-readable travel documents.
ICAO TAG-MRTD/NTWG further recognises that in addition to the use of a digitally stored facial image, Member States can use standardised digitally stored fingerprint and/or iris images as an additional globally interoperable biometrics in support of machine assisted verification and/or identification.
Member States, in their initial deployment of MRTDs with biometrics identifiers, are encouraged to adopt contactless IC media of sufficient capacity to facilitate onboard storage of additional MRTD data and biometric identifiers.
Dr. Kim Nguyen, ECC Workshop, Bochum, 20.9.2004, 16Bundesdruckerei GmbH, SH DP
Co-Existence of Technologies
Additional technologies complement existing technologies
Should one technique fail, there are other techniques in place that make the proof of the validity of the document possible.
Contactless chip technology is recognized as optimal medium to complement classical high security MRTD.
Dr. Kim Nguyen, ECC Workshop, Bochum, 20.9.2004, 17Bundesdruckerei GmbH, SH DP
Contactless Technology
Standard communication with chip card utilizes contact based serial communication
The contactless communication uses an electromagnetic field into which the chip module is coupled via an antenna
Data transfer to and from the chip is performed using changes in this field.
Dr. Kim Nguyen, ECC Workshop, Bochum, 20.9.2004, 18Bundesdruckerei GmbH, SH DP
Contactless Communication
© Philips
Dr. Kim Nguyen, ECC Workshop, Bochum, 20.9.2004, 19Bundesdruckerei GmbH, SH DP
Chip Technology
Storage of biometric data implies the usage of security controllers with large EEPROM sizes
Minimum is 32 kBLarger Sizes of 64 kB and above are
recommended
Typical size of biometric data12 – 15 kB for facial image, JPEG compressedStoring smaller sized templates is at the discretion
of the issuing stateInteroperability of templates
Dr. Kim Nguyen, ECC Workshop, Bochum, 20.9.2004, 20Bundesdruckerei GmbH, SH DP
ICAO & Machine Readable Travel DocumentsICAO & Machine Readable Travel Documents
ICAO LDSICAO LDS
Agenda
Integration of cryptographic concepts into MRTDsIntegration of cryptographic concepts into MRTDs
Dr. Kim Nguyen, ECC Workshop, Bochum, 20.9.2004, 21Bundesdruckerei GmbH, SH DP
LDS (Logical Data Structure)
LDS = Logical Data Structure= Standardized interoperableformat to store biometric and otherpersonal data on a MRTD
Standardized by ICAO
Dr. Kim Nguyen, ECC Workshop, Bochum, 20.9.2004, 22Bundesdruckerei GmbH, SH DP
What is the LDS?
The LDS is an ISO7816-4 compliant file system used to store biometric data.
DF1
EF.COM
EF.DG1
EF.DG2
EF.DG3
EF.SOD
Dr. Kim Nguyen, ECC Workshop, Bochum, 20.9.2004, 23Bundesdruckerei GmbH, SH DP
Where is the LDS stored?
On a chip embedded into the passport Different alternatives:
Cover Data card In extra page
The chip is accessed contact-less, i.e. via an electromagnetic field.
Dr. Kim Nguyen, ECC Workshop, Bochum, 20.9.2004, 24Bundesdruckerei GmbH, SH DP
ICAO & Machine Readable Travel DocumentsICAO & Machine Readable Travel Documents
ICAO LDSICAO LDS
Agenda
Integration of cryptographic concepts into MRTDsIntegration of cryptographic concepts into MRTDs
Dr. Kim Nguyen, ECC Workshop, Bochum, 20.9.2004, 25Bundesdruckerei GmbH, SH DP
Security Mechanisms
Assets to be protected: Authenticity of personal data
Changes of biometric data must be detectable Data must be written to MRTD by authorized
organizations only Privacy of personal data
Who has access to the data stored on the MRTD ? Can the communication between MRTD and
verification terminal be tracked ? Uniqueness of MRTD
It must not be possible to copy digital data from one passport to another.
