e- passports Erik Poll Digital Security Group Radboud University Nijmegen
Erik Poll Radboud Universiteit Nijmegen 2 overview e-passports functionality and security mechanisms problems, so far future
Erik Poll Radboud Universiteit Nijmegen 3 e-passports e-passport contains RFID chip / contactless smartcard –in Dutch passports, a Java Card chip stores digitally signed information: –initially just facial images (photos) –soon also fingerprints –later maybe iris aka biometric passport or MRTD with ICC/chip introduction pushed by US in the wake of 9/11 –to solve what problem?? international standard by ICAO (International Civil Aviation Organization, branch of United Nations) e-passport logo
Erik Poll Radboud Universiteit Nijmegen 4 Protocols & standards ISO defines physical communication for RFIDs ISO 7816 originally developed for contact smartcards defines standard APDU commands & responses, ICAO standard for e-passports defines specific IS commands and responses for passports additional EU standards standardise optional parts of ICAO specs & fix timeline additional advanced secuity mechanisms on top of ICAO
Erik Poll Radboud Universiteit Nijmegen 5 National id-cards & terminology Nederlandse Identiteitskaart (NIK) conforms to the same ICAO specification NB possible confusion eNIK is a future extension of NIK, with digital signature capability MRTD = Machine-Readable Travel Document just has Machine (OCR) Readable Zone, the MRZ, but need not contain a chip ie. e-passport = MRTD + chip MRZ
Erik Poll Radboud Universiteit Nijmegen 6 Basic Access Control (BAC) protects against unauthorised access and eavesdropping receive additional info optically read MRZ send MRZ Machine Readable Zone encrypted
Erik Poll Radboud Universiteit Nijmegen 7 Alternative: Faraday Cage protects against unauthorised access, but not eavesdropping –used in US passports, initially instead of BAC
Erik Poll Radboud Universiteit Nijmegen 8 Active Authentication (AA) protects against passport cloning (which BAC doesn't) ie authentication of the passport chip public key, signed by government (DG15) send challenge prove knowledge of corresponding private key
Erik Poll Radboud Universiteit Nijmegen 9 Questions? Open source implementation of passport terminal and passport applet available at