Proceedings. GI-Edition BIOSIG Lecture Notes in Informatics

Size: px
Start display at page:

Download "Proceedings. GI-Edition BIOSIG 2013. Lecture Notes in Informatics"

Transcription

1 Gesellschaft für Informatik e.v. (GI) publishes this series in order to make available to a broad public recent findings in informatics (i.e. computer science and information systems), to document conferences that are organized in cooperation with GI and to publish the annual GI Award dissertation. Broken down into seminars proceedings dissertations thematics current topics are dealt with from the vantage point of research and development, teaching and further training in theory and practice. The Editorial Committee uses an intensive review process in order to ensure high quality contributions. The volumes are published in German or English. Information: ISSN ISBN The proceedings of the BIOSIG 2013 include scientific contributions of the annual conference of the Biometrics Special Interest Group (BIOSIG) of the Gesellschaft für Informatik (GI). The conference took place in Darmstadt, September The advances of biometrics research and new developments in the core biometric application field of security have been presented and discussed by international biometrics and security professionals. Arslan Brömme, Christoph Busch (Eds.): BIOSIG th International Conference of the Biometrics Special Interest Group 212 GI-Edition Lecture Notes in Informatics Arslan Brömme, Christoph Busch (Eds.) BIOSIG 2013 Proceedings of the 12 th International Conference of the Biometrics Special Interest Group September 2013 Darmstadt, Germany Proceedings

2

3

4 Arslan Brömme, Christoph Busch (Eds.) BIOSIG 2013 Proceedings of the12 th International Conference of thebiometrics SpecialInterest Group September 2013 in Darmstadt, Germany Gesellschaft für Informatik e.v. (GI)

5 Lecture Notes in Informatics(LNI) -Proceedings Series of the Gesellschaft für Informatik (GI) Volume P-212 ISBN ISSN Volume Editors Arslan Brömme GI BIOSIG, Gesellschaft für Informatik e.v. Ahrstraße 45, D-53175Bonn Christoph Busch Hochschule Darmstadt CASED Haardtring 100, D Darmstadt Series Editorial Board HeinrichC. Mayr, Alpen-Adria-Universität Klagenfurt, Austria (Chairman, Dieter Fellner, Technische Universität Darmstadt, Germany Ulrich Flegel, Hochschule für Technik, Stuttgart, Germany Ulrich Frank, Universität Duisburg-Essen, Germany Johann-Christoph Freytag, Humboldt-Universität zuberlin, Germany Michael Goedicke, Universität Duisburg-Essen, Germany Ralf Hofestädt, Universität Bielefeld, Germany Michael Koch, Universität der Bundeswehr München, Germany Axel Lehmann, Universität der Bundeswehr München, Germany Peter Sanders, Karlsruher Institut für Technologie (KIT), Germany Sigrid Schubert, Universität Siegen, Germany Ingo Timm, Universität Trier,Germany Karin Vosseberg, Hochschule Bremerhaven, Germany Maria Wimmer, Universität Koblenz-Landau, Germany Dissertations Steffen Hölldobler,Technische Universität Dresden, Germany Seminars Reinhard Wilhelm, Universität des Saarlandes, Germany Thematics Andreas Oberweis, Karlsruher Institut für Technologie (KIT), Germany Gesellschaft für Informatik, Bonn2013 printed by KöllenDruck+Verlag GmbH, Bonn

6 Chairs Message Welcome to the annual international conference of the Biometrics Special Interest Group (BIOSIG) of the Gesellschaft für Informatik (GI) e.v. GI BIOSIG was founded in2002 as an experts group for the topics of biometric person identification/authentication and electronic signatures and its applications. Over the last decade the annual conference in strong partnership with the Competence Center for Applied Security Technology (CAST) established a well known forum for biometrics and security professionals from industry, science, representatives of the national governmental bodies and European institutions who are working inthese areas. The BIOSIG 2013 international conference isjointly organized by the Biometrics Special Interest Group (BIOSIG) of the Gesellschaft für Informatik e.v., the Competence Center for Applied Security Technology e.v. (CAST), the German Federal Office for Information Security (BSI), the European Association for Biometrics (EAB), the European Commission Joint Research Centre (JRC), the TeleTrusT Deutschland e.v. (Tele- TrusT), the Norwegian Biometrics Laboratory (NBL), the Center for Advanced Security Research Darmstadt (CASED), and the Fraunhofer Institute for Computer Graphics Research (IGD). This years international conference BIOSIG 2013 is again technically co-sponsored by the Institute of Electrical and Electronics Engineers (IEEE) and is enriched with satellite workshops by the TeleTrust Biometric Working Group and the European Associationfor Biometrics. The international program committee accepted full scientific papers strongly according to the LNI guidelines (acceptance rate ~26%) within a scientific double-blinded review process of at minimum five reviews per paper. All papers were formally restricted for the printed proceedings to 12 pages for regular research contributions including an oral presentation and 8 pages for further conference contributions including a poster presentationatthe conference site. Furthermore, the program committee has created a program including selected contributions of strong interest (further conference contributions) for the outlined scope of this conference. All paper contributions for BIOSIG 2013 will be published additionally in the IEEE Xplore Digital Library. We would like to thank all authors for their contributions and the numerous reviewers for their work in the program committee. Darmstadt, 04 th September 2013 Arslan Brömme GI BIOSIG, GI e.v. Christoph Busch Hochschule Darmstadt

7 Chairs Arslan Brömme, GI BIOSIG, GI e.v., Bonn, Germany Christoph Busch, Hochschule Darmstadt, Germany Program Committee Harald Baier (CASED, DE) Oliver Bausinger (BSI, DE) ThiriamchosBourlai (WVU, US) PatrickBours (GUC, NO) SebastienBrangoulo (Morpho, FR) RalphBreithaupt (BSI, DE) JulienBringer (Morpho, FR) Arslan Brömme (GI/BIOSIG, DE) Christoph Busch(CAST-Forum, DE) Victor-Philipp Busch (Sybuca, DE) Patrizio Campisi (Uni Roma, IT) NathanClarke (CSCAN, UK) Henning Daum (secunet, DE) NicolasDelvaux (Morpho, FR) Farzin Deravi (UKE, UK) Bernadette Dorizzi (IT, FR) Martin Drahansky(BUT, CZ) JulianFierrez (UAM, ES) Simone Fischer-Hübner (KAU, SE) PatrickFlynn (ND, US) Lothar Fritsch(NR, NO) StevenFurnell (CSCAN, UK) PatrickGrother (NIST, US) Daniel Hartung (GUC,NO) Olaf Henniger (Fhg IGD, DE) DetlefHühnlein(ecsec, DE) HeinrichIhmor (BSI, DE) Christiane Kaplan(softpro, DE) Emilio Mordini (CSSC, IT) Axel Munde (BSI, DE) Alexander Nouak (Fhg IGD, DE) Markus Nuppeney(BSI, DE) Hisao Ogata (Hitachi, JP) Martin Olsen(GUC, NO) Javier Ortega-Garcia (UAM, ES) Michael Peirce (Daon, IR) Anika Pflug (CASED, DE) IoannisPitas(AUT, GR) Fernando Podio (NIST, US) Reinhard Posch(IAIK, AT) Raghu Ramachandra (GUC, NO) Kai Rannenberg (Uni FFM, DE) Nalini Ratha (IBM, US) ChristianRathgeb (CASED, DE) MarekRejman-Greene (HO, UK) Arun Ross (WVU, US) Heiko Roßnagel (Fhg IAO, DE) Raul Sanchez-Reillo (UC3M, ES) Stephanie Schuckers (ClU, US) Günter Schumacher (JRC, IT) Takashi Shinzaki (Fujitsu, JP) MaxSnijder (EAB, NL) Luis Soares(IST, PT) Luuk Spreeuwers (UTW, NL) ElhamTabassi (NIST, US) Tieniu Tan(NLPR, CN)

