How To Authenticate An Id Card In Germany

Transcription

1 The New German ID Card Marian Margraf Federal Ministry of the Interior Abstract Besides their use in identity verification at police and border controls, national ID cards are frequently used for commercial applications, too. One objective of the introduction of the new national ID card on 1 November 2010 is to extend the conventional use of ID documents to the digital world. In order to meet this objective, the new ID card offers two electronic functionalities for e-business and e-government service providers: an electronic authentication and a digital signature. In the following paper we describe the electronic authentication mechanism used by the ID card, explain the differences between authentication and signature and discuss the security and privacy properties of the two applications used for e-government and e-business. 2. Introduction On 1 November 2010 Germany will start issuing new identity cards. One of the main differences compared to the previous version is the integration of an ISO compliant chip which contains a government application, e.g. for border control purposes, and two applications for e-government and e-business (authentication and signature). IT security and privacy considerations played a crucial role during the design phase of the electronical functionalities. Reliable protection for personal information required a coordinated approach to legal provisions, organisational measures and technical implementation. The legislative framework for the (current) national ID card (Personalausweisgesetz) already contains various provisions about the use of the national ID card, including restrictions. Thus, only in exceptional cases it is permitted to make a paper copy of the ID document; the serial number of the ID card must not be used for data mining purposes; and the machine-readable zone (MRZ) and the data in it must only be used for government purposes. These provisions were transferred into the legal framework for the new, electronic national ID card. However, because of the new electronic functionalities, additional security mechanisms have to be specified and implemented. Therefore, the following requirements were taken into account during the design phase of the chip functionalities: 1. all data transmissions must be encrypted; 1. all transmissions of data have to be approved by the cardholder; 1. an illicit use of the ID card by a third party must be impossible; 1. the cardholder must know to whom their personal data will be transmitted;

2 2 The New German ID Card 1. only personal data that are necessary and approved by the cardholder may be transmitted; 1. the usage of the card cannot be monitored by government institutions or other parties; 1. the ID card must enable pseudonymous authentication; 1. lost ID cards must be revocable; 1. unique identifiers must not be used, neither for the citizen nor for the ID card. The last three requirements, in particular, require a careful design of the revocation management for lost ID cards which is described in [1]. For an overview of the security mechanisms of the German ID card, please refer to [2]. In [6] you will find an overview of the privacy features and data protection mechanisms of European eid cards. 1. Commercial applications Besides their use in identity verification at police and border controls, national ID cards are frequently used for commercial applications. In all these scenarios, the cardholder identifies him-or-herself, using the ID card (and the biometric information on it), to the business partner or government officer, thereby proving a claimed identity. In normal situations, the cardholder knows the person to whom he or she proves identity because this takes place either on the premises of the commercial partner or the government, or both persons involved show each other their ID cards. This is usually the basis of the trust between the two persons and/or whether they are acting on behalf of the institution(s) they represent. In a technical sense, a mutual authentication takes place. However, both parties receive just a snap shot of the authentication, and they cannot prove the other person s identity to a third party. A signature, which can, if necessary, be presented to a court or in administrative proceedings, constitutes such a proof. The objective of the introduction of the new national ID card on 1 November 2010 is to extend the conventional use of ID documents to the digital world. In order to meet this objective, the new ID card offers two electronic functionalities for e-business and e- government service providers: 1. electronic authentication: which enables mutual authentication of two parties via the Internet in such a way that each party knows the person with whom it is communicating; 1. qualified digital signature (Qualifizierte Elektronische Signatur (QES)): which is a digital equivalent to a legally binding, hand-written signature according to the German Digital Signature Act (Signaturgesetz). The cardholder has full control over the use of both functionalities: the ability of the card to perform an electronic authentication will be enabled or disabled when the citizen receives the card (and can be changed later), and a digital signature requires the prior loading of a (qualified) certificate onto the card.

