Ronny Wichers Schreur / Bart Jacobs Biometric Passport

Similar documents
Keep Out of My Passport: Access Control Mechanisms in E-passports

Implementation of biometrics, issues to be solved

Preventing fraud in epassports and eids

Security by Politics - Why it will never work. Lukas Grunwald DN-Systems GmbH Germany DefCon 15 Las Vegas USA

Statewatch Briefing ID Cards in the EU: Current state of play

Moving to the third generation of electronic passports

Efficient Implementation of Electronic Passport Scheme Using Cryptographic Security Along With Multiple Biometrics

Contactless Smart Cards vs. EPC Gen 2 RFID Tags: Frequently Asked Questions. July, Developed by: Smart Card Alliance Identity Council

MACHINE READABLE TRAVEL DOCUMENTS

A Note on the Relay Attacks on e-passports

Entrust Smartcard & USB Authentication

European Electronic Identity Practices Country Update of Portugal

Achieving Universal Secure Identity Verification with Convenience and Personal Privacy A PRIVARIS BUSINESS WHITE PAPER

Electronic Passports in a Nutshell

Using etoken for SSL Web Authentication. SSL V3.0 Overview

Encryption, Data Integrity, Digital Certificates, and SSL. Developed by. Jerry Scott. SSL Primer-1-1


Discover Germany s Electronic Passport

Operational and Technical security of Electronic Passports

Advanced Authentication

Full page passport/document reader Regula model 70X4M

Common Criteria Protection Profile for Inspection Systems (IS) BSI-CC-PP Version 1.01 (15 th April 2010)

E-Visas Verification Schemes Based on Public-Key Infrastructure and Identity Based Encryption

Electronic machine-readable travel documents (emrtds) The importance of digital certificates

New Attacks against RFID-Systems. Lukas Grunwald DN-Systems GmbH Germany

eidas as blueprint for future eid projects cryptovision mindshare 2015 HJP Consulting Holger Funke

PKD Board ICAO PKD unclassified B-Tec/36. Regulations for the ICAO Public Key Directory

I N F O R M A T I O N S E C U R I T Y

5. Biometric data-leakage: Among other data, e- passports will include biometric images. In accordance

Best Practices for the Use of RF-Enabled Technology in Identity Management. January Developed by: Smart Card Alliance Identity Council

October 2014 Issue No: 2.0. Good Practice Guide No. 44 Authentication and Credentials for use with HMG Online Services

Public Key Cryptography in Practice. c Eli Biham - May 3, Public Key Cryptography in Practice (13)

FAQs - New German ID Card. General

I N F O R M A T I O N S E C U R I T Y

Common Criteria Protection Profile

addressed. Specifically, a multi-biometric cryptosystem based on the fuzzy commitment scheme, in which a crypto-biometric key is derived from

Sicherheitsaspekte des neuen deutschen Personalausweises

esign FAQ 1. What is the online esign Electronic Signature Service? 2. Where the esign Online Electronic Signature Service can be used?

Biometrics, Tokens, & Public Key Certificates

Mobile Driver s License Solution

RF-Enabled Applications and Technology: Comparing and Contrasting RFID and RF-Enabled Smart Cards

We Must Comply with International Requirements! Introducing Biometric ID Cards in France

Part I. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai Siemens AG 2001, ICN M NT

Gemalto Mifare 1K Datasheet

Security Analysis of Australian and E.U. E-passport Implementation

IT Networks & Security CERT Luncheon Series: Cryptography

FAQs Electronic residence permit

Sub- Regional Workshop and Consulta;ons on Capacity- Building in Travel Document Security: Colombia, 2013

IDENTITY MANAGEMENT. February The Government of the Hong Kong Special Administrative Region

Smart Card Technology Capabilities

Biometrics for Public Sector Applications

CERTIFICATION REPORT

39 myths about e-passports

ADVANCE AUTHENTICATION TECHNIQUES

Position Paper European Citizen Card: One Pillar of Interoperable eid Success

MOBILE IDENTIFICATION:

CSC Network Security. User Authentication Basics. Authentication and Identity. What is identity? Authentication: verify a user s identity