8 StefanKatzenbeisser (CASED, DE) TomKevenaar (GenKey, NL) Ulrike Korte (BSI, DE) Bernd Kowalski (BSI, DE) Ajay Kumar (Poly, HK) Herbert Leitold (a-sit, AT) Stan Li(CBSR, CN) Paulo Lobato Correira (IST, PT) Mark Lockie (PB, UK) Davide Maltoni (UBO, IT) Tony Mansfield (NPL, UK) TsutomuMatsumoto (YNU, JP) JohannesMerkle (secunet, DE) Didier Meuwly (NFI, NL) CathyTilton(Daon, US) Massimo Tistarelli (UNISS, IT) Carlo Trugenberger (SwissSc, CH) DimitriosTzovaras(CfRaT, GR) Andreas Uhl (COSY, AT) Markus Ullmann(BSI, DE) Raymond Veldhuis(UTW, NL) Anne Wang (Cogent, US) JimWayman(SJSU, US) FransWillems (UE, NL) Andreas Wolf (BDR, DE) Haiyun Xu (UT, NL) Bian Yang(GUC, NO) Xuebing Zhou(CASED, DE) Hosts Biometrics Special Interest Group (BIOSIG) of the Gesellschaft für Informatik (GI) e.v. Competence Center for Applied Security Technology e.v. (CAST) Bundesamt für Sicherheit inder Informationstechnik(BSI) European Associationfor Biometrics (EAB) European Commission Joint Research Centre (JRC) TeleTrusT Deutschland e.v (TeleTrust) NorwegianBiometrics Laboratory(NBL) Center for Advanced Security Research Darmstadt (CASED) Fraunhofer-Institut für Graphische Datenverarbeitung (IGD)

9 BIOSIG 2013 Biometrics SpecialInterestGroup 2013 International Conference of the Biometrics Special Interest Group 04 th -06 th September 2013 Biometrics provides efficient and reliable solutions to recognize individuals. Growing interests about trustworthiness of authentication stimulate employment of biometric techniques. Nowadays, biometric applications can be found indiverse areas such as health monitoring, national IDcards, e-banking, e-commerce, etc. It rises tochallenges of robustness, reliability, interoperability, scalability, systemreliability, and usability. Large-scale applications such as the European Union Visa Information System (VIS) and Unique Identification (UID) in India require high accuracy. Multimodal biometrics combined with fusion techniques can improve recognition performance for such applications. Furthermore, efficient searching and/or indexing methods can accelerate also the identification efficiency. Additionally, the quality of acquired biometric samples can strongly influence the performance. Quality assessment methods can not only guarantee success of authentication but can also provide helpful feedback to system operators during the capturing process. Recently it was shown, that biometric recognition with low cost sensors embedded in mobile devices such as cell phones can improve deployment and acceptance of biometric systems. Moreover, concerns about security and privacy can not be neglected. The relevant techniques in the area of presentation attack detection (liveness detection) and template protection are about to supplement biometric systems, in order to improve fake resistance, prevent potential attackssuch ascross matching, identitytheft etc. BIOSIG 2013 offers you once again aplatform for international experts discussions on biometric research and the full range of security applications.

10 Table of Contents BIOSIG 2013 Regular Research Papers Nicolas Buchmann, Roel Peeters, Harald Baier, Andreas Pashalidis Security considerations on extending PACE to a biometric-based connection establishment Ferdinand Hahmann, Gordon Böer, Hauke Schramm Combination of Facial Landmarks for Robust Eye Localization Using the Discriminative Generalized Hough Transform Andreas Uhl, Peter Wild Experimental Evidence of Ageing in Hand Biometrics Ctirad Sousedik, Ralph Breithaupt, Christoph Busch Volumetric Fingerprint Data Analysis using Optical Coherence Tomography Andreas Pashalidis Simulated annealing attack on certain fingerprint authentication systems Benjamin Tams Absolute Fingerprint Pre-Alignment in Minutiae-Based Cryptosystems Sandra Cremer, Nadege Lemperiere, Bernadette Dorizzi, Sonia Garcia-Salicetti Quality driven iris recognition improvement Rudolf Haraksim, Didier Meuwly, Gina Doekhie, Peter Vergeer, Marjan Sjerps Assignment of the evidential value of a fingermark general pattern using a Bayesian Network Chris Stein, Vincent Bouatou, Christoph Busch Video-based Fingerphoto Recognition with Anti-spoofing Techniques with Smartphone Cameras Soumik Mondal, Patrick Bours Continuous Authentication using Mouse Dynamics Asad Ali, Farzin Deravi, Sanaul Hoque Spoofing Attempt Detection using Gaze Colocation

11 Napa Sae-Bae, Nasir Memon A Simple and Effective Method for Online Signature Verification Daria La Rocca, Patrizio Campisi, Jordi Solé-Casals EEG Based User Recognition Using BUMP Modelling Toshiyuki Isshiki, Toshinori Araki, Kengo Mori, Satoshi Obana, Tetsushi Ohki, Shizuo Sakamoto New Security Definitions for Biometric Authentication with Template Protection: Toward covering more threats against authentication systems BIOSIG 2013 Further Conference Contributions Leila Mirmohamadsadeghi, Andrzej Drygajlo A template privacy protection scheme for fingerprint minutiae descriptors Alina Krupp, Christian Rathgeb, Christoph Busch Social Acceptance of Biometric Technologies in Germany: A Survey Su Yang, Farzin Deravi Quality Filtering of EEG Signals for Enhanced Biometric Recognition Nesli Erdogmus, Sébastien Marcel Spoofing 2D Face Recognition Systems with 3D Masks Pawel Kasprowski, Ioannis Rigas The influence of dataset quality on the results of behavioural biometric experiments 217 Ingo Deutschmann, Johan Lindholm Behavioral biometrics for DARPA's active authentication program Georgia Koukiou, Vassilis Anastassopoulos Eye temperature distribution in drunk persons using thermal imagery Zinelabidine Boulkenafet, Messaoud Bengherabi, Omar Nouali, Mohamed Cheriet Using the conformal embedding analysis to compensate the channel effect in the i-vector based speaker verification system Markus Springer Protection of Fingerprint Data with the Glass Maze Algorithm

12 Laurentiu Acasandrei, Angel Barriga Embedded Face Detection Implementation Chris van Dam, Raymond Veldhuis, Luuk Spreeuwers Landmark-based Model-free 3D Face Shape Reconstruction from Video Sequences Rafik Chaabouni Solving Terminal Revocationin EAC by Augmenting Terminal Authentication Syed Zulkarnain Syed Idrus, Estelle Cherrier, Christophe Rosenberger, Patrick Bours Soft Biometrics Database: a Benchmark for Keystroke Dynamics Biometric Systems 281 Anastasios Drosou, Panagiotis Moschonas, Dimitrios Tzovaras Robust 3D Face Recognition from Low Resolution Images Lei Gao, Lin Qi, Ling Guan Selecting Discriminative Features with Discriminative Multiple Canonical CorrelationAnalysis for Multi-Feature Information Fusion Berkay Topcu, Hakan Erdogan, Cagatay Karabat, Berrin Yanikoglu BioHashing with Fingerprint Spectral Minutiae Ramon Blanco-Gonzalo, Raul Sanchez-Reillo, OscarMiguel-Hurtado, Judith Liu-Jimenez Usability Analysis of Dynamic Signature Verification in Mobile Environments Mihails Pudzs, Rihards Fuksis, Rinalds Ruskuls, Teodors Eglitis, Arturs Kadikis, Modris Greitans FPGA based palmprint and palm vein biometric system Esra Vural, Steven Simske, Stephanie Schuckers Verification of Individuals from Accelerometer Measures of Cardiac Chest Movements Pinar Santemiz, Luuk J. Spreeuwers, Raymond N.J. Veldhuis Automatic Landmark Detection and Face Recognition for Side-View Face Images Martin Böckeler, Xuebing Zhou An Efficient 3D Facial Landmark Detection Algorithm with Haar-like Features and Anthropometric Constraints

