Ronny Wichers Schreur / Bart Jacobs Biometric Passport

Transcription

1 FACULTY OF SCIENCE Ronny Wichers Schreur / Bart Jacobs

2 Wichers Schreur / Jacobs (IPA Fall days ) p.1/34 Contents

3 Wichers Schreur / Jacobs (IPA Fall days ) p.1/34 Contents I. Background II. Standards & requirements III. Low level stuff IV. High level protocols V. Passports for private use? VI. Conclusions

4 I. Background Wichers Schreur / Jacobs (IPA Fall days ) p.2/34

5 Wichers Schreur / Jacobs (IPA Fall days ) p.3/34 International developments

6 Wichers Schreur / Jacobs (IPA Fall days ) p.3/34 International developments After 9/11 international move towards stronger identification of citizens & travellers

7 Wichers Schreur / Jacobs (IPA Fall days ) p.3/34 International developments After 9/11 international move towards stronger identification of citizens & travellers US: Visa waiver program after 25 Oct 06 only for countries with biometric passport

8 Wichers Schreur / Jacobs (IPA Fall days ) p.3/34 International developments After 9/11 international move towards stronger identification of citizens & travellers US: Visa waiver program after 25 Oct 06 only for countries with biometric passport Standards developed by ICAO: International Civil Airline Organisation

9 Wichers Schreur / Jacobs (IPA Fall days ) p.4/34 Role of the Netherlands

10 Wichers Schreur / Jacobs (IPA Fall days ) p.4/34 Role of the Netherlands Large trial 2B or not 2B (6 cities, participants, Sept 04-Feb 05).

11 Wichers Schreur / Jacobs (IPA Fall days ) p.4/34 Role of the Netherlands Large trial 2B or not 2B (6 cities, participants, Sept 04-Feb 05). Philips main supplier of smartmx chips

12 Wichers Schreur / Jacobs (IPA Fall days ) p.4/34 Role of the Netherlands Large trial 2B or not 2B (6 cities, participants, Sept 04-Feb 05). Philips main supplier of smartmx chips SDU Identification (inter)nationally active as document supplier (and also within ICAO).

13 Wichers Schreur / Jacobs (IPA Fall days ) p.5/34 Own involvement

14 Wichers Schreur / Jacobs (IPA Fall days ) p.5/34 Own involvement Membership of expert council set up by ministry of internal affairs (Jacobs)

15 Wichers Schreur / Jacobs (IPA Fall days ) p.5/34 Own involvement Membership of expert council set up by ministry of internal affairs (Jacobs) Participation in enrollment procedure, resulting in test passport (Oostdijk)

16 Wichers Schreur / Jacobs (IPA Fall days ) p.5/34 Own involvement Membership of expert council set up by ministry of internal affairs (Jacobs) Participation in enrollment procedure, resulting in test passport (Oostdijk) Production of own terminal-side software (Wichers Schreur) & test development

17 Wichers Schreur / Jacobs (IPA Fall days ) p.5/34 Own involvement Membership of expert council set up by ministry of internal affairs (Jacobs) Participation in enrollment procedure, resulting in test passport (Oostdijk) Production of own terminal-side software (Wichers Schreur) & test development Role in discussion in media

18 Wichers Schreur / Jacobs (IPA Fall days ) p.5/34 Own involvement Membership of expert council set up by ministry of internal affairs (Jacobs) Participation in enrollment procedure, resulting in test passport (Oostdijk) Production of own terminal-side software (Wichers Schreur) & test development Role in discussion in media Disclaimer: no biometry experts

19 Wichers Schreur / Jacobs (IPA Fall days ) p.6/34 Passport fraud

20 Wichers Schreur / Jacobs (IPA Fall days ) p.6/34 Passport fraud Forgery of modern (NL) passports very difficult

21 Wichers Schreur / Jacobs (IPA Fall days ) p.6/34 Passport fraud Forgery of modern (NL) passports very difficult Production of passports has been centralised

22 Wichers Schreur / Jacobs (IPA Fall days ) p.6/34 Passport fraud Forgery of modern (NL) passports very difficult Production of passports has been centralised Criminal organisations collect large numbers of passports, and look for reasonable matches

23 Wichers Schreur / Jacobs (IPA Fall days ) p.6/34 Passport fraud Forgery of modern (NL) passports very difficult Production of passports has been centralised Criminal organisations collect large numbers of passports, and look for reasonable matches Look alike fraud is source of concern