Dr. Kim Nguyen, ECC Workshop, Bochum, 20.9.2004, 26Bundesdruckerei GmbH, SH DP
Security Mechanisms
Special threats due to usage of contactless technology:
Skimming: Active reading the contactless chip from a small distance (may not be observed by holder of document)
Eavesdropping:Passive observation of communication between MRTD and verifier terminalContactless communication uses changes in EM field these changes induce EM waves
Dr. Kim Nguyen, ECC Workshop, Bochum, 20.9.2004, 27Bundesdruckerei GmbH, SH DP
Sensitivity of data
Data stored on MRTD: Printed data:
Personal information (Name, date of birth, etc)also encapsulated in MRZ
Facial Image Signature
Digital Data: MRZ Facial Image (mandatory) Finger prints (optional) Iris (optional)
Dr. Kim Nguyen, ECC Workshop, Bochum, 20.9.2004, 28Bundesdruckerei GmbH, SH DP
Security Mechanisms
Biometric Data stored on MRTD
Authenticity is secured by a digital signature(Mandatory)
2 level PKI
Privacy can be secured by Basic Access Control(optional)
Symmetric/Asymmetric crypto
Privacy of especially sensitive data can additionality be secured by
Extended Access Control (optional)
Symmetric crypto
Cloning can be prevented by using a chip-individualkey pair in a challenge-response mechanism. (optional)
Asymmetric crypto
Dr. Kim Nguyen, ECC Workshop, Bochum, 20.9.2004, 29Bundesdruckerei GmbH, SH DP
Data Authenticity
Authenticity of the MRTD data is secured by means of a digital signature
Authenticity of the data groups stored can be verified using hash values stored in EF.SO_D.
Dr. Kim Nguyen, ECC Workshop, Bochum, 20.9.2004, 30Bundesdruckerei GmbH, SH DP
Data Authenticity
Basic Check mechanism: Read MRZ optical First check signature in order to check authenticity of
complete digital data Read MRZ digital, check hash value Compare optical and digital MRZ
Thus a strong link between printed and digital MRTD is achieved.
Dr. Kim Nguyen, ECC Workshop, Bochum, 20.9.2004, 31Bundesdruckerei GmbH, SH DP
MRTD PKI
Country Signing CA= national root
Document Signing CA
MRTD Data
Digital Signature
Dr. Kim Nguyen, ECC Workshop, Bochum, 20.9.2004, 32Bundesdruckerei GmbH, SH DP
MRTD PKI
ICAO PKD contains Document Signer CA of all participating countries
ICAO PKD will not contain Country Signer CAs
Distribution of CSCAs has to be performed by bilateral means and via diplomatic channels.
Dr. Kim Nguyen, ECC Workshop, Bochum, 20.9.2004, 33Bundesdruckerei GmbH, SH DP
MRTD PKI
Certificate Revocation:CRL must be distributed bilaterally and via the ICAO PKD
Document Signer Certificate may be included in Document Security Object in order to allow off-line signature verification
Dr. Kim Nguyen, ECC Workshop, Bochum, 20.9.2004, 34Bundesdruckerei GmbH, SH DP
MRTD PKI
MRTDs have validity of 10 years
This poses strong requirements on the parameters of the signature algorithms used
Three algorithms are specified: ECDSA RSA DAS
Dr. Kim Nguyen, ECC Workshop, Bochum, 20.9.2004, 35Bundesdruckerei GmbH, SH DP
MRTD PKI
Country Signing CA Keys(Minimum size of parameters)
Document Signing CA Keys(Minimum size of parameters)
Algorithm Parameter Size/bits Parameter Size/bits
RSA N 3072 N 2048
DSA p 3072 p 2048
q 256 q 224
ECDSA Point order 256 Point order 224
Dr. Kim Nguyen, ECC Workshop, Bochum, 20.9.2004, 36Bundesdruckerei GmbH, SH DP
Coding of digital signature
The digital signature is coded as a signed data object according to the specification of Cryptographic Message Syntax
I.e. ASN.1 DER encoding must be used
For elliptic curves this is specified in the SECG papers
Dr. Kim Nguyen, ECC Workshop, Bochum, 20.9.2004, 37Bundesdruckerei GmbH, SH DP
Basic Access Control
Basic Access Control is used in order to prevent skimming and eavesdropping
Philosophy:If MRTD is presented by the holder in such a way, that the optical data can be read, the main biometric data (MRZ, face) should also be readable
Mechanism:Access to chip data is only allowed after successfull completion of a symmetric key based challenge-response mechanism
Dr. Kim Nguyen, ECC Workshop, Bochum, 20.9.2004, 38Bundesdruckerei GmbH, SH DP
Basic Access Control
Symmetric key is derived from data in MRZP<D<<MUSTERMANN<<MARKUS<<<<<<<<<<<<<<<<<<<<<
1234567897D<<7007156M0405270<<<<<<<<<<<<<<<0
concatenate
123456789770071560405270
Hash (SHA-1)
394430337E6D414E424AACBECAE112BAC5BD25BCFirst 16 Byte are used tobuild a 2 key 3DES key.