13

14 BIOSIG 2013 Regular Research Papers

15

16 Security considerations on extending PACE to a biometric-based connection establishment Nicolas Buchmann *,Roel Peeters,Harald Baier * and Andreas Pashalidis * da/sec Biometrics and Internet Security Research Group Hochschule Darmstadt, Darmstadt, Germany KU LEUVEN, ESAT/COSIC &iminds, Belgium Abstract: The regulations of the European Union (EU) Council in 2004 are the basis of the deployment of electronic passports within the EU. Since then EU member states adopt the format and the access protocols to further electronic machine readable travel documents (emrtd) like national electronic ID cards and electronic residence permits, respectively. The security protocols to communicate with an emrtd are based on the paradigm of strong cohesion and loose coupling, i.e., each step is designed to ensure only a particular security goal like authorisation to access a certain data group, authenticity and integrity of the data, originality of the chip, or the linkage between the emrtd and its holder. However, recently a discussion evolved to integrate the linkage security goal within the connection establishment, which currently only aims at limiting basic access of authorised terminals to the emrtd. For instance, the BioPACE protocol proposes to replace the knowledge-based shared secret of PACE by abiometric-based one. The goal of the paper at hand is twofold: First, we evaluate the BioPACEprotocol and propose improvements to enhance its features. Second, we analyse the expediencyofintegrating our BioPACEversion 2into the emrtd domain. Our initial evaluation shows that our BioPACE version 2 is expedient if the EAC protocols and the corresponding PKI are abandoned. 1 Introduction Since 2004 EU member states issue epassports, which feature an embedded radio frequency(rf) chip [EU04, EU05]. This chip contains sensitive biometric data, typically including the epassport holder sfacial image and fingerprints of twoindexfingers [ICA06]. In order to address the risks that arise through the electronic storage and wireless communication channel, security protocols for epassports have been specified [ICA06, BSI10]. The privacy of epassport holders, for example, is protected by access control mechanisms, which ensure that only trusted parties may read the fingerprints. Confidentiality of the transferred data is achieved by encrypting all communication between an inspection system and the chip. The specified protocols also ensure authenticity and integrity of the data read from the chip, as well as the originality of the chip itself. 15

17 The specified security protocols follow the paradigm of strong cohesion and loose coupling. That is, each protocol fulfils avery specific security goal and the security protocols hardly depend on each other, if there is a dependency at all. This paradigm is well established in the software engineering community [IEE90, ISO05]. Due to this principle further chip equipped cards (e.g., electronic ID cards) with similar security goals can use asubset of the epassports security protocols and replace an epassport protocol by anew one where appropriate. This does not only create abenefit for the electronic ID cards, but instead a mutual gain, because if a new improved security protocol is favoured in the electronic ID card domain it might replace the epassport counterpart in the long term. This is currently the case for the Password Authenticated Connection Establishment (PACE, [BSI10]), which is expected to replace the Basic Access Control (BAC) protocol by the PACE-based Supplemental Access Control (SAC) in 2018 [ICA13]. Recently Deufel et al. [DMDK13] propose the BioPACE protocol as a replacement for the knowledge-based shared secret of PACE. The BioPACEprotocol uses abiometric-based secret instead. The goal of our paper is twofold: Firstly, we evaluate the BioPACEprotocol. We document weaknesses compared to PACE, especially that BioPACE enables tracking and abandons the connection of the physical document and its chip. Additionally we propose improvements to enhance its features. Secondly, we analyse the expediency of integrating our BioPACE version 2 into the emrtd domain. We sketch the idea of replacing the expensive Extended Access Control (EAC) protocols and its related Country Verifying Public Key Infrastructure (CV PKI) by our BioPACE version 2 protocol. An initial evaluation reveals that our BioPACE version 2 actually has the potential to serve as replacement, if some of the conveniences of EAC are considered to be dispensable (e.g., fine-grained authorisation levels to different data groups). This paper is organised as follows: Section 2 describes the security protocols, which are relevant for the later discussion of BioPACE. In Section 3 the concept and underlying idea of BioPACE is introduced. The security assessment of BioPACEispresented in Section 4. Section 5 proposes an enhanced version of BioPACE. Section 6 presents future plans to replace EAC with our BioPACE version 2, and discusses the expediency ofour BioPACE version 2 in the emrtd domain. In Section 7 conclusions are drawn and the presented improvements and the usefulness of BioPACEare discussed. 2 emrtd protocols and their security goals This section describes the emrtd protocols and their security goals. Each protocol fulfils a very specific security goal. The protocols are either specified by the International Civil Aviation Organisation (ICAO) [ICA06] orthe German Federal Office for Information Security (BSI) [BSI10], and are well described in [KN07]. Passive Authentication is the only protocol, which is specified as mandatory by the ICAO [ICA06]. It provides authenticity and integrity of the data stored on the chip. Passive Authentication depends on the so-called Signing PKI. 16

18 Basic Access Control (BAC) provides protection against unauthorised access to the data stored on the chip [ICA06]. Unauthorised means access to the data without the emrtd owner handing over the document. To get access to the chip the terminal needs optical access to the data page to read the Machine Readable Zone (MRZ). The terminal authenticates itself to the chip with the data read from the MRZ, and both entities agree on session keys during BAC to establish a secure channel which provides authenticity, integrity and confidentiality of the transferred data by means of the SecureMessaging sub-protocol. To protect the sensitive data groups BAC is not sufficient. Therefore Extended Access Control (EAC) protects data group 3(DG3), which contains the fingerprints. EAC consists of Terminal Authentication and Chip Authentication [BSI10]. After performing EAC the terminal can read the fingerprints, capture a biometric sample from the emrtd holder and compare the biometric data to check if the current emrtd holder is the legitimate owner, and thereby achieves the linkage security goal. To prevent chip cloning, two protocols exist in the emrtd domain. Active Authentication (AA) specified by the ICAO [ICA06] and as part of EAC Chip Authentication (CA) specified by the BSI [BSI10]. Both protocols prove the authenticity of the chip (originality) to the terminal. AA achieves this goal with a challenge-response protocol and CA establishes a strong secure channel based on the Diffie-Hellman protocol to implicitly prove the originality of the chip. Terminal Authentication (TA) is part of EAC and is a protocol by which a terminal can prove to a chip its access right to the sensitive biometric data [BSI10]. The chip forces every terminal to prove its authorisation to DG3 before granting access to the fingerprints. TA is based on apki for terminals called the Country Verifying PKI. The Password Authenticated Connection Establishment (PACE) fulfils the same security goals as BAC, but provides strong session keys even in the presence of low-entropy passwords, and contrary to BAC is resistant against offline brute-force attacks [BSI10]. The shared password is denoted by π and can either be received from the MRZ, apin, or the Card Access Number (CAN), which is printed on the data page of the emrtd and consists of a six digit number. PACE is based on symmetric and asymmetric cryptography, while BAC is based solely on symmetric cryptography. PACE is depicted in Figure 1 and roughly consists of the following steps: First the emrtd chip randomly chooses anonce s and encrypts it with K π which is derivedfrom the shared password π. The chips sends the ciphertext z = Enc Kπ (s) to the terminal. The terminal recovers s with the shared password π and receives s = Dec Kπ (z). Chip and terminal both create ephemeral key pairs, and perform a Diffie-Hellman key agreement protocol based on these key pairs and the generated shared secret s. By performing Diffie-Hellman both entities agree on anew shared secret K. Based on K both parties derive session keys. Chip and terminal exchange and verify authentication tokens based on a Message Authentication Code. 17

