Machine Readable Travel Documents (MRTD) - Biometric Passport
Upcoming SlideShare
Loading in...5
×
 

Machine Readable Travel Documents (MRTD) - Biometric Passport

on

  • 1,243 views

An insight into the E-Passport, aka Biometric Passport, the need for biometrics in travel documents, the ICAO regulations governing the information contained in the electronic chip, RFID technique, ...

An insight into the E-Passport, aka Biometric Passport, the need for biometrics in travel documents, the ICAO regulations governing the information contained in the electronic chip, RFID technique, Privacy threats in the current design.

Statistics

Views

Total Views
1,243
Views on SlideShare
1,182
Embed Views
61

Actions

Likes
0
Downloads
24
Comments
1

2 Embeds 61

http://www.scoop.it 59
http://translate.googleusercontent.com 2

Accessibility

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel

11 of 1

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Machine Readable Travel Documents (MRTD) - Biometric Passport Machine Readable Travel Documents (MRTD) - Biometric Passport Presentation Transcript

    • {
    • • Conventional travel documents  Low Technology • Hard to copy/forge, printed paper with ID picture
    • • ICAO attempts to develop Biometric Passport since 1968. • Discrete Machine Readable Zone (MRZ) containing little information. • Aims at speeding information at borders.
    • Addition of machine readable information on the cards since 1980 ---Biometric main attraction --ICAO Standard released in 2004
    • • Becoming the base for secure authentication of personal identity • Many countries started to issue E-passports with an embedded chip containing biometric data • MRZ (introduced in 1980) contains two machine readable lines at the bottom of the identity page of passport. • The latest biometric standardized contains biometric features such as fingerprint, facial and iris recognition and enhances the security mechanisms.
    • Minimal Requirements in ICAO Standard Machine-Readable Travel Documents (MRTD) must provide • facial image • a digital copy of the MRZ, and • to have them digitally signed by the issuing country. The preferred platform is a contactless IC chip based on RFID technology.
    • Logical Data Structure for MRTD Logical Data Structure (LDS) ----> for global interoperability • ICAO guideline on how data should be stored in a microchip • Data Group (DG) -- for grouping & collecting logical data into LDS • ICAO guideline divides • Data elements into 19 groups and • LDS into three parts  “Mandatory” Data Elements  “Optional” Data Elements
    • :::Mandatory::: • Data defined by the issuing state or organization. • Includes the details recorded in the MRZ such as • Passport Number, • Passport Bearer’s Name, • Nationality, • Date of Birth, • Date of Expiry of passport, • Encoded facial biometric image & • Checksum of individual data elements which are used for deriving the session key.
    • :::Optional::: • Data defined by the issuing state or organization. • Includes • Encoded identification features (face, finger and eye), • Displayed identification features (digital signature), & • Encoded security features (contact details, proof of citizenship and endorsements). • Details for automated border clearance, • Electronic visas, • Other travel records.
    • Overview of Mandatory and Optional Data Elements defined for LDS
    • Biometric passport = E-passport Paper & electronic identity credential Contains biometrics features for authentication of travellers Contains chip & antenna enclosed in front/back/central page Chip  storing the user’s information Also contains biometric identifiers [depending on various countries choice and technical evolution] • Recommended file formats & communication protocols followed • • • • • •
    • Biometric Passport
    • Working Mechanism of Biometric Passport Border/Immigration officer uses MRZ reader to scan the MRZ part of e-passport to retrieve the embedded information. || Then, the stored information is obtained from the contact less chip by putting the e-passport near to e-passport reader. || Finally, verification of data is performed using PA, BAC mechanism for data encryption and integrity verification using either passive or active authentication. PA is compulsory where as BAC and AA are optional.
    • Special Properties of E-Passport • Biographical information and biometric information are securely stored which are identical to the information in the passport. • Contactless chip technology that lets the stored information to be retrieved by chip readers at a close distance. • Digital signature technology for verification of authenticity of the data stored on the chip.
    • RFID chips are being used everywhere such as tracking animals, inventory tracking devices, to start cars, ESPECIALLY IN E-PASSPORTS
    • Three Components of RFID System Antenna Transceiver Transponder
    • RFID System
    • RFID Circuit
    • ICAO Definition: MRTD has a contactless IC imbedded in it that can be used for biometric identification of the holder. Hence, MRTDs shall carry the specified symbol
    • Russian Passport with the “Chip-Inside” Symbol
