Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
An On-line Secure
E-Passport Protocol
Vijayakrishnan Pasupathinathan
with, Josef Pieprzyk and Huaxiong Wang
Centre for Adv...
Outline
•
•
•
•

Overview of E-passport
First Generation - some known weaknesses
Second Generation

•

Working and Problem...
E-passport Overview
•

Integration of a biometric enabled contact-less smart
card microchip.

•

E-passport guideline (DOC...
E-passport Overview

4
E-passport Overview
•

Yesterday: Machine
readable passport with
MRZ

Image courtesy of DFAT Australia

4
E-passport Overview
•

Yesterday: Machine
readable passport with
MRZ

•

Today: Electronic Passport
with digital Image

4
E-passport Overview
•

Yesterday: Machine
readable passport with
MRZ

•

Today: Electronic Passport
with digital Image

•
...
E-passport Operation
First Generation
•

Basic Access Control - enables encrypted
communication.

•

Passive Authenticatio...
First generation PKI
Country CSCA

Country CSCA
PKD
(ICAO)
DS

...

DS

.
.
.
Country CSCA

E-passport

As of Dec. 2007 - ...
Known Attacks (Problems) in
First Generation E-passports

•
•

BAC is optional! So, encryption is optional.
Low entropy (3...
Known Attacks (Problems) in
First Generation E-passports

•

Formal verification of the complete protocol
[V. Pasupathinath...
Second Take!

Second Generation E-passports

•
•
•

Proposed by BSI Germany [Kluger 2005]

•

Adds extra biometric identifi...
EAC Mechanisms
•

Based on Diffie-Hellman Key Pair (PKCS #3 or
ISO 15946)

•

Chip Authentication - replaces active
authent...
EAC Mechanisms
Chip Authentication

Chip

PKI Structure

IS

PKc SKc Dc

Send PKc
Generate ephemeral
key-pair
Send PK’

K=...
Problems with EAC - PKI
Certify{PKc}

E-passport

Send Public
Key
Check ALL
Certificates

Document
Signer

Certify{PKds}

E...
Problems with EAC - PKI
Certify{PKc}

E-passport

Send Public
Key
Check ALL
Certificates

Document
Signer

Certify{PKds}

E...
Problems with EAC - PKI
Certify{PKc}

E-passport

Send Public
Key
Check ALL
Certificates

Document
Signer

Certify{PKds}

E...
Problems with EAC - PKI
Certify{PKc}

E-passport

Send Public
Key
Check ALL
Certificates

Document
Signer

Certify{PKds}

E...
Problems with EAC - PKI
Certify{PKc}

E-passport

Send Public
Key
Check ALL
Certificates

Document
Signer

Certify{PKds}

E...
Problems with EAC - PKI
Certify{PKc}

E-passport

Document
Signer

Certify{PKds}

E-passport’s Home Country

(CSCA)

How L...
Problems with EAC - PKI
Certify{PKc}

E-passport

Send Public
Key
Check ALL
Certificates

Document
Signer

Certify{PKds}

E...
Problems with EAC - PKI
Certify{PKc}

E-passport

Document
Signer

Certify{PKds}

E-passport’s Home Country

(CSCA)

Ident...
Problems with EAC - PKI
Certify{PKc}

E-passport

Send Public
Key
Check ALL
Certificates

Document
Signer

Certify{PKds}

E...
EAC other Problems
•
•
•
•

IS requires write access to E-passports.

•

Border Control terminal need to update CSCA
certi...
Online Secure E-passport
Protocol
•

•

Why Online?

•
•

Use the same PKI as in First Generation.
Eliminate the need to s...
Online Secure E-passport
Protocol
E-passport

Visiting Country
Inspection System

15

DV
Online Secure E-passport
Protocol
E-passport

Visiting Country
Inspection System

create and send session key part

15

DV
Online Secure E-passport
Protocol
Visiting Country

E-passport

Inspection System

create and send session key part
Read M...
Online Secure E-passport
Protocol
Visiting Country

E-passport

Inspection System

DV

create and send session key part
Re...
Online Secure E-passport
Protocol
Visiting Country

E-passport

Inspection System

DV

create and send session key part
Re...
Online Secure E-passport
Protocol
Visiting Country

E-passport

Inspection System

DV

create and send session key part
Re...
OSEP Characteristics
•
•
•

The protocol is SK-secure. [Canetti 2001]

•

Tamper detectable integrity check protects
again...
What needs to be done?
•
•
•

Online nature can induce delays.

•

Fallback to off-line authentication.