19 After successfully performing PACE the Secure Messaging sub-protocol is started with the derived session keys to establish a secure channel, which provides authenticity, integrity and confidentiality. Terminal emrtd z randomly choose s and encrypt z = Enc Kπ (s) decrypt s = Dec Kπ (z) choose keypair 1 based ons choose keypair 2 based ons derive K: Diffie-Hellman(key pairs, s) derive session keys based on K derive session keys based on K exchange authentication tokens verify token secure channel verify token Figure 1: The PACE protocol PACE is the basic building block for the BioPACE protocol introduced in the next section. 3 BioPACE This section presents the BioPACEsecurity protocol and its underlying idea as introduced by Deufel et al. in[dmdk13]. Deufel et al. present BioPACE asapre-processing step to the PACE protocol, which we describe in Section 2. We first sketch the idea of BioPACE and then describe its twophases. The underlying idea for the pre-processing step is to make use of biometric template protection based on the ISO/IEC standard for biometric information protection [ISO11]. BioPACE does not favour abiometric modality, i.e., BioPACE may be implemented using the facial image, fingerprints, iris, etc. During personalisation of an emrtd the biometric modality is enrolled and afeature extraction from the captured biometric sample results in abiometric reference comprising of apseudonymous identifier PI and auxiliary data AD. The concrete specification of PI and AD with respect to size and structure is neither specified by the ISO/IEC standard nor by the authors of [DMDK13]. Averification consists of anew feature extraction from afresh biometric sample and the previously enrolled AD. The verification results in anew pseudonymous identifier PI,which equals PI if and only if the same person provided the biometric sample and therefore abiometric match occurs. We now explain the two phases of BioPACE in more detail. The authors of [DMDK13] call these phases the initialisation phase and the regular use phase. 18

20 emrtdowner Terminal emrtd read DG13 (AD,ENC PI(CAN)) measure biometric probe Use AD to calculate PI CAN := DEC PI (ENC PI(CAN)) PACE (CAN ) secure channel Figure 2: The BioPACE protocol During the initialisation phase the biometric enrolment is conducted, which results in PI and AD. Additionally the emrtd chip or abackend system creates arandom CAN or PIN, which serve asinput for the regular PACE protocol after the pre-processing step of BioPACE. In what follows we denote this random secret as CAN. The secret CAN is encrypted using PI as encryption key resulting in ENC PI (CAN). Then PI is discarded. The pair (AD,ENC PI (CAN)) is then written todata group 13 (DG13) of the emrtd logical data structure (LDS) [ICA06]. DG13 is publicly accessible without any authentication. This is justified by [DMDK13] with the consideration that the tuple (AD,ENC PI (CAN)) is not security sensitive, because it does not disclose biometric data of the enrolled person. After the initialisation phase BioPACE is ready for regular use. This phase is depicted in Figure 2. If an inspection system wants to perform BioPACE, it first has to read DG13 to receive (AD,ENC PI (CAN)). The inspection system captures abiometric sample from the document holder and uses the received AD from DG13 to compute PI. The inspection system then performs DEC PI (ENC PI (CAN)) to decrypt ENC PI (CAN) using PI as decryption keytoreceive CAN,which will match CAN if and only if PI matches PI. The secret value CAN is also known to the emrtd chip, because it is stored in its internal memory and can therefore be used as input for the standard PACE protocol. After this pre-processing step BioPACE uses the steps of the PACE protocol, which we explain in Section 2. 4 Assessment of BioPACE In this section we present our security assessment of BioPACE with respect to common security features of an emrtd. We identified weaknesses that are introduced when replacing PACE with BioPACE. Every paragraph first presents ashort assessment regarding 19

21 aspecific security aspect, and then proposes possible solutions, when applicable. No physical to electronic linkage. Where PACE makes alink between the printed data page of the emrtd and the chip inside the emrtd, BioPACE makes alink between the emrtd owner and the chip inside the emrtd. There is no link anymore between the printed data page of the emrtd and the chip inside the emrtd. As aconsequence it cannot build further upon the prior established authenticity of the MRZ and CAN (by checking the optical security features on emrtds, such as special paper and printing techniques). Tracking. While PACE guarantees the unlinkability of emrtd occurrences on the wireless channel, BioPACEdoes not. The authors of BioPACE justify that data group 13 can be read freely from the chip by claiming that it does not disclose any biometric data and as such is not security-sensitive. However, the data (AD,ENC PI (CAN)) provides a unique identifier for every emrtd and can be read out by anyone within communication range of the emrtd making tracking possible. Apossible solution would be to print (AD,ENC PI (CAN)) on the data page of the emrtd, additionally ensuring the coupling between the data page of the emrtd and the chip. However, this would require substantial changes in the emrtd creation and verification processes, as opposed to reading out some extra values from the chip. Usability degradation. The aspect of better comfort is not proveninthe paper. We doubt that reading and processing afingerprint is faster than performing OCR on amrz or CAN. Implementing BioPACE instead of PACE also means that the verifier needs biometric reader equipment, even if one only wants to read the chip sversion of the holder s name, or to verify authenticity and integrity of the chip s data via passive authentication. At the end of the paper, itissuggested that one can always skip the biometric preprocessing step of BioPACEand fall back to the original PACE. However, if the biometric pre-processing step can be skipped, this raises questions about the benefits of BioPACE, especially towards the emrtd owner. Loss of access control flexibility. As long as the sensitive biometric fingerprints are stored on the chip BioPACEshould not be considered as EU EACreplacement, because it can only provide two possible authorisation levels: read every data group or read no data group. With EAC, one can provide amore fine grained access control and the emrtd receives anexplicit authorisation from its issuing country that this terminal is indeed authorised to read certain data groups. Apossible solution is to replace the rawfingerprints by abiometric template that leaks no sensitive information. Double biometric linkage goal. The basic BioPACE protocol claims to provide access control and create alink between the emrtd holder and the chip. In the current emrtd security protocol pool these goals are already achieved bybac, PACE and EAC for the access control and the fingerprints stored on the chip for the biometric link. Achieving the same security goal twice has no benefit and only makes the border control check more lengthy. 20

Arslan Brömme, Christoph Busch (Eds.) BIOSIG 2013. Proceedings of the12 th International Conference of thebiometrics SpecialInterest Group

Arslan Brömme, Christoph Busch (Eds.) BIOSIG 2013. Proceedings of the12 th International Conference of thebiometrics SpecialInterest Group Arslan Brömme, Christoph Busch (Eds.) BIOSIG 2013 Proceedings of the12 th International Conference of thebiometrics SpecialInterest Group 04.-06. September 2013 in Darmstadt, Germany Gesellschaft für Informatik

More information

Preventing fraud in epassports and eids

Preventing fraud in epassports and eids Preventing fraud in epassports and eids Security protocols for today and tomorrow by Markus Mösenbacher, NXP Machine-readable passports have been a reality since the 1980s, but it wasn't until after 2001,

More information

Arslan Brömme,Christoph Busch (Eds.) BIOSIG 2014. Proceedingsofthe 13 th International Conference of the Biometrics Special Interest Group

Arslan Brömme,Christoph Busch (Eds.) BIOSIG 2014. Proceedingsofthe 13 th International Conference of the Biometrics Special Interest Group Arslan Brömme,Christoph Busch (Eds.) BIOSIG 2014 Proceedingsofthe 13 th International Conference of the Biometrics Special Interest Group 10.-12. September 2014 in Darmstadt, Germany Gesellschaft für Informatik

More information

Implementation of biometrics, issues to be solved

Implementation of biometrics, issues to be solved ICAO 9th Symposium and Exhibition on MRTDs, Biometrics and Border Security, 22-24 October 2013 Implementation of biometrics, issues to be solved Eugenijus Liubenka, Chairman of the Frontiers / False Documents

More information

Arslan Brömme, Christoph Busch,DetlefHühnlein ( Eds.) BIOSIG 2008. Proceedings of thespecialinterest Group on Biometricsand ElectronicSignatures

Arslan Brömme, Christoph Busch,DetlefHühnlein ( Eds.) BIOSIG 2008. Proceedings of thespecialinterest Group on Biometricsand ElectronicSignatures Arslan Brömme, Christoph Busch,DetlefHühnlein ( Eds.) BIOSIG 2008 Proceedings of thespecialinterest Group on Biometricsand ElectronicSignatures 11.-12. September 2008 in Darmstadt, Germany Gesellschaft

More information

Biometrics for Public Sector Applications

Biometrics for Public Sector Applications Technical Guideline TR-03121-2 Biometrics for Public Sector Applications Part 2: Software Architecture and Application Profiles Version 2.3 Bundesamt für Sicherheit in der Informationstechnik Postfach

More information

The New German ID Card

The New German ID Card The New German ID Card Marian Margraf Federal Ministry of the Interior marian.margraf@bmi.bund.de Abstract Besides their use in identity verification at police and border controls, national ID cards are

More information

Keep Out of My Passport: Access Control Mechanisms in E-passports

Keep Out of My Passport: Access Control Mechanisms in E-passports Keep Out of My Passport: Access Control Mechanisms in E-passports Ivo Pooters June 15, 2008 Abstract Nowadays, over 40 different countries issue biometric passports to increase security on there borders.

