an online secure epassport protocol
DESCRIPTION
TRANSCRIPT
![Page 1: An Online secure ePassport Protocol](https://reader033.vdocuments.site/reader033/viewer/2022061219/54b8a2e84a79598a758b4577/html5/thumbnails/1.jpg)
An On-line Secure E-Passport Protocol
Vijayakrishnan Pasupathinathanwith, Josef Pieprzyk and Huaxiong Wang
Centre for Advanced Computing - Algorithms and Cryptography (ACAC)Macquarie University, Australia
1
![Page 2: An Online secure ePassport Protocol](https://reader033.vdocuments.site/reader033/viewer/2022061219/54b8a2e84a79598a758b4577/html5/thumbnails/2.jpg)
Outline
• Overview of E-passport
• First Generation - some known weaknesses
• Second Generation
• Working and Problems
• An Online E-passport Proposal
2
![Page 3: An Online secure ePassport Protocol](https://reader033.vdocuments.site/reader033/viewer/2022061219/54b8a2e84a79598a758b4577/html5/thumbnails/3.jpg)
E-passport Overview• Integration of a biometric enabled contact-less smart
card microchip.
• E-passport guideline (DOC 9303) developed by International Civil Aviation Organisation (ICAO).
• Describes communication protocol
• Provides details on establishing a secure communication channel between an e-passport and an e-passport reader
• Authentication mechanisms.
• Uses existing approved standard such as ISO14443, ISO11770, ISO/IEC 7816, ISO 9796.
3
![Page 4: An Online secure ePassport Protocol](https://reader033.vdocuments.site/reader033/viewer/2022061219/54b8a2e84a79598a758b4577/html5/thumbnails/4.jpg)
E-passport Overview
4
![Page 5: An Online secure ePassport Protocol](https://reader033.vdocuments.site/reader033/viewer/2022061219/54b8a2e84a79598a758b4577/html5/thumbnails/5.jpg)
E-passport Overview
• Yesterday: Machine readable passport with MRZ
4
Image courtesy of DFAT Australia
![Page 6: An Online secure ePassport Protocol](https://reader033.vdocuments.site/reader033/viewer/2022061219/54b8a2e84a79598a758b4577/html5/thumbnails/6.jpg)
E-passport Overview
• Yesterday: Machine readable passport with MRZ
4
• Today: Electronic Passport with digital Image
![Page 7: An Online secure ePassport Protocol](https://reader033.vdocuments.site/reader033/viewer/2022061219/54b8a2e84a79598a758b4577/html5/thumbnails/7.jpg)
E-passport Overview
• Yesterday: Machine readable passport with MRZ
4
• Today: Electronic Passport with digital Image
• Tomorrow: Passports with secondary biometric information
![Page 8: An Online secure ePassport Protocol](https://reader033.vdocuments.site/reader033/viewer/2022061219/54b8a2e84a79598a758b4577/html5/thumbnails/8.jpg)
E-passport Operation First Generation
• Basic Access Control - enables encrypted communication.
• Passive Authentication - provides integrity of e-passport data.
• Active Authentication - provides authentication of chip contents.
5
E-passport Holder Border Security
Visits a check point Scan MRZ
BAC
Passive Auth
Active Auth
![Page 9: An Online secure ePassport Protocol](https://reader033.vdocuments.site/reader033/viewer/2022061219/54b8a2e84a79598a758b4577/html5/thumbnails/9.jpg)
First generation PKI
PKD(ICAO)
Country CSCA
DS DS
E-passport
...
Country CSCA
Country CSCA
.
.
.
As of Dec. 2007 - 4 countries are actively upload to PKD. (Australia, Japan, New Zealand and Singapore)By early 2009, 20 countries are expected to join PKD
![Page 10: An Online secure ePassport Protocol](https://reader033.vdocuments.site/reader033/viewer/2022061219/54b8a2e84a79598a758b4577/html5/thumbnails/10.jpg)
Known Attacks (Problems) in First Generation E-passports
• BAC is optional! So, encryption is optional.
• Low entropy (3DES, max. 112b, BAC max 56/74b, in practice 30-50b)[Jules et. al. 2005]
• The authentication key is derived from document\#, DoB, DoE.
