Download presentation
Presentation is loading. Please wait.
Published byAlexandra Rowe Modified over 10 years ago
1
Time To Reflect: Where Have we BeenWhere Do We Go Barry J. Kefauver Best Practices Workshop Bogota, Colombia November 10-12, 2008
2
Current Status There are over 50 countries issuing chip-based passports There are over 50 countries issuing chip-based passports More than 50% of the worlds passport issuance are now chip-based More than 50% of the worlds passport issuance are now chip-based There remain a number of countries that need to develop machine-readable passport programs before the April 2010 deadline There remain a number of countries that need to develop machine-readable passport programs before the April 2010 deadline Work continues to refine and enhance, but implementations go quite well Work continues to refine and enhance, but implementations go quite well The inspection of these documents lags far behind the issuance programs The inspection of these documents lags far behind the issuance programs The ICAO TAG met in May and decided on a work program for the coming several years The ICAO TAG met in May and decided on a work program for the coming several years
3
Document 9303 Development London November 2000Contactless chips London November 2000Contactless chips Biometrics Selection TR 2001 Biometrics Selection TR 2001 New Orleans Resolution February 2003face, finger, iris, chips New Orleans Resolution February 2003face, finger, iris, chips London July 2003--Joint ICAO/ISO meeting London July 2003--Joint ICAO/ISO meeting LDS TR 2003 LDS TR 2003 PKI TR 2003 PKI TR 2003 Biometrics Deployment TR 2003 Biometrics Deployment TR 2003 Canberra testing, February 2004 Canberra testing, February 2004 Berlin, February 2005the Guide Berlin, February 2005the Guide Montreal, 2005--TAG acceptance of Edition Six Part 1 Montreal, 2005--TAG acceptance of Edition Six Part 1 Berlin, May-June 2006many rounds of testing leading to this Berlin, May-June 2006many rounds of testing leading to this Supplement Edition Seven in preparation for posting Supplement Edition Seven in preparation for posting Prague Conformity and Interoperability TestingSeptember Prague Conformity and Interoperability TestingSeptember Part 3 drafted and approved, publication underway now Part 3 drafted and approved, publication underway now
4
Fundamental Truth vs Urban Myth 14443 and 180006c/Gen 2 14443 and 180006c/Gen 2 Skimming Skimming - Reading the electronic data in an IC chip surreptitiously with a reader in the vicinity of the travel document. - Reading the electronic data in an IC chip surreptitiously with a reader in the vicinity of the travel document. Eavesdropping Eavesdropping - When data from an IC chip are intercepted by an intruder while it is being read from an authorized reader. - When data from an IC chip are intercepted by an intruder while it is being read from an authorized reader. Cloning Cloning - Copying the data that has been placed on a chip - Copying the data that has been placed on a chip - Although he can clone the tag, (the hacker) says it's not possible, as far as he can tell, to change data on the chip, such as the name or birth date, without being detected. That's because the passport uses cryptographic hashes to authenticate the data. - Although he can clone the tag, (the hacker) says it's not possible, as far as he can tell, to change data on the chip, such as the name or birth date, without being detected. That's because the passport uses cryptographic hashes to authenticate the data. Shielding and the Faraday cage Shielding and the Faraday cage
5
The Wave of the Present: Travel Document Enhancements Widespread Document security technologies are very mature and broadly used Document security technologies are very mature and broadly used Contactless chips-ISO 14443 Contactless chips-ISO 14443 Biometrics-face, finger, iris Biometrics-face, finger, iris Cryptography-data security and integrity Cryptography-data security and integrity Data Sharing-bilateral, multilateral, special-purpose, commercial and government Data Sharing-bilateral, multilateral, special-purpose, commercial and government The document itself has never been stronger The document itself has never been stronger
6
Testing History Canberra, Australia Morgantown, West Virginia, USA - A very significant event - Participants Sydney, Australia - Improved, but much work to be done Laboratory testing at US NIST Several other operational tests, e.g. BWI, Tsukuba, Berlin - Each one reflected improved interoperability Conformity testing in Prague
7
The So-What Test Pragmatics of mischief Pragmatics of mischief - Distance - Distance - Power - Power - Visibility - Visibility At what price? At what price? And then what do you have? And then what do you have?