More information

eidas as blueprint for future eid projects cryptovision mindshare 2015 HJP Consulting Holger Funke

eidas as blueprint for future eid projects cryptovision mindshare 2015 HJP Consulting Holger Funke eidas as blueprint for future eid projects cryptovision mindshare 2015 HJP Consulting Holger Funke Agenda eidas Regulation TR-03110 V2.20 German ID card POSeIDAS Summary cryptovision mindshare 2015: eidas

More information

Security by Politics - Why it will never work. Lukas Grunwald DN-Systems GmbH Germany DefCon 15 Las Vegas USA

Security by Politics - Why it will never work. Lukas Grunwald DN-Systems GmbH Germany DefCon 15 Las Vegas USA Security by Politics - Why it will never work Lukas Grunwald DN-Systems GmbH Germany DefCon 15 Las Vegas USA Agenda Motivation Some basics Brief overview epassport (MRTD) Why cloning? How to attack the

More information

ISO 24745 - Biometric Template Protection

ISO 24745 - Biometric Template Protection ISO 24745 - Biometric Template Protection Hochschule Darmstadt / Gjøvik University College / Fraunhofer IGD IBPC 2010 -Satellite Workshop II NIST March 5, 2010 PET for the Protection of Biometric data

More information

Common Criteria Protection Profile for Inspection Systems (IS) BSI-CC-PP-0064. Version 1.01 (15 th April 2010)

Common Criteria Protection Profile for Inspection Systems (IS) BSI-CC-PP-0064. Version 1.01 (15 th April 2010) Common Criteria Protection Profile for BSI-CC-PP-0064 Version 1.01 (15 th April 2010) Federal Office for Information Security Postfach 20 03 63 53133 Bonn Phone: +49 228 99 9582-0 e-mail: zertifizierung@bsi.bund.de

More information

addressed. Specifically, a multi-biometric cryptosystem based on the fuzzy commitment scheme, in which a crypto-biometric key is derived from

addressed. Specifically, a multi-biometric cryptosystem based on the fuzzy commitment scheme, in which a crypto-biometric key is derived from Preface In the last decade biometrics has emerged as a valuable means to automatically recognize people, on the base is of their either physiological or behavioral characteristics, due to several inherent

More information

Full page passport/document reader Regula model 70X4M

Full page passport/document reader Regula model 70X4M Full page passport/document reader Regula model 70X4M Full page passport reader with no moving parts inside. Automatic reading and authenticity verification of passports, IDs, visas, driver s licenses

More information

Moving to the third generation of electronic passports

Moving to the third generation of electronic passports Moving to the third generation of electronic passports A new dimension in electronic passport security with Supplemental Access Control (SAC) > WHITE PAPER 2 Gemalto in brief Gemalto is the world leader

More information

Conformance test specification for BSI-TR 03121 Biometrics for public sector applications

Conformance test specification for BSI-TR 03121 Biometrics for public sector applications Technical Guideline TR-03122-2 Conformance test specification for BSI-TR 03121 Biometrics for public sector applications Part 2: Software Architecture - BioAPI conformance testing Version 3.0 Bundesamt

More information

EPASSPORT WITH BASIC ACCESS CONTROL AND ACTIVE AUTHENTICATION

EPASSPORT WITH BASIC ACCESS CONTROL AND ACTIVE AUTHENTICATION COMMON CRITERIA PROTECTION PROFILE EPASSPORT WITH BASIC ACCESS CONTROL AND ACTIVE AUTHENTICATION Draft Version 1.0 TURKISH STANDARDS INSTITUTION TABLE OF CONTENTS Common Criteria Protection Profile...

More information

Electronic machine-readable travel documents (emrtds) The importance of digital certificates

Electronic machine-readable travel documents (emrtds) The importance of digital certificates Electronic machine-readable travel documents (emrtds) The importance of digital certificates Superior security Electronic machine-readable travel documents (emrtds) are well-known for their good security.

More information

Conformance test specification for BSI-TR 03121 Biometrics for public sector applications

Conformance test specification for BSI-TR 03121 Biometrics for public sector applications Technical Guideline TR-03122-1 Conformance test specification for BSI-TR 03121 Biometrics for public sector applications Part 1: Framework Version 3.0 Bundesamt für Sicherheit in der Informationstechnik

More information

A Survey on Untransferable Anonymous Credentials

A Survey on Untransferable Anonymous Credentials A Survey on Untransferable Anonymous Credentials extended abstract Sebastian Pape Databases and Interactive Systems Research Group, University of Kassel Abstract. There are at least two principal approaches

More information

Biometrics for public sector applications

Biometrics for public sector applications Technical Guideline TR-03121-1 Biometrics for public sector applications Part 1: Framework Version 3.0 Bundesamt für Sicherheit in der Informationstechnik Postfach 20 03 63, 53133 Bonn, Germany Email:

More information

Published International Standards Developed by ISO/IEC JTC 1/SC 37 - Biometrics

Published International Standards Developed by ISO/IEC JTC 1/SC 37 - Biometrics Published International Standards Developed by ISO/IEC JTC 1/SC 37 - Biometrics Revised October 25, 2007 These standards can be obtained (for a fee) at ANSI s estandards Store: http://webstore.ansi.org/

More information

Multimodal Biometric Recognition Security System

Multimodal Biometric Recognition Security System Multimodal Biometric Recognition Security System Anju.M.I, G.Sheeba, G.Sivakami, Monica.J, Savithri.M Department of ECE, New Prince Shri Bhavani College of Engg. & Tech., Chennai, India ABSTRACT: Security

More information

Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi

Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi Purpose This paper is intended to describe the benefits of smart card implementation and it combination with Public

More information

Biometric For Authentication, Do we need it? Christophe Rosenberger GREYC Research Lab - France

Biometric For Authentication, Do we need it? Christophe Rosenberger GREYC Research Lab - France Biometric For Authentication, Do we need it? Christophe Rosenberger GREYC Research Lab - France OUTLINE Le pôle TES et le sans-contact Introduction User authentication GREYC - E-payment & Biometrics Introduction

More information

Discover Germany s Electronic Passport

Discover Germany s Electronic Passport Discover Germany s Electronic Passport Starting 1 Nov. 2007 E-Passport 2nd Generation www.epass.de 1 Introducing Germany s e-passport If you want to know why there are electronic passports and how to recognize

More information

Analysis of Multimodal Biometric Fusion Based Authentication Techniques for Network Security

Analysis of Multimodal Biometric Fusion Based Authentication Techniques for Network Security , pp. 239-246 http://dx.doi.org/10.14257/ijsia.2015.9.4.22 Analysis of Multimodal Biometric Fusion Based Authentication Techniques for Network Security R.Divya #1 and V.Vijayalakshmi #2 #1 Research Scholar,

More information

Application-Specific Biometric Templates

Application-Specific Biometric Templates Application-Specific Biometric s Michael Braithwaite, Ulf Cahn von Seelen, James Cambier, John Daugman, Randy Glass, Russ Moore, Ian Scott, Iridian Technologies Inc. Introduction Biometric technologies

More information

Biometric Authentication Platform for a Safe, Secure, and Convenient Society

Biometric Authentication Platform for a Safe, Secure, and Convenient Society 472 Hitachi Review Vol. 64 (2015), No. 8 Featured Articles Platform for a Safe, Secure, and Convenient Society Public s Infrastructure Yosuke Kaga Yusuke Matsuda Kenta Takahashi, Ph.D. Akio Nagasaka, Ph.D.

