Dr. Kim Nguyen, ECC Workshop, Bochum, 20.9.2004, 1 Identity in the digital age Travel documents &...

Dr. Kim Nguyen, ECC Workshop, Bochum, 20.9.2004, 1

Identity in the digital age

Travel documents & Cryptography

Dr. Kim NguyenBundesdruckerei GmbH, Berlin

ECC Workshop, Bochum2004-09-21

Dr. Kim Nguyen, ECC Workshop, Bochum, 20.9.2004, 2Bundesdruckerei GmbH, SH DP

ICAO & Machine Readable Travel DocumentsICAO & Machine Readable Travel Documents

ICAO LDSICAO LDS

Agenda

Integration of cryptographic concepts into MRTDsIntegration of cryptographic concepts into MRTDs


History

From royal printing house to a leadingsupplier of high-security technology

2000 Privatisation of the Bundesdruckerei group

1879 Reichsdruckerei (Imperial Printing House)

1945 Staatsdruckerei (Government Printing House)

1951 Bundesdruckerei

1994 Bundesdruckerei GmbH


Key Numbers

Bundesdruckerei in figures

Human resources Production

Currently, Bundesdruckerei employs1,429 persons of whom work in Berlin (as of 07/2003).

Revenue

In the year 2002, Bundesdruckereiincluding BIS (Bundesdruckerei International Services) generated revenue of around € 230 million - approx. 10 % from sales abroad.

In the year 2002, production included:

402 million banknotes3.5 billion postage stamps100 million revenue stamps8.5 million identity cards3.9 million passports3.3 million EU driving licences

plus a large number of patentdocuments and CD-ROMs.

August 2004:200 Million personalized

documents produced


ICAO

November 1944:Convention on International Civil Aviation, also known as the Chicago Convention, provided the establishment of the International Civil Aviation Organization (ICAO)

Function: International body to guide and regulate international civil aviation


Travel Documents

Range of requirements for efficient civil aviation operations (Annex 9, Chicago Convention):

Requirement for persons travelling by air ... to comply with immigration, customs and passport regulations

Requirement for States to facilitate border clearance ... and prevent unnecessary delays

Requirement for States to develop and adopt internationally standard procedures for immigration and customs clearance


Travel Documents

MRTD Programme

1968: Establishment of a Panel on Passport Cards Machine readable standardized passport book,

initial issuance by Australia, Canada, USA

1984: Establishment of the TAG/MRTD Comprised of government officials, expansion to

specs for machine readable visa and cards


Travel Documents

Co-operation

International Organization for Standardization (ISO) Technical and engineering advice to TAG/MRTD by

ISO Doc 9303, Part 1-3, have received endorsement by

ISO: ISO 7501 (1-3)

International Air Transport Association (IATA)

Airports Council International (ACI)

INTERPOL


MRTDs

Machine Readable Travel Document (MRTD):

Official Document issued by a State or organization which is used by the holder for international travel (e.g. passport, visa, official document of identity) and which contains mandatory visual (eye readable) data and a seperate mandatory data summary in a format which is capable of being read by machine.


MRTDs

Machine Readable Zone (MRZ)

Machine detectable feature

Holographic Shadow Picture

Holographic MRZ

3D Figure


Advanced MRTDs

Optional expansion of machine readable data capacity

magnetic stripes (especially high density magnetic stripes)

IC chips with contacts, contactless IC chips

optical memoriesbar codes, especially 2D

bar codes


Advanced MRTDs

Machine-assisted identity confirmation (i.e. biometrics) Displayed identity

features (portrait, signature, fingerprint)

Encoded identity features (face, signature, fingerprints, hand, voice, eyes)


Advanced MRTDs

ICAO Evaluation and development of advanced MRTDs

Technical Report on Selection of a Globally Interoperable Biometric for Machine-assisted Identity Confirmation (2001) Compatibility and ranking of biometric

technologies with MRTDs Face: highest compatibility Finger, eyes: group 2 Signature, hand, voice: group 3


Advanced MRTDs

Technical Report on Development of a Logical Data Structure (LDS) for Optional Capacity Expansion Technologies (2002)

ICAO „New Orleans Resolution“, March 2003


New Orleans Resolution

ICAO TAG-MRTD/NTWG recognises that Member States currently and will continue to utilise the facial image as the primary identifier for MRTDs and as such endorses the use of standardised digitally stored facial images as the globally interoperable biometric to support facial recognition technologies for machine assisted identity verification with machine-readable travel documents.