24 Wichers Schreur / Jacobs (IPA Fall days ) p.6/34 Passport fraud Forgery of modern (NL) passports very difficult Production of passports has been centralised Criminal organisations collect large numbers of passports, and look for reasonable matches Look alike fraud is source of concern Hence original aim: biometric Verification

25 Wichers Schreur / Jacobs (IPA Fall days ) p.7/34 Reasonable security goal

26 Wichers Schreur / Jacobs (IPA Fall days ) p.7/34 Reasonable security goal Chip in passport with contactless access requires:

27 Wichers Schreur / Jacobs (IPA Fall days ) p.7/34 Reasonable security goal Chip in passport with contactless access requires: No identifying information is released without the consent of the passport s holder. This should include identification numbers of chips and country identification (bomb targeted at individuals/nationals).

28 Wichers Schreur / Jacobs (IPA Fall days ) p.7/34 Reasonable security goal Chip in passport with contactless access requires: No identifying information is released without the consent of the passport s holder. This should include identification numbers of chips and country identification (bomb targeted at individuals/nationals). Receiver must be able to check authenticity and integrity of contained data

29 II. Standards & requirements Wichers Schreur / Jacobs (IPA Fall days ) p.8/34

30 Wichers Schreur / Jacobs (IPA Fall days ) p.9/34 ICAO on MRTD

31 Wichers Schreur / Jacobs (IPA Fall days ) p.9/34 ICAO on MRTD MRTD: Machine Readable Travel Document

32 Wichers Schreur / Jacobs (IPA Fall days ) p.9/34 ICAO on MRTD MRTD: Machine Readable Travel Document Open standards, for states and suppliers

33 Wichers Schreur / Jacobs (IPA Fall days ) p.9/34 ICAO on MRTD MRTD: Machine Readable Travel Document Open standards, for states and suppliers PKI task force with members from US, UK, Can, Ger, NL.

34 Wichers Schreur / Jacobs (IPA Fall days ) p.9/34 ICAO on MRTD MRTD: Machine Readable Travel Document Open standards, for states and suppliers PKI task force with members from US, UK, Can, Ger, NL. Only facial image mandatory; fingerprints, iris scan, etc. optional

35 Wichers Schreur / Jacobs (IPA Fall days ) p.9/34 ICAO on MRTD MRTD: Machine Readable Travel Document Open standards, for states and suppliers PKI task force with members from US, UK, Can, Ger, NL. Only facial image mandatory; fingerprints, iris scan, etc. optional Only integrity check mandatory; several other protection mechanisms optional

36 Wichers Schreur / Jacobs (IPA Fall days ) p.9/34 ICAO on MRTD MRTD: Machine Readable Travel Document Open standards, for states and suppliers PKI task force with members from US, UK, Can, Ger, NL. Only facial image mandatory; fingerprints, iris scan, etc. optional Only integrity check mandatory; several other protection mechanisms optional See

37 Wichers Schreur / Jacobs (IPA Fall days ) p.10/34 EU on MRTD

38 Wichers Schreur / Jacobs (IPA Fall days ) p.10/34 EU on MRTD Facial scan included before 28 Aug 06

39 Wichers Schreur / Jacobs (IPA Fall days ) p.10/34 EU on MRTD Facial scan included before 28 Aug 06 Fingerprints later, 3 year after agreement on protection mechanism

40 Wichers Schreur / Jacobs (IPA Fall days ) p.10/34 EU on MRTD Facial scan included before 28 Aug 06 Fingerprints later, 3 year after agreement on protection mechanism Basic Access Control mandatory:

41 Wichers Schreur / Jacobs (IPA Fall days ) p.10/34 EU on MRTD Facial scan included before 28 Aug 06 Fingerprints later, 3 year after agreement on protection mechanism Basic Access Control mandatory: Access key for RFID chip extracted from Machine Readable Zone (MRZ) Intended as consent to read

42 Wichers Schreur / Jacobs (IPA Fall days ) p.11/34 NL on MRTD

43 Wichers Schreur / Jacobs (IPA Fall days ) p.11/34 NL on MRTD Introduction in two stages; start < 28/6/ 06.

44 Wichers Schreur / Jacobs (IPA Fall days ) p.11/34 NL on MRTD Introduction in two stages; start < 28/6/ 06. Original aim (2002): verification only, with decentralised storage of biometric data