COMMON CERTIFICATE POLICY FOR THE EXTENDED ACCESS CONTROL INFRASTRUCTURE FOR PASSPORTS AND TRAVEL DOCUMENTS ISSUED BY EU MEMBER STATES

Biometric Passport Validation Scheme using Radio Frequency Identification

Understanding Digital Signature And Public Key Infrastructure

How to use your new card. Tomorrow s Queensland: strong, green, smart, healthy and fair

End-to-end security with advanced biometrics technology

End-to-end security with advanced biometrics technology

SSL Protect your users, start with yourself

Multi-Factor Authentication of Online Transactions

Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi

Combatting Counterfeit Identities: The Power of Pairing Physical & Digital IDs

PKD Board ICAO PKD unclassified B-Tec/37. Procedures for the ICAO Public Key Directory

Introducing etoken. What is etoken?

EPASSPORT WITH BASIC ACCESS CONTROL AND ACTIVE AUTHENTICATION

50 ways to break RFID privacy

Landscape of eid in Europe in 2013

NIST Test Personal Identity Verification (PIV) Cards

SSLPost Electronic Document Signing

Strengthen RFID Tags Security Using New Data Structure

ON IDENTITY CARDS. Based on Article 65 (1) of the Constitution of the Republic of Kosovo, LAW ON IDENTITY CARDS CHAPTER I GENERAL PROVISIONS

esign Online Digital Signature Service

Machine Readable Travel Documents

Banking. Extending Value to Customers. KONA Banking product matrix. is leading the next generation of payment solutions.

Enhanced Privacy ID (EPID) Ernie Brickell and Jiangtao Li Intel Corporation

Mécanismes de Restauration de. Privacy pour les Systèmes. RFID Offlines. Gildas AVOINE, Iwen COISEL, Tania MARTIN. Journées C2 Octobre 2012

Veda: Fraud Focus Group Forum

Common Criteria Protection Profile. Machine Readable Travel Document with ICAO Application, Basic Access Control BSI-CC-PP-0055

SECURITY IMPLICATIONS OF NFC IN AUTHENTICATION AND IDENTITY MANAGEMENT

European Electronic Identity Practices

Description of the Technical Component:

Secure Socket Layer. Introduction Overview of SSL What SSL is Useful For

RFID Security. April 10, Martin Dam Pedersen Department of Mathematics and Computer Science University Of Southern Denmark

Chapter 4. Authentication Applications. COSC 490 Network Security Annie Lu 1

PRIME IDENTITY MANAGEMENT CORE

A c o n c i s e g u i d e t o t h e G e r m a n e Pa s s p o r t s y s t e m

Protection Profile for UK Dual-Interface Authentication Card

Allwin Initiative for Corporate Citizenship Dartmouth Center for the Advancement of Learning Dickey Center Ethics Institute Institute for Security

White Paper PalmSecure truedentity

Facts about the new identity card

RFID SECURITY. February The Government of the Hong Kong Special Administrative Region

Implementation of an Improved Secure System Detection for E-passport by using EPC RFID Tags

RFID Guardian Back-end Security Protocol

TÜBİTAK BİLGEM ULUSAL ELEKTRONİK & KRİPTOLOJİ ARAŞTIRMA ENSTİTÜSÜ AKİS PROJESİ AKİS V1.4N

KEY DISTRIBUTION: PKI and SESSION-KEY EXCHANGE. Mihir Bellare UCSD 1

Transcription:

FACULTY OF SCIENCE Ronny Wichers Schreur / Bart Jacobs

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.1/34 Contents

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.1/34 Contents I. Background II. Standards & requirements III. Low level stuff IV. High level protocols V. Passports for private use? VI. Conclusions

I. Background Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.2/34

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.3/34 International developments

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.3/34 International developments After 9/11 international move towards stronger identification of citizens & travellers

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.3/34 International developments After 9/11 international move towards stronger identification of citizens & travellers US: Visa waiver program after 25 Oct 06 only for countries with biometric passport

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.3/34 International developments After 9/11 international move towards stronger identification of citizens & travellers US: Visa waiver program after 25 Oct 06 only for countries with biometric passport Standards developed by ICAO: International Civil Airline Organisation

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.4/34 Role of the Netherlands

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.4/34 Role of the Netherlands Large trial 2B or not 2B (6 cities, 15.000 participants, Sept 04-Feb 05).