ICAO TAG-MRTD/NTWG further recognises that in addition to the use of a digitally stored facial image, Member States can use standardised digitally stored fingerprint and/or iris images as an additional globally interoperable biometrics in support of machine assisted verification and/or identification.

Member States, in their initial deployment of MRTDs with biometrics identifiers, are encouraged to adopt contactless IC media of sufficient capacity to facilitate onboard storage of additional MRTD data and biometric identifiers.


Co-Existence of Technologies

Additional technologies complement existing technologies

Should one technique fail, there are other techniques in place that make the proof of the validity of the document possible.

Contactless chip technology is recognized as optimal medium to complement classical high security MRTD.


Contactless Technology

Standard communication with chip card utilizes contact based serial communication

The contactless communication uses an electromagnetic field into which the chip module is coupled via an antenna

Data transfer to and from the chip is performed using changes in this field.


Contactless Communication

© Philips


Chip Technology

Storage of biometric data implies the usage of security controllers with large EEPROM sizes

Minimum is 32 kBLarger Sizes of 64 kB and above are

recommended

Typical size of biometric data12 – 15 kB for facial image, JPEG compressedStoring smaller sized templates is at the discretion

of the issuing stateInteroperability of templates



ICAO LDSICAO LDS

Agenda



LDS (Logical Data Structure)

LDS = Logical Data Structure= Standardized interoperableformat to store biometric and otherpersonal data on a MRTD

Standardized by ICAO


What is the LDS?

The LDS is an ISO7816-4 compliant file system used to store biometric data.

DF1

EF.COM

EF.DG1

EF.DG2

EF.DG3

EF.SOD


Where is the LDS stored?

On a chip embedded into the passport Different alternatives:

Cover Data card In extra page

The chip is accessed contact-less, i.e. via an electromagnetic field.



ICAO LDSICAO LDS

Agenda



Security Mechanisms

Assets to be protected: Authenticity of personal data

Changes of biometric data must be detectable Data must be written to MRTD by authorized

organizations only Privacy of personal data

Who has access to the data stored on the MRTD ? Can the communication between MRTD and

verification terminal be tracked ? Uniqueness of MRTD

It must not be possible to copy digital data from one passport to another.


Security Mechanisms

Special threats due to usage of contactless technology:

Skimming: Active reading the contactless chip from a small distance (may not be observed by holder of document)

Eavesdropping:Passive observation of communication between MRTD and verifier terminalContactless communication uses changes in EM field these changes induce EM waves


Sensitivity of data

Data stored on MRTD: Printed data:

Personal information (Name, date of birth, etc)also encapsulated in MRZ

Facial Image Signature

Digital Data: MRZ Facial Image (mandatory) Finger prints (optional) Iris (optional)


Security Mechanisms

Biometric Data stored on MRTD

Authenticity is secured by a digital signature(Mandatory)

2 level PKI

Privacy can be secured by Basic Access Control(optional)

Symmetric/Asymmetric crypto

Privacy of especially sensitive data can additionality be secured by

Extended Access Control (optional)

Symmetric crypto

Cloning can be prevented by using a chip-individualkey pair in a challenge-response mechanism. (optional)

Asymmetric crypto


Data Authenticity

Authenticity of the MRTD data is secured by means of a digital signature

Authenticity of the data groups stored can be verified using hash values stored in EF.SO_D.


Data Authenticity

Basic Check mechanism: Read MRZ optical First check signature in order to check authenticity of

complete digital data Read MRZ digital, check hash value Compare optical and digital MRZ

Thus a strong link between printed and digital MRTD is achieved.


MRTD PKI

Country Signing CA= national root

Document Signing CA

MRTD Data

Digital Signature


MRTD PKI

ICAO PKD contains Document Signer CA of all participating countries

ICAO PKD will not contain Country Signer CAs

Distribution of CSCAs has to be performed by bilateral means and via diplomatic channels.


MRTD PKI

Certificate Revocation:CRL must be distributed bilaterally and via the ICAO PKD

Document Signer Certificate may be included in Document Security Object in order to allow off-line signature verification


MRTD PKI

MRTDs have validity of 10 years

This poses strong requirements on the parameters of the signature algorithms used

Three algorithms are specified: ECDSA RSA DAS


MRTD PKI

Country Signing CA Keys(Minimum size of parameters)

Document Signing CA Keys(Minimum size of parameters)

Algorithm Parameter Size/bits Parameter Size/bits

RSA N 3072 N 2048

DSA p 3072 p 2048

q 256 q 224

ECDSA Point order 256 Point order 224


Coding of digital signature

The digital signature is coded as a signed data object according to the specification of Cryptographic Message Syntax

I.e. ASN.1 DER encoding must be used

For elliptic curves this is specified in the SECG papers


Basic Access Control

Basic Access Control is used in order to prevent skimming and eavesdropping

Philosophy:If MRTD is presented by the holder in such a way, that the optical data can be read, the main biometric data (MRZ, face) should also be readable

Mechanism:Access to chip data is only allowed after successfull completion of a symmetric key based challenge-response mechanism



Symmetric key is derived from data in MRZP<D<<MUSTERMANN<<MARKUS<<<<<<<<<<<<<<<<<<<<<

1234567897D<<7007156M0405270<<<<<<<<<<<<<<<0

concatenate

123456789770071560405270

Hash (SHA-1)

394430337E6D414E424AACBECAE112BAC5BD25BCFirst 16 Byte are used tobuild a 2 key 3DES key.



Opening the closed passport utilizes a Mutual Authenticate scheme:

MRTD and Verifier choose a random challengeRND.MRTD and RND.IFD

Mutual Authenticate is also used in order to establish common secret key for subsequent Secure Messaging operation



Chooses RND.IFD Chooses RND.MRTD

Common KeyK.MRZ

Computesresponse

Computesresponse

Response isexchanged

Challenge isexchanged

If correctness of response is verified on both sides:Common secret keys for Secure Messaging

are derived.



Secure Messaging is performed in an ISO 7816 like way

Transmitted data is encrypted using 3DES. Correctness of data is checked via a 3DES based

MAC computation.



Analysis of Basic Access Control Mechanism shows: Data used from MRZ has small entropy Hence with some additional guess work the

cryptographic keys involved could be recovered via a brute force attack

Aim of Basic Access Control is mainly the prevention of skimming, not a sound cryptographical protection of access.


Extended Access Control

Mechanism similar the BAC (challenge-response mechanism)

Can be based on symmetric key derived from MRZ information AND Masterkey

Can also be based on asymmetric key pair Thus offers a variety of available mechanisms of

different cryptographic strength


Active Authentication

Based on asymmetric cryptography Each MRTD has a document specific key pair:

KPuAA and KPrAA

Challenge-Response Mechanism (INTERNAL AUTHENTICATE):

Inspection systemgenerated

random challengeSend to MRTD

MRTD signs thechallenge

using KPrAA

Send certificateto inspection system

Inspection systemverifies certificate

using KPuAA


Active Authentication

Active Authentication represents the strongest mechanism to protect both privacy of the biometric data Uniqueness of chip module inside MRTD

Chip-Individual key pair implies that cloning is not possible



ICAO LDSICAO LDS

Agenda


Dr. Kim Nguyen, ECC Workshop, Bochum, 20.9.2004, 47

Thank you for your attention!

Detailed technical information available at www.icao.int/mrtd

Dr. Kim Nguyen

Bundesdruckerei GmbH, Berlin

[email protected]

Dr. Kim Nguyen, ECC Workshop, Bochum, 20.9.2004, 1 Identity in the digital age Travel documents &...

Documents

Transcript of Dr. Kim Nguyen, ECC Workshop, Bochum, 20.9.2004, 1 Identity in the digital age Travel documents &...