3 The New German ID Card 3 1. Electronic authentication According to the definitions in the Guidelines for Information Security Audits (Grundschutzkatalog) of the Federal Office for Information Security (Bundesamt fuer Sicherheit in der Informationstechnik (BSI)) the term electronic authentication refers to a procedure or an operation for the verification of an identity. The current procedure for service providers is normally to check the security features of an ID card that is produced and compare the photo to the customer; an equivalent online procedure requires other mechanisms. Smart-card based cryptographic protocols can replace the verification of security features, i.e., the verification of the trustworthiness of the ID card. A secret PIN, only known to the cardholder, acts as a substitute for the verification of biometric features (comparing the photo). By proving his knowledge of the PIN, the claimant proves to be the legitimate owner of the ID card. Another objective, in addition to the authentication of the cardholder to the service, is the authentication of the service to the cardholder. The means for doing this are card-verifiable certificates (CV certificates) which can be verified by the chip on the ID card. Besides the expiry date and the name of the institution that owns the certificate, they contain fine-grained information about which data categories the service provider is allowed to access. A new government institution, the Issuing Office for Certicates (Vergabestelle für Berechtigungszertifikate (VfB)) which is part of the Federal Office of Administration (Bundesverwaltungsamt (BVA)), issues these certificates to service providers. A service provider applying for a certificate has to submit evidence as to why access to personal data on their customers electronic ID cards is necessary for the service; the Issuing Office verifies, in a formal procedure, that this evidence meets the requirements. One of the main aspects of this procedure is the selection of the data fields (of the eid card) to which the access will be granted. The principle of minimal disclosure applies; for example, service providers who only need to verify whether a customer is above a certain age, will only obtain access rights to a binary inquiry function for exactly this purpose (age verification). Other services, for example online shops, might get granted access to additional personal information such as name or address. Service providers will receive their certificates from one of the trust centers that act as Certification Authorities (eid CA). A trust center that wants to provide certificates for the German electronic ID card must fulfill the requirements for issuing qualified digital signature certificates according to the German Digital Signature Act and be registered at the Federal Network Agency (Bundesnetzagentur (BNetzA)) A special option offered by the German eid card is a card-specific and service-specific identifier which enables pseudonymous authentication. If requested, the chip generates a cryptographic token from the sector ID, which is part of the certificate, and a secret key stored in the chip. Thus, this token is unique for each combination of card and service provider but different for different service providers (even using the same card) or different cards. This token or pseudonym, therefore, enables a service provider to recognize an eid card without the possibility of cross-referencing with another service provider's authentication data.

4 4 The New German ID Card 1. Qualified Digital Signature As already mention above, for the electronic authentication both parties receive just a snap shot of the authentication, and they cannot prove the other person s identity to a third party. A signature, which can, if necessary, be presented to a court or in administrative proceedings, constitutes such a proof. Moreover, in an authentication procedure we are going to show who we are, a signature shows our will, for example if we sign a contract. Therefore, authentication and signature are different mechanisms and there are use cases for both mechanisms. In Germany, qualified digital signatures are regulated by the German Digital Signature Act. By this act, qualified digital signatures are equivalent to hand-written signatures, up to the regularities of some special laws. The chip of the new ID card is designed to be a signature card in the sense of the German Digital Signature Act, i.e. citizen can use this card to load a qualified digital certificate and to sign electronic documents in the usual way. 1. Realization of the electronic authentication Main idea of the electronic authentication of the ID card is to establish a trusted and secure channel between the chip and the service provider. This will be done by using an authenticated Diffie-Hellman key agreement protocol. With this, we achieve to goals: 1. Both communication parties know with whom they interact (authentication). 1. The communication parties can establish a secure channel (key agreement). In order to guarantee authenticity of the communication parties, the public keys must be assigned to the respective party. This will be done, as described in the following subsections, by digital signatures and, to achieve the bond of card and cardholder, by using the secret PIN. For a description of the cryptographic protocols in detail please refer to [4]. 1. E n t e r t h e P I N ( P a s s w o r d A u t h e n t i c a t i o n Communication Protocol (PACE)) As already mentioned above a communication with the chip of the ID card can only be performed if the cardholder enter his PIN to the chip. This guarantees a so-called two-factorauthentication based on ownership (the ID card) and knowledge (the PIN). Remember that the chip is contactless, hence the PIN cannot be send over the air without additional protection. The PACE protocol that is used for PIN sharing in this context is a password authenticated Diffie-Hellman key agreement protocol that provides secure communication and explicit password-based authentication of the chip and the card reader. A proof of the security features as well as a detailed description of PACE can be found in [77].

5 The New German ID Card 5 1. Mutual Authentication (Extented Access Control (EAC)) 1. Public Key Infrastructure In order to guarantee the authenticity of ID cards and service providers, two public key infrastructures (PKI) are used. Terminal Authentication (see Subsection 3.2.2) requires the service provider to prove to the chip that it is entitled to access data on the chip. A service provider holds at least one certificate encoding its public key and access rights, and the corresponding private key. The PKI required for issuing and validating certificates for service providers consists of the following entities: 1. Country Verifying Certification Authority (CVCA) hosted by the BSI 1. eid Certification Authorities hosted by the Trust Centers 1. Service Providers Chip Authentication (see subsection 3.2.3) requires the chip of the ID card to prove to the service provider that it is an official chip belonging to a German ID card. The chip holds a static Diffie-Helmann key pair where the public key is signed by the card-manufactor. The PKI required for issuing and validating certificates and public keys for chips of German ID cards consists of the following entities: 1. Country Signing Certification Authorithy (CSCA) hosted by the BSI 1. Document Signer (DS) hosted by the card-manufactor 1. ID cards These PKIs form the basis of Extended Access Control. 1. Authentication of the Service Provider (Terminal Authentication) When a citizen wants to use the electronic authentication mechanism of his ID card he usually goes to the web-site of a service provider. The service provider sends its certificate to the citizen. This certificate then will be displayed on the screen to show the content of the certificate (data such name of the institution that owns the certificate, expiry data of the certificate and which data categories the institutions is allowed to read from the chip), the citizen confirms by entering his PIN. After this, following steps are performed by the service provider and the ID card chip: 1. The service provider sends a certificate chain to the chip. The chain starts with a certificate verifiable with the root public key stored on the chip and ends with the service provider's certificate. 1. The chip verifies the certificates. 1. The chip verifies that the service provider also holds the associated secret key to the public key (by a challenge response protocol). 1. The service provider generates an ephemeral Diffie-Hellman key pair, signs the Diffie- Hellman public key with its secret key and sends both data to the chip.

