Presentation is loading. Please wait.

Presentation is loading. Please wait.

Technical Report PKI for

Published byHelena Floyd Modified over 6 years ago

Similar presentations

Presentation on theme: "Technical Report PKI for"— Presentation transcript:

1 Technical Report PKI for
Machine Readable Travel Documents offering ICC read-only access 1. A paper proposing the use of a PKI scheme to secure electronic data on MRTD’s was endorsed by TAG 14. It was recognised by the TAG that the paper limited itself to describing concepts involved in the use of a Public Key Directory run by ICAO and describing the roles of issuing and receiving states. Further work was needed to specify the scheme in sufficient detail to enable implementation. This further work has been undertaken by a PKI Task Force organised by NTWG. 2. A new Technical Report has been prepared, providing, at a detailed technical level, specifications that can be used by issuing states to implement PKI in securing electronic data in their travel documents. TAG_15 Montreal, Tom Kinneging

2 Authenticity and Integrity
Document Security Object Standardized data structure (RFC3369) Containing hash-representations of LDS data groups Digitally signed by issuing State 2. The specified document security object, electronically signed by the issuing state, enables receiving states to verify the authenticity and integrity of the electronic data in the document’s chip.

3 Document Security Object
LDS SOD Data Group 1 (MRZ) Hash DG_1 Data Group 2 (Encoded Face) Hash DG_2 Data Group 3 (Encoded Finger) Hash DG_3 Data Group 4 (Encoded Iris) Hash DG_5 Data Group 5 (Displayed Face) Digital Signature Data Group 6 (Future use) 2. In this data object each LDS data group ‘in use’ is represented by it’s hash value. A hash value is a irreversibly calculated number, uniquely representing a certain amount of data. If a change is made to this data, than the same calculation would result in a different outcome, thus allowing a receiving party to check that the data has not been changed. Signing the Documents Security Object, using the Issuing State’s Private Key prevents re-calculation of the Data Group hash values, to be verified by use of the corresponding Issuing State’s Public Key. In this way the authenticity and integrity of the Document Security Object and therefore of the contents of the LDS can be validated at the Inspection Point. This construction, specified in the Technical report as ‘Passive Authentication’, provides the basic MRTD security. Standardized data structure. Flexible; verify once – use many. Only data groups in-use. Data Group Data Group 16 (Persons to notify)

4 Key Management Document Signer Certificates
Country Signing CA Certificates Certificate Revocation ICAO Public Key Directory 3. The Technical Report also specifies the requirements for states and organisations wanting to read electronic data and specifies a Public Key Directory that ICAO can implement. The report recommends that document signer public keys are stored on the MRTD chip itself, but this is optional. The Public Key Directory will provide a valuable service to the MRTD community even if the public key is included on the document’s chip.

5 Key Management Country Signing CA Document Signer 1 1 2 Issue & sign
Certificate Document Signer Certificate SOD Hash DG_1 1 2 Hash DG_2 Hash DG_3 Hash DG_5 Digital Signature 3. The use of Private and public Keys in protecting the authenticity and integrity of the MRTD’s data requires procedures and systems to generate, distribute and manage these keys. Generation and management of key-pairs are the responsibility of the Issuing States. Public keys have to be distributed to receiving States in a trusted way. The Technical Report describes the two levels of Certificates (the carriers of Public keys), used in the scheme. The Document security Object is digitally signed by a Document Signer, using the secret Document Signer Private Key. To be able to verify this signature at inspection points the Document Signer’s Public Key is distributed through the Document Signer Certificate. It is recommended that these keys have a relatively short lifetime, to minimize the amount of MRTDs affected by a key compromise. This results in the need for automated distribution through the ICAO Public Key Directory or on the MRTD’s chip itself. But how can this Document Signer Certificate be trusted? This is accomplished by signing it by a Issuing state’s Country Signing CA, which keys have a much longer lifetime. The Public Key of this Country Signing is distributed through the Country Signing CA Certificate. Since this is the Top Level it has to be distributed by diplomatic means. If, for whatever reason, certificates are no longer valid, this is communicated by the distribution of Certificate Revocation Lists. These Certificate revocation Lists and the document Signer Certificate are published on the ICAO Public Key Directory, a service offered by ICAO to the relying States. Document Security Object Inspection system MRTD chip

6 Additional options Basic Access Control Active Authentication
Securing additional biometrics 4. Furthermore the Technical Report provides specifications for additional optional security features that can be adopted to counter threats of eavesdropping and skimming of data from contactless chips. This additional security feature called ‘basic access control’ in the Technical Report can be adopted at the discretion of the issuing state. 5. A further optional additional security feature called ‘active authentication’ is specified. The latter prevents chip substitution and could be adopted at unmanned controls were the MRTD is used as an electronic token to gain access. Since it is recognised to be subject to national use or bilateral agreements, security for additional biometrics (like finger and/or iris) is not specified in this version of the Technical Report, although Extended Access Control and Encryption are mentioned as possible solutions.

7 Basic Access Control MRZ based key derivation Skimming Eavesdropping
Access to chip data Eavesdropping Secure communications chip / reader 4. The contents of a traditional MRTD cannot be read while the document is not willingly opened/handed over to an inspector. A contactless chip however could be read while the document is still in the owner’s pocket; this unauthorized reading is called skimming. Tests have shown, that it is relatively easy to record the communications between a contactless chip and the reader device, once the chip has been powered. This is called eavesdropping.

8 Basic Access Control 4. The contents of a traditional MRTD cannot be read while the document is not willingly opened/handed over to an inspector. A contactless chip however could be read while the document is still in the owner’s pocket; this unauthorized reading is called skimming.