• No protection against cloning. [G S. Kc et. al. 2005]
7
![Page 11: An Online secure ePassport Protocol](https://reader033.vdocuments.site/reader033/viewer/2022061219/54b8a2e84a79598a758b4577/html5/thumbnails/11.jpg)
Known Attacks (Problems) in First Generation E-passports
• Formal verification of the complete protocol [V. Pasupathinathan et. al 2008]
• No data origin authentication.
• Can be exploited because of weakness in facial biometric.
• Subject to replay and Grand master attacks.
• Vulnerable to Certificate Manipulation.
And there are others too!
8
![Page 12: An Online secure ePassport Protocol](https://reader033.vdocuments.site/reader033/viewer/2022061219/54b8a2e84a79598a758b4577/html5/thumbnails/12.jpg)
Second Take!Second Generation E-passports
• Proposed by BSI Germany [Kluger 2005]
• Adopted by EU in June 2006
• New protocols to enhance security for Extended Access Control (EAC).
• Adds extra biometric identifiers - finger prints (optionally, Iris scan).
• June 2009 all EU members will implement.
9
![Page 13: An Online secure ePassport Protocol](https://reader033.vdocuments.site/reader033/viewer/2022061219/54b8a2e84a79598a758b4577/html5/thumbnails/13.jpg)
EAC Mechanisms
• Based on Diffie-Hellman Key Pair (PKCS #3 or ISO 15946)
• Chip Authentication - replaces active authentication
• Terminal Authentication
E-passport Holder Border SecurityVisits a check point Scan MRZ
BAC
Chip Auth
Passive Auth
Terminal Auth
10
![Page 14: An Online secure ePassport Protocol](https://reader033.vdocuments.site/reader033/viewer/2022061219/54b8a2e84a79598a758b4577/html5/thumbnails/14.jpg)
EAC Mechanisms
Photo Courtesy ICAO MRTD Report November 2007
Chip Authentication
Terminal Authentication
PKI Structure
Chip ISPKc SKc Dc Send PKc
Generate ephemeral key-pair
Send PK’ PK’ SK’
K= KA(Pk’ SKc) K = KA(PKc SK’)
Chip ISRNDc Send RNDc
z = IDc || RNDc || H(PK’)
S = SIGN{ z }
Verify {S} Send S
![Page 15: An Online secure ePassport Protocol](https://reader033.vdocuments.site/reader033/viewer/2022061219/54b8a2e84a79598a758b4577/html5/thumbnails/15.jpg)
Problems with EAC - PKI
12
E-passport
Visiting CountryInspection System
E-passport’s Home Country (CSCA)
DV
Certify{PKc}
DV.....
Certify ALL IS systems
Visiting Country’s Document Verifier
Check ALL Certificates
CERT{IS}{DV}{VCSCA}
Document Signer
Chip Auth - PKc
Certify{PKds}
Send Public Key
![Page 16: An Online secure ePassport Protocol](https://reader033.vdocuments.site/reader033/viewer/2022061219/54b8a2e84a79598a758b4577/html5/thumbnails/16.jpg)
Problems with EAC - PKI
12
E-passport
Visiting CountryInspection System
E-passport’s Home Country (CSCA)
DV
Certify{PKc}
DV.....
Certify ALL IS systems
Visiting Country’s Document Verifier
Check ALL Certificates
CERT{IS}{DV}{VCSCA}
E-passports DONT have an internal clock!! How does it now if the certificate is valid?
Document Signer
Chip Auth - PKc
Certify{PKds}
NOT Useful
Send Public Key
![Page 17: An Online secure ePassport Protocol](https://reader033.vdocuments.site/reader033/viewer/2022061219/54b8a2e84a79598a758b4577/html5/thumbnails/17.jpg)
Problems with EAC - PKI
12
E-passport
Visiting CountryInspection System
E-passport’s Home Country (CSCA)
DV
Certify{PKc}
DV.....
Certify ALL IS systems
Visiting Country’s Document Verifier
Check ALL Certificates
CERT{IS}{DV}{VCSCA}
Document Signer
Chip Auth - PKc
Certify{PKds}
Send Public Key
![Page 18: An Online secure ePassport Protocol](https://reader033.vdocuments.site/reader033/viewer/2022061219/54b8a2e84a79598a758b4577/html5/thumbnails/18.jpg)
Problems with EAC - PKI
12
E-passport
Visiting CountryInspection System
E-passport’s Home Country (CSCA)
DV
Certify{PKc}
DV.....
Certify ALL IS systems
Visiting Country’s Document Verifier
Check ALL Certificates
CERT{IS}{DV}{VCSCA}
How Many??
What is the Limit? Vulnerable to Denial of Service when combined
with first generation weaknesses!
Document Signer
Chip Auth - PKc
Certify{PKds}
Send Public Key
![Page 19: An Online secure ePassport Protocol](https://reader033.vdocuments.site/reader033/viewer/2022061219/54b8a2e84a79598a758b4577/html5/thumbnails/19.jpg)
Problems with EAC - PKI
12
E-passport
Visiting CountryInspection System
E-passport’s Home Country (CSCA)
DV
Certify{PKc}
DV.....
Certify ALL IS systems
Visiting Country’s Document Verifier
Check ALL Certificates
CERT{IS}{DV}{VCSCA}
Document Signer
Chip Auth - PKc
Certify{PKds}
Send Public Key
![Page 20: An Online secure ePassport Protocol](https://reader033.vdocuments.site/reader033/viewer/2022061219/54b8a2e84a79598a758b4577/html5/thumbnails/20.jpg)
Problems with EAC - PKI
12
E-passport
Visiting CountryInspection System
E-passport’s Home Country (CSCA)
DV
Certify{PKc}
DV.....
Certify ALL IS systems
Visiting Country’s Document Verifier
Check ALL Certificates
CERT{IS}{DV}{VCSCA}
Passports are normally valid for 5 or 10 years!!! Document Issuer need to be around 15 years CSCA around 20 years!
We can have passport with expired certificates!!
Document Signer
How Long is this valid?
Chip Auth - PKc
Certify{PKds}
Send Public Key
![Page 21: An Online secure ePassport Protocol](https://reader033.vdocuments.site/reader033/viewer/2022061219/54b8a2e84a79598a758b4577/html5/thumbnails/21.jpg)
Problems with EAC - PKI
12
E-passport
Visiting CountryInspection System
E-passport’s Home Country (CSCA)
DV
Certify{PKc}
DV.....
Certify ALL IS systems
Visiting Country’s Document Verifier
Check ALL Certificates
CERT{IS}{DV}{VCSCA}
Document Signer
Chip Auth - PKc
Certify{PKds}
Send Public Key
![Page 22: An Online secure ePassport Protocol](https://reader033.vdocuments.site/reader033/viewer/2022061219/54b8a2e84a79598a758b4577/html5/thumbnails/22.jpg)
Problems with EAC - PKI
12
E-passport
Visiting CountryInspection System
E-passport’s Home Country (CSCA)
DV
Certify{PKc}
DV.....
Certify ALL IS systems
Visiting Country’s Document Verifier
Check ALL Certificates
CERT{IS}{DV}{VCSCA}
Document Signer
Chip Auth - PKc
Certify{PKds}
Identity Revealed
Identity of the Passport revealed before terminal is authenticated!
Send Public Key
![Page 23: An Online secure ePassport Protocol](https://reader033.vdocuments.site/reader033/viewer/2022061219/54b8a2e84a79598a758b4577/html5/thumbnails/23.jpg)
Problems with EAC - PKI
12
E-passport
Visiting CountryInspection System
E-passport’s Home Country (CSCA)
DV
Certify{PKc}
DV.....
Certify ALL IS systems
Visiting Country’s Document Verifier
Check ALL Certificates
CERT{IS}{DV}{VCSCA}
Document Signer
Chip Auth - PKc
Certify{PKds}
Send Public Key
![Page 24: An Online secure ePassport Protocol](https://reader033.vdocuments.site/reader033/viewer/2022061219/54b8a2e84a79598a758b4577/html5/thumbnails/24.jpg)
EAC other Problems
• IS requires write access to E-passports.
• Border Control terminal need to update CSCA certificates when they pass through.
• Terminal Authentication is weak.
• Can authenticate who is writing to e-passport.
• Only semi-forward secrecy [Monnerat et al 2007]
• Leakage of Digest [Monnerat et al 2007]
• Security objects in the chip
13
![Page 25: An Online secure ePassport Protocol](https://reader033.vdocuments.site/reader033/viewer/2022061219/54b8a2e84a79598a758b4577/html5/thumbnails/25.jpg)
Online Secure E-passport Protocol
• Why Online?
• Use the same PKI as in First Generation.
• Eliminate the need to send long certificate chains.
• Provide security guarantees for
• Identification and authentication of both e-passport and inspection systems. (i.e. Mutual)
• Privacy protection to e-passport holders.
• Confidentiality of information (session-key security and e-passport data)
14
![Page 26: An Online secure ePassport Protocol](https://reader033.vdocuments.site/reader033/viewer/2022061219/54b8a2e84a79598a758b4577/html5/thumbnails/26.jpg)
Online Secure E-passport Protocol
E-passport Visiting CountryInspection System
DV
15
![Page 27: An Online secure ePassport Protocol](https://reader033.vdocuments.site/reader033/viewer/2022061219/54b8a2e84a79598a758b4577/html5/thumbnails/27.jpg)
Online Secure E-passport Protocol
E-passport Visiting CountryInspection System
DV
create and send session key part
15
![Page 28: An Online secure ePassport Protocol](https://reader033.vdocuments.site/reader033/viewer/2022061219/54b8a2e84a79598a758b4577/html5/thumbnails/28.jpg)
Online Secure E-passport Protocol
E-passport Visiting CountryInspection System
DV
create and send session key part
Read MRZ and send signed message to DV
15
![Page 29: An Online secure ePassport Protocol](https://reader033.vdocuments.site/reader033/viewer/2022061219/54b8a2e84a79598a758b4577/html5/thumbnails/29.jpg)
Online Secure E-passport Protocol
E-passport Visiting CountryInspection System
DV
create and send session key part
Read MRZ and send signed message to DV
Verify ISSign session key and IS public key
DV may choose to send e-passport ID
15
![Page 30: An Online secure ePassport Protocol](https://reader033.vdocuments.site/reader033/viewer/2022061219/54b8a2e84a79598a758b4577/html5/thumbnails/30.jpg)
Online Secure E-passport Protocol
E-passport Visiting CountryInspection System
DV
create and send session key part
Read MRZ and send signed message to DV
Verify ISSign session key and IS public keySend Information back from DV
encrypted using session key formed
All Message from hereon is encrypted
Verify signatureOnly DV public key
15
![Page 31: An Online secure ePassport Protocol](https://reader033.vdocuments.site/reader033/viewer/2022061219/54b8a2e84a79598a758b4577/html5/thumbnails/31.jpg)
Online Secure E-passport Protocol
E-passport Visiting CountryInspection System
DV
create and send session key part
Read MRZ and send signed message to DV
Verify ISSign session key and IS public keySend Information back from DV
encrypted using session key formed
Send Certificate and ID Verify ID and certificate
Compare with DV information
Verify signatureOnly DV public key
15
![Page 32: An Online secure ePassport Protocol](https://reader033.vdocuments.site/reader033/viewer/2022061219/54b8a2e84a79598a758b4577/html5/thumbnails/32.jpg)
OSEP Characteristics
• The protocol is SK-secure. [Canetti 2001]
• Minimal computation by e-passport.
• Passport identity is released only to authenticated Inspection Systems.
• Tamper detectable integrity check protects against passport forgery. (data in e-passport is hashed and signed by document signer
• Same PKI as first generation.
16
![Page 33: An Online secure ePassport Protocol](https://reader033.vdocuments.site/reader033/viewer/2022061219/54b8a2e84a79598a758b4577/html5/thumbnails/33.jpg)
What needs to be done?
• Online nature can induce delays.
• Fallback to off-line authentication.
• But current passport systems use online communication.
• Integrate with SMART GATE system. (An automated processing system)
17