E- passports Erik Poll Digital Security Group Radboud University Nijmegen.

Slides:

Advertisements

Similar presentations

Time To Reflect: Where Have we BeenWhere Do We Go Barry J. Kefauver Best Practices Workshop Bogota, Colombia November 10-12, 2008.

Advertisements

Technical Report PKI for Machine Readable Travel Documents offering ICC read-only access TAG_15 Montreal, Tom Kinneging.

The detection and prevention of ID Fraud

Security of JavaCard smart card applets Erik Poll University of Nijmegen

Match On Card Technology and its use for PKI Mgr. Miroslav Valeš Sales Manager Eastern Europe May 9, 2001 CATE 2001 Security and Protection.

FIPS 201 Framework: Special Pubs ,76,78 Jim Dray HSPD-12 Workshop May 4/5, 2005.

12 November 2002Digital Identity Forum – London Biometrics and ID Bill Perry Independent Consultant Phone:

1. Documents types Visas (ID-2) ICAO standard passports (ID-3) ID cards and driving licences (ID-1) Travel and identity documents.

DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13

DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13 DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13 Digital Signatures Authentication.

Lecture 6 User Authentication (cont)

Review of Patents Agenda Item 3: Report of the New Technologies Working Group.

Nairobi, Kenya 29-31October Fifth Special Meeting of the Counter- Terrorism Committee with International, Regional and Subregional Organizations.

FAL Programme Presentation to ACI July 2004 Mary McMunn Chief FAL section Presentation to ACI July 2004 Mary McMunn Chief FAL section.

Civil Registry Agency of the Ministry of Justice, Georgia Digital Signature Services in Georgia Mikheil Kapanadze.

Biometrics – updates on ISO and ICAO Asbjørn Hovstø Porvoo7 Reykjavik, Iceland 27th May 2005.

Cryptography and Authentication Lab ECE4112 Group4 Joel Davis Scott Allen Quinn.

1 Automatic Border Passage at Amsterdam Airport Schiphol ACM ICPC, November 16th 2002 Art de Blaauw, manager projects.

Dr. Kim Nguyen, ECC Workshop, Bochum, , 1 Identity in the digital age Travel documents & Cryptography Dr. Kim Nguyen Bundesdruckerei GmbH, Berlin.

Biometrics in New Zealand Passport issuing Border crossing System and information access Building access.

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

Hosted by: June 23-26, 2003 New York City ID Card Projects Large Scale ID Projects Based on Biometrics (Specifically Fingerprint)

CMSC 414 Computer and Network Security Lecture 15 Jonathan Katz.

Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.

Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.

Risk of Using RFID chips in Passports Oscar Mendez.

Liberian Registry INTERTANKO ASSOCIATES COMMITTEE MEETING March 29, 2006.

E-Passport standard status and efforts at Japan IC passport study committee  Head of Japan ISO/IEC JTC1/SC17/WG3  Member of ICAO-NTWG  Manager of Japanese.

Information Security. Information Security Requirements Confidentiality: Protection from disclosure to unauthorised persons Access control: Unauthorised.

EPC for Security Applications By Jacob Ammons & Joe D’Amato.

Civil Registry Agency of the Ministry of Justice, Georgia Georgian ID card Mikheil Kapanadze.

P O L I C E D E P A R T M E N T  Biometric passport – Passport Act – Issuing a biometric passport – Development project  Biometric Passport To Biometric.

Security systems need to be able to distinguish the “white hats” from the “black hats”. This all begins with identity. What are some common identifiers.

Asia Pacific Distribution Conference ID SECURE Market Psion Teklogix Position / Road Map.

Integrated Solutions for Secure Identity Técnicas ctiptográficas para la Protección de Datos Biométricos en el E-Passport / E-DNI f-ID Security Technologies.

Chapter 10: Authentication Guide to Computer Network Security.

Biometrics on the international scene David Gamper, ACI Headquarters Scope of presentation ICAO TAG/MRTD progress Different uses of biometrics ACI World.

Copyright 次世代 IC カードシステム研究会 C 1 Nagaaki OHYAMA Tokyo Institute of Technology Chair of NICSS National ID card in Japan May Provoo (Reykjavik,

Special Publication : Interfaces for Personal Identity Verification Jim Dray NIST NPIVP Workshop March 3, 2006.

New Technologies and Travel Documents ICAO 12 th Meeting of the Facilitation Division Cairo March 23, 2004.