8
Factors to Keep in Mind Biometrics--the only reason why we have a chip Biometrics--the only reason why we have a chip The early days post 9/11 The early days post 9/11 Evolution to the present Evolution to the present Germany has launched fingerprint, others underway now or soon to be Germany has launched fingerprint, others underway now or soon to be The so-what testmake SURE you ask this The so-what testmake SURE you ask this Not just a chip Not just a chip - -The e-passport is everything that non-e passports are, but in addition, with a chip - Inks -OVDs of many hues and flavors -Paper and accompanying measures to protect - Watermarks of various technologies - Security printing - Many other physical features
9
But Still A Risky Business The beatings will continue until morale improves The beatings will continue until morale improves The challenges and the opportunities The challenges and the opportunities I will keep bleating on this topic until the issues are addressed I will keep bleating on this topic until the issues are addressed
10
Issues Facing Border Control Today Profiling Profiling Biometrics Biometrics Data and information sharing Data and information sharing Privacy and data integrity Privacy and data integrity New visions of next generation technologies New visions of next generation technologies Enrollment and other systems Enrollment and other systems
11
New Initiatives Information and data sharing, real time communications capability Information and data sharing, real time communications capability Centralized civil registry databases Centralized civil registry databases Shift from counterfeits to fraudulent genuines Shift from counterfeits to fraudulent genuines Numerous online enrollment and other-services programs are being deployed Numerous online enrollment and other-services programs are being deployed A need for standards to smooth information A need for standards to smooth information gathering and sharing prior to departure gathering and sharing prior to departure Identity theft has captured worldwide attention and concern Identity theft has captured worldwide attention and concern - The average fraud amount per case has increased from $5,249 to $6,383, over two years in the US alone - The average fraud amount per case has increased from $5,249 to $6,383, over two years in the US alone - The total one-year cost of identity fraud increased from $53.2 billion to $56.6 billion over those two years in the US alone - The total one-year cost of identity fraud increased from $53.2 billion to $56.6 billion over those two years in the US alone - The vast majority of identity fraud victims (68%) incur no out-of-pocket expenses. (This points out that businesses are victims of fraud as well.) - The vast majority of identity fraud victims (68%) incur no out-of-pocket expenses. (This points out that businesses are victims of fraud as well.) - Victims are spending more time to resolve identity fraud - Victims are spending more time to resolve identity fraud
12
So---Now What The story needs to be toldinform the traveling public of measures being taken and why The story needs to be toldinform the traveling public of measures being taken and why What identity management and biometrics do FOR you rather than TO you What identity management and biometrics do FOR you rather than TO you Adopt a planning and risk management process that fits YOUR programs needs Adopt a planning and risk management process that fits YOUR programs needs
13
Best Practices A fundamental first step is to conduct a comprehensive risk analysis and THEN a risk management profile A fundamental first step is to conduct a comprehensive risk analysis and THEN a risk management profile Incorporate risk management measures into program planning, e.g., Frontex in EU Incorporate risk management measures into program planning, e.g., Frontex in EU Standards are needed-requirements that must be addressed as minimum specifications Standards are needed-requirements that must be addressed as minimum specifications Fraud prevention programs-detection, deterrence, follow-up, information sharing Fraud prevention programs-detection, deterrence, follow-up, information sharing Monitoring and auditing document inspection processes as well as document issuance and entitlement authorizations Monitoring and auditing document inspection processes as well as document issuance and entitlement authorizations Implement security techniques, such as mutual authentication, cryptography and verification of message integrity, to protect identity information throughout the application Ensure protection of all user and credential information stored in central identity system databases, allowing access to specific information only according to designated access rights Notify the user as to the nature and purpose of the personally identifiable information (PII) collected - its usage and length of retention Notify the user about what information is used, how and when it is accessed and by whom and provide a redress mechanism to correct information and to resolve disputes
14
Thank you for your attention… Barry J. Kefauver Jetlag10@earthlink.net
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.