Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
eMRTD ‐ Electronic PassportNext Generation InnovationsPeter Schmallegger, Director Segment Secure IdentityMontreal, October 8th 2014
Facilitation • Global adoption of electronic passports to create one global
solution for secure and convenient travel facilitation• Convenient border crossing using consumer friendly, fast and secure
ABC with max. global interoperability and solution robustness• Harmonized travel documents, electr. credentials and form factors• Fit for purpose in offline and online environment
Security • Global solutions creating trust in safe and secure travel• Evolving security protection against document fraud, on physical
and chip security level and infrastructure miss‐use/tempering• End‐to‐end secure document life cycle
2
Facilitation and Security
Secure Chip
ePassport – Key Chip Innovation
1. Physical Unclonable Function
1
3
3. Thin Secure Chip Package
2. Field Security Update
2
Physical Unclonable Functions for Secure Microcontroller ICs for electronic passports
Evolving Attacks on Secure Microcontroller ICs
1995 2010 2025
Fault Attacks(glitch) & light attacksdifferential fault attacks on crypto algorithms, …
Invasive Attacksreverse engineeringprobing, forcing, manipulation, …
Information Leakage Attacksside‐channel attackstiming analysis, power / electromagnetic analysis, …
New Attack ScenariosCombining traditional attacks with system level attacks (Flash Loading,..)
Combined Attackspower analysis + light attacks, …
Reverse Engineering AttacksChallenges and Countermeasures
Typical Reverse Engineering Attacks on • Functional block• Parts of the IC for a subsequent probing attack• Extracting memory content
Standard Countermeasures are• Memory encryption and encryption of data• Scrambled logic (no hard macros)• No security relevant logic in top most layer of IC
• Based on chip‐individual yet robust physical properties• No secret key is present when the chip is powered down• So inherently robust against reverse engineering Ideal as secret key for memory encryption Ideal to protect secret keys of customer applications
Reverse Engineering Attacks and the problem of storing a key
Data need to be encrypted…
For which we need a secret key…
A secret key stored on the chip…
That can be reverse‐engineered…
So it needs to be obfuscated…
PUFTechnology(physically uncloneable functions)
PUF protecting ePassports
Traditional Technology,application key stored in NV
Application key stored with PUF technology
Type of Attack Today Tomorrow Today TomorrowExtract private key material (offline)
Difficult to impossible
May be possible
Impossible Impossible
Clone a passport by reverse eng.
Difficult to impossible
May be possible
Impossible Impossible
• Unique for each chip • It is not stored in the NV memory• Additional protection for private keys
(e.g. for Chip Authentication, Active Authentication keys)
• Prevent cloning of passports • Proven technology with a life time of more
than 10 years
Unique Chip Fingerpring
Protocol for Security Updates of Issued Electronic Passports in the Field
Electronic Passport System Overview
Enrollment Production Personalization Issuance
Border crossing
ICAO PKDICAO PKD
eVisaseStamps
Security Update End of Life
AFIS
HSM
Civil Registry
Security Update
Secure Operating System Architecture
October 7, 201411
AppletsOperatingSystemK
erne
l
CryptoLibraryH
AL
ePP eSig eID
Execution of Security UpdatesUpdateManager
MemoryBuffer
User data
Data App2
Data App1
AppletsOperating SystemK
erne
l
CryptoLibraryH
AL
User data
Data App2
Data App1ePP eSig eID
Current Architecture
Secure E2E
Co
nnectio
n
UpdatedCrypto Library U
pdat
e
AppletsOperatingSystemK
erne
lCryptoLibraryH
AL
ePP eSig eID
Architecture for Security Updates
UpdateManager
MemoryBuffer
User data
Data App2
Data App1
SecurityUpdate
Field Security Updates
• Implemented in the field in volume e.g. smartphones• NXP P61N1M3 (eSE) in since years in mio units, complete OS re‐load
• Data integrity and confidentiality • Firewall concept for modular OS architecture, FLASH memory• Trust provisioning for „chip individual“ key and certificate management• More dynamic document life cycle management
• Security certification• Requires new certification scheme and application protection profiles• Infra for security upgrades – certified kiosks (ATM like) in controlled
environment
• Consumer and business aspects• With LDS2 (eVisa/eStamps) it enhances doc lifetime and effectiveness• Country specific implementation – „get your 5year extension at the kiosk“
12
Thin Secure Chip Packages
Contactless Chip Module Advancements
New Generation Chip Module based on well proven technology platform
Type MOB2 MOB4 MOB6 Next Gen MOB
Module thickness 390 µm 320 µm 250 µm < 200 µm
MOBx Next Gen MOB
Drives Innovation for ePassport Booklets
• Thin and flexible inlays for datapage and e-cover
• Allows for additional security layers and features
• Improved product quality and robustness
• Higher ePassport production efficiency
Thank you for your Attention!
Questions?