    • • E-passport guarantees confidentiality, consistency and authenticity of information based on some cryptographic tools. • Wireless transmission of data in RFID makes it is vulnerable to an attack from a distance. • Attacks possible at communication network, chip or at backend system. • Most common attacks: • Eavesdropping, • Reverse Engineering, • Clandestine Scanning and Tracking, • Cloning, • Biometric Data-Leakage, • Cryptographic Weaknesse & • Skimming.
    • September 11, 2001 Global warning to handle & review the security and border control issues in practice
    • EAVESDROPPING Attacker secretly listens to the communication link and intercepts the information by using unauthorized device during the communication between chip and legitimate reader -----Passive attack -----Very hard to acknowledge because there is no emission of powered signals -----Attacker can eavesdrop up to at least of 2 meters
    • REVERSE ENGINEERING The process of taking the technological principles of a device, object or system apart to figure out how it works----Attacker can reverse engineer if he/she has the sound technical knowledge & has access to equipment not commonly found in commercial market
    • CLANDESTINE SCANNING AND TRACKING Scanning: The secret way of reading the electronic data of an identity card without the permission of the card holder -----Tracking: Ability to locate an individual and it can easily reveal the location privacy -----Clandestine tracking more harmful than scanning -----Faraday cage has been suggested to protect e-passports
    • CLONING The way of acquiring the data from an authorized identity card and making an unauthorized copy of the captured sample in a new chip -----Active authentication as the counter measure for cloning threat. -----Can be bypassed by amending the EF.COM file of the passport chip.
    • BIOMETRIC DATA-LEAKAGE If the biometric data are compromised, replacement is not possible -----One of the technics to increase data security is to use data-hiding -----Watermarking-based multimodal biometric approaches are widely used
    • CRYPTOGRAPHIC WEAKNESSES A new scheme for preserving authentication based on fingerprints that uses ElGamal cryptosystem for biometric comparison in encrypted domain -----No facility for key sharing and only used for authentication -----Authentication protocol based on elliptic curve cryptography more theoretical without experimental evaluation -----Some weakness on cryptography relied by ICAO
    • SKIMMING The act of obtaining encoded data without the consent of users by using electronic storage device -----Data retrieved by beaming power at the passport within a few inches or at most a few feet -----If the reader broadcasts the signal with high power the range can be extended
    • The ways of attacks to the system must be understandable by showing a generic biometric system model and its different modules.
    • • ICAO standards specify cryptographic measures & control techniques to be implemented in e-passport. • One mandatory cryptographic feature & five optional advanced security methods. Stored data integrity in the LDS and SOD verified & authenticated by PASSIVE AUTHENTICATION (PA). ACTIVE AUTHENTICATION (AA) is an optional security feature depending on public key cryptography to protect the chip against modification or cloning.
    • Basic Access Control (BAC) as an optional feature against data skimming and misuse. Extended Access Control (EAC) adds functionality to terminal authentication & chip authentication to prevent unauthorized access to additional biometrics Cryptography Threats: The recommended minimal key lengths have been chosen so that breaking those keys requires a certain effort, independent of the chosen signature algorithm. Cryptographic Threats
    • • ICAO standard allows an additional security access mechanism to meet data protection requirements & to enhance privacy of additional biometric data (such as fingerprints and iris identifiers). • Addition of metallic shield to cover e-Passport to prevent skimming and BAC to prevent unauthorized readers from accessing the chip was implemented. • These properties will make attacker more difficult to modify the stolen or lost passports as the new name and information would differ from the information on the RFID tag. • All e-passports issued must follow ICAO standards. • However, countries implement e-passport programs according to their specific policies and are free to implement different options specified in the standard. • Because of this, there are some differences on implementation of epassports among several countries even though they all confirm to the ICAO.
    • • The US State Department specified that new US passports would increase the available memory from 32 kilobytes to 64 kilobytes apparently to reserve for some more biometric characteristics. • The State Department also made compulsory rule for using the metallic layer to cover the passport. • The idea of using the metallic shield is a good concept but it does not provide a complete solution. • Since, passports are used for personal identification all over the world, one need to open it which makes the exposition of RFID. • Multimodal Biometric features are useful and widely used for authentication process, but misuse of these features can make severe loss of vital private information. • Several technologies are implemented in order to prevent from security threats, among them Biometrics is proved to be more secure than others.