45 Wichers Schreur / Jacobs (IPA Fall days ) p.11/34 NL on MRTD Introduction in two stages; start < 28/6/ 06. Original aim (2002): verification only, with decentralised storage of biometric data New aims (Jan. 2005, letter on terror ):

46 Wichers Schreur / Jacobs (IPA Fall days ) p.11/34 NL on MRTD Introduction in two stages; start < 28/6/ 06. Original aim (2002): verification only, with decentralised storage of biometric data New aims (Jan. 2005, letter on terror ): identification, called on line verification central database of biometric data meant as contribution to effectivity of identification laws

47 Wichers Schreur / Jacobs (IPA Fall days ) p.12/34 Protection mechanisms

48 Wichers Schreur / Jacobs (IPA Fall days ) p.12/34 Protection mechanisms basic access ctrl passive authent. active authent. extended access ctrl to protect mechanism EU US

49 Wichers Schreur / Jacobs (IPA Fall days ) p.12/34 Protection mechanisms to protect mechanism EU US basic access ctrl access & confidentiality encryption via key from MRZ + + passive authent. active authent. extended access ctrl

50 Wichers Schreur / Jacobs (IPA Fall days ) p.12/34 Protection mechanisms to protect mechanism EU US basic access ctrl access & confidentiality encryption via key from MRZ + + passive authent. integrity of content signature by SDU (by NL) + + active authent. extended access ctrl

51 Wichers Schreur / Jacobs (IPA Fall days ) p.12/34 Protection mechanisms to protect mechanism EU US basic access ctrl access & confidentiality encryption via key from MRZ + + passive authent. integrity of content signature by SDU (by NL) + + active authent. authenticity of document signing of challenge +- NL + - extended access ctrl

52 Wichers Schreur / Jacobs (IPA Fall days ) p.12/34 Protection mechanisms to protect mechanism EU US basic access ctrl access & confidentiality encryption via key from MRZ + + passive authent. integrity of content signature by SDU (by NL) + + active authent. authenticity of document signing of challenge +- NL + - extended access ctrl confidentiality of fingerprints key exchange / sign challenge + n.a.

53 Wichers Schreur / Jacobs (IPA Fall days ) p.12/34 Protection mechanisms to protect mechanism EU US basic access ctrl access & confidentiality encryption via key from MRZ + + passive authent. integrity of content signature by SDU (by NL) + + active authent. authenticity of document signing of challenge +- NL + - extended access ctrl confidentiality of fingerprints key exchange / sign challenge + n.a. Physical: Faraday cage ; prevents eavesdrop

54 Wichers Schreur / Jacobs (IPA Fall days ) p.13/34 International PKI

55 Wichers Schreur / Jacobs (IPA Fall days ) p.13/34 International PKI Country Signing CA (NL) signs certificate of Document Signer (SDU)

56 Wichers Schreur / Jacobs (IPA Fall days ) p.13/34 International PKI Country Signing CA (NL) signs certificate of Document Signer (SDU) SDU signs security object, for passive authentication

57 Wichers Schreur / Jacobs (IPA Fall days ) p.13/34 International PKI Country Signing CA (NL) signs certificate of Document Signer (SDU) SDU signs security object, for passive authentication Passport chip contains: SDU certificate own public key (hash in security object)

58 Wichers Schreur / Jacobs (IPA Fall days ) p.13/34 International PKI Country Signing CA (NL) signs certificate of Document Signer (SDU) SDU signs security object, for passive authentication Passport chip contains: SDU certificate own public key (hash in security object) Self-signed country certificates distributed at first via diplomatic post, later electronically.

59 V. Low level stuff Wichers Schreur / Jacobs (IPA Fall days ) p.14/34

60 Wichers Schreur / Jacobs (IPA Fall days ) p.15/34 Card info I

61 Wichers Schreur / Jacobs (IPA Fall days ) p.15/34 Card info I SmartMX Chip from Philips (P5CT072), with: 72Kbyte EEPROM contactless interface (ISO/IEC A) 3DES, RNG, RSA, SHA1 (ECC?)