EPassports EAC Conformity & Interoperability Tests, Prague September 7-12, 2008 When an e-Passport Talks and it Should Not Martin Hlaváč and Tomáš Rosa.

The Emerging Global Identity & Tracking System October 28, 2004 Barry Steinhardt Director, Technology & Liberty Project American Civil Liberties Union.

Secure Systems Research Group - FAU Patterns for Web Services Security Standards Presented by Keiko Hashizume.

28 th International Traffic Records Forum Biometrics/SmartCard Workshop 28 th International Traffic Records Forum August 4, 2002 Orlando, Florida.

Csci5233 computer security & integrity 1 Cryptography: an overview.

Privacy versus Authentication Confidentiality (Privacy) –Interceptors cannot read messages Authentication: proving the sender’s identity –The Problem of.

COEN 350: Network Security Authentication. Between human and machine Between machine and machine.

Standardisation and regulation on information security Margus Püüa Head of Department Department of State Information Systems Ministry of Economic Affairs.

THE MALAYSIAN ELECTRONIC PASSPORT

E-Passports: Origin and Future Barry J. Kefauver OAS Workshop San Salvador June 9, 2008.

1. U2F Case Study Examining the U2F paradox 3 What is Universal 2 nd Factor (U2F)?

By Chris Zachor CS 650.  Introduction  SSH Overview  Scenarios  How To:  Results  Conclusion.

FAL/12-WP/20 Work on the TAG/MRTD (1995 – Today) Work on the TAG/MRTD (1995 – Today)

Trusted identities | secure transactions™

Nikita Maria Department of Applied Informatics University of Macedonia - Greece.

Known-Plaintext-Only Attack on RSA-CRT with Montgomerry Multiplication

Understand User Authentication LESSON 2.1A Security Fundamentals.

THE MALAYSIAN ELECTRONIC PASSPORT

Technical Report PKI for

Agenda Item 3: Report of the New Technologies Working Group

New Technologies and Travel Documents

Merging Security and Convenience with Seos® Credential Technology

Security and Privacy Issues in E-passports

Technical Report PKI for

ICAO BLUEPRINT BIOMETRIC TECHNOLOGY IN MRTDs

Milan Zoric Centre for Testing and Interoperability ETSI

Security and Privacy Issues in E-Passports

E-identities (and e-signatures)

Agenda Item 3: Report of the New Technologies Working Group

Presentation transcript:

e- passports Erik Poll Digital Security Group Radboud University Nijmegen

Erik Poll Radboud Universiteit Nijmegen 2 overview e-passports functionality and security mechanisms problems, so far future

Erik Poll Radboud Universiteit Nijmegen 3 e-passports e-passport contains RFID chip / contactless smartcard –in Dutch passports, a Java Card chip stores digitally signed information: –initially just facial images (photos) –soon also fingerprints –later maybe iris aka biometric passport or MRTD with ICC/chip introduction pushed by US in the wake of 9/11 –to solve what problem?? international standard by ICAO (International Civil Aviation Organization, branch of United Nations) e-passport logo

Erik Poll Radboud Universiteit Nijmegen 4 Protocols & standards ISO defines physical communication for RFIDs ISO 7816 originally developed for contact smartcards defines standard APDU commands & responses, ICAO standard for e-passports defines specific IS commands and responses for passports additional EU standards standardise optional parts of ICAO specs & fix timeline additional advanced secuity mechanisms on top of ICAO

Erik Poll Radboud Universiteit Nijmegen 5 National id-cards & terminology Nederlandse Identiteitskaart (NIK) conforms to the same ICAO specification NB possible confusion eNIK is a future extension of NIK, with digital signature capability MRTD = Machine-Readable Travel Document just has Machine (OCR) Readable Zone, the MRZ, but need not contain a chip ie. e-passport = MRTD + chip MRZ

Erik Poll Radboud Universiteit Nijmegen 6 Basic Access Control (BAC) protects against unauthorised access and eavesdropping receive additional info optically read MRZ send MRZ Machine Readable Zone encrypted

Erik Poll Radboud Universiteit Nijmegen 7 Alternative: Faraday Cage protects against unauthorised access, but not eavesdropping –used in US passports, initially instead of BAC

Erik Poll Radboud Universiteit Nijmegen 8 Active Authentication (AA) protects against passport cloning (which BAC doesn't) ie authentication of the passport chip public key, signed by government (DG15) send challenge prove knowledge of corresponding private key

Erik Poll Radboud Universiteit Nijmegen 9 Questions? Open source implementation of passport terminal and passport applet available at