More information

Mathematical Model Based Total Security System with Qualitative and Quantitative Data of Human

Mathematical Model Based Total Security System with Qualitative and Quantitative Data of Human Int Jr of Mathematics Sciences & Applications Vol3, No1, January-June 2013 Copyright Mind Reader Publications ISSN No: 2230-9888 wwwjournalshubcom Mathematical Model Based Total Security System with Qualitative

More information

Sicherheitsaspekte des neuen deutschen Personalausweises

Sicherheitsaspekte des neuen deutschen Personalausweises Sicherheitsaspekte des neuen deutschen Personalausweises Dennis Kügler Bundesamt für Sicherheit in der Informationstechnik egov Fokus 2/2013: Identity- und Access Management im E-Government Rethinking

More information

Protection Profile for UK Dual-Interface Authentication Card

Protection Profile for UK Dual-Interface Authentication Card Protection Profile for UK Dual-Interface Authentication Card Version 1-0 10 th July 2009 Reference: UNKT-DO-0002 Introduction This document defines a Protection Profile to express security, evaluation

More information

PRIME IDENTITY MANAGEMENT CORE

PRIME IDENTITY MANAGEMENT CORE PRIME IDENTITY MANAGEMENT CORE For secure enrollment applications processing and workflow management. PRIME Identity Management Core provides the foundation for any biometric identification platform. It

More information

COMMON CERTIFICATE POLICY FOR THE EXTENDED ACCESS CONTROL INFRASTRUCTURE FOR PASSPORTS AND TRAVEL DOCUMENTS ISSUED BY EU MEMBER STATES

COMMON CERTIFICATE POLICY FOR THE EXTENDED ACCESS CONTROL INFRASTRUCTURE FOR PASSPORTS AND TRAVEL DOCUMENTS ISSUED BY EU MEMBER STATES COMMON CERTIFICATE POLICY FOR THE EXTENDED ACCESS CONTROL INFRASTRUCTURE FOR PASSPORTS AND TRAVEL DOCUMENTS ISSUED BY EU MEMBER STATES BSI TR-03139 Version 2.1 27 May 2013 Foreword The present document

More information

Modular biometric architecture with secunet biomiddle

Modular biometric architecture with secunet biomiddle Version 2.1 Modular biometric architecture with secunet biomiddle White Paper Version 2.0, 25/03/10 secunet Security Networks AG Copyright 2010 by secunet Security Networks AG This document is for information

More information

A Note on the Relay Attacks on e-passports

A Note on the Relay Attacks on e-passports A Note on the Relay Attacks on e-passports The Case of Czech e-passports Martin Hlaváč 1 and Tomáš Rosa 1,2 hlavm1am@artax.karlin.mff.cuni.cz and trosa@ebanka.cz 1 Department of Algebra, Charles University

More information

Extending EMV payment smart cards with biometric on-card verification

Extending EMV payment smart cards with biometric on-card verification Extending EMV payment smart cards with biometric on-card verification Olaf Henniger 1 and Dimitar Nikolov 2 1 Fraunhofer Institute for Computer Graphics Research IGD Fraunhoferstr. 5, D-64283 Darmstadt,

More information

Common Criteria Protection Profile

Common Criteria Protection Profile Machine Readable Travel Document using Standard Inspection Procedure with PACE (PACE PP) Version 1.01, 22th July 2014 Foreword This Protection Profile Electronic Passport using Standard Inspection procedure

More information

Operational and Technical security of Electronic Passports

Operational and Technical security of Electronic Passports European Agency for the Management of Operational Cooperation at the External Borders of the Member States of the European Union Operational and Technical security of Electronic Passports Warsaw, Legal

More information

Best Practices for the Use of RF-Enabled Technology in Identity Management. January 2007. Developed by: Smart Card Alliance Identity Council

Best Practices for the Use of RF-Enabled Technology in Identity Management. January 2007. Developed by: Smart Card Alliance Identity Council Best Practices for the Use of RF-Enabled Technology in Identity Management January 2007 Developed by: Smart Card Alliance Identity Council Best Practices for the Use of RF-Enabled Technology in Identity

More information

Framework for Biometric Enabled Unified Core Banking

Framework for Biometric Enabled Unified Core Banking Proc. of Int. Conf. on Advances in Computer Science and Application Framework for Biometric Enabled Unified Core Banking Manohar M, R Dinesh and Prabhanjan S Research Candidate, Research Supervisor, Faculty

More information

October 2014 Issue No: 2.0. Good Practice Guide No. 44 Authentication and Credentials for use with HMG Online Services

October 2014 Issue No: 2.0. Good Practice Guide No. 44 Authentication and Credentials for use with HMG Online Services October 2014 Issue No: 2.0 Good Practice Guide No. 44 Authentication and Credentials for use with HMG Online Services Good Practice Guide No. 44 Authentication and Credentials for use with HMG Online Services

More information

Opinion and recommendations on challenges raised by biometric developments

Opinion and recommendations on challenges raised by biometric developments Opinion and recommendations on challenges raised by biometric developments Position paper for the Science and Technology Committee (House of Commons) Participation to the inquiry on Current and future

More information

Best Solutions for Biometrics and eid

Best Solutions for Biometrics and eid Best Solutions for Biometrics and eid In times of virtual communication even a person s identity is converted into an electronic form with the help of biometrics and then organised through intricate technical

More information

Digital Identity & Authentication Directions Biometric Applications Who is doing what? Academia, Industry, Government

Digital Identity & Authentication Directions Biometric Applications Who is doing what? Academia, Industry, Government Digital Identity & Authentication Directions Biometric Applications Who is doing what? Academia, Industry, Government Briefing W. Frisch 1 Outline Digital Identity Management Identity Theft Management

More information

Description of the Technical Component:

Description of the Technical Component: Confirmation concerning Products for Qualified Electronic Signatures according to 15 Sec. 7 S. 1, 17 Sec. 4 German Electronic Signature Act 1 and 11 Sec. 2 and 15 German Electronic Signature Ordinance

More information

Spoof Detection and the Common Criteria

Spoof Detection and the Common Criteria Spoof Detection and the Common Criteria Ralph Breithaupt (BSI) Nils Tekampe (TÜViT) Content Today s situation The BSI projects LifeFinger I & II Spoofing The definition Spoof Detection in Common Criteria

More information

Secure Embedded Systems eine Voraussetzung für Cyber Physical Systems und das Internet der Dinge

Secure Embedded Systems eine Voraussetzung für Cyber Physical Systems und das Internet der Dinge Secure Embedded Systems eine Voraussetzung für Cyber Physical Systems und das Internet der Dinge Mitgliederversammlung EIKON e.v. 26. Februar 2014 Prof. Dr.-Ing. Georg Sigl Lehrstuhl für Sicherheit in

More information

Part I. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001. Siemens AG 2001, ICN M NT

Part I. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001. Siemens AG 2001, ICN M NT Part I Contents Part I Introduction to Information Security Definition of Crypto Cryptographic Objectives Security Threats and Attacks The process Security Security Services Cryptography Cryptography (code

More information

Contactless Smart Cards vs. EPC Gen 2 RFID Tags: Frequently Asked Questions. July, 2006. Developed by: Smart Card Alliance Identity Council

Contactless Smart Cards vs. EPC Gen 2 RFID Tags: Frequently Asked Questions. July, 2006. Developed by: Smart Card Alliance Identity Council Contactless Smart Cards vs. EPC Gen 2 RFID Tags: Frequently Asked Questions July, 2006 Developed by: Smart Card Alliance Identity Council Contactless Smart Cards vs. EPC Gen 2 RFID Tags: Frequently Asked

More information

MACHINE READABLE TRAVEL DOCUMENTS

MACHINE READABLE TRAVEL DOCUMENTS MACHINE READABLE TRAVEL DOCUMENTS TECHNICAL REPORT Version 1.0 Date - April 7, 2011 Published by authority of the Secretary General ICAO/NTWG SUB-WORKING GROUP FOR NEW SPECIFICATIONS td1 CARD File Author

More information

Qualified mobile electronic signatures: Possible, but worth a try?