6 6 The New German ID Card 1. The chip verifies the signature using the public key which is stored in the certificate of the service provider. If all certificates and keys could be successfully verified, the chip has an authenticated Diffie- Hellman public key from the service provider. 1. Authentication of the Document (Chip Authentication) The chip of the ID card has a static Diffie-Hellman key pair. The secret key is stored on a secure storage of the chip, so can neither be read nor cloned. The public key is signed by the card manufacturer (in Germany the Bundesdruckerei) during the production process. Now the following steps are performed by the ID card chip and the service provider: 1. The chip sends its public key, the signature of the public key and the certificate of the manufacturer to the service provider. 1. The service provider checks the manufacturer's certificate using the root certificate and the signature of the chip's public key using the manufacturer's certificate. If the public key of the chip could be successfully verified, the service provider has an authenticated Diffie-Hellman public key from a chip of an official ID card. As we have seen in Section 1 one design principle was the non-use of unique identifiers for the ID card. On account of this, the Diffie-Hellman key pairs are not unique for a chip. Chips that will be produced within a period of three month will get the same key pair to use for chip authentication. As chip authentication does not authenticate the card holder but only shows, that the chip belongs to an official ID card, in fact, this is non-usual, but has no security effect. 1. Authentication of the Cardholder At this step chip and service provider have exchanged authenticated Diffie-Hellman public keys to each other. Now they can generate a common secret and derive symmetric keys to establish an encrypted and authenticated channel (using AES as the symmetric cipher and AES-MAC as the message authentication code). Now the data which can be read by the service provider will be transmitted from the chip to the service provider. As the channel is authenticated, the cardholder is authenticated too. Moreover, since the channel is encrypted, only the service provider that has sent its certificate to the chip can read these data. 1. Revocation Management 1. Revocation of Documents In order to impede the illegitimate use of lost or stolen ID cards, the cardholder has to be able to revoke them. A very common mechanism for chip cards, e.g., qualified digital signature cards, is the creation of a global revocation list that includes the (unique) public keys or the serial numbers of all revoked cards and/or certificates. The disadvantage of this mechanism is that a unique public key or serial number constitutes a card-specific identifier which acts as a direct link to the cardholder's identity. Such a mechanism therefore contradicts the design principle of minimal disclosure. For example, if one service provider has only access rights for age

7 The New German ID Card 7 verification (see above) whereas another one also has access to other personal information, such as the name, even full access to both service provider's databases must not allow a link to their client's authentication data. This notably applies in the case when pseudonyms are used. A solution to this problem is the use of service-provider-specific revocation lists, i.e., each card provides a service-provider-specific and card-specific revocation token to the service provider who verifies it against their individual service-provider-specific revocation list. The technical and organizational implementations of this concept are described in [1]. 1. Revocation of Service Providers Of course, the concession to read data from the ID card must be revocable, too. As it is not possible to store revocation lists on the chip, here another mechanism with a similar security level must be found. CV certificates have a very short validity (depending on the data that can be read from the chip 2 up to 30 days). Therefore, a recall of such a certificate can be realized by the non-issuing of a new one for this service provider. References [BKMN10] [BKMN08] [BeFK09] [Marg09] [BMI 09] [BSI 10] [BSI 10] [ENIS09] Bender, Jens; Kügler, Dennis; Margraf, Marian; Naumann, Ingo: Das Sperrmanagement im neuen deutschen Personalausweis - Sperrmanagement ohne globale chipindividuelle Merkmale, Datensicherheit und Datenschutz (DuD), 2010, p Bender, Jens, Kügler, Dennis, Margraf, Marian, Naumann, Ingo: Sicherheitsmechanismen für kontaktlose Chips im deutschen elektronischen Personalausweis. Datenschutz und Datensicherheit (DuD), 2008, p Bender, Jens, Fischlin, Marc, Kügler Kügler: Security Analysis of the PACE Key-Agreement Protocol. Information Security Conference (ISC) 2009, Lecture Notes in Computer Science, Volume 5735, Springer-Verlag, 2009, p Margraf, Marian: Der elektronische Identitätsnachweis des zukünftigen Personalausweises. in: 19. SIT-SmartCard Workshop (Fraunhofer-Institut für Sichere Informationstechnologie), Darmstadt 3./ , p Federal Ministry of Interior: Gesetz über Personalausweise und den elektronischen Identitätsnachweis, Federal Office for Information Security (BSI): Technical Guideline TR-03110, Advanced Security Mechanisms for Machine Readable Travel Documents Extended Access Control (EAC) and Password Authentication Connection Establishment (PACE), and Restricted Authentication, Version 2.03, Federal Office for Information Security (BSI): Technical Guideline TR-03127, Technical Architecture of the New German ID Card, ENISA Position Paper, Privacy Features of European eid Card Specifications, Januar 2009,