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.4/34 Role of the Netherlands Large trial 2B or not 2B (6 cities, 15.000 participants, Sept 04-Feb 05). Philips main supplier of smartmx chips

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.4/34 Role of the Netherlands Large trial 2B or not 2B (6 cities, 15.000 participants, Sept 04-Feb 05). Philips main supplier of smartmx chips SDU Identification (inter)nationally active as document supplier (and also within ICAO).

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.5/34 Own involvement

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.5/34 Own involvement Membership of expert council set up by ministry of internal affairs (Jacobs)

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.5/34 Own involvement Membership of expert council set up by ministry of internal affairs (Jacobs) Participation in enrollment procedure, resulting in test passport (Oostdijk)

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.5/34 Own involvement Membership of expert council set up by ministry of internal affairs (Jacobs) Participation in enrollment procedure, resulting in test passport (Oostdijk) Production of own terminal-side software (Wichers Schreur) & test development

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.5/34 Own involvement Membership of expert council set up by ministry of internal affairs (Jacobs) Participation in enrollment procedure, resulting in test passport (Oostdijk) Production of own terminal-side software (Wichers Schreur) & test development Role in discussion in media

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.5/34 Own involvement Membership of expert council set up by ministry of internal affairs (Jacobs) Participation in enrollment procedure, resulting in test passport (Oostdijk) Production of own terminal-side software (Wichers Schreur) & test development Role in discussion in media Disclaimer: no biometry experts

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.6/34 Passport fraud

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.6/34 Passport fraud Forgery of modern (NL) passports very difficult

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.6/34 Passport fraud Forgery of modern (NL) passports very difficult Production of passports has been centralised

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.6/34 Passport fraud Forgery of modern (NL) passports very difficult Production of passports has been centralised Criminal organisations collect large numbers of passports, and look for reasonable matches

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.6/34 Passport fraud Forgery of modern (NL) passports very difficult Production of passports has been centralised Criminal organisations collect large numbers of passports, and look for reasonable matches Look alike fraud is source of concern

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.6/34 Passport fraud Forgery of modern (NL) passports very difficult Production of passports has been centralised Criminal organisations collect large numbers of passports, and look for reasonable matches Look alike fraud is source of concern Hence original aim: biometric Verification

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.7/34 Reasonable security goal

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.7/34 Reasonable security goal Chip in passport with contactless access requires:

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.7/34 Reasonable security goal Chip in passport with contactless access requires: No identifying information is released without the consent of the passport s holder. This should include identification numbers of chips and country identification (bomb targeted at individuals/nationals).

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.7/34 Reasonable security goal Chip in passport with contactless access requires: No identifying information is released without the consent of the passport s holder. This should include identification numbers of chips and country identification (bomb targeted at individuals/nationals). Receiver must be able to check authenticity and integrity of contained data

II. Standards & requirements Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.8/34

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.9/34 ICAO on MRTD

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.9/34 ICAO on MRTD MRTD: Machine Readable Travel Document

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.9/34 ICAO on MRTD MRTD: Machine Readable Travel Document Open standards, for states and suppliers

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.9/34 ICAO on MRTD MRTD: Machine Readable Travel Document Open standards, for states and suppliers PKI task force with members from US, UK, Can, Ger, NL.

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.9/34 ICAO on MRTD MRTD: Machine Readable Travel Document Open standards, for states and suppliers PKI task force with members from US, UK, Can, Ger, NL. Only facial image mandatory; fingerprints, iris scan, etc. optional

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.9/34 ICAO on MRTD MRTD: Machine Readable Travel Document Open standards, for states and suppliers PKI task force with members from US, UK, Can, Ger, NL. Only facial image mandatory; fingerprints, iris scan, etc. optional Only integrity check mandatory; several other protection mechanisms optional

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.9/34 ICAO on MRTD MRTD: Machine Readable Travel Document Open standards, for states and suppliers PKI task force with members from US, UK, Can, Ger, NL. Only facial image mandatory; fingerprints, iris scan, etc. optional Only integrity check mandatory; several other protection mechanisms optional See http://www.icao.int/mrtd

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.10/34 EU on MRTD

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.10/34 EU on MRTD Facial scan included before 28 Aug 06

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.10/34 EU on MRTD Facial scan included before 28 Aug 06 Fingerprints later, 3 year after agreement on protection mechanism

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.10/34 EU on MRTD Facial scan included before 28 Aug 06 Fingerprints later, 3 year after agreement on protection mechanism Basic Access Control mandatory:

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.10/34 EU on MRTD Facial scan included before 28 Aug 06 Fingerprints later, 3 year after agreement on protection mechanism Basic Access Control mandatory: Access key for RFID chip extracted from Machine Readable Zone (MRZ) Intended as consent to read

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.11/34 NL on MRTD

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.11/34 NL on MRTD Introduction in two stages; start < 28/6/ 06.

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.11/34 NL on MRTD Introduction in two stages; start < 28/6/ 06. Original aim (2002): verification only, with decentralised storage of biometric data

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.11/34 NL on MRTD Introduction in two stages; start < 28/6/ 06. Original aim (2002): verification only, with decentralised storage of biometric data New aims (Jan. 2005, letter on terror ):

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.11/34 NL on MRTD Introduction in two stages; start < 28/6/ 06. Original aim (2002): verification only, with decentralised storage of biometric data New aims (Jan. 2005, letter on terror ): identification, called on line verification central database of biometric data meant as contribution to effectivity of identification laws

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.12/34 Protection mechanisms

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.12/34 Protection mechanisms basic access ctrl passive authent. active authent. extended access ctrl to protect mechanism EU US

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.12/34 Protection mechanisms to protect mechanism EU US basic access ctrl access & confidentiality encryption via key from MRZ + + passive authent. active authent. extended access ctrl

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.12/34 Protection mechanisms to protect mechanism EU US basic access ctrl access & confidentiality encryption via key from MRZ + + passive authent. integrity of content signature by SDU (by NL) + + active authent. extended access ctrl

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.12/34 Protection mechanisms to protect mechanism EU US basic access ctrl access & confidentiality encryption via key from MRZ + + passive authent. integrity of content signature by SDU (by NL) + + active authent. authenticity of document signing of challenge +- NL + - extended access ctrl

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.12/34 Protection mechanisms to protect mechanism EU US basic access ctrl access & confidentiality encryption via key from MRZ + + passive authent. integrity of content signature by SDU (by NL) + + active authent. authenticity of document signing of challenge +- NL + - extended access ctrl confidentiality of fingerprints key exchange / sign challenge + n.a.

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.12/34 Protection mechanisms to protect mechanism EU US basic access ctrl access & confidentiality encryption via key from MRZ + + passive authent. integrity of content signature by SDU (by NL) + + active authent. authenticity of document signing of challenge +- NL + - extended access ctrl confidentiality of fingerprints key exchange / sign challenge + n.a. Physical: Faraday cage ; prevents eavesdrop

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.13/34 International PKI

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.13/34 International PKI Country Signing CA (NL) signs certificate of Document Signer (SDU)

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.13/34 International PKI Country Signing CA (NL) signs certificate of Document Signer (SDU) SDU signs security object, for passive authentication

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.13/34 International PKI Country Signing CA (NL) signs certificate of Document Signer (SDU) SDU signs security object, for passive authentication Passport chip contains: SDU certificate own public key (hash in security object)

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.13/34 International PKI Country Signing CA (NL) signs certificate of Document Signer (SDU) SDU signs security object, for passive authentication Passport chip contains: SDU certificate own public key (hash in security object) Self-signed country certificates distributed at first via diplomatic post, later electronically.

V. Low level stuff Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.14/34

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.15/34 Card info I

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.15/34 Card info I SmartMX Chip from Philips (P5CT072), with: 72Kbyte EEPROM contactless interface (ISO/IEC 14443 A) 3DES, RNG, RSA, SHA1 (ECC?)

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.15/34 Card info I SmartMX Chip from Philips (P5CT072), with: 72Kbyte EEPROM contactless interface (ISO/IEC 14443 A) 3DES, RNG, RSA, SHA1 (ECC?) High certification: level EAL5+ of Common Criteria

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.15/34 Card info I SmartMX Chip from Philips (P5CT072), with: 72Kbyte EEPROM contactless interface (ISO/IEC 14443 A) 3DES, RNG, RSA, SHA1 (ECC?) High certification: level EAL5+ of Common Criteria JavaCard OS: IBM JCOP41 version 2.20 Certification by German BSI ongoing

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.15/34 Card info I SmartMX Chip from Philips (P5CT072), with: 72Kbyte EEPROM contactless interface (ISO/IEC 14443 A) 3DES, RNG, RSA, SHA1 (ECC?) High certification: level EAL5+ of Common Criteria JavaCard OS: IBM JCOP41 version 2.20 Certification by German BSI ongoing Passport Java applet written by SDU: closed source

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.16/34 Card info II

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.16/34 Card info II Writing to chip (e.g. for visa, children etc.) not foreseen.

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.16/34 Card info II Writing to chip (e.g. for visa, children etc.) not foreseen. No certainty about absence of backdoors But secret access should be detectable via monitoring

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.17/34 Contactless issues

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.17/34 Contactless issues Operation distance < 10 cm; eavesdrop < 10m?

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.17/34 Contactless issues Operation distance < 10 cm; eavesdrop < 10m? Multiple cards may be in reach of reader

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.17/34 Contactless issues Operation distance < 10 cm; eavesdrop < 10m? Multiple cards may be in reach of reader Anti-collision protocol described in ISO 14443-3.

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.17/34 Contactless issues Operation distance < 10 cm; eavesdrop < 10m? Multiple cards may be in reach of reader Anti-collision protocol described in ISO 14443-3. With fixed identifier tree walking protocol in current SDU test passport (4 byte id) allows tracing and targeting

Contactless issues Operation distance < 10 cm; eavesdrop < 10m? Multiple cards may be in reach of reader Anti-collision protocol described in ISO 14443-3. With fixed identifier tree walking protocol in current SDU test passport (4 byte id) allows tracing and targeting SDU: deployed card will use random identifier Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.17/34

III. High level protocols Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.18/34

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.19/34 Basic Access Control I

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.19/34 Basic Access Control I MRZ info yields 3DES document basic access keys K ENC,K MAC, fixed for lifetime

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.19/34 Basic Access Control I MRZ info yields 3DES document basic access keys K ENC,K MAC, fixed for lifetime Relevant MRZ input: passport nr. + birth date + expiry date

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.19/34 Basic Access Control I MRZ info yields 3DES document basic access keys K ENC,K MAC, fixed for lifetime Relevant MRZ input: passport nr. + birth date + expiry date Consent & confidentiality mechanism

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.20/34 Basic Access Control II

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.20/34 Basic Access Control II Psp N P (8 byte) Rdr

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.20/34 Basic Access Control II Psp N P (8 byte) Rdr Psp A:=N R N P K R K Enc {A},K MAC [K ENC {A}] Rdr

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.20/34 Basic Access Control II Psp N P (8 byte) Rdr Psp A:=N R N P K R K Enc {A},K MAC [K ENC {A}] Rdr Psp B:=N P N R K P K Enc {B},K MAC [K ENC {B}] Rdr

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.20/34 Basic Access Control II Psp N P (8 byte) Rdr Psp A:=N R N P K R K Enc {A},K MAC [K ENC {A}] Rdr Psp B:=N P N R K P K Enc {B},K MAC [K ENC {B}] Rdr Session keys are then derived from K P and K R, for rest of communication.

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.21/34 Low Entropy I Maximal entropy somewhere between 50 and 60 bits

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.21/34 Low Entropy I Maximal entropy somewhere between 50 and 60 bits Actual entropy much lower

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.21/34 Low Entropy I Maximal entropy somewhere between 50 and 60 bits Actual entropy much lower NL: passport numbers sequential

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.21/34 Low Entropy I Maximal entropy somewhere between 50 and 60 bits Actual entropy much lower NL: passport numbers sequential check digit in passport number (Witteman, Riscure)

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.21/34 Low Entropy I Maximal entropy somewhere between 50 and 60 bits Actual entropy much lower NL: passport numbers sequential check digit in passport number (Witteman, Riscure) age can be guessed, say within 10 years

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.21/34 Low Entropy I Maximal entropy somewhere between 50 and 60 bits Actual entropy much lower NL: passport numbers sequential check digit in passport number (Witteman, Riscure) age can be guessed, say within 10 years entropy only 35 bits

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.22/34 Low Entropy II Brute force attack

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.22/34 Low Entropy II Brute force attack Skimming too slow: 100 guesses s 1

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.22/34 Low Entropy II Brute force attack Skimming too slow: 100 guesses s 1 Eavesdropped data: 1,000,000 guesses s 1

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.22/34 Low Entropy II Brute force attack Skimming too slow: 100 guesses s 1 Eavesdropped data: 1,000,000 guesses s 1 35 bits: crackable in hours on standard PC

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.22/34 Low Entropy II Brute force attack Skimming too slow: 100 guesses s 1 Eavesdropped data: 1,000,000 guesses s 1 35 bits: crackable in hours on standard PC Ministry: issuance order deeply entrenched in procedures and checks

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.22/34 Low Entropy II Brute force attack Skimming too slow: 100 guesses s 1 Eavesdropped data: 1,000,000 guesses s 1 35 bits: crackable in hours on standard PC Ministry: issuance order deeply entrenched in procedures and checks ICAO is studying strengthening of Basic Access Control

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.23/34 Passive authentication

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.23/34 Passive authentication Read Security Object from chip with: SDU certificate public key for active authentication hashes of all passport data SDU signature

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.23/34 Passive authentication Read Security Object from chip with: SDU certificate public key for active authentication hashes of all passport data SDU signature Authenticity check consists of: certificate of SDU, using NL public key signature by SDU, using certificate hashes, after reading data

Passive authentication Read Security Object from chip with: SDU certificate public key for active authentication hashes of all passport data SDU signature Authenticity check consists of: certificate of SDU, using NL public key signature by SDU, using certificate hashes, after reading data Cloning still possible. Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.23/34

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.24/34 Active authentication, against cloning

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.24/34 Active authentication, against cloning Passport has private (RSA) key, with public key in (signed) security document.

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.24/34 Active authentication, against cloning Passport has private (RSA) key, with public key in (signed) security document. Psp N R (8 byte) Rdr

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.24/34 Active authentication, against cloning Passport has private (RSA) key, with public key in (signed) security document. Psp N R (8 byte) Rdr Psp Sig(N R padding) Rdr

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.24/34 Active authentication, against cloning Passport has private (RSA) key, with public key in (signed) security document. Psp N R (8 byte) Rdr Psp Sig(N R padding) Rdr Possible risk of signing location + timing data in N R, for tracking.

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.25/34 Advanced Security Mechanisms I

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.25/34 Advanced Security Mechanisms I For fingerprint protection; optional for ICAO

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.25/34 Advanced Security Mechanisms I For fingerprint protection; optional for ICAO Required by EU, but no EU-standard yet

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.25/34 Advanced Security Mechanisms I For fingerprint protection; optional for ICAO Required by EU, but no EU-standard yet German (BSI) proposal under consideration: New Diffie-Hellman session key Some protection against eavesdrop Reader must authenticate (certificates) Certificate revocation is problematic

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.25/34 Advanced Security Mechanisms I For fingerprint protection; optional for ICAO Required by EU, but no EU-standard yet German (BSI) proposal under consideration: New Diffie-Hellman session key Some protection against eavesdrop Reader must authenticate (certificates) Certificate revocation is problematic Each country controls itself who can read fingerprints

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.26/34 Advanced Security Mechanisms II (SK P,PK P,D P ) Psp Security Doc PK P,D P Rdr

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.26/34 Advanced Security Mechanisms II (SK P,PK P,D P ) Psp Security Doc PK P,D P Rdr Psp PK P ( SK R, PK R,D P ) Rdr

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.26/34 Advanced Security Mechanisms II (SK P,PK P,D P ) Psp Security Doc PK P,D P Rdr Psp PK P ( SK R, PK R,D P ) Rdr K = KA(SK P, PK R,D P ) K = KA( PK R,SK P,D P )

IV. Passports for other use? Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.27/34

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.28/34 Secure logon via your passport

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.28/34 Secure logon via your passport Give your machine / local network: your passport s K ENC and K MAC your passport s public key

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.28/34 Secure logon via your passport Give your machine / local network: your passport s K ENC and K MAC your passport s public key Authenticate yourself via challenge-response: what you have

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.28/34 Secure logon via your passport Give your machine / local network: your passport s K ENC and K MAC your passport s public key Authenticate yourself via challenge-response: what you have Possibly add picture check: what you are.

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.28/34 Secure logon via your passport Give your machine / local network: your passport s K ENC and K MAC your passport s public key Authenticate yourself via challenge-response: what you have Possibly add picture check: what you are.

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.29/34 Digital signature via your passport?

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.29/34 Digital signature via your passport? Better not, because:

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.29/34 Digital signature via your passport? Better not, because: a. anyone who holds your passport can sign for you.

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.29/34 Digital signature via your passport? Better not, because: a. anyone who holds your passport can sign for you. b. Proof of identity requires release of your MRZ (and hence access to your chip), since: MRZ contains your name + birth date hash of MRZ signed by authorities, as part of security object

VI. Conclusions Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.30/34

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.31/34 Conclusions I

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.31/34 Conclusions I Biometric passports are on their way

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.31/34 Conclusions I Biometric passports are on their way General approach (ICAO, EU): careful.

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.31/34 Conclusions I Biometric passports are on their way General approach (ICAO, EU): careful. Basic Access Control weak link.

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.31/34 Conclusions I Biometric passports are on their way General approach (ICAO, EU): careful. Basic Access Control weak link. Protection of fingerprints not fully settled yet

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.31/34 Conclusions I Biometric passports are on their way General approach (ICAO, EU): careful. Basic Access Control weak link. Protection of fingerprints not fully settled yet Open communication with Ministry & SDU

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.32/34 Conclusions II

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.32/34 Conclusions II Biometry much overrated:

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.32/34 Conclusions II Biometry much overrated: Silly approach: same password, used everywhere (no template protection)

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.32/34 Conclusions II Biometry much overrated: Silly approach: same password, used everywhere (no template protection) Large scale use of biometrics uncertain

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.32/34 Conclusions II Biometry much overrated: Silly approach: same password, used everywhere (no template protection) Large scale use of biometrics uncertain Substantial false positives/negatives to be expected

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.32/34 Conclusions II Biometry much overrated: Silly approach: same password, used everywhere (no template protection) Large scale use of biometrics uncertain Substantial false positives/negatives to be expected Identification goals undermined: by widespread use in other applications if many citizens (obnoxiously) put their fingerprints on the web

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.33/34 Conclusions III

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.33/34 Conclusions III Function creep risks: Who will use passport s biometrics? Welfare authorities, banks, casinos etc.? Central storage: risks of compromise, misuse, etc.

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.33/34 Conclusions III Function creep risks: Who will use passport s biometrics? Welfare authorities, banks, casinos etc.? Central storage: risks of compromise, misuse, etc. Set-up for improved identity management can lead to large scale identity theft.

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.33/34 Conclusions III Function creep risks: Who will use passport s biometrics? Welfare authorities, banks, casinos etc.? Central storage: risks of compromise, misuse, etc. Set-up for improved identity management can lead to large scale identity theft. Real test (also for privacy!) are the in integration in backoffice databases

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.33/34 Conclusions III Function creep risks: Who will use passport s biometrics? Welfare authorities, banks, casinos etc.? Central storage: risks of compromise, misuse, etc. Set-up for improved identity management can lead to large scale identity theft. Real test (also for privacy!) are the in integration in backoffice databases Slow increase of use to be expected

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.34/34 Further reading

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.34/34 Further reading Juels (RSA labs), Molnar & Wagner (UC-Berkeley) at: http://eprint.iacr.org/2005/095

Wichers Schreur / Jacobs (IPA Fall days 2005-11-22) p.34/34 Further reading Juels (RSA labs), Molnar & Wagner (UC-Berkeley) at: http://eprint.iacr.org/2005/095 Kc (U-Colombia), Molnar & Karger (IBM) at: http://eprint.iacr.org/2005/404

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information