Ronny Wichers Schreur / Bart Jacobs Biometric Passport
|
|
- Oswin Wood
- 7 years ago
- Views:
Transcription
1 FACULTY OF SCIENCE Ronny Wichers Schreur / Bart Jacobs
2 Wichers Schreur / Jacobs (IPA Fall days ) p.1/34 Contents
3 Wichers Schreur / Jacobs (IPA Fall days ) p.1/34 Contents I. Background II. Standards & requirements III. Low level stuff IV. High level protocols V. Passports for private use? VI. Conclusions
4 I. Background Wichers Schreur / Jacobs (IPA Fall days ) p.2/34
5 Wichers Schreur / Jacobs (IPA Fall days ) p.3/34 International developments
6 Wichers Schreur / Jacobs (IPA Fall days ) p.3/34 International developments After 9/11 international move towards stronger identification of citizens & travellers
7 Wichers Schreur / Jacobs (IPA Fall days ) p.3/34 International developments After 9/11 international move towards stronger identification of citizens & travellers US: Visa waiver program after 25 Oct 06 only for countries with biometric passport
8 Wichers Schreur / Jacobs (IPA Fall days ) p.3/34 International developments After 9/11 international move towards stronger identification of citizens & travellers US: Visa waiver program after 25 Oct 06 only for countries with biometric passport Standards developed by ICAO: International Civil Airline Organisation
9 Wichers Schreur / Jacobs (IPA Fall days ) p.4/34 Role of the Netherlands
10 Wichers Schreur / Jacobs (IPA Fall days ) p.4/34 Role of the Netherlands Large trial 2B or not 2B (6 cities, participants, Sept 04-Feb 05).
11 Wichers Schreur / Jacobs (IPA Fall days ) p.4/34 Role of the Netherlands Large trial 2B or not 2B (6 cities, participants, Sept 04-Feb 05). Philips main supplier of smartmx chips
12 Wichers Schreur / Jacobs (IPA Fall days ) p.4/34 Role of the Netherlands Large trial 2B or not 2B (6 cities, participants, Sept 04-Feb 05). Philips main supplier of smartmx chips SDU Identification (inter)nationally active as document supplier (and also within ICAO).
13 Wichers Schreur / Jacobs (IPA Fall days ) p.5/34 Own involvement
14 Wichers Schreur / Jacobs (IPA Fall days ) p.5/34 Own involvement Membership of expert council set up by ministry of internal affairs (Jacobs)
15 Wichers Schreur / Jacobs (IPA Fall days ) p.5/34 Own involvement Membership of expert council set up by ministry of internal affairs (Jacobs) Participation in enrollment procedure, resulting in test passport (Oostdijk)
16 Wichers Schreur / Jacobs (IPA Fall days ) p.5/34 Own involvement Membership of expert council set up by ministry of internal affairs (Jacobs) Participation in enrollment procedure, resulting in test passport (Oostdijk) Production of own terminal-side software (Wichers Schreur) & test development
17 Wichers Schreur / Jacobs (IPA Fall days ) p.5/34 Own involvement Membership of expert council set up by ministry of internal affairs (Jacobs) Participation in enrollment procedure, resulting in test passport (Oostdijk) Production of own terminal-side software (Wichers Schreur) & test development Role in discussion in media
18 Wichers Schreur / Jacobs (IPA Fall days ) p.5/34 Own involvement Membership of expert council set up by ministry of internal affairs (Jacobs) Participation in enrollment procedure, resulting in test passport (Oostdijk) Production of own terminal-side software (Wichers Schreur) & test development Role in discussion in media Disclaimer: no biometry experts
19 Wichers Schreur / Jacobs (IPA Fall days ) p.6/34 Passport fraud
20 Wichers Schreur / Jacobs (IPA Fall days ) p.6/34 Passport fraud Forgery of modern (NL) passports very difficult
21 Wichers Schreur / Jacobs (IPA Fall days ) p.6/34 Passport fraud Forgery of modern (NL) passports very difficult Production of passports has been centralised
22 Wichers Schreur / Jacobs (IPA Fall days ) p.6/34 Passport fraud Forgery of modern (NL) passports very difficult Production of passports has been centralised Criminal organisations collect large numbers of passports, and look for reasonable matches
23 Wichers Schreur / Jacobs (IPA Fall days ) p.6/34 Passport fraud Forgery of modern (NL) passports very difficult Production of passports has been centralised Criminal organisations collect large numbers of passports, and look for reasonable matches Look alike fraud is source of concern
24 Wichers Schreur / Jacobs (IPA Fall days ) p.6/34 Passport fraud Forgery of modern (NL) passports very difficult Production of passports has been centralised Criminal organisations collect large numbers of passports, and look for reasonable matches Look alike fraud is source of concern Hence original aim: biometric Verification
25 Wichers Schreur / Jacobs (IPA Fall days ) p.7/34 Reasonable security goal
26 Wichers Schreur / Jacobs (IPA Fall days ) p.7/34 Reasonable security goal Chip in passport with contactless access requires:
27 Wichers Schreur / Jacobs (IPA Fall days ) p.7/34 Reasonable security goal Chip in passport with contactless access requires: No identifying information is released without the consent of the passport s holder. This should include identification numbers of chips and country identification (bomb targeted at individuals/nationals).
28 Wichers Schreur / Jacobs (IPA Fall days ) p.7/34 Reasonable security goal Chip in passport with contactless access requires: No identifying information is released without the consent of the passport s holder. This should include identification numbers of chips and country identification (bomb targeted at individuals/nationals). Receiver must be able to check authenticity and integrity of contained data
29 II. Standards & requirements Wichers Schreur / Jacobs (IPA Fall days ) p.8/34
30 Wichers Schreur / Jacobs (IPA Fall days ) p.9/34 ICAO on MRTD
31 Wichers Schreur / Jacobs (IPA Fall days ) p.9/34 ICAO on MRTD MRTD: Machine Readable Travel Document
32 Wichers Schreur / Jacobs (IPA Fall days ) p.9/34 ICAO on MRTD MRTD: Machine Readable Travel Document Open standards, for states and suppliers
33 Wichers Schreur / Jacobs (IPA Fall days ) p.9/34 ICAO on MRTD MRTD: Machine Readable Travel Document Open standards, for states and suppliers PKI task force with members from US, UK, Can, Ger, NL.
34 Wichers Schreur / Jacobs (IPA Fall days ) p.9/34 ICAO on MRTD MRTD: Machine Readable Travel Document Open standards, for states and suppliers PKI task force with members from US, UK, Can, Ger, NL. Only facial image mandatory; fingerprints, iris scan, etc. optional
35 Wichers Schreur / Jacobs (IPA Fall days ) p.9/34 ICAO on MRTD MRTD: Machine Readable Travel Document Open standards, for states and suppliers PKI task force with members from US, UK, Can, Ger, NL. Only facial image mandatory; fingerprints, iris scan, etc. optional Only integrity check mandatory; several other protection mechanisms optional
36 Wichers Schreur / Jacobs (IPA Fall days ) p.9/34 ICAO on MRTD MRTD: Machine Readable Travel Document Open standards, for states and suppliers PKI task force with members from US, UK, Can, Ger, NL. Only facial image mandatory; fingerprints, iris scan, etc. optional Only integrity check mandatory; several other protection mechanisms optional See
37 Wichers Schreur / Jacobs (IPA Fall days ) p.10/34 EU on MRTD
38 Wichers Schreur / Jacobs (IPA Fall days ) p.10/34 EU on MRTD Facial scan included before 28 Aug 06
39 Wichers Schreur / Jacobs (IPA Fall days ) p.10/34 EU on MRTD Facial scan included before 28 Aug 06 Fingerprints later, 3 year after agreement on protection mechanism
40 Wichers Schreur / Jacobs (IPA Fall days ) p.10/34 EU on MRTD Facial scan included before 28 Aug 06 Fingerprints later, 3 year after agreement on protection mechanism Basic Access Control mandatory:
41 Wichers Schreur / Jacobs (IPA Fall days ) p.10/34 EU on MRTD Facial scan included before 28 Aug 06 Fingerprints later, 3 year after agreement on protection mechanism Basic Access Control mandatory: Access key for RFID chip extracted from Machine Readable Zone (MRZ) Intended as consent to read
42 Wichers Schreur / Jacobs (IPA Fall days ) p.11/34 NL on MRTD
43 Wichers Schreur / Jacobs (IPA Fall days ) p.11/34 NL on MRTD Introduction in two stages; start < 28/6/ 06.
44 Wichers Schreur / Jacobs (IPA Fall days ) p.11/34 NL on MRTD Introduction in two stages; start < 28/6/ 06. Original aim (2002): verification only, with decentralised storage of biometric data
45 Wichers Schreur / Jacobs (IPA Fall days ) p.11/34 NL on MRTD Introduction in two stages; start < 28/6/ 06. Original aim (2002): verification only, with decentralised storage of biometric data New aims (Jan. 2005, letter on terror ):
46 Wichers Schreur / Jacobs (IPA Fall days ) p.11/34 NL on MRTD Introduction in two stages; start < 28/6/ 06. Original aim (2002): verification only, with decentralised storage of biometric data New aims (Jan. 2005, letter on terror ): identification, called on line verification central database of biometric data meant as contribution to effectivity of identification laws
47 Wichers Schreur / Jacobs (IPA Fall days ) p.12/34 Protection mechanisms
48 Wichers Schreur / Jacobs (IPA Fall days ) p.12/34 Protection mechanisms basic access ctrl passive authent. active authent. extended access ctrl to protect mechanism EU US
49 Wichers Schreur / Jacobs (IPA Fall days ) p.12/34 Protection mechanisms to protect mechanism EU US basic access ctrl access & confidentiality encryption via key from MRZ + + passive authent. active authent. extended access ctrl
50 Wichers Schreur / Jacobs (IPA Fall days ) p.12/34 Protection mechanisms to protect mechanism EU US basic access ctrl access & confidentiality encryption via key from MRZ + + passive authent. integrity of content signature by SDU (by NL) + + active authent. extended access ctrl
51 Wichers Schreur / Jacobs (IPA Fall days ) p.12/34 Protection mechanisms to protect mechanism EU US basic access ctrl access & confidentiality encryption via key from MRZ + + passive authent. integrity of content signature by SDU (by NL) + + active authent. authenticity of document signing of challenge +- NL + - extended access ctrl
52 Wichers Schreur / Jacobs (IPA Fall days ) p.12/34 Protection mechanisms to protect mechanism EU US basic access ctrl access & confidentiality encryption via key from MRZ + + passive authent. integrity of content signature by SDU (by NL) + + active authent. authenticity of document signing of challenge +- NL + - extended access ctrl confidentiality of fingerprints key exchange / sign challenge + n.a.
53 Wichers Schreur / Jacobs (IPA Fall days ) p.12/34 Protection mechanisms to protect mechanism EU US basic access ctrl access & confidentiality encryption via key from MRZ + + passive authent. integrity of content signature by SDU (by NL) + + active authent. authenticity of document signing of challenge +- NL + - extended access ctrl confidentiality of fingerprints key exchange / sign challenge + n.a. Physical: Faraday cage ; prevents eavesdrop
54 Wichers Schreur / Jacobs (IPA Fall days ) p.13/34 International PKI
55 Wichers Schreur / Jacobs (IPA Fall days ) p.13/34 International PKI Country Signing CA (NL) signs certificate of Document Signer (SDU)
56 Wichers Schreur / Jacobs (IPA Fall days ) p.13/34 International PKI Country Signing CA (NL) signs certificate of Document Signer (SDU) SDU signs security object, for passive authentication
57 Wichers Schreur / Jacobs (IPA Fall days ) p.13/34 International PKI Country Signing CA (NL) signs certificate of Document Signer (SDU) SDU signs security object, for passive authentication Passport chip contains: SDU certificate own public key (hash in security object)
58 Wichers Schreur / Jacobs (IPA Fall days ) p.13/34 International PKI Country Signing CA (NL) signs certificate of Document Signer (SDU) SDU signs security object, for passive authentication Passport chip contains: SDU certificate own public key (hash in security object) Self-signed country certificates distributed at first via diplomatic post, later electronically.
59 V. Low level stuff Wichers Schreur / Jacobs (IPA Fall days ) p.14/34
60 Wichers Schreur / Jacobs (IPA Fall days ) p.15/34 Card info I
61 Wichers Schreur / Jacobs (IPA Fall days ) p.15/34 Card info I SmartMX Chip from Philips (P5CT072), with: 72Kbyte EEPROM contactless interface (ISO/IEC A) 3DES, RNG, RSA, SHA1 (ECC?)
62 Wichers Schreur / Jacobs (IPA Fall days ) p.15/34 Card info I SmartMX Chip from Philips (P5CT072), with: 72Kbyte EEPROM contactless interface (ISO/IEC A) 3DES, RNG, RSA, SHA1 (ECC?) High certification: level EAL5+ of Common Criteria
63 Wichers Schreur / Jacobs (IPA Fall days ) p.15/34 Card info I SmartMX Chip from Philips (P5CT072), with: 72Kbyte EEPROM contactless interface (ISO/IEC A) 3DES, RNG, RSA, SHA1 (ECC?) High certification: level EAL5+ of Common Criteria JavaCard OS: IBM JCOP41 version 2.20 Certification by German BSI ongoing
64 Wichers Schreur / Jacobs (IPA Fall days ) p.15/34 Card info I SmartMX Chip from Philips (P5CT072), with: 72Kbyte EEPROM contactless interface (ISO/IEC A) 3DES, RNG, RSA, SHA1 (ECC?) High certification: level EAL5+ of Common Criteria JavaCard OS: IBM JCOP41 version 2.20 Certification by German BSI ongoing Passport Java applet written by SDU: closed source
65 Wichers Schreur / Jacobs (IPA Fall days ) p.16/34 Card info II
66 Wichers Schreur / Jacobs (IPA Fall days ) p.16/34 Card info II Writing to chip (e.g. for visa, children etc.) not foreseen.
67 Wichers Schreur / Jacobs (IPA Fall days ) p.16/34 Card info II Writing to chip (e.g. for visa, children etc.) not foreseen. No certainty about absence of backdoors But secret access should be detectable via monitoring
68 Wichers Schreur / Jacobs (IPA Fall days ) p.17/34 Contactless issues
69 Wichers Schreur / Jacobs (IPA Fall days ) p.17/34 Contactless issues Operation distance < 10 cm; eavesdrop < 10m?
70 Wichers Schreur / Jacobs (IPA Fall days ) p.17/34 Contactless issues Operation distance < 10 cm; eavesdrop < 10m? Multiple cards may be in reach of reader
71 Wichers Schreur / Jacobs (IPA Fall days ) p.17/34 Contactless issues Operation distance < 10 cm; eavesdrop < 10m? Multiple cards may be in reach of reader Anti-collision protocol described in ISO
72 Wichers Schreur / Jacobs (IPA Fall days ) p.17/34 Contactless issues Operation distance < 10 cm; eavesdrop < 10m? Multiple cards may be in reach of reader Anti-collision protocol described in ISO With fixed identifier tree walking protocol in current SDU test passport (4 byte id) allows tracing and targeting
73 Contactless issues Operation distance < 10 cm; eavesdrop < 10m? Multiple cards may be in reach of reader Anti-collision protocol described in ISO With fixed identifier tree walking protocol in current SDU test passport (4 byte id) allows tracing and targeting SDU: deployed card will use random identifier Wichers Schreur / Jacobs (IPA Fall days ) p.17/34
74 III. High level protocols Wichers Schreur / Jacobs (IPA Fall days ) p.18/34
75 Wichers Schreur / Jacobs (IPA Fall days ) p.19/34 Basic Access Control I
76 Wichers Schreur / Jacobs (IPA Fall days ) p.19/34 Basic Access Control I MRZ info yields 3DES document basic access keys K ENC,K MAC, fixed for lifetime
77 Wichers Schreur / Jacobs (IPA Fall days ) p.19/34 Basic Access Control I MRZ info yields 3DES document basic access keys K ENC,K MAC, fixed for lifetime Relevant MRZ input: passport nr. + birth date + expiry date
78 Wichers Schreur / Jacobs (IPA Fall days ) p.19/34 Basic Access Control I MRZ info yields 3DES document basic access keys K ENC,K MAC, fixed for lifetime Relevant MRZ input: passport nr. + birth date + expiry date Consent & confidentiality mechanism
79 Wichers Schreur / Jacobs (IPA Fall days ) p.20/34 Basic Access Control II
80 Wichers Schreur / Jacobs (IPA Fall days ) p.20/34 Basic Access Control II Psp N P (8 byte) Rdr
81 Wichers Schreur / Jacobs (IPA Fall days ) p.20/34 Basic Access Control II Psp N P (8 byte) Rdr Psp A:=N R N P K R K Enc {A},K MAC [K ENC {A}] Rdr
82 Wichers Schreur / Jacobs (IPA Fall days ) p.20/34 Basic Access Control II Psp N P (8 byte) Rdr Psp A:=N R N P K R K Enc {A},K MAC [K ENC {A}] Rdr Psp B:=N P N R K P K Enc {B},K MAC [K ENC {B}] Rdr
83 Wichers Schreur / Jacobs (IPA Fall days ) p.20/34 Basic Access Control II Psp N P (8 byte) Rdr Psp A:=N R N P K R K Enc {A},K MAC [K ENC {A}] Rdr Psp B:=N P N R K P K Enc {B},K MAC [K ENC {B}] Rdr Session keys are then derived from K P and K R, for rest of communication.
84 Wichers Schreur / Jacobs (IPA Fall days ) p.21/34 Low Entropy I Maximal entropy somewhere between 50 and 60 bits
85 Wichers Schreur / Jacobs (IPA Fall days ) p.21/34 Low Entropy I Maximal entropy somewhere between 50 and 60 bits Actual entropy much lower
86 Wichers Schreur / Jacobs (IPA Fall days ) p.21/34 Low Entropy I Maximal entropy somewhere between 50 and 60 bits Actual entropy much lower NL: passport numbers sequential
87 Wichers Schreur / Jacobs (IPA Fall days ) p.21/34 Low Entropy I Maximal entropy somewhere between 50 and 60 bits Actual entropy much lower NL: passport numbers sequential check digit in passport number (Witteman, Riscure)
88 Wichers Schreur / Jacobs (IPA Fall days ) p.21/34 Low Entropy I Maximal entropy somewhere between 50 and 60 bits Actual entropy much lower NL: passport numbers sequential check digit in passport number (Witteman, Riscure) age can be guessed, say within 10 years
89 Wichers Schreur / Jacobs (IPA Fall days ) p.21/34 Low Entropy I Maximal entropy somewhere between 50 and 60 bits Actual entropy much lower NL: passport numbers sequential check digit in passport number (Witteman, Riscure) age can be guessed, say within 10 years entropy only 35 bits
90 Wichers Schreur / Jacobs (IPA Fall days ) p.22/34 Low Entropy II Brute force attack
91 Wichers Schreur / Jacobs (IPA Fall days ) p.22/34 Low Entropy II Brute force attack Skimming too slow: 100 guesses s 1
92 Wichers Schreur / Jacobs (IPA Fall days ) p.22/34 Low Entropy II Brute force attack Skimming too slow: 100 guesses s 1 Eavesdropped data: 1,000,000 guesses s 1
93 Wichers Schreur / Jacobs (IPA Fall days ) p.22/34 Low Entropy II Brute force attack Skimming too slow: 100 guesses s 1 Eavesdropped data: 1,000,000 guesses s 1 35 bits: crackable in hours on standard PC
94 Wichers Schreur / Jacobs (IPA Fall days ) p.22/34 Low Entropy II Brute force attack Skimming too slow: 100 guesses s 1 Eavesdropped data: 1,000,000 guesses s 1 35 bits: crackable in hours on standard PC Ministry: issuance order deeply entrenched in procedures and checks
95 Wichers Schreur / Jacobs (IPA Fall days ) p.22/34 Low Entropy II Brute force attack Skimming too slow: 100 guesses s 1 Eavesdropped data: 1,000,000 guesses s 1 35 bits: crackable in hours on standard PC Ministry: issuance order deeply entrenched in procedures and checks ICAO is studying strengthening of Basic Access Control
96 Wichers Schreur / Jacobs (IPA Fall days ) p.23/34 Passive authentication
97 Wichers Schreur / Jacobs (IPA Fall days ) p.23/34 Passive authentication Read Security Object from chip with: SDU certificate public key for active authentication hashes of all passport data SDU signature
98 Wichers Schreur / Jacobs (IPA Fall days ) p.23/34 Passive authentication Read Security Object from chip with: SDU certificate public key for active authentication hashes of all passport data SDU signature Authenticity check consists of: certificate of SDU, using NL public key signature by SDU, using certificate hashes, after reading data
99 Passive authentication Read Security Object from chip with: SDU certificate public key for active authentication hashes of all passport data SDU signature Authenticity check consists of: certificate of SDU, using NL public key signature by SDU, using certificate hashes, after reading data Cloning still possible. Wichers Schreur / Jacobs (IPA Fall days ) p.23/34
100 Wichers Schreur / Jacobs (IPA Fall days ) p.24/34 Active authentication, against cloning
101 Wichers Schreur / Jacobs (IPA Fall days ) p.24/34 Active authentication, against cloning Passport has private (RSA) key, with public key in (signed) security document.
102 Wichers Schreur / Jacobs (IPA Fall days ) p.24/34 Active authentication, against cloning Passport has private (RSA) key, with public key in (signed) security document. Psp N R (8 byte) Rdr
103 Wichers Schreur / Jacobs (IPA Fall days ) p.24/34 Active authentication, against cloning Passport has private (RSA) key, with public key in (signed) security document. Psp N R (8 byte) Rdr Psp Sig(N R padding) Rdr
104 Wichers Schreur / Jacobs (IPA Fall days ) p.24/34 Active authentication, against cloning Passport has private (RSA) key, with public key in (signed) security document. Psp N R (8 byte) Rdr Psp Sig(N R padding) Rdr Possible risk of signing location + timing data in N R, for tracking.
105 Wichers Schreur / Jacobs (IPA Fall days ) p.25/34 Advanced Security Mechanisms I
106 Wichers Schreur / Jacobs (IPA Fall days ) p.25/34 Advanced Security Mechanisms I For fingerprint protection; optional for ICAO
107 Wichers Schreur / Jacobs (IPA Fall days ) p.25/34 Advanced Security Mechanisms I For fingerprint protection; optional for ICAO Required by EU, but no EU-standard yet
108 Wichers Schreur / Jacobs (IPA Fall days ) p.25/34 Advanced Security Mechanisms I For fingerprint protection; optional for ICAO Required by EU, but no EU-standard yet German (BSI) proposal under consideration: New Diffie-Hellman session key Some protection against eavesdrop Reader must authenticate (certificates) Certificate revocation is problematic
109 Wichers Schreur / Jacobs (IPA Fall days ) p.25/34 Advanced Security Mechanisms I For fingerprint protection; optional for ICAO Required by EU, but no EU-standard yet German (BSI) proposal under consideration: New Diffie-Hellman session key Some protection against eavesdrop Reader must authenticate (certificates) Certificate revocation is problematic Each country controls itself who can read fingerprints
110 Wichers Schreur / Jacobs (IPA Fall days ) p.26/34 Advanced Security Mechanisms II (SK P,PK P,D P ) Psp Security Doc PK P,D P Rdr
111 Wichers Schreur / Jacobs (IPA Fall days ) p.26/34 Advanced Security Mechanisms II (SK P,PK P,D P ) Psp Security Doc PK P,D P Rdr Psp PK P ( SK R, PK R,D P ) Rdr
112 Wichers Schreur / Jacobs (IPA Fall days ) p.26/34 Advanced Security Mechanisms II (SK P,PK P,D P ) Psp Security Doc PK P,D P Rdr Psp PK P ( SK R, PK R,D P ) Rdr K = KA(SK P, PK R,D P ) K = KA( PK R,SK P,D P )
113 IV. Passports for other use? Wichers Schreur / Jacobs (IPA Fall days ) p.27/34
114 Wichers Schreur / Jacobs (IPA Fall days ) p.28/34 Secure logon via your passport
115 Wichers Schreur / Jacobs (IPA Fall days ) p.28/34 Secure logon via your passport Give your machine / local network: your passport s K ENC and K MAC your passport s public key
116 Wichers Schreur / Jacobs (IPA Fall days ) p.28/34 Secure logon via your passport Give your machine / local network: your passport s K ENC and K MAC your passport s public key Authenticate yourself via challenge-response: what you have
117 Wichers Schreur / Jacobs (IPA Fall days ) p.28/34 Secure logon via your passport Give your machine / local network: your passport s K ENC and K MAC your passport s public key Authenticate yourself via challenge-response: what you have Possibly add picture check: what you are.
118 Wichers Schreur / Jacobs (IPA Fall days ) p.28/34 Secure logon via your passport Give your machine / local network: your passport s K ENC and K MAC your passport s public key Authenticate yourself via challenge-response: what you have Possibly add picture check: what you are.
119 Wichers Schreur / Jacobs (IPA Fall days ) p.29/34 Digital signature via your passport?
120 Wichers Schreur / Jacobs (IPA Fall days ) p.29/34 Digital signature via your passport? Better not, because:
121 Wichers Schreur / Jacobs (IPA Fall days ) p.29/34 Digital signature via your passport? Better not, because: a. anyone who holds your passport can sign for you.
122 Wichers Schreur / Jacobs (IPA Fall days ) p.29/34 Digital signature via your passport? Better not, because: a. anyone who holds your passport can sign for you. b. Proof of identity requires release of your MRZ (and hence access to your chip), since: MRZ contains your name + birth date hash of MRZ signed by authorities, as part of security object
123 VI. Conclusions Wichers Schreur / Jacobs (IPA Fall days ) p.30/34
124 Wichers Schreur / Jacobs (IPA Fall days ) p.31/34 Conclusions I
125 Wichers Schreur / Jacobs (IPA Fall days ) p.31/34 Conclusions I Biometric passports are on their way
126 Wichers Schreur / Jacobs (IPA Fall days ) p.31/34 Conclusions I Biometric passports are on their way General approach (ICAO, EU): careful.
127 Wichers Schreur / Jacobs (IPA Fall days ) p.31/34 Conclusions I Biometric passports are on their way General approach (ICAO, EU): careful. Basic Access Control weak link.
128 Wichers Schreur / Jacobs (IPA Fall days ) p.31/34 Conclusions I Biometric passports are on their way General approach (ICAO, EU): careful. Basic Access Control weak link. Protection of fingerprints not fully settled yet
129 Wichers Schreur / Jacobs (IPA Fall days ) p.31/34 Conclusions I Biometric passports are on their way General approach (ICAO, EU): careful. Basic Access Control weak link. Protection of fingerprints not fully settled yet Open communication with Ministry & SDU
130 Wichers Schreur / Jacobs (IPA Fall days ) p.32/34 Conclusions II
131 Wichers Schreur / Jacobs (IPA Fall days ) p.32/34 Conclusions II Biometry much overrated:
132 Wichers Schreur / Jacobs (IPA Fall days ) p.32/34 Conclusions II Biometry much overrated: Silly approach: same password, used everywhere (no template protection)
133 Wichers Schreur / Jacobs (IPA Fall days ) p.32/34 Conclusions II Biometry much overrated: Silly approach: same password, used everywhere (no template protection) Large scale use of biometrics uncertain
134 Wichers Schreur / Jacobs (IPA Fall days ) p.32/34 Conclusions II Biometry much overrated: Silly approach: same password, used everywhere (no template protection) Large scale use of biometrics uncertain Substantial false positives/negatives to be expected
135 Wichers Schreur / Jacobs (IPA Fall days ) p.32/34 Conclusions II Biometry much overrated: Silly approach: same password, used everywhere (no template protection) Large scale use of biometrics uncertain Substantial false positives/negatives to be expected Identification goals undermined: by widespread use in other applications if many citizens (obnoxiously) put their fingerprints on the web
136 Wichers Schreur / Jacobs (IPA Fall days ) p.33/34 Conclusions III
137 Wichers Schreur / Jacobs (IPA Fall days ) p.33/34 Conclusions III Function creep risks: Who will use passport s biometrics? Welfare authorities, banks, casinos etc.? Central storage: risks of compromise, misuse, etc.
138 Wichers Schreur / Jacobs (IPA Fall days ) p.33/34 Conclusions III Function creep risks: Who will use passport s biometrics? Welfare authorities, banks, casinos etc.? Central storage: risks of compromise, misuse, etc. Set-up for improved identity management can lead to large scale identity theft.
139 Wichers Schreur / Jacobs (IPA Fall days ) p.33/34 Conclusions III Function creep risks: Who will use passport s biometrics? Welfare authorities, banks, casinos etc.? Central storage: risks of compromise, misuse, etc. Set-up for improved identity management can lead to large scale identity theft. Real test (also for privacy!) are the in integration in backoffice databases
140 Wichers Schreur / Jacobs (IPA Fall days ) p.33/34 Conclusions III Function creep risks: Who will use passport s biometrics? Welfare authorities, banks, casinos etc.? Central storage: risks of compromise, misuse, etc. Set-up for improved identity management can lead to large scale identity theft. Real test (also for privacy!) are the in integration in backoffice databases Slow increase of use to be expected
141 Wichers Schreur / Jacobs (IPA Fall days ) p.34/34 Further reading
142 Wichers Schreur / Jacobs (IPA Fall days ) p.34/34 Further reading Juels (RSA labs), Molnar & Wagner (UC-Berkeley) at:
143 Wichers Schreur / Jacobs (IPA Fall days ) p.34/34 Further reading Juels (RSA labs), Molnar & Wagner (UC-Berkeley) at: Kc (U-Colombia), Molnar & Karger (IBM) at:
Keep Out of My Passport: Access Control Mechanisms in E-passports
Keep Out of My Passport: Access Control Mechanisms in E-passports Ivo Pooters June 15, 2008 Abstract Nowadays, over 40 different countries issue biometric passports to increase security on there borders.
More informationImplementation of biometrics, issues to be solved
ICAO 9th Symposium and Exhibition on MRTDs, Biometrics and Border Security, 22-24 October 2013 Implementation of biometrics, issues to be solved Eugenijus Liubenka, Chairman of the Frontiers / False Documents
More informationPreventing fraud in epassports and eids
Preventing fraud in epassports and eids Security protocols for today and tomorrow by Markus Mösenbacher, NXP Machine-readable passports have been a reality since the 1980s, but it wasn't until after 2001,
More informationSecurity by Politics - Why it will never work. Lukas Grunwald DN-Systems GmbH Germany DefCon 15 Las Vegas USA
Security by Politics - Why it will never work Lukas Grunwald DN-Systems GmbH Germany DefCon 15 Las Vegas USA Agenda Motivation Some basics Brief overview epassport (MRTD) Why cloning? How to attack the
More informationStatewatch Briefing ID Cards in the EU: Current state of play
Statewatch Briefing ID Cards in the EU: Current state of play Introduction In March 2010, the Council Presidency sent out a questionnaire to EU Member States and countries that are members of the socalled
More informationMoving to the third generation of electronic passports
Moving to the third generation of electronic passports A new dimension in electronic passport security with Supplemental Access Control (SAC) > WHITE PAPER 2 Gemalto in brief Gemalto is the world leader
More informationEfficient Implementation of Electronic Passport Scheme Using Cryptographic Security Along With Multiple Biometrics
I.J. Information Engineering and Electronic Business, 2012, 1, 18-24 Published Online February 2012 in MECS (http://www.mecs-press.org/) DOI: 10.5815/ijieeb.2012.01.03 Efficient Implementation of Electronic
More informationContactless Smart Cards vs. EPC Gen 2 RFID Tags: Frequently Asked Questions. July, 2006. Developed by: Smart Card Alliance Identity Council
Contactless Smart Cards vs. EPC Gen 2 RFID Tags: Frequently Asked Questions July, 2006 Developed by: Smart Card Alliance Identity Council Contactless Smart Cards vs. EPC Gen 2 RFID Tags: Frequently Asked
More informationMACHINE READABLE TRAVEL DOCUMENTS
MACHINE READABLE TRAVEL DOCUMENTS (Logo) TECHNICAL REPORT PKI for Machine Readable Travel Documents offering ICC Read-Only Access Version - 1.1 Date - October 01, 2004 Published by authority of the Secretary
More informationA Note on the Relay Attacks on e-passports
A Note on the Relay Attacks on e-passports The Case of Czech e-passports Martin Hlaváč 1 and Tomáš Rosa 1,2 hlavm1am@artax.karlin.mff.cuni.cz and trosa@ebanka.cz 1 Department of Algebra, Charles University
More informationEntrust Smartcard & USB Authentication
Entrust Smartcard & USB Authentication Technical Specifications Entrust IdentityGuard smartcard- and USB-based devices allow organizations to leverage strong certificate-based authentication of user identities
More informationEuropean Electronic Identity Practices Country Update of Portugal
European Electronic Identity Practices Country Update of Portugal Speaker: Anabela Pedroso anabela.pedroso@umic.pt Date: 3 November 2006 1. Status of National legislation on eid Are eid specific regulations
More informationAchieving Universal Secure Identity Verification with Convenience and Personal Privacy A PRIVARIS BUSINESS WHITE PAPER
with Convenience and Personal Privacy version 0.2 Aug.18, 2007 WHITE PAPER CONTENT Introduction... 3 Identity verification and multi-factor authentication..... 4 Market adoption... 4 Making biometrics
More informationElectronic Passports in a Nutshell
Electronic Passports in a Nutshell Wojciech Mostowski and Erik Poll Radboud University, Nijmegen, The Netherlands {woj,erikpoll}@cs.ru.nl Abstract. This document tries to give concise, (semi)formal specifications
More informationUsing etoken for SSL Web Authentication. SSL V3.0 Overview
Using etoken for SSL Web Authentication Lesson 12 April 2004 etoken Certification Course SSL V3.0 Overview Secure Sockets Layer protocol, version 3.0 Provides communication privacy over the internet. Prevents
More informationEncryption, Data Integrity, Digital Certificates, and SSL. Developed by. Jerry Scott. SSL Primer-1-1
Encryption, Data Integrity, Digital Certificates, and SSL Developed by Jerry Scott 2002 SSL Primer-1-1 Ideas Behind Encryption When information is transmitted across intranets or the Internet, others can
More informationEvidence of Identity: Breeder Documents and Beyond Barry J. Kefauver International national Standards ds Organization ation Why Care? A false passport in the hands of a terrorist is as dangerous as a bomb
More informationDiscover Germany s Electronic Passport
Discover Germany s Electronic Passport Starting 1 Nov. 2007 E-Passport 2nd Generation www.epass.de 1 Introducing Germany s e-passport If you want to know why there are electronic passports and how to recognize
More informationOperational and Technical security of Electronic Passports
European Agency for the Management of Operational Cooperation at the External Borders of the Member States of the European Union Operational and Technical security of Electronic Passports Warsaw, Legal
More informationAdvanced Authentication
White Paper Advanced Authentication Introduction In this paper: Introduction 1 User Authentication 2 Device Authentication 3 Message Authentication 4 Advanced Authentication 5 Advanced Authentication is
More informationFull page passport/document reader Regula model 70X4M
Full page passport/document reader Regula model 70X4M Full page passport reader with no moving parts inside. Automatic reading and authenticity verification of passports, IDs, visas, driver s licenses
More informationCommon Criteria Protection Profile for Inspection Systems (IS) BSI-CC-PP-0064. Version 1.01 (15 th April 2010)
Common Criteria Protection Profile for BSI-CC-PP-0064 Version 1.01 (15 th April 2010) Federal Office for Information Security Postfach 20 03 63 53133 Bonn Phone: +49 228 99 9582-0 e-mail: zertifizierung@bsi.bund.de
More informationE-Visas Verification Schemes Based on Public-Key Infrastructure and Identity Based Encryption
Journal of Computer Science 6 (7): 723-727, 2010 ISSN 1549-3636 2010 Science Publications E-Visas Verification Schemes Based on Public-Key Infrastructure and Identity Based Encryption Najlaa A. Abuadhmah,
More informationElectronic machine-readable travel documents (emrtds) The importance of digital certificates
Electronic machine-readable travel documents (emrtds) The importance of digital certificates Superior security Electronic machine-readable travel documents (emrtds) are well-known for their good security.
More informationNew Attacks against RFID-Systems. Lukas Grunwald DN-Systems GmbH Germany
New Attacks against RFID-Systems Lukas Grunwald DN-Systems GmbH Germany Agenda What is RFID? How to exploit and attack RFID systems Attacks against the middleware Reader-emulation, soft-tags Unexpected
More informationeidas as blueprint for future eid projects cryptovision mindshare 2015 HJP Consulting Holger Funke
eidas as blueprint for future eid projects cryptovision mindshare 2015 HJP Consulting Holger Funke Agenda eidas Regulation TR-03110 V2.20 German ID card POSeIDAS Summary cryptovision mindshare 2015: eidas
More informationPKD Board ICAO PKD unclassified B-Tec/36. Regulations for the ICAO Public Key Directory
Regulations for the ICAO Public Key Directory last modification final 1/8 SECTION 1 AUTHORITY These Regulations are issued by ICAO on the basis of Paragraph 3 b) of the Memorandum of Understanding (MoU)
More informationI N F O R M A T I O N S E C U R I T Y
NIST Special Publication 800-78-3 DRAFT Cryptographic Algorithms and Key Sizes for Personal Identity Verification W. Timothy Polk Donna F. Dodson William E. Burr Hildegard Ferraiolo David Cooper I N F
More information5. Biometric data-leakage: Among other data, e- passports will include biometric images. In accordance
Security and Privacy Issues in E-passports Ari Juels, David Molnar, and David Wagner Abstract Within the next year, travelers from dozens of nations may be carrying a new form of passport in response to
More informationBest Practices for the Use of RF-Enabled Technology in Identity Management. January 2007. Developed by: Smart Card Alliance Identity Council
Best Practices for the Use of RF-Enabled Technology in Identity Management January 2007 Developed by: Smart Card Alliance Identity Council Best Practices for the Use of RF-Enabled Technology in Identity
More informationOctober 2014 Issue No: 2.0. Good Practice Guide No. 44 Authentication and Credentials for use with HMG Online Services
October 2014 Issue No: 2.0 Good Practice Guide No. 44 Authentication and Credentials for use with HMG Online Services Good Practice Guide No. 44 Authentication and Credentials for use with HMG Online Services
More informationPublic Key Cryptography in Practice. c Eli Biham - May 3, 2005 372 Public Key Cryptography in Practice (13)
Public Key Cryptography in Practice c Eli Biham - May 3, 2005 372 Public Key Cryptography in Practice (13) How Cryptography is Used in Applications The main drawback of public key cryptography is the inherent
More informationFAQs - New German ID Card. General
FAQs - New German ID Card General 1) How to change from the old ID card to the new one? The new Law on Identification Cards came into effect on 1 November 2010. Since then, citizens can apply for the new
More informationI N F O R M A T I O N S E C U R I T Y
NIST Special Publication 800-78-2 DRAFT Cryptographic Algorithms and Key Sizes for Personal Identity Verification W. Timothy Polk Donna F. Dodson William. E. Burr I N F O R M A T I O N S E C U R I T Y
More informationCommon Criteria Protection Profile
Machine Readable Travel Document using Standard Inspection Procedure with PACE (PACE PP) Version 1.01, 22th July 2014 Foreword This Protection Profile Electronic Passport using Standard Inspection procedure
More informationaddressed. Specifically, a multi-biometric cryptosystem based on the fuzzy commitment scheme, in which a crypto-biometric key is derived from
Preface In the last decade biometrics has emerged as a valuable means to automatically recognize people, on the base is of their either physiological or behavioral characteristics, due to several inherent
More informationSicherheitsaspekte des neuen deutschen Personalausweises
Sicherheitsaspekte des neuen deutschen Personalausweises Dennis Kügler Bundesamt für Sicherheit in der Informationstechnik egov Fokus 2/2013: Identity- und Access Management im E-Government Rethinking
More informationesign FAQ 1. What is the online esign Electronic Signature Service? 2. Where the esign Online Electronic Signature Service can be used?
esign FAQ 1. What is the online esign Electronic Signature Service? esign Electronic Signature Service is an innovative initiative for allowing easy, efficient, and secure signing of electronic documents
More informationBiometrics, Tokens, & Public Key Certificates
Biometrics, Tokens, & Public Key Certificates The Merging of Technologies TOKENEER Workstations WS CA WS WS Certificate Authority (CA) L. Reinert S. Luther Information Systems Security Organization Biometrics,
More informationMobile Driver s License Solution
Mobile Driver s License Solution Secure, convenient and more efficient Improved identity protection through secure mobile driver s licenses The introduction of a mobile driver s license is a huge opportunity
More informationRF-Enabled Applications and Technology: Comparing and Contrasting RFID and RF-Enabled Smart Cards
RF-Enabled Applications and Technology: Comparing and Contrasting RFID and RF-Enabled Smart Cards January 2007 Developed by: Smart Card Alliance Identity Council RF-Enabled Applications and Technology:
More informationWe Must Comply with International Requirements! Introducing Biometric ID Cards in France
We Must Comply with International Requirements! Introducing Biometric ID Cards in France Meryem Marzouki CNRS - LIP6/PolyTIC / IRIS Meryem.Marzouki@iris.sgdg.org www.iris.sgdg.org Terrorizing Privacy?
More informationPart I. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001. Siemens AG 2001, ICN M NT
Part I Contents Part I Introduction to Information Security Definition of Crypto Cryptographic Objectives Security Threats and Attacks The process Security Security Services Cryptography Cryptography (code
More informationGemalto Mifare 1K Datasheet
Gemalto Mifare 1K Datasheet Contents 1. Overview...3 1.1 User convenience and speed...3 1.2 Security...3 1.3 Anticollision...3 2. Gemalto Mifare Features...4 2.1 Compatibility with norms...4 2.2 Electrical...4
More informationSecurity Analysis of Australian and E.U. E-passport Implementation
Security Analysis of Australian and E.U. E-passport Implementation Vijayakrishnan Pasupathinathan and Josef Pieprzyk Department of Computing, Macquarie University New South Wales, Australia 2109 {krishnan,josef}@ics.mq.edu.au
More informationIT Networks & Security CERT Luncheon Series: Cryptography
IT Networks & Security CERT Luncheon Series: Cryptography Presented by Addam Schroll, IT Security & Privacy Analyst 1 Outline History Terms & Definitions Symmetric and Asymmetric Algorithms Hashing PKI
More informationFAQs Electronic residence permit
FAQs Electronic residence permit General 1) When was the electronic residence permit introduced? Since 1 September 2011, foreigners in Germany have been issued with the new electronic residence permit
More informationSub- Regional Workshop and Consulta;ons on Capacity- Building in Travel Document Security: Colombia, 2013
Sub- Regional Workshop and Consulta;ons on Capacity- Building in Travel Document Security: Colombia, 2013 Carlos Gómez Head of R&D and Innova.on, FNMT- RCM, Spain ICAO TRIP: Building Trust in Travel Document
More informationIDENTITY MANAGEMENT. February 2008. The Government of the Hong Kong Special Administrative Region
IDENTITY MANAGEMENT February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without
More informationSmart Card Technology Capabilities
Smart Card Technology Capabilities Won J. Jun Giesecke & Devrient (G&D) July 8, 2003 Smart Card Technology Capabilities 1 Table of Contents Smart Card Basics Current Technology Requirements and Standards
More informationBiometrics for Public Sector Applications
Technical Guideline TR-03121-2 Biometrics for Public Sector Applications Part 2: Software Architecture and Application Profiles Version 2.3 Bundesamt für Sicherheit in der Informationstechnik Postfach
More informationCERTIFICATION REPORT
REF: 2011-11-INF-837 v1 Target: Público Date: 17.04.2012 Created by: CERT8 Revised by: CALIDAD Approved by: TECNICO CERTIFICATION REPORT File: 2011-11 KONA 102J1 epassport EAC v1.1 Applicant: KEBTechnology
More information39 myths about e-passports
14 39 myths about e-passports The facts behind e-passports and RFID technology by Mike Ellis The International Civil Aviation Organisation () - and the NTWG 1 in particular - first started work on what
More informationADVANCE AUTHENTICATION TECHNIQUES
ADVANCE AUTHENTICATION TECHNIQUES Introduction 1. Computer systems and the information they store and process are valuable resources which need to be protected. With the current trend toward networking,
More informationPosition Paper European Citizen Card: One Pillar of Interoperable eid Success
Position Paper European Citizen Card: One Pillar of Interoperable eid Success October 2008 Disclaimer Eurosmart takes reasonable measures to ensure the quality of the information contained in this document.
More informationMOBILE IDENTIFICATION:
MOBILE IDENTIFICATION: FROM FUNCTIONAL REQUIREMENTS, TO TESTING FOR INTEROPERABILITY AND SECURITY Antonia Rana*, Alessandro Alessandroni** *Joint Research Centre, **DigitPA EUR 25037 EN - 2011 The mission
More informationCSC 474 -- Network Security. User Authentication Basics. Authentication and Identity. What is identity? Authentication: verify a user s identity
CSC 474 -- Network Security Topic 6.2 User Authentication CSC 474 Dr. Peng Ning 1 User Authentication Basics CSC 474 Dr. Peng Ning 2 Authentication and Identity What is identity? which characteristics
More informationCOMMON CERTIFICATE POLICY FOR THE EXTENDED ACCESS CONTROL INFRASTRUCTURE FOR PASSPORTS AND TRAVEL DOCUMENTS ISSUED BY EU MEMBER STATES
COMMON CERTIFICATE POLICY FOR THE EXTENDED ACCESS CONTROL INFRASTRUCTURE FOR PASSPORTS AND TRAVEL DOCUMENTS ISSUED BY EU MEMBER STATES BSI TR-03139 Version 2.1 27 May 2013 Foreword The present document
More informationBiometric Passport Validation Scheme using Radio Frequency Identification
I. J. Computer Network and Information Security, 2013, 5, 30-39 Published Online April 2013 in MECS (http://www.mecs-press.org/) DOI: 10.5815/ijcnis.2013.05.04 Biometric Passport Validation Scheme using
More informationUnderstanding Digital Signature And Public Key Infrastructure
Understanding Digital Signature And Public Key Infrastructure Overview The use of networked personnel computers (PC s) in enterprise environments and on the Internet is rapidly approaching the point where
More informationHow to use your new card. Tomorrow s Queensland: strong, green, smart, healthy and fair
How to use your new card Tomorrow s Queensland: strong, green, smart, healthy and fair Safer, stronger cards for Queenslanders The Queensland Government has used the latest technology to make new Queensland
More informationEnd-to-end security with advanced biometrics technology
www.thalesgroup.com Identity Management End-to-end security with advanced biometrics technology Challenges and opportunities New environment With the explosion in personal mobility and growing migratory
More informationEnd-to-end security with advanced biometrics technology
www.thalesgroup.com Identity Management End-to-end security with advanced biometrics technology Challenges and opportunities With the explosion in personal mobility and growing migratory flows, governments
More informationSSL Protect your users, start with yourself
SSL Protect your users, start with yourself Kulsysmn 14 december 2006 Philip Brusten Overview Introduction Cryptographic algorithms Secure Socket Layer Certificate signing service
More informationMulti-Factor Authentication of Online Transactions
Multi-Factor Authentication of Online Transactions Shelli Wobken-Plagge May 7, 2009 Agenda How are economic and fraud trends evolving? What tools are available to secure online transactions? What are best
More informationSmart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi
Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi Purpose This paper is intended to describe the benefits of smart card implementation and it combination with Public
More informationCombatting Counterfeit Identities: The Power of Pairing Physical & Digital IDs
Combatting Counterfeit Identities: The Power of Pairing Physical & Digital IDs 1 GOVERNMENTS ADOPTING DIGITAL STRATEGIES Governments designing/operating digital ecosystems to create, transform and optimize
More informationPKD Board ICAO PKD unclassified B-Tec/37. Procedures for the ICAO Public Key Directory
Procedures for the ICAO Public Key Directory last modification final 1/13 SECTION 1 INTRODUCTION 1.1 As part of the MRTD initiative by ICAO, the Participants will upload to and download from the PKD, their
More informationIntroducing etoken. What is etoken?
Introducing etoken Nirit Bear September 2002 What is etoken? Small & portable reader-less Smartcard Standard USB connectivity Logical and physical protection Tamper evident (vs. tamper proof) Water resistant
More informationEPASSPORT WITH BASIC ACCESS CONTROL AND ACTIVE AUTHENTICATION
COMMON CRITERIA PROTECTION PROFILE EPASSPORT WITH BASIC ACCESS CONTROL AND ACTIVE AUTHENTICATION Draft Version 1.0 TURKISH STANDARDS INSTITUTION TABLE OF CONTENTS Common Criteria Protection Profile...
More information50 ways to break RFID privacy
50 ways to break RFID privacy Ton van Deursen 1 University of Luxembourg ton.vandeursen@uni.lu 1 Financial support received from the Fonds National de la Recherche (Luxembourg). RFID privacy 1 / 40 Outline
More informationLandscape of eid in Europe in 2013
Landscape of eid in Europe in 2013 July 2013 Eurosmart White Paper Contents Executive Summary 3 1. Purpose of the document 3 2. EU regulation 3 3. EU Member States identification policies 4 3.1. National
More informationNIST Test Personal Identity Verification (PIV) Cards
NISTIR 7870 NIST Test Personal Identity Verification (PIV) Cards David A. Cooper http://dx.doi.org/10.6028/nist.ir.7870 NISTIR 7870 NIST Text Personal Identity Verification (PIV) Cards David A. Cooper
More informationSSLPost Electronic Document Signing
SSLPost Electronic Document Signing Overview What is a Qualifying Advanced Electronic Signature (QAES)? A Qualifying Advanced Electronic Signature, is a specific type of digital electronic signature, that
More informationStrengthen RFID Tags Security Using New Data Structure
International Journal of Control and Automation 51 Strengthen RFID Tags Security Using New Data Structure Yan Liang and Chunming Rong Department of Electrical Engineering and Computer Science, University
More informationON IDENTITY CARDS. Based on Article 65 (1) of the Constitution of the Republic of Kosovo, LAW ON IDENTITY CARDS CHAPTER I GENERAL PROVISIONS
LAW Nо. 05/L-015 ON IDENTITY CARDS The Assembly of the Republic of Kosovo, Based on Article 65 (1) of the Constitution of the Republic of Kosovo, Approves LAW ON IDENTITY CARDS CHAPTER I GENERAL PROVISIONS
More informationesign Online Digital Signature Service
esign Online Digital Signature Service Government of India Ministry of Communications and Information Technology Department of Electronics and Information Technology Controller of Certifying Authorities
More informationMachine Readable Travel Documents
Doc 9303 Machine Readable Travel Documents Part 3 Machine Readable Official Travel Documents Volume 2 Specifications for Electronically Enabled MRtds with Biometric Identification Capability Approved by
More informationBanking. Extending Value to Customers. KONA Banking product matrix. KONA@I is leading the next generation of payment solutions.
Smart IC Banking Banking Extending Value to Customers KONA Banking product matrix Contact - SDA Product EEPROM Java Card Type KONA Products KONA@I is leading the next generation of payment solutions Banks,
More informationEnhanced Privacy ID (EPID) Ernie Brickell and Jiangtao Li Intel Corporation
Enhanced Privacy ID (EPID) Ernie Brickell and Jiangtao Li Intel Corporation 1 Agenda EPID overview EPID usages Device Authentication Government Issued ID EPID performance and standardization efforts 2
More informationMécanismes de Restauration de. Privacy pour les Systèmes. RFID Offlines. Gildas AVOINE, Iwen COISEL, Tania MARTIN. Journées C2 Octobre 2012
Mécanismes de Restauration de Privacy pour les Systèmes RFID Offlines Gildas AVOINE, Iwen COISEL, Tania MARTIN Journées C2 Octobre 2012 Microelectronics Laboratory Privacy-Restoring Mechanism - Journées
More informationVeda: Fraud Focus Group Forum
Veda: Fraud Focus Group Forum Identity Crime Trends, Risks and Solutions Dr Russell G Smith Principal Criminologist Outline Identity crime concepts The scope of identity crime Identity crime taxonomies
More informationCommon Criteria Protection Profile. Machine Readable Travel Document with ICAO Application, Basic Access Control BSI-CC-PP-0055
Common Criteria Protection Profile Machine Readable Travel Document with ICAO Application, Basic Access Control BSI-CC-PP-0055 Common Criteria Protection Profile Version 1.10, 25 th March 2009 Foreword
More informationSECURITY IMPLICATIONS OF NFC IN AUTHENTICATION AND IDENTITY MANAGEMENT
SECURITY IMPLICATIONS OF NFC IN AUTHENTICATION AND IDENTITY MANAGEMENT Dmitry Barinov SecureKey Technologies Inc. Session ID: MBS-W09 Session Classification: Advanced Session goals Appreciate the superior
More informationEuropean Electronic Identity Practices
European Electronic Identity Practices Country Update of Austria Speaker: Herbert Leitold Date: 9 Nov 2004 PART I: Overview Table of contents Overview of Citizen Card initiatives and its status (Summary
More informationDescription of the Technical Component:
Confirmation concerning Products for Qualified Electronic Signatures according to 15 Sec. 7 S. 1, 17 Sec. 4 German Electronic Signature Act 1 and 11 Sec. 2 and 15 German Electronic Signature Ordinance
More informationSecure Socket Layer. Introduction Overview of SSL What SSL is Useful For
Secure Socket Layer Secure Socket Layer Introduction Overview of SSL What SSL is Useful For Introduction Secure Socket Layer (SSL) Industry-standard method for protecting web communications. - Data encryption
More informationRFID Security. April 10, 2006. Martin Dam Pedersen Department of Mathematics and Computer Science University Of Southern Denmark
April 10, 2006 Martin Dam Pedersen Department of Mathematics and Computer Science University Of Southern Denmark 1 Outline What is RFID RFID usage Security threats Threat examples Protection Schemes for
More informationChapter 4. Authentication Applications. COSC 490 Network Security Annie Lu 1
Chapter 4 Authentication Applications COSC 490 Network Security Annie Lu 1 OUTLINE Kerberos X.509 Authentication Service COSC 490 Network Security Annie Lu 2 Authentication Applications authentication
More informationPRIME IDENTITY MANAGEMENT CORE
PRIME IDENTITY MANAGEMENT CORE For secure enrollment applications processing and workflow management. PRIME Identity Management Core provides the foundation for any biometric identification platform. It
More informationA c o n c i s e g u i d e t o t h e G e r m a n e Pa s s p o r t s y s t e m 2 0 0 7
10/2007 A c o n c i s e g u i d e t o t h e G e r m a n e Pa s s p o r t s y s t e m 2 0 0 7 www.bundesdruckerei.de A c o n c i s e g u i d e t o t h e G e r m a n e Pa s s p o r t s y s t e m 2 0 0 7
More informationProtection Profile for UK Dual-Interface Authentication Card
Protection Profile for UK Dual-Interface Authentication Card Version 1-0 10 th July 2009 Reference: UNKT-DO-0002 Introduction This document defines a Protection Profile to express security, evaluation
More informationAllwin Initiative for Corporate Citizenship Dartmouth Center for the Advancement of Learning Dickey Center Ethics Institute Institute for Security
Allwin Initiative for Corporate Citizenship Dartmouth Center for the Advancement of Learning Dickey Center Ethics Institute Institute for Security Technology Studies Leslie Center Rockefeller Center Tucker
More informationWhite Paper PalmSecure truedentity
White Paper PalmSecure truedentity Fujitsu PalmSecure truedentity is used for mutual service and user authentication. The user's identity always remains in the possession of the user. A truedentity server
More informationFacts about the new identity card
Facts about the new identity card Contents The new identity card At a glance... 4 In detail... 6 Photographs... 8 New ID card, new possibilities...10 Special functions... 11 The online function...12 Reader
More informationRFID SECURITY. February 2008. The Government of the Hong Kong Special Administrative Region
RFID SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without the
More informationImplementation of an Improved Secure System Detection for E-passport by using EPC RFID Tags
Implementation of an Improved Secure System Detection for E-passport by using EPC RFID Tags A. Baith Mohamed Ayman Abdel-Hamid Kareem Youssri Mohamed Abstract Current proposals for E-passport or ID-Card
More informationRFID Guardian Back-end Security Protocol
Master Thesis RFID Guardian Back-end Security Protocol Author: Hongliang Wang First Reader: Bruno Crispo Second Reader: Melanie Reiback Department of Computer Science Vrije Universiteit, Amsterdam The
More informationTÜBİTAK BİLGEM ULUSAL ELEKTRONİK & KRİPTOLOJİ ARAŞTIRMA ENSTİTÜSÜ AKİS PROJESİ AKİS V1.4N
The contents of this document are the property of TÜBİTAK TÜBİTAK BİLGEM ULUSAL ELEKTRONİK & KRİPTOLOJİ ARAŞTIRMA ENSTİTÜSÜ AKİS PROJESİ AKİS-PASAPORT SECURITY TARGET LITE AKİS V1.4N Revision No 06 Revision
More informationKEY DISTRIBUTION: PKI and SESSION-KEY EXCHANGE. Mihir Bellare UCSD 1
KEY DISTRIBUTION: PKI and SESSION-KEY EXCHANGE Mihir Bellare UCSD 1 The public key setting Alice M D sk[a] (C) Bob pk[a] C C $ E pk[a] (M) σ $ S sk[a] (M) M, σ Vpk[A] (M, σ) Bob can: send encrypted data
More information