Trusted identities | secure transactions™ Passport & Borders Market drivers and evolution
Market Drivers
Evidence of Rapid Change PLANE CAPACITIES Airbus A380 550+ travelers Boeing 747 416+ travelers Boeing 777 386+ travelers INTERNATIONAL TOURIST ARRIVALS AIRPORT VOLUMES 70.5M Passengers in 2014 DUBAI HEATHROW HONG KONG 68.1M Passengers in 2014 61.8M Passengers in 2014 45 120 countries issuing eMRTD in ICAO PKD We live in a rapidly changing world, with all parts of the globe targeted as a tourist destination: ecotours in to the rainforests, adventure tours to the remotest regions, and families distributed around the globe. In this respect the world has become a lot smaller …and tourist and business travellers alike are sought by cities and countries to increase their economic standing in the world. And airports and flight paths are the highways for this rapidly increasing flow of humanity back-and-forth across the globe. As a result there is greater pressure being put on airports around the world, and consequently border control processes. Dubai for the first time in 2014 became the busiest airport in the world with more than 70 million travelers passing through its gates. London Heathrow, historically the busiest airport was very close to the volumes in Dubai with over 68 million travelers. And in Asia, Hong Kong remains the busiest airport in the region with nearly 62 million travelers. It should come as no surprise that as a result of the increases in travel, the airliners themselves are getting bigger. Anyone who travels internationally has probably seen the Airbus A380 with the capacity to hold nearly 600 people. If we go back to our airport examples and look at Dubai a little more closely we discover that the Dubai Terminal 3 is exclusively dedicated to the A380 with 23 gates specially designed for these giant aircraft. Now imagine the impact of 2, 3, 5 or more A380 flights arriving at approximately the same time on the customs, immigration and transit process. But its not just the major hubs; passenger and freight volumes are rising generally around the globe, and many of the smaller airports are less equipped to deal with the rising influx of travelers. The good news is that our travel documents are getting better with this November being the ICAO set deadline for all countries to be issuing Machine Readable passports. Further the number of countries issuing electronic passports now stands at more than 120 countries – well over 50% of countries, with 45 countries as members of the PKD, meaning they are uploading validation materials so allow countries to easily access to validate their ePassports. So 120 issuing ePassports that are enabled with technology to prove their integrity and authenticity; yet there are only 10 or so countries that routinely leverage that technology at border control. Furthermore, INTERPOL’s facility designed specifically to provide advice on the standing of a document, i.e. whether it has been identified as lost or stolen, as well as to identify other concerns for identity in transit, is also used consistently by only a handful of countries We are not using the facilities we have! ? validating against SLTD ? e-validating at borders
43% $320B $32B $320M 40,000,000 THREAT insights OVERWHELMING SITUATION DRUG TRAFFICKING 43% Growth in Terrorism in 2013 $32B HUMAN TRAFFICKING Foreign Fighters by Jan 2014 - 16,000 $320M FIREARMS 40,000,000 Lost or stolen travel documents as of March 2014 OVERWHELMING SITUATION for current border control infrastructure Why is the authenticity of the document so important. Its important because this highway for transit around the globe, that we’re anxious to promote for business and tourist travel, is the very same highway that is used or perhaps I should say exploited by criminal and terrorist elements for furthering their goals. Terroristic acts were up 43% in 2013. A frightening statistic in and of itself, but perhaps even more frightening is the morphing of the terrorist threat around the issue of foreign fighters, given the nearly invisible nature of an individual who wants to leave one country to fight in another, the figure of 16,000 foreign fighters as of January 2014; now estimated at 25,000. …. UN indicating 71% increase since mid 2014. So not just who is coming in , but understanding who is leaving to represent a threat in another geography. …and identifying these individuals is a different game…. A combination of previous travel history, in conjunction with their current itinerary, combined with other data on the person captured by local or international watch lists. The motivators for these behaviors are obvious. In addition to rampant nationalism and fundamentalism, there is a great deal of money to be made in these illicit activities – billions or dollars in drugs, firearms and human trafficking alone. All of