62 Wichers Schreur / Jacobs (IPA Fall days ) p.15/34 Card info I SmartMX Chip from Philips (P5CT072), with: 72Kbyte EEPROM contactless interface (ISO/IEC A) 3DES, RNG, RSA, SHA1 (ECC?) High certification: level EAL5+ of Common Criteria

63 Wichers Schreur / Jacobs (IPA Fall days ) p.15/34 Card info I SmartMX Chip from Philips (P5CT072), with: 72Kbyte EEPROM contactless interface (ISO/IEC A) 3DES, RNG, RSA, SHA1 (ECC?) High certification: level EAL5+ of Common Criteria JavaCard OS: IBM JCOP41 version 2.20 Certification by German BSI ongoing

64 Wichers Schreur / Jacobs (IPA Fall days ) p.15/34 Card info I SmartMX Chip from Philips (P5CT072), with: 72Kbyte EEPROM contactless interface (ISO/IEC A) 3DES, RNG, RSA, SHA1 (ECC?) High certification: level EAL5+ of Common Criteria JavaCard OS: IBM JCOP41 version 2.20 Certification by German BSI ongoing Passport Java applet written by SDU: closed source

65 Wichers Schreur / Jacobs (IPA Fall days ) p.16/34 Card info II

66 Wichers Schreur / Jacobs (IPA Fall days ) p.16/34 Card info II Writing to chip (e.g. for visa, children etc.) not foreseen.

67 Wichers Schreur / Jacobs (IPA Fall days ) p.16/34 Card info II Writing to chip (e.g. for visa, children etc.) not foreseen. No certainty about absence of backdoors But secret access should be detectable via monitoring

68 Wichers Schreur / Jacobs (IPA Fall days ) p.17/34 Contactless issues

69 Wichers Schreur / Jacobs (IPA Fall days ) p.17/34 Contactless issues Operation distance < 10 cm; eavesdrop < 10m?

70 Wichers Schreur / Jacobs (IPA Fall days ) p.17/34 Contactless issues Operation distance < 10 cm; eavesdrop < 10m? Multiple cards may be in reach of reader

71 Wichers Schreur / Jacobs (IPA Fall days ) p.17/34 Contactless issues Operation distance < 10 cm; eavesdrop < 10m? Multiple cards may be in reach of reader Anti-collision protocol described in ISO

72 Wichers Schreur / Jacobs (IPA Fall days ) p.17/34 Contactless issues Operation distance < 10 cm; eavesdrop < 10m? Multiple cards may be in reach of reader Anti-collision protocol described in ISO With fixed identifier tree walking protocol in current SDU test passport (4 byte id) allows tracing and targeting

73 Contactless issues Operation distance < 10 cm; eavesdrop < 10m? Multiple cards may be in reach of reader Anti-collision protocol described in ISO With fixed identifier tree walking protocol in current SDU test passport (4 byte id) allows tracing and targeting SDU: deployed card will use random identifier Wichers Schreur / Jacobs (IPA Fall days ) p.17/34

74 III. High level protocols Wichers Schreur / Jacobs (IPA Fall days ) p.18/34

75 Wichers Schreur / Jacobs (IPA Fall days ) p.19/34 Basic Access Control I

76 Wichers Schreur / Jacobs (IPA Fall days ) p.19/34 Basic Access Control I MRZ info yields 3DES document basic access keys K ENC,K MAC, fixed for lifetime

77 Wichers Schreur / Jacobs (IPA Fall days ) p.19/34 Basic Access Control I MRZ info yields 3DES document basic access keys K ENC,K MAC, fixed for lifetime Relevant MRZ input: passport nr. + birth date + expiry date

78 Wichers Schreur / Jacobs (IPA Fall days ) p.19/34 Basic Access Control I MRZ info yields 3DES document basic access keys K ENC,K MAC, fixed for lifetime Relevant MRZ input: passport nr. + birth date + expiry date Consent & confidentiality mechanism

79 Wichers Schreur / Jacobs (IPA Fall days ) p.20/34 Basic Access Control II

80 Wichers Schreur / Jacobs (IPA Fall days ) p.20/34 Basic Access Control II Psp N P (8 byte) Rdr

81 Wichers Schreur / Jacobs (IPA Fall days ) p.20/34 Basic Access Control II Psp N P (8 byte) Rdr Psp A:=N R N P K R K Enc {A},K MAC [K ENC {A}] Rdr

82 Wichers Schreur / Jacobs (IPA Fall days ) p.20/34 Basic Access Control II Psp N P (8 byte) Rdr Psp A:=N R N P K R K Enc {A},K MAC [K ENC {A}] Rdr Psp B:=N P N R K P K Enc {B},K MAC [K ENC {B}] Rdr

83 Wichers Schreur / Jacobs (IPA Fall days ) p.20/34 Basic Access Control II Psp N P (8 byte) Rdr Psp A:=N R N P K R K Enc {A},K MAC [K ENC {A}] Rdr Psp B:=N P N R K P K Enc {B},K MAC [K ENC {B}] Rdr Session keys are then derived from K P and K R, for rest of communication.