But current passp...
Thank you
krishnan@ics.mq.edu.au

18
Upcoming SlideShare
Loading in …5
×

An Online secure ePassport Protocol

1,683 views

Published on

Published in: Technology
  • Check the source ⇒ www.WritePaper.info ⇐ This site is really helped me out gave me relief from headaches. Good luck!
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • You can ask here for a help. They helped me a lot an i`m highly satisfied with quality of work done. I can promise you 100% un-plagiarized text and good experts there. Use with pleasure! HelpWriting.net
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Great innovation...especially useful for police states who can now track their citizen's movements...
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Be the first to like this

An Online secure ePassport Protocol

  1. 1. An On-line Secure E-Passport Protocol Vijayakrishnan Pasupathinathan with, Josef Pieprzyk and Huaxiong Wang Centre for Advanced Computing - Algorithms and Cryptography (ACAC) Macquarie University, Australia 1
  2. 2. Outline • • • • Overview of E-passport First Generation - some known weaknesses Second Generation • Working and Problems An Online E-passport Proposal 2
  3. 3. E-passport Overview • Integration of a biometric enabled contact-less smart card microchip. • E-passport guideline (DOC 9303) developed by International Civil Aviation Organisation (ICAO). • Describes communication protocol • • Provides details on establishing a secure communication channel between an e-passport and an e-passport reader • Authentication mechanisms. Uses existing approved standard such as ISO14443, ISO11770, ISO/IEC 7816, ISO 9796. 3
  4. 4. E-passport Overview 4
  5. 5. E-passport Overview • Yesterday: Machine readable passport with MRZ Image courtesy of DFAT Australia 4
  6. 6. E-passport Overview • Yesterday: Machine readable passport with MRZ • Today: Electronic Passport with digital Image 4
  7. 7. E-passport Overview • Yesterday: Machine readable passport with MRZ • Today: Electronic Passport with digital Image • Tomorrow: Passports with secondary biometric information 4
  8. 8. E-passport Operation First Generation • Basic Access Control - enables encrypted communication. • Passive Authentication - provides integrity of epassport data. • Active Authentication - provides authentication of chip contents. E-passport Holder Border Security Visits a check point Scan MRZ BAC Passive Auth Active Auth 5
  9. 9. First generation PKI Country CSCA Country CSCA PKD (ICAO) DS ... DS . . . Country CSCA E-passport As of Dec. 2007 - 4 countries are actively upload to PKD. (Australia, Japan, New Zealand and Singapore) By early 2009, 20 countries are expected to join PKD
  10. 10. Known Attacks (Problems) in First Generation E-passports • • BAC is optional! So, encryption is optional. Low entropy (3DES, max. 112b, BAC max 56/74b, in practice 30-50b)[Jules et. al. 2005] • • The authentication key is derived from document#, DoB, DoE. No protection against cloning. [G S. Kc et. al. 2005] 7
  11. 11. Known Attacks (Problems) in First Generation E-passports • Formal verification of the complete protocol [V. Pasupathinathan et. al 2008] • • • No data origin authentication. • Can be exploited because of weakness in facial biometric. Subject to replay and Grand master attacks. Vulnerable to Certificate Manipulation. And there are others too! 8
  12. 12. Second Take! Second Generation E-passports • • • Proposed by BSI Germany [Kluger 2005] • Adds extra biometric identifiers - finger prints (optionally, Iris scan). • June 2009 all EU members will implement. Adopted by EU in June 2006 New protocols to enhance security for Extended Access Control (EAC). 9
  13. 13. EAC Mechanisms • Based on Diffie-Hellman Key Pair (PKCS #3 or ISO 15946) • Chip Authentication - replaces active authentication • Terminal Authentication E-passport Holder Visits a check point Border Security Scan MRZ BAC Chip Auth Passive Auth Terminal Auth 10
  14. 14. EAC Mechanisms Chip Authentication Chip PKI Structure IS PKc SKc Dc Send PKc Generate ephemeral key-pair Send PK’ K= KA(Pk’ SKc) PK’ SK’ K = KA(PKc SK’) Terminal Authentication Chip RNDc IS Send RNDc z = IDc || RNDc || H(PK’) S = SIGN{ z } Verify {S} Send S Photo Courtesy ICAO MRTD Report November 2007
  15. 15. Problems with EAC - PKI Certify{PKc} E-passport Send Public Key Check ALL Certificates Document Signer Certify{PKds} E-passport’s Home Country (CSCA) Certify ALL IS systems Chip Auth - PKc CERT{IS}{DV}{VCSCA} Visiting Country Inspection System DV ..... DV Visiting Country’s Document Verifier 12
  16. 16. Problems with EAC - PKI Certify{PKc} E-passport Send Public Key Check ALL Certificates Document Signer Certify{PKds} E-passport’s Home Country (CSCA) Certify ALL IS systems Chip Auth - PKc NOT Useful CERT{IS}{DV}{VCSCA} Visiting Country Inspection System DV ..... DV Visiting Country’s Document Verifier E-passports DONT have an internal clock!! How does it now if the certificate is valid? 12