Qualified mobile electronic signatures: Possible, but worth a try? Qualified mobile electronic signatures: Possible, but worth a try? Lothar Fritsch 1, Johannes Ranke 2, Heiko Rossnagel 1 Interest level of audience: 3 - for application developers (interested in IT security)

More information

Relay attacks on card payment: vulnerabilities and defences

Relay attacks on card payment: vulnerabilities and defences Relay attacks on card payment: vulnerabilities and defences Saar Drimer, Steven J. Murdoch http://www.cl.cam.ac.uk/users/{sd410, sjm217} Computer Laboratory www.torproject.org 24C3, 29 December 2007, Berlin,

More information

Advanced Authentication

Advanced Authentication White Paper Advanced Authentication Introduction In this paper: Introduction 1 User Authentication 2 Device Authentication 3 Message Authentication 4 Advanced Authentication 5 Advanced Authentication is

More information

Mobile Driver s License Solution

Mobile Driver s License Solution Mobile Driver s License Solution Secure, convenient and more efficient Improved identity protection through secure mobile driver s licenses The introduction of a mobile driver s license is a huge opportunity

More information

De-duplication The Complexity in the Unique ID context

De-duplication The Complexity in the Unique ID context De-duplication The Complexity in the Unique ID context 1. Introduction Citizens in India depend on the Government for various services at various stages of the human lifecycle. These services include issuance

More information

Technical Guideline TR-03107-1 Electronic Identities and Trust Services in E-Government

Technical Guideline TR-03107-1 Electronic Identities and Trust Services in E-Government Technical Guideline TR-03107-1 Electronic Identities and Trust Services in E-Government Part 1: Assurance levels and mechanisms Version 1.0 This translation is informative only. The normative version is

More information

Single Sign-On: Reviewing the Field

Single Sign-On: Reviewing the Field Single Sign-On: Reviewing the Field Michael Grundmann, Erhard Pointl Johannes Kepler University Linz Abstract. The Idea of having only one password for every service has led to the concept of single sign-on

More information

Best Practice Fingerprint Enrolment Standards European Visa Information System

Best Practice Fingerprint Enrolment Standards European Visa Information System Best Practice Fingerprint Enrolment Standards European Visa Information System Improving performance by improving fingerprint image quality Experiences from pilot project BioDEVII 1 Agenda BioDEVII Phase

More information

Strengthen RFID Tags Security Using New Data Structure

Strengthen RFID Tags Security Using New Data Structure International Journal of Control and Automation 51 Strengthen RFID Tags Security Using New Data Structure Yan Liang and Chunming Rong Department of Electrical Engineering and Computer Science, University

More information

Landscape of eid in Europe in 2013

Landscape of eid in Europe in 2013 Landscape of eid in Europe in 2013 July 2013 Eurosmart White Paper Contents Executive Summary 3 1. Purpose of the document 3 2. EU regulation 3 3. EU Member States identification policies 4 3.1. National

More information

NFC & Biometrics. Christophe Rosenberger

NFC & Biometrics. Christophe Rosenberger NFC & Biometrics Christophe Rosenberger OUTLINE GREYC - E-payment & Biometrics Contactless transactions Biometric authentication Solutions Perspectives 2 GREYC Research Lab Research Group in Computer science,

More information

Secure Card based Voice over Internet Protocol Authentication

Secure Card based Voice over Internet Protocol Authentication Secure Card based Voice over Internet Protocol Authentication By GOWSALYA.S HARINI.R CSE-B II YEAR (IFET COLLEGE OF ENGG.) Approach to Identity Card-based Voiceover-IP Authentication Abstract Voice-over-IP

More information

Caught in the Maze of Security Standards

Caught in the Maze of Security Standards Caught in the Maze of ΓΝΩΘΙΣ Know Thyself ΑΥΤΟΝ Security Standards Dieter Gollmann Hamburg University of Technology What this talk is not about 1. Designing security protocols is difficult and error prone

More information

IDRBT Working Paper No. 11 Authentication factors for Internet banking

IDRBT Working Paper No. 11 Authentication factors for Internet banking IDRBT Working Paper No. 11 Authentication factors for Internet banking M V N K Prasad and S Ganesh Kumar ABSTRACT The all pervasive and continued growth being provided by technology coupled with the increased

More information

Establishing and Managing the Schengen Masterlist of CSCAs

Establishing and Managing the Schengen Masterlist of CSCAs Establishing and Managing the Schengen Masterlist of CSCAs Big City 21/04/2015 European Commission Directorate-General HOME Unit B3 Information Systems for Borders and Security Richard.Rinkens@ec.europa.eu

More information

SecureStore I.CA. User manual. Version 2.16 and higher

SecureStore I.CA. User manual. Version 2.16 and higher User manual Version 2.16 and higher Contents SecureStore I.CA 1. INTRODUCTION...3 2. ACCESS DATA FOR THE CARD...3 2.1 Card initialisation...3 3. MAIN SCREEN...4 4. DISPLAYING INFORMATION ABOUT THE PAIR

More information

Fighting product clones through digital signatures

Fighting product clones through digital signatures Paul Curtis, Katrin Berkenkopf Embedded Experts Team, SEGGER Microcontroller Fighting product clones through digital signatures Product piracy and forgery are growing problems that not only decrease turnover

More information

Using Real Time Computer Vision Algorithms in Automatic Attendance Management Systems

Using Real Time Computer Vision Algorithms in Automatic Attendance Management Systems Using Real Time Computer Vision Algorithms in Automatic Attendance Management Systems Visar Shehu 1, Agni Dika 2 Contemporary Sciences and Technologies - South East European University, Macedonia 1 Contemporary

More information

FAQs Electronic residence permit

FAQs Electronic residence permit FAQs Electronic residence permit General 1) When was the electronic residence permit introduced? Since 1 September 2011, foreigners in Germany have been issued with the new electronic residence permit

More information

FAQs - New German ID Card. General

FAQs - New German ID Card. General FAQs - New German ID Card General 1) How to change from the old ID card to the new one? The new Law on Identification Cards came into effect on 1 November 2010. Since then, citizens can apply for the new

More information

RF-Enabled Applications and Technology: Comparing and Contrasting RFID and RF-Enabled Smart Cards

RF-Enabled Applications and Technology: Comparing and Contrasting RFID and RF-Enabled Smart Cards RF-Enabled Applications and Technology: Comparing and Contrasting RFID and RF-Enabled Smart Cards January 2007 Developed by: Smart Card Alliance Identity Council RF-Enabled Applications and Technology:

More information

CRYPTOGRAPHY AS A SERVICE

CRYPTOGRAPHY AS A SERVICE CRYPTOGRAPHY AS A SERVICE Peter Robinson RSA, The Security Division of EMC Session ID: ADS R01 Session Classification: Advanced Introduction Deploying cryptographic keys to end points such as smart phones,

More information

W.A.R.N. Passive Biometric ID Card Solution

W.A.R.N. Passive Biometric ID Card Solution W.A.R.N. Passive Biometric ID Card Solution Updated November, 2007 Biometric technology has advanced so quickly in the last decade that questions and facts about its cost, use, and accuracy are often confused

More information

Identity Management Initiatives in identity management and emerging standards Presented to Fondazione Ugo Bordoni Rome, Italy

Identity Management Initiatives in identity management and emerging standards Presented to Fondazione Ugo Bordoni Rome, Italy Identity Management Initiatives in identity management and emerging standards Presented to Fondazione Ugo Bordoni Rome, Italy November 18, 2008 Teresa Schwarzhoff Computer Security Division Information

More information

Chapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography

Chapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography Chapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography What Is Steganography? Steganography Process of hiding the existence of the data within another file Example:

More information

Common Criteria Protection Profile. Electronic Identity Card (ID_Card PP) BSI-CC-PP-0061. Approved by the Federal Ministry of Interior. Version 1.