84 Wichers Schreur / Jacobs (IPA Fall days ) p.21/34 Low Entropy I Maximal entropy somewhere between 50 and 60 bits

85 Wichers Schreur / Jacobs (IPA Fall days ) p.21/34 Low Entropy I Maximal entropy somewhere between 50 and 60 bits Actual entropy much lower

86 Wichers Schreur / Jacobs (IPA Fall days ) p.21/34 Low Entropy I Maximal entropy somewhere between 50 and 60 bits Actual entropy much lower NL: passport numbers sequential

87 Wichers Schreur / Jacobs (IPA Fall days ) p.21/34 Low Entropy I Maximal entropy somewhere between 50 and 60 bits Actual entropy much lower NL: passport numbers sequential check digit in passport number (Witteman, Riscure)

88 Wichers Schreur / Jacobs (IPA Fall days ) p.21/34 Low Entropy I Maximal entropy somewhere between 50 and 60 bits Actual entropy much lower NL: passport numbers sequential check digit in passport number (Witteman, Riscure) age can be guessed, say within 10 years

89 Wichers Schreur / Jacobs (IPA Fall days ) p.21/34 Low Entropy I Maximal entropy somewhere between 50 and 60 bits Actual entropy much lower NL: passport numbers sequential check digit in passport number (Witteman, Riscure) age can be guessed, say within 10 years entropy only 35 bits

90 Wichers Schreur / Jacobs (IPA Fall days ) p.22/34 Low Entropy II Brute force attack

91 Wichers Schreur / Jacobs (IPA Fall days ) p.22/34 Low Entropy II Brute force attack Skimming too slow: 100 guesses s 1

92 Wichers Schreur / Jacobs (IPA Fall days ) p.22/34 Low Entropy II Brute force attack Skimming too slow: 100 guesses s 1 Eavesdropped data: 1,000,000 guesses s 1

93 Wichers Schreur / Jacobs (IPA Fall days ) p.22/34 Low Entropy II Brute force attack Skimming too slow: 100 guesses s 1 Eavesdropped data: 1,000,000 guesses s 1 35 bits: crackable in hours on standard PC

94 Wichers Schreur / Jacobs (IPA Fall days ) p.22/34 Low Entropy II Brute force attack Skimming too slow: 100 guesses s 1 Eavesdropped data: 1,000,000 guesses s 1 35 bits: crackable in hours on standard PC Ministry: issuance order deeply entrenched in procedures and checks

95 Wichers Schreur / Jacobs (IPA Fall days ) p.22/34 Low Entropy II Brute force attack Skimming too slow: 100 guesses s 1 Eavesdropped data: 1,000,000 guesses s 1 35 bits: crackable in hours on standard PC Ministry: issuance order deeply entrenched in procedures and checks ICAO is studying strengthening of Basic Access Control

96 Wichers Schreur / Jacobs (IPA Fall days ) p.23/34 Passive authentication

97 Wichers Schreur / Jacobs (IPA Fall days ) p.23/34 Passive authentication Read Security Object from chip with: SDU certificate public key for active authentication hashes of all passport data SDU signature

98 Wichers Schreur / Jacobs (IPA Fall days ) p.23/34 Passive authentication Read Security Object from chip with: SDU certificate public key for active authentication hashes of all passport data SDU signature Authenticity check consists of: certificate of SDU, using NL public key signature by SDU, using certificate hashes, after reading data

99 Passive authentication Read Security Object from chip with: SDU certificate public key for active authentication hashes of all passport data SDU signature Authenticity check consists of: certificate of SDU, using NL public key signature by SDU, using certificate hashes, after reading data Cloning still possible. Wichers Schreur / Jacobs (IPA Fall days ) p.23/34

100 Wichers Schreur / Jacobs (IPA Fall days ) p.24/34 Active authentication, against cloning

101 Wichers Schreur / Jacobs (IPA Fall days ) p.24/34 Active authentication, against cloning Passport has private (RSA) key, with public key in (signed) security document.