9 Basic Access Control Inspection system 10011101111001 4.
If the option Basic Access Control is implemented, information from the MRZ has to be read to obtain access to the chip’s contents. This MRZ information is used to generate the keys for this access. The best security would be achieved if the entire MRZ was used, but regarding the necessity to be able to type the information in (f.I. in case of read failure) lead to the choice for Document Number, Date-of-Birth, Date-of-Expiry. Since the goal of Basic Access Control is to force the document to be opened and not to establish the ideal data protection, this is recognized to be sufficient. Tests have shown, that it is relatively easy to record the communications between a contactless chip and the reader device, once the chip has been powered. This is called eavesdropping. The Basic Access Control mechanism also prevents this kind of attack. The same keys, derived from the MRZ are used to set up a secure channel, which means that they are used to encrypt the communications between chip and reader. Basic Access Control is optional for MRTDs as well as for inspection systems. Only inspection systems supporting Basic access Control are able to read MRTDs that are equipped with it. Inspection system

10 Active Authentication
Chip Substitution Data Copying Document’s Key pair 5. The option ‘Active Authentication’ prevents chip substitution and data copying could be adopted at unmanned controls were the MRTD is used as an electronic token to gain access. Active Authentication is based on the use af a Document’s key pair. Active Authentication is optional for MRTDs as well as for inspection systems.

11 Active Authentication
LDS SOD Data Group 1 (MRZ) Hash DG_1 Data Group 2 (Encoded Face) Hash DG_2 Data Group 3 (Encoded Finger) Hash DG_3 Data Group 4 (Encoded Iris) Hash DG_5 Data Group 5 (Displayed Face) Hash DG_15 Data Group 6 (Future use) Digital Signature 5. Both Private and Public key are specific for the individual MRTD and stored in the chip. The private key is safely stored in secure memory and the Public Key is stored in the LDS. Because of the Public Key being stored in the LDS, it’s authenticity and integrity are proven by the Passive authentication Mechanism. Establishing that the Public Key belongs to the Private Key (which doesn’t leave the chip) proves that the chip contents belongs to the chip, which, by additionally comparing the visible and the electronically stored MRZ, belongs to the genuine document. Data Group Data Group 15 (AA Public Key) AA Private Key Data Group 16 (Persons to notify)

12 Next steps Implementation experiences Further development 6.
The Technical Report has reached a stage of development and review when NTWG believe it offers sufficient detail for states to proceed with e-passports. However when implementations are made, issues will arise and there will be a need to keep the Report under review. 7. The PKI scheme is designed to protect data written at time of issue and not updated. A further challenge for NTWG will be to develop a globally interoperable PKI scheme that can accommodate additions to electronic data in the lifetime of the document. This work is beyond the scope of the present Task Force.

13 Frequently Asked Questions
TAG-MRTD-WP/10 Keep up-to-date 8. In addition to the Technical Report a “Frequently Asked Questions” document is provided in TAG-MRTD-WP/10. This has been prepared because of the technical nature of the PKI report itself. The questions were largely invented by Task Force members and it is intended to update the document with genuine questions from the MRTD community as they arise.

14 Action by the TAG/MRTD The TAG/MRTD is invited to endorse the Technical Report, “PKI for Machine Readable Travel documents Offering ICC Read-only Access”, Version 1.0. 9. The TAG/MRTD is invited to endorse the Technical Report, “PKI for Machine Readable Travel documents Offering ICC Read-only Access”, Version 1.0.

Download ppt "Technical Report PKI for"

Similar presentations

1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.

1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.
Technical Report PKI for Machine Readable Travel Documents offering ICC read-only access TAG_15 Montreal, 2004-05-18 Tom Kinneging.

Technical Report PKI for Machine Readable Travel Documents offering ICC read-only access TAG_15 Montreal, Tom Kinneging.
Chapter 14 – Authentication Applications

Chapter 14 – Authentication Applications
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
E- passports Erik Poll Digital Security Group Radboud University Nijmegen.

E- passports Erik Poll Digital Security Group Radboud University Nijmegen.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Review of Patents Agenda Item 3: Report of the New Technologies Working Group.

Review of Patents Agenda Item 3: Report of the New Technologies Working Group.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.

Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
Biometrics – updates on ISO and ICAO Asbjørn Hovstø Porvoo7 Reykjavik, Iceland 27th May 2005.

Biometrics – updates on ISO and ICAO Asbjørn Hovstø Porvoo7 Reykjavik, Iceland 27th May 2005.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.

Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.
Digital Signature Xiaoyan Guo/102587 Xiaohang Luo/104446.

Digital Signature Xiaoyan Guo/ Xiaohang Luo/
Controller of Certifying Authorities PKI Technology - Role of CCA Assistant Controller (Technology) Controller of Certifying Authorities Ministry of Communications.

Controller of Certifying Authorities PKI Technology - Role of CCA Assistant Controller (Technology) Controller of Certifying Authorities Ministry of Communications.
Secure Systems Research Group - FAU Patterns for Digital Signature using hashing Presented by Keiko Hashizume.

Secure Systems Research Group - FAU Patterns for Digital Signature using hashing Presented by Keiko Hashizume.
Integrated Solutions for Secure Identity Técnicas ctiptográficas para la Protección de Datos Biométricos en el E-Passport / E-DNI f-ID Security Technologies.

Integrated Solutions for Secure Identity Técnicas ctiptográficas para la Protección de Datos Biométricos en el E-Passport / E-DNI f-ID Security Technologies.

Similar presentations

Ads by Google