  17. 17. Problems with EAC - PKI Certify{PKc} E-passport Send Public Key Check ALL Certificates Document Signer Certify{PKds} E-passport’s Home Country (CSCA) Certify ALL IS systems Chip Auth - PKc CERT{IS}{DV}{VCSCA} Visiting Country Inspection System DV ..... DV Visiting Country’s Document Verifier 12
  18. 18. Problems with EAC - PKI Certify{PKc} E-passport Send Public Key Check ALL Certificates Document Signer Certify{PKds} E-passport’s Home Country (CSCA) Certify ALL IS systems Chip Auth - PKc CERT{IS}{DV}{VCSCA} Visiting Country Inspection System How Many?? DV ..... DV Visiting Country’s Document Verifier What is the Limit? Vulnerable to Denial of Service when combined with first generation weaknesses! 12
  19. 19. Problems with EAC - PKI Certify{PKc} E-passport Send Public Key Check ALL Certificates Document Signer Certify{PKds} E-passport’s Home Country (CSCA) Certify ALL IS systems Chip Auth - PKc CERT{IS}{DV}{VCSCA} Visiting Country Inspection System DV ..... DV Visiting Country’s Document Verifier 12
  20. 20. Problems with EAC - PKI Certify{PKc} E-passport Document Signer Certify{PKds} E-passport’s Home Country (CSCA) How Long is this valid? Send Public Key Check ALL Certificates Certify ALL IS systems Chip Auth - PKc CERT{IS}{DV}{VCSCA} Visiting Country Inspection System DV ..... DV Visiting Country’s Document Verifier Passports are normally valid for 5 or 10 years!!! Document Issuer need to be around 15 years CSCA around 20 years! We can have passport with expired certificates!! 12
  21. 21. Problems with EAC - PKI Certify{PKc} E-passport Send Public Key Check ALL Certificates Document Signer Certify{PKds} E-passport’s Home Country (CSCA) Certify ALL IS systems Chip Auth - PKc CERT{IS}{DV}{VCSCA} Visiting Country Inspection System DV ..... DV Visiting Country’s Document Verifier 12
  22. 22. Problems with EAC - PKI Certify{PKc} E-passport Document Signer Certify{PKds} E-passport’s Home Country (CSCA) Identity Revealed Send Public Key Check ALL Certificates Certify ALL IS systems Chip Auth - PKc CERT{IS}{DV}{VCSCA} Visiting Country Inspection System DV ..... DV Visiting Country’s Document Verifier Identity of the Passport revealed before terminal is authenticated! 12
  23. 23. Problems with EAC - PKI Certify{PKc} E-passport Send Public Key Check ALL Certificates Document Signer Certify{PKds} E-passport’s Home Country (CSCA) Certify ALL IS systems Chip Auth - PKc CERT{IS}{DV}{VCSCA} Visiting Country Inspection System DV ..... DV Visiting Country’s Document Verifier 12
  24. 24. EAC other Problems • • • • IS requires write access to E-passports. • Border Control terminal need to update CSCA certificates when they pass through. Terminal Authentication is weak. • Can authenticate who is writing to e-passport. Only semi-forward secrecy [Monnerat et al 2007] Leakage of Digest [Monnerat et al 2007] • Security objects in the chip 13
  25. 25. Online Secure E-passport Protocol • • Why Online? • • Use the same PKI as in First Generation. Eliminate the need to send long certificate chains. Provide security guarantees for • Identification and authentication of both epassport and inspection systems. (i.e. Mutual) • • Privacy protection to e-passport holders. Confidentiality of information (session-key security and e-passport data) 14
  26. 26. Online Secure E-passport Protocol E-passport Visiting Country Inspection System 15 DV
  27. 27. Online Secure E-passport Protocol E-passport Visiting Country Inspection System create and send session key part 15 DV
  28. 28. Online Secure E-passport Protocol Visiting Country E-passport Inspection System create and send session key part Read MRZ and send signed message to DV 15 DV
  29. 29. Online Secure E-passport Protocol Visiting Country E-passport Inspection System DV create and send session key part Read MRZ and send signed message to DV DV may choose to send e-passport ID 15 Verify IS Sign session key and IS public key
  30. 30. Online Secure E-passport Protocol Visiting Country E-passport Inspection System DV create and send session key part Read MRZ and send signed message All Message from hereon isto DV encrypted Send Information back from DV encrypted using session key formed Verify signature Only DV public key 15 Verify IS Sign session key and IS public key
  31. 31. Online Secure E-passport Protocol Visiting Country E-passport Inspection System DV create and send session key part Read MRZ and send signed message to DV Send Information back from DV encrypted using session key formed Verify signature Only DV public key Send Certificate and ID Verify ID and certificate Compare with DV information 15 Verify IS Sign session key and IS public key
  32. 32. OSEP Characteristics • • • The protocol is SK-secure. [Canetti 2001] • Tamper detectable integrity check protects against passport forgery. (data in e-passport is hashed and signed by document signer • Same PKI as first generation. Minimal computation by e-passport. Passport identity is released only to authenticated Inspection Systems. 16
  33. 33. What needs to be done? • • • Online nature can induce delays. • Fallback to off-line authentication. But current passport systems use online communication. Integrate with SMART GATE system. (An automated processing system) 17
  34. 34. Thank you krishnan@ics.mq.edu.au 18

×