102 Wichers Schreur / Jacobs (IPA Fall days ) p.24/34 Active authentication, against cloning Passport has private (RSA) key, with public key in (signed) security document. Psp N R (8 byte) Rdr

103 Wichers Schreur / Jacobs (IPA Fall days ) p.24/34 Active authentication, against cloning Passport has private (RSA) key, with public key in (signed) security document. Psp N R (8 byte) Rdr Psp Sig(N R padding) Rdr

104 Wichers Schreur / Jacobs (IPA Fall days ) p.24/34 Active authentication, against cloning Passport has private (RSA) key, with public key in (signed) security document. Psp N R (8 byte) Rdr Psp Sig(N R padding) Rdr Possible risk of signing location + timing data in N R, for tracking.

105 Wichers Schreur / Jacobs (IPA Fall days ) p.25/34 Advanced Security Mechanisms I

106 Wichers Schreur / Jacobs (IPA Fall days ) p.25/34 Advanced Security Mechanisms I For fingerprint protection; optional for ICAO

107 Wichers Schreur / Jacobs (IPA Fall days ) p.25/34 Advanced Security Mechanisms I For fingerprint protection; optional for ICAO Required by EU, but no EU-standard yet

108 Wichers Schreur / Jacobs (IPA Fall days ) p.25/34 Advanced Security Mechanisms I For fingerprint protection; optional for ICAO Required by EU, but no EU-standard yet German (BSI) proposal under consideration: New Diffie-Hellman session key Some protection against eavesdrop Reader must authenticate (certificates) Certificate revocation is problematic

109 Wichers Schreur / Jacobs (IPA Fall days ) p.25/34 Advanced Security Mechanisms I For fingerprint protection; optional for ICAO Required by EU, but no EU-standard yet German (BSI) proposal under consideration: New Diffie-Hellman session key Some protection against eavesdrop Reader must authenticate (certificates) Certificate revocation is problematic Each country controls itself who can read fingerprints

110 Wichers Schreur / Jacobs (IPA Fall days ) p.26/34 Advanced Security Mechanisms II (SK P,PK P,D P ) Psp Security Doc PK P,D P Rdr

111 Wichers Schreur / Jacobs (IPA Fall days ) p.26/34 Advanced Security Mechanisms II (SK P,PK P,D P ) Psp Security Doc PK P,D P Rdr Psp PK P ( SK R, PK R,D P ) Rdr

112 Wichers Schreur / Jacobs (IPA Fall days ) p.26/34 Advanced Security Mechanisms II (SK P,PK P,D P ) Psp Security Doc PK P,D P Rdr Psp PK P ( SK R, PK R,D P ) Rdr K = KA(SK P, PK R,D P ) K = KA( PK R,SK P,D P )

113 IV. Passports for other use? Wichers Schreur / Jacobs (IPA Fall days ) p.27/34

114 Wichers Schreur / Jacobs (IPA Fall days ) p.28/34 Secure logon via your passport

115 Wichers Schreur / Jacobs (IPA Fall days ) p.28/34 Secure logon via your passport Give your machine / local network: your passport s K ENC and K MAC your passport s public key

116 Wichers Schreur / Jacobs (IPA Fall days ) p.28/34 Secure logon via your passport Give your machine / local network: your passport s K ENC and K MAC your passport s public key Authenticate yourself via challenge-response: what you have

117 Wichers Schreur / Jacobs (IPA Fall days ) p.28/34 Secure logon via your passport Give your machine / local network: your passport s K ENC and K MAC your passport s public key Authenticate yourself via challenge-response: what you have Possibly add picture check: what you are.

118 Wichers Schreur / Jacobs (IPA Fall days ) p.28/34 Secure logon via your passport Give your machine / local network: your passport s K ENC and K MAC your passport s public key Authenticate yourself via challenge-response: what you have Possibly add picture check: what you are.

119 Wichers Schreur / Jacobs (IPA Fall days ) p.29/34 Digital signature via your passport?

120 Wichers Schreur / Jacobs (IPA Fall days ) p.29/34 Digital signature via your passport? Better not, because:

121 Wichers Schreur / Jacobs (IPA Fall days ) p.29/34 Digital signature via your passport? Better not, because: a. anyone who holds your passport can sign for you.