Common Criteria Protection Profile. Electronic Identity Card (ID_Card PP) BSI-CC-PP-0061. Approved by the Federal Ministry of Interior. Version 1. Common Criteria Protection Profile Approved by the Federal Ministry of Interior Version 1.03, 1 Common Criteria Protection Profile Version 1.03, Foreword This Protection Profile is issued by Bundesamt

More information

Voice Authentication for ATM Security

Voice Authentication for ATM Security Voice Authentication for ATM Security Rahul R. Sharma Department of Computer Engineering Fr. CRIT, Vashi Navi Mumbai, India rahulrsharma999@gmail.com Abstract: Voice authentication system captures the

More information

A Comparative Study on ATM Security with Multimodal Biometric System

A Comparative Study on ATM Security with Multimodal Biometric System A Comparative Study on ATM Security with Multimodal Biometric System K.Lavanya Assistant Professor in IT L.B.R.College of Engineering, Mylavaram. lavanya.kk2005@gmail.com C.Naga Raju Associate Professor

More information

Enabling the secure use of RFID

Enabling the secure use of RFID Enabling the secure use of RFID BLACK ME/FOTOLIA.com Enhancing security of radio frequency identification to connect safely to the Internet of Things UHF radio frequency identification (RFID) promises

More information

ENHANCING ATM SECURITY USING FINGERPRINT AND GSM TECHNOLOGY

ENHANCING ATM SECURITY USING FINGERPRINT AND GSM TECHNOLOGY Available Online at www.ijcsmc.com International Journal of Computer Science and Mobile Computing A Monthly Journal of Computer Science and Information Technology IJCSMC, Vol. 3, Issue. 4, April 2014,

More information

Statewatch Briefing ID Cards in the EU: Current state of play

Statewatch Briefing ID Cards in the EU: Current state of play Statewatch Briefing ID Cards in the EU: Current state of play Introduction In March 2010, the Council Presidency sent out a questionnaire to EU Member States and countries that are members of the socalled

More information

2-FACTOR AUTHENTICATION FOR MOBILE APPLICATIONS: INTRODUCING DoubleSec

2-FACTOR AUTHENTICATION FOR MOBILE APPLICATIONS: INTRODUCING DoubleSec 2-FACTOR AUTHENTICATION FOR MOBILE APPLICATIONS: INTRODUCING DoubleSec TECHNOLOGY WHITEPAPER DSWISS LTD INIT INSTITUTE OF APPLIED INFORMATION TECHNOLOGY JUNE 2010 V1.0 1 Motivation With the increasing

More information

Electronic Identity Cards for User Authentication Promise and Practice

Electronic Identity Cards for User Authentication Promise and Practice Electronic Identity Cards for User Authentication Promise and Practice Andreas Poller Ulrich Waldmann Sven Vowé Sven Türpe Fraunhofer Institute for Secure Information Technology (SIT) Rheinstraße 75, 64295

More information

MOBILE IDENTIFICATION:

MOBILE IDENTIFICATION: MOBILE IDENTIFICATION: FROM FUNCTIONAL REQUIREMENTS, TO TESTING FOR INTEROPERABILITY AND SECURITY Antonia Rana*, Alessandro Alessandroni** *Joint Research Centre, **DigitPA EUR 25037 EN - 2011 The mission

More information

Defending the Internet of Things

Defending the Internet of Things Defending the Internet of Things Identity at the Core of Security +1-888-690-2424 entrust.com Table of contents Introduction Page 3 Challenge: protecting & managing identity Page 4 Founders of identity

More information

Biometrics, Tokens, & Public Key Certificates

Biometrics, Tokens, & Public Key Certificates Biometrics, Tokens, & Public Key Certificates The Merging of Technologies TOKENEER Workstations WS CA WS WS Certificate Authority (CA) L. Reinert S. Luther Information Systems Security Organization Biometrics,

More information

On the Limits of Anonymous Password Authentication

On the Limits of Anonymous Password Authentication On the Limits of Anonymous Password Authentication Yan-Jiang Yang a Jian Weng b Feng Bao a a Institute for Infocomm Research, Singapore, Email: {yyang,baofeng}@i2r.a-star.edu.sg. b School of Computer Science,

More information

Problems of Security in Ad Hoc Sensor Network

Problems of Security in Ad Hoc Sensor Network Problems of Security in Ad Hoc Sensor Network Petr Hanáček * hanacek@fit.vutbr.cz Abstract: The paper deals with a problem of secure communication between autonomous agents that form an ad hoc sensor wireless

More information

Overview of Cryptographic Tools for Data Security. Murat Kantarcioglu

Overview of Cryptographic Tools for Data Security. Murat Kantarcioglu UT DALLAS Erik Jonsson School of Engineering & Computer Science Overview of Cryptographic Tools for Data Security Murat Kantarcioglu Pag. 1 Purdue University Cryptographic Primitives We will discuss the

More information

Supporting Document Guidance. Security Architecture requirements (ADV_ARC) for smart cards and similar devices. April 2012. Version 2.

Supporting Document Guidance. Security Architecture requirements (ADV_ARC) for smart cards and similar devices. April 2012. Version 2. Supporting Document Guidance Security Architecture requirements (ADV_ARC) for smart cards and similar devices April 2012 Version 2.0 CCDB-2012-04-003 Foreword This is a supporting document, intended to

More information

BIOMETRICS STANDARDS AND FACE IMAGE FORMAT FOR DATA INTERCHANGE - A REVIEW

BIOMETRICS STANDARDS AND FACE IMAGE FORMAT FOR DATA INTERCHANGE - A REVIEW BIOMETRICS STANDARDS AND FACE IMAGE FORMAT FOR DATA INTERCHANGE - A REVIEW Nita M. Thakare 1 and V. M. Thakare 2 1 Department Computer Science and Engg., S.S.G.M. College of Engg., Shegaon (M.S.), India

More information

Evaluation of different Open Source Identity management Systems

Evaluation of different Open Source Identity management Systems Evaluation of different Open Source Identity management Systems Ghasan Bhatti, Syed Yasir Imtiaz Linkoping s universitetet, Sweden [ghabh683, syeim642]@student.liu.se 1. Abstract Identity management systems

More information

Research Article. Research of network payment system based on multi-factor authentication

Research Article. Research of network payment system based on multi-factor authentication Available online www.jocpr.com Journal of Chemical and Pharmaceutical Research, 2014, 6(7):437-441 Research Article ISSN : 0975-7384 CODEN(USA) : JCPRC5 Research of network payment system based on multi-factor

More information

Security Levels for Web Authentication using Mobile Phones

Security Levels for Web Authentication using Mobile Phones Security Levels for Web Authentication using Mobile Phones Anna Vapen and Nahid Shahmehri Department of computer and information science Linköpings universitet, SE-58183 Linköping, Sweden {annva,nahsh}@ida.liu.se

More information

3D PASSWORD. Snehal Kognule Dept. of Comp. Sc., Padmabhushan Vasantdada Patil Pratishthan s College of Engineering, Mumbai University, India

3D PASSWORD. Snehal Kognule Dept. of Comp. Sc., Padmabhushan Vasantdada Patil Pratishthan s College of Engineering, Mumbai University, India 3D PASSWORD Tejal Kognule Yugandhara Thumbre Snehal Kognule ABSTRACT 3D passwords which are more customizable and very interesting way of authentication. Now the passwords are based on the fact of Human

More information

White Paper 2 Factor + 2 Way Authentication to Criminal Justice Information Services. Table of Contents. 1. Two Factor and CJIS

White Paper 2 Factor + 2 Way Authentication to Criminal Justice Information Services. Table of Contents. 1. Two Factor and CJIS White Paper 2 Factor + 2 Way Authentication to Criminal Justice Information Services Over the past decade, the demands on government agencies to share information across the federal, state and local levels

More information

Facts about the new identity card

Facts about the new identity card Facts about the new identity card Contents The new identity card At a glance... 4 In detail... 6 Photographs... 8 New ID card, new possibilities...10 Special functions... 11 The online function...12 Reader

More information

E-Visas Verification Schemes Based on Public-Key Infrastructure and Identity Based Encryption

E-Visas Verification Schemes Based on Public-Key Infrastructure and Identity Based Encryption Journal of Computer Science 6 (7): 723-727, 2010 ISSN 1549-3636 2010 Science Publications E-Visas Verification Schemes Based on Public-Key Infrastructure and Identity Based Encryption Najlaa A. Abuadhmah,

More information