these threats involve the movement of people and products across borders, and today the most prevalent form of passport fraud isn’t counterfeiting or alteration, but the use by imposters of a legitimate document. Interpol states that over 40,000,000 passports that have been reported as lost or stolen as of March of 2014. Unfortunately, while growing, the number of airports and immigration authorities that are actively checking all travel documents against the lost and stolen database is very small. The rapidly changing face of international travel and volumes/and throughput requirements, the lack of comprehensive validation (even given the means to do so), coupled with a growing and morphing threat environment represents an over whelming situation for Border Control. ? validating against SLTD
EVOLUTION OF ePASSPORTS IMPACT ON BORDER CONTROL
LDS2 EAC PACE AA BAC PA LDS1 Machine Readable CERT-BASED ACCESS CONTROL EAC STRONGER SESSION SECURITY PACE CHIP AUTHENTICITY AA SESSION SECURITY ACCESS CONTROL BAC DATA INTEGRITY AUTHENTICITY PA LDS1 Machine Readable
three generations of epassport deployment Two ePassport standards commonly deployed today 1st Generation Electronic “data page” and associated security 2nd Generation Digital Biographics Enhanced Security Future profile based on ongoing standards for LDS2 3rd Generation Chip can be written to post-issuance Electronic entry/exit travel stamps, visas, additional biometrics Additional security
PKI in BAC “1st Gen” eMRTD Applications SUPPORTING PASSIVE AUTHENTICATION Based on X.509 PKI technology One Country Signing CA (CSCA) per country ~120 Countries deployed Ensures integrity and authenticity of personal data on chip to counter threat of forgery CSCA Issues one or more Document Signers that sign a hash of the personal data Data & Digital signature verified by Inspection System (IS) at border control TRUST PASSIVE AUTHENTICATION
1st generation ePassport Data Authenticity & Integrity (Passive Authentication) SOD Data Privacy & Access Control (Basic Access Control) Chip Authenticity (Active Authentication) Electronic data: Most MRZ data and facial image mandatory Security features for 1st generation Passive Authentication (X.509 PKI infrastructure) Digital Signature applied to electronic data PKI used by terminal to verify signature and ensure that Electronic Data was signed and written by passport issuer Electronic Data has not been altered since being written Basic Access Control MRZ data used as password to initialize secure messaging Verifier must be in possession of passport to access data Secure session established between terminal and chip Skimming and eavesdropping prevented Anyone in possession of passport can access data Active Authentication – Challenge response – risk is that the data goes from reader is supposed to be random data, but the inspection systems could potentially give meaningful data that would be signed by chip which could implicate false information Authenticates chip to terminal Validates that chip has not been substituted CHALLENGE RESPONSE
Borders PKI for eac “2nd gen” eMRTD TWO DISTINCT BUSINESS CASES Domestic High assurance validation of own citizens based on live match of biometrics with that on the chip Possibly in concert with ABC (eGates) – high assurance with speedy access Relatively straight forward deployment model Interoperable International High assurance validation of foreigners covered under agreement as they enter your border Again possibly in concert with ABC High assurance validation of your citizens at foreign borders, with controlled access to biometrics Significantly more complex Single Point of Contact (SPOC) TRUST
Borders PKI for eac “2nd gen” eMRTD TRUST EAC Mutual Authentication Chip Authentication Terminal Authentication
2nd generation ePassport Extended Access Control — Read (Terminal Authentication) Data Authenticity & Integrity (Passive Authentication) SOD Data Privacy & Access Control Chip Authenticity (PACE & BAC) (Chip Authentication) Electronic Data Biometrics added at personalization Security Features: Passive Authentication used to protect integrity and authenticity of biometrics the same was as for other data in 1st generation PACE protocol can be used instead of BAC Uses either MRZ data or 6 digit Card Access Number as password Provides stronger session keys with less entropy on password – fewer digits provides stronger session security Chip Authentication protocol can be used instead of Active Authentication Key exchange mechanism rather than challenge / response Eliminates risk of ‘challenge semantics’ Terminal Authentication – only authorized readers get access Extended Access Control for biometric data ISO 7816-based Card Verifiable (CV) certificate PKI infrastructure Passport issuer explicitly authorizes read of biometric data There are differences between what ICAO recommend (no terminal auth) and the EU recommendations (includes terminal auth) Security object is the signed hash. CHALLENGE RESPONSE KEY EXCHANGE
