Download pdf - 3M Security Systems BlackhatEurope 2010...4 ©3M 2010. All Rights Reserved. 3M Security Systems eMRTD Specifications ICAO Travel Document -Doc 9303 Core Specifications set by the International

1

3M Security Systems

© 3M 2010. All Rights Reserved.

Blackhat Europe 2010

Verifying eMRTD Security ControlsRaoul D’Costa

2 © 3M 2010. All Rights Reserved.

3M Security Systems Agenda

� Overview of ICAO / EU Specifications

� eMRTDs decomposed

� eMRTD Infrastructure (PKI)

� Inspecting eMRTD

� User Interface Design

� Conclusion


3M Security Systems Introduction

� Section 1: Overview of eMRTD Specifications


3M Security Systems eMRTD Specifications

� ICAO Travel Document - Doc 9303

� Core Specifications set by the International Civil Aviation

Organisation (ICAO) NTWG / SC17 collaboration

� Supplemented by BSI ASM for eMRTDs (EAC)

� Authenticated eMRTDs provide identity verification of eMRTD holder

� Issuing Authorities in nation states or Int’l bodies e.g. INTERPOL as

enhanced identity security documents

� Commonly issued eMRTDs include national ePassports and eID

Cards but also Seafarers documents, Biometric Residence Permits

use same specifications


3M Security Systems eMRTD Types


3M Security Systems eMRTD – RFID Integrated Circuit Card


3M Security Systems Symbol denoting Chipped eMRTD


3M Security Systems Nation States that issue MRTDs (2009)


3M Security Systems eMRTD Decomposed

� Section 2: eMRTDs Decomposed






3M Security Systems eMRTD Decomposed - Chip

Master Files

…

USER APPLICATION


3M Security Systems Datagroup 1

� Contains the following information

• Date of Birth

• Passport Number

• Expiry Date

� Access to the file is protected by Basic Access Control



� Encoded photograph to ISO Standard to ensure quality of

data image

� Access is protected by Basic Access Control

� Images encoded in JPEG or JPEG2000 formats

� Photographs are standardised to ensure visual comparison

and automated biometric verification

� Images to overcome interoperability challenges (different

biometric verification algorithms)


3M Security Systems eMRTD Verification


3M Security Systems eMRTD Decomposed - EF.COM



� Fingerprints and Iris are a second generation feature of eMRTDs

� Sensitive Data protected by EAC as an enhancement to BAC

� Access is protected by Extended Access Control (separate PKI authorisation scheme)

� Images encoded in JPEG or JPEG2000 formats to overcome biometric interoperability problems

� No International Standard yet


3M Security Systems EF.COM Data

� Contains a map of the tags, lengths values present in the

file

� Is not protected (digitally signed) by issuing authority

� Cannot be trusted unless authenticated to EF.SOD


3M Security Systems eMRTD Decomposed – EF.SOD

� Contains the hash values of all the data groups

� Hash values signed by a document signing authority with

private key (SOD = Digital Signature)

� May contain the Document Signer Certificate (DSC) that

corresponds public key element used the create the SOD

or reference to DSC.

� Can be trusted provided the Document Signer Certificate is

validated


3M Security Systems EF.SOD


3M Security Systems eMRTD Deconstructed - EF.SOD

SIGNATURE


3M Security Systems Presenting the results


3M Security Systems Verifying EF.SOD

� Part of the Passive Authentication process

� Verify the ASN.1 Structure

� Verify the hash values present

� Verify the signature against the public key element contained in related Document Signer Certificate

� Authenticate the Document Signer Certificate

• Verify the certificate chain of the DSC against the CSCA Certificate dynamically

• Pre-validated DSCs in protected Certificate Cache Store


3M Security Systems Reliance on genuine passport numbers


3M Security Systems eMRTD Infrastructure (PKI)

� Section 3: eMRTD Infrastructure (PKI)


3M Security Systems ePassport Infrastructure – 1st Generation

CSCA Authority

Document Signer Service

ICAO PKD

Registration Authority Inspection System

Issuance Verification

National Infrastructure


3M Security Systems Second Generation Extensions

CVCA

Issuance

Registration Authority Inspection System

Issuance

Verification

DVCA

SPOC


3M Security Systems ePassport Infrastructure – 2nd Generation


3M Security Systems ICAO Public Key Directory

� Global repository of certificates used to validate eMRTDs

� Relies on Issuing Authority subscribers uploading data to

the PKD

� Regularly updated with

• Document Signer Certificates

• CRLs

• Null CRLs

• MasterLists

� Serves as a trust anchor on eMRTDs


3M Security Systems ICAO PKD

https://pkddownloadsg.icao.int/ICAO/pkdLDIFDownload.jsp


3M Security Systems eMRTD Verification


3M Security Systems Inspecting eMRTD Effectively

� Section 4: Inspecting eMRTD Effectively


3M Security Systems Inspection Terminals – RