Combatting Counterfeit Identities: The Power of Pairing Physical & Digital IDs 1
GOVERNMENTS ADOPTING DIGITAL STRATEGIES Governments designing/operating digital ecosystems to create, transform and optimize services Benefits Significant economic growth and savings ($50B to $114B) for a trusted online environment Help governments go green and promote effective natural resource management Stimulate economic growth and promote social inclusion KEY ENABLERS Online Services Big Data Social Media Mobile Apps Cloud Computing Empowering people through eparticipation Providing stronger security and authentication 2
POWERFUL COMBINATION OF PHYSICAL AND DIGITAL SECURITY Physical Security Trusted Identity Digital Security Substrate Paper PVC Polycarbonate Smartcard Carrier We innovate across platform technologies HSM USB Mobile Smartcard Form Factor Personalisation Inkjet Dye Sublimation Retransfer Laser Credential We create the personalised credential X509 ICAO BAC/EAC ISO7816 PIV Identity Certificate Laminates Hologram STOP Laser Authenticity We protect and seal for integrity Encryption Hash Keys PKI Identity Digital Signature P Key Security Features Digital Signature Document Validation Secure Transactions evalidation We enable access to services and resources 3
Physical Security Carrier Digital Security The way in which we present identity details or attributes to be validated ISO 7816 ID3 ID1 The Secure Element (chip) is our common platform ISO 14443 Standards based on physical form factor to enable machine readability Standards based on electronic interface 4
Physical Security Carrier Digital Security Teslin PVC Polyester (PET) PVC/PET Composite Polycarbonate (PC) PC/PET Composite What s the required security level? How is document stored and carried? Wallet, pocket or badge? How often is it carried, handled or swiped through a reader? Hardware Security Module Software Secure Element Network/USB/PCI Connectivity What is the desired lifetime? New ISO standard (ISO 24789) helps define durability tests to meet selected usage profile of the document 5
Physical Security Credential Digital Security Physical or logical binding of identity to attributes & privileges assigned by an authority Multiple credentials for single identity Name: Tim Klabunde Birth Date: July 29, 1967 Street: 11111 Bren Road South City: Minnetonka State: Minnesota Zip: 55343 Country: USA 6
Physical Security Credential Digital Security Inkjet Dye Sublimation Retransfer Pigment Laser Engraving Majority of passports Crisp imagery Low cost Requires overlay Dye sublimation used in most cards Brilliant, life-like images Retransfer pigment more UV light resistant & better on irregular surface Higher security Uses no print ribbons or overlays Passport National ID Driving Licence Resident Permits Healthcare Benefits Voter ID Access Control Transport Emergency Response State/Local Gov ID Military ID Standardised Passport: ICAO Document 9303 EU Driving Licence PIV X509 ISO 7816 PIV Smart Card Logon Secure email Encryption Digital Signature Authentication Card Verifiable Certificates EMV epassport (EAC & BAC) eid Logical & Physical Applications Smart Card Logon, Secure email etc. Building Access Encryption Digital Signature 7
Physical Security Authenticity Digital Security Type of attacks Document is Authentic: Verify that the document is a genuine original and not a counterfeit ROM EEPR OM RAM CPU Coproces sor Log ic Make IT! Take IT! Data is Authentic: Verify that the data was personalised by a genuine, known issuer and is not counterfeit data Data has Integrity: Verify the data is the same as originally put there and has not been tampered with or forged Commercial & criminal Academia for prowess & public interest Government organisations try to break the chip Export control Dedicated certification scheme Third party evaluation Common Criteria & FIPS 140 Fake IT! 8
Physical Security Authenticity Digital Security Strong security features bring together 3-elements: specialized engineering, restricted components, knowhow & expertise Integration of Overt, Covert and Forensic Features Pre-print Personalization Laminate A Secure ID document is resistant to simulation ( counterfeiting ), alteration ( tamper), and easy to verify with confidence. Design and training are key A digital certificate is an electronic file securely linking an individual to encryption keys and identification data, and belongs to a person and resides on a mobile token A set of hardware, software, people, policies and procedures needed to create, manage, distribute, use, store and revoke digital certificates HASH Keys PKI One Way unique Digital Fingerprint of data Varying strengths (MD5, SHA-1, SHA- 256) Public and Private Keys Used to encrypt/decrypt hash so has can be verified Trust Infrastructure for the issuance of keys, Certs, CRLs Provides lifecycle management for credentials 9
Content supplied by: Government of Canada Canada Border Services Agency National Document Centre E-PASSPORT FRAUD Counterfeit RFID Chips Digital vs. Physical security features
Case #1 - Counterfeit RFID Chips June 2010: CBSA intercepted a UK e-passport. It was one of hundreds of genuine stolen blanks. A functioning counterfeit RFID chip was inserted into the back cover. 11
The counterfeit chip displays the information on the biopage. 12
Case #2 - May-Oct 2014: CBSA intercepted multiple Slovenian e-passports altered with biopage substitution. Functioning counterfeit RFID chips were inserted into the biopage. 13
The counterfeit chip displays the information on the biopage. 14
Low Quality Fraud The Optically Variable Ink does not change color. The Optically Variable Device is low quality. 15
The Variable Laser Image does not change when tilted. The tactile features were not reproduced. 16
The serial numbers have been altered by hand.
The genuine biopage was damaged and the original chip was disabled. The counterfeit chip was placed under the counterfeit biopage. 18
19
20
Thank you 21