2nd GENERATION impact on border control Number of ePassports in circulation increasing 2nd Generation ePassports become more common — mandatory in EU; adopted by states interested in biometrics Increased confidence Authenticity, integrity and reliability of data/document Binding documents and passengers Easier identification of fraud and forgery Faster processing of passengers
3rd generation ePassport Data Authenticity & Integrity (Passive Authentication) Extended Access Control Read & Write (Terminal Authentication) Travel Stamps Visas Biometrics Data Privacy & Access Control Chip Authenticity (Chip Authentication) (PACE) Electronic Data Three additional applications (travel stamps, visa and additional biometrics) Security Features: Passive Authentication used to protect integrity and authenticity of additional 3rd generation data in same way as 1st & 2nd gen PACE protocol used exclusively (no BAC) Chip Authentication protocol used exclusively (no Active Authentication) Terminal Authentication used for extended access control to 3rd gen data Covers both read and write permissions Independent authorization for each of the 3 applications KEY EXCHANGE
3rd Generation impact on border control Automation of additional services possible Examination of travel history Electronic processing of Visas Verification of additional biometrics Ability to write to ePassports Authorization required from passport issuing state Travel entry/exit stamps can be written electronically at border Additional biometrics Additional security focused on authorization
ePassport Overview – What’s on the Chip? Chip contains Logical Data Structure (LDS) with 16 Data Groups (DGs) DG1 contains the contents of the MRZ - mandatory DG2 contains photograph of the holder - mandatory DG3 contains fingerprint biometric – Optional Etc. Chip contains Security Data Object (SOD) Contains hash of the Data Group present in LDS Contains a signature that encapsulates the stored hashes SOD HashLDS
IMPORTANT OUTCOMES AT THE BORDER DONE
Required Actions & necessary outcomes Greater veracity in verifying identities, travel documents Efficiency in processing through borders Greater utilization of existing data sources Agreement and adherence to standards Affordability for government agencies Simplicity for field officers COORDINATED RESPONSE Public-Private Sector Collaboration
Border Control Perspective Critical Decision In less than 60 seconds for each Inbound or outbound passenger Travelers are who they say they are Know their point of origin and destination Identify threat to travelers, transit Identify national security threats Authenticate credentials Verify entry privileges
FIELD OFFICER PERSPECTIVE ELEMENTS OF A DECISION Who is this person? Is the credential authentic? Do the biometrics agree? WHO WHAT What does the credential say? Does it belong to this person? Is it authentic or has it been altered? WHERE Where is he from? Where has he travelled? Where is he going?
FIELD OFFICER PERSPECTIVE
Concept — Attributes of a Decision Where What IDENTITY ASSURANCE Who
ESTABLISHING THE Who What Who Where IDENTITY ASSURANCE Who is this person according to the document? Do biometrics confirm identity? Local Databases Secondary Biometric Primary Biometric
eFeatures & Physical Security CONFIRMING THE What Where Who What IDENTITY ASSURANCE Does the credential belong to the bearer & Is it authentic and valid? Multi-Lateral Interoperability eFeatures & Physical Security International & SLTD
ESTABLISHING THE Where Who What confidence can be drawn from the person’s nationality and itinerary? PNR Itinerary & Ticket Data National Trust Policy - Alerts - Standing Advanced Passenger Information (API & iAPI) Where IDENTITY ASSURANCE What
Where What Who Future Extensions IDENTITY ASSURANCE LDS2 eVisa LDS2 Travel Stamps What IDENTITY ASSURANCE Who LDS2 Biometrics
ADVANCED PASSENGER INFORMATION (API) PORTABLE EGATES BORDER CONTROL DATABASES INTERPOL & LOCAL/REGIONAL ADVANCED PASSENGER INFORMATION (API) MULTI-LATERAL TRUST NETWORKS ICAO nPKD
Closing thoughts Time to Reap the Value Validate the Identity Threat level increasing Standards-based technology widely available ePassport issuance pervasive Threat level continues to increase For border control: Products and services are widely available that implement 1st and 2nd generation security features 3rd generation features not yet fully standardized – possible demonstrator sometime in mid-late 2016 Number of chip-enabled passports in circulation has now reach critical mass Given all these factors It is time for border control to begin reaping the benefit of these electronic passports Use the available tools to validate the identity Time to Reap the Value Validate the Identity