Dr. Kim Nguyen, ECC Workshop, Bochum, 20.9.2004, 39Bundesdruckerei GmbH, SH DP
Basic Access Control
Opening the closed passport utilizes a Mutual Authenticate scheme:
MRTD and Verifier choose a random challengeRND.MRTD and RND.IFD
Mutual Authenticate is also used in order to establish common secret key for subsequent Secure Messaging operation
Dr. Kim Nguyen, ECC Workshop, Bochum, 20.9.2004, 40Bundesdruckerei GmbH, SH DP
Basic Access Control
Chooses RND.IFD Chooses RND.MRTD
Common KeyK.MRZ
Computesresponse
Computesresponse
Response isexchanged
Challenge isexchanged
If correctness of response is verified on both sides:Common secret keys for Secure Messaging
are derived.
Dr. Kim Nguyen, ECC Workshop, Bochum, 20.9.2004, 41Bundesdruckerei GmbH, SH DP
Basic Access Control
Secure Messaging is performed in an ISO 7816 like way
Transmitted data is encrypted using 3DES. Correctness of data is checked via a 3DES based
MAC computation.
Dr. Kim Nguyen, ECC Workshop, Bochum, 20.9.2004, 42Bundesdruckerei GmbH, SH DP
Basic Access Control
Analysis of Basic Access Control Mechanism shows: Data used from MRZ has small entropy Hence with some additional guess work the
cryptographic keys involved could be recovered via a brute force attack
Aim of Basic Access Control is mainly the prevention of skimming, not a sound cryptographical protection of access.
Dr. Kim Nguyen, ECC Workshop, Bochum, 20.9.2004, 43Bundesdruckerei GmbH, SH DP
Extended Access Control
Mechanism similar the BAC (challenge-response mechanism)
Can be based on symmetric key derived from MRZ information AND Masterkey
Can also be based on asymmetric key pair Thus offers a variety of available mechanisms of
different cryptographic strength
Dr. Kim Nguyen, ECC Workshop, Bochum, 20.9.2004, 44Bundesdruckerei GmbH, SH DP
Active Authentication
Based on asymmetric cryptography Each MRTD has a document specific key pair:
KPuAA and KPrAA
Challenge-Response Mechanism (INTERNAL AUTHENTICATE):
Inspection systemgenerated
random challengeSend to MRTD
MRTD signs thechallenge
using KPrAA
Send certificateto inspection system
Inspection systemverifies certificate
using KPuAA
Dr. Kim Nguyen, ECC Workshop, Bochum, 20.9.2004, 45Bundesdruckerei GmbH, SH DP
Active Authentication
Active Authentication represents the strongest mechanism to protect both privacy of the biometric data Uniqueness of chip module inside MRTD
Chip-Individual key pair implies that cloning is not possible
Dr. Kim Nguyen, ECC Workshop, Bochum, 20.9.2004, 46Bundesdruckerei GmbH, SH DP
ICAO & Machine Readable Travel DocumentsICAO & Machine Readable Travel Documents
ICAO LDSICAO LDS
Agenda
Integration of cryptographic concepts into MRTDsIntegration of cryptographic concepts into MRTDs
Dr. Kim Nguyen, ECC Workshop, Bochum, 20.9.2004, 47
Thank you for your attention!
Detailed technical information available at www.icao.int/mrtd
Dr. Kim Nguyen
Bundesdruckerei GmbH, Berlin