122 Wichers Schreur / Jacobs (IPA Fall days ) p.29/34 Digital signature via your passport? Better not, because: a. anyone who holds your passport can sign for you. b. Proof of identity requires release of your MRZ (and hence access to your chip), since: MRZ contains your name + birth date hash of MRZ signed by authorities, as part of security object

123 VI. Conclusions Wichers Schreur / Jacobs (IPA Fall days ) p.30/34

124 Wichers Schreur / Jacobs (IPA Fall days ) p.31/34 Conclusions I

125 Wichers Schreur / Jacobs (IPA Fall days ) p.31/34 Conclusions I Biometric passports are on their way

126 Wichers Schreur / Jacobs (IPA Fall days ) p.31/34 Conclusions I Biometric passports are on their way General approach (ICAO, EU): careful.

127 Wichers Schreur / Jacobs (IPA Fall days ) p.31/34 Conclusions I Biometric passports are on their way General approach (ICAO, EU): careful. Basic Access Control weak link.

128 Wichers Schreur / Jacobs (IPA Fall days ) p.31/34 Conclusions I Biometric passports are on their way General approach (ICAO, EU): careful. Basic Access Control weak link. Protection of fingerprints not fully settled yet

129 Wichers Schreur / Jacobs (IPA Fall days ) p.31/34 Conclusions I Biometric passports are on their way General approach (ICAO, EU): careful. Basic Access Control weak link. Protection of fingerprints not fully settled yet Open communication with Ministry & SDU

130 Wichers Schreur / Jacobs (IPA Fall days ) p.32/34 Conclusions II

131 Wichers Schreur / Jacobs (IPA Fall days ) p.32/34 Conclusions II Biometry much overrated:

132 Wichers Schreur / Jacobs (IPA Fall days ) p.32/34 Conclusions II Biometry much overrated: Silly approach: same password, used everywhere (no template protection)

133 Wichers Schreur / Jacobs (IPA Fall days ) p.32/34 Conclusions II Biometry much overrated: Silly approach: same password, used everywhere (no template protection) Large scale use of biometrics uncertain

134 Wichers Schreur / Jacobs (IPA Fall days ) p.32/34 Conclusions II Biometry much overrated: Silly approach: same password, used everywhere (no template protection) Large scale use of biometrics uncertain Substantial false positives/negatives to be expected

135 Wichers Schreur / Jacobs (IPA Fall days ) p.32/34 Conclusions II Biometry much overrated: Silly approach: same password, used everywhere (no template protection) Large scale use of biometrics uncertain Substantial false positives/negatives to be expected Identification goals undermined: by widespread use in other applications if many citizens (obnoxiously) put their fingerprints on the web

136 Wichers Schreur / Jacobs (IPA Fall days ) p.33/34 Conclusions III

137 Wichers Schreur / Jacobs (IPA Fall days ) p.33/34 Conclusions III Function creep risks: Who will use passport s biometrics? Welfare authorities, banks, casinos etc.? Central storage: risks of compromise, misuse, etc.

138 Wichers Schreur / Jacobs (IPA Fall days ) p.33/34 Conclusions III Function creep risks: Who will use passport s biometrics? Welfare authorities, banks, casinos etc.? Central storage: risks of compromise, misuse, etc. Set-up for improved identity management can lead to large scale identity theft.

139 Wichers Schreur / Jacobs (IPA Fall days ) p.33/34 Conclusions III Function creep risks: Who will use passport s biometrics? Welfare authorities, banks, casinos etc.? Central storage: risks of compromise, misuse, etc. Set-up for improved identity management can lead to large scale identity theft. Real test (also for privacy!) are the in integration in backoffice databases

140 Wichers Schreur / Jacobs (IPA Fall days ) p.33/34 Conclusions III Function creep risks: Who will use passport s biometrics? Welfare authorities, banks, casinos etc.? Central storage: risks of compromise, misuse, etc. Set-up for improved identity management can lead to large scale identity theft. Real test (also for privacy!) are the in integration in backoffice databases Slow increase of use to be expected

141 Wichers Schreur / Jacobs (IPA Fall days ) p.34/34 Further reading

142 Wichers Schreur / Jacobs (IPA Fall days ) p.34/34 Further reading Juels (RSA labs), Molnar & Wagner (UC-Berkeley) at:

143 Wichers Schreur / Jacobs (IPA Fall days ) p.34/34 Further reading Juels (RSA labs), Molnar & Wagner (UC-Berkeley) at: Kc (U-Colombia), Molnar & Karger (IBM) at: