VALUE IN E-MRTD SECURITY MECHANISMS TRAVELER CONVENIENCE WITHOUT COMPROMISE 10/8/2014 1

10/8/2014
VALUE IN E-MRTD SECURITY MECHANISMS
1
TRAVELER CONVENIENCE WITHOUT COMPROMISE
IN CITIZEN TRAVEL & MIGRATION
•
•
•
>50% (~110) Issuing eMRTD
~31 Issuing EAC
Very few validating chip contents
2
1
10/8/2014
EVOLUTION IN E-MRTD SECURITY FEATURES
1980: ICAO 9303
Standardized Independent Data Structures
1998: 1st eMRTD
2000: ICAO defines LDS
Chip
Authenticity
2009: Jun 28th - EU
Deadline for EAC issuance
LDS2
EAC
PACE
2015: Nov 24th – ICAO
Deadline for MRP
AA
BAC
PA
LDS1
MRP
X509 PKI
CSCA & DS
Evolution of
Chip Access
Binding of Identity
ISO 7816 PKI
CVCA & DVCA
3
LOGICAL DATA STRUCTURE (LDS 1)
•
Standardized by ICAO 9303
•
Includes DG1 & DG2 At a minimum
•
Includes Header & Data Group
•
Presence Map stored in EF.com
•
Not security per-se, but
standardization supports
interoperability
•
Write protection & integrity proofs
mandatory — stored in EF.SOD
•
Value — interoperability
4
2
10/8/2014
AUTHENTICATION OF DATA — PASSIVE AUTHENTICATION
•
Threat: Document forgery
•
Mechanism: Validation of data,
signature & document signer certificate
•
Compliance: ICAO recommended
•
Provides: Proof of data integrity &
authenticity of document signer
SOD
•
HashLDS
Value: Strong assurance of
authenticity. Integrity of document data
contents
#
KPuDS
HashLDS
=
KPuCSCA
HashLDS
5
CHIP ACCESS — BASIC ACCESS CONTROL (BAC)
•
Threat: Data being copied (skimmed) or intercepted during communication (eavesdropping)
•
Mechanism: Authentication based on concatenation of Document Number, Date of Birth and Date of
Expiry (including check digits) — hash of this MRZ data used as seed key to derive session keys;
Basic Access Control based purely on symmetric cryptography
•
Compliance: ICAO optional, but recommended
•
Provides: Confidentiality of data transitioning the chip-to-reader OTA channel
•
Value: Allows document holders to control privacy
MRZ Read
Authentication & Seed Key Derivation
Secure Session Establishment
6
3
10/8/2014
CHIP AUTHENTICITY - ACTIVE AUTHENTICATION
KPrAA
•
Threat: Chip substitution
•
Mechanism: Challenge response initiated by
employing chip active authentication key pair
— public key (proven authentic by PA)
validates AA signature
•
Compliance: ICAO optional (mandatory
under EU CP)
•
Provides: Proof that chip is authentic &
associated with the data page
•
Value: Assurance chip is genuine, not
counterfeit
DG15
KPuAA
7
CHIP ACCESS -— PASSWORD-BASED CONNECTION ESTABLISHMENT /SAC
•
Threat: Theoretical weakness in BAC protocol
•
Mechanism: Password-based (MRZ Derivation or CAN) and asymmetric key exchange to establish
secure session between chip and reader
•
Compliance: ICAO recommended (mandatory under EU CP in 2014)
•
Provides: Confidentiality of data transitioning the chip-to-reader OTA channel — low entropy entry
data via PACE protocol provides stronger session security than BAC
•
Value: Higher assurance of privacy for holder personal information
Password Entry or Derive from MRZ
Key Agreement (Diffie-Helman based)
Secure Session with PACE
8
4
10/8/2014
EXTENDED ACCESS CONTROL (EAC)
•
•
•
•
•
•
Threat: Unauthenticated access to advanced biometrics — identity theft
Mechanism: Implementation of fingerprint or iris biometrics with access controlled by
ISO7816 Card Verifiable (CV) authentication against random challenge from RFID chip —
authentication and granular authorization provided
EAC PKI implementing CVCA, DV and IS certificate management
Compliance: ICAO optional, defined by State (EU mandatory since 2009)
Provides: Originating authority controlled access to countries authorized for biometric
access
Value: Strongly authenticated access to biometrics — mitigated risk of impersonation
Secure Session with PACE
Chip Authentication
Passive Authentication
Active Authentication
Terminal Authentication
9
LOGICAL DATA STRUCTURE “TWO” (LDS2) – BASED ON CURRENT DRAFT
LDS2 Data Elements
Value
• Digitizes remaining pages of eMRTD
• Enables electronic verification of travel history
& visas
• May enable stronger verification through
additional biometrics
Mechanism
• Controlled foreign write & read access
terminals
• Write access — discretion of issuer
• Biometric read access — discretion of issuer
• Visa/travel records read access — nondiscretionary
• Leverages new LDS2 X509 CA subordinate to
CSCA for issuance of LDS2 Signing credentials
• Leverages ISO7816 EAC architecture for issuer
control of foreign read & write privileges to
eMRTD LDS2 Data Elements
Travel Records
(Stamps)
LDS2
Authorized
Data Reading
State
Visa
Records
eMRTD Issuing
State or
Organization
Additional
Biometrics
LDS2 Authorized
Data Signing State
10
5
10/8/2014
STRONGER SECURITY & GREATER UTILITY
LDS2
CERT-BASED ACCESS CONTROL
EAC
STRONGER SESSION SECURITY
CHIP AUTHENTICITY
PACE
AA
BAC
PA
LDS1
Machine
Readable
DATA INTEGRITY
AUTHENTICITY
ACCESS CONTROL
SESSION SECURITY
11
SERVING GOVERNMENTS GLOBALLY
6
10/8/2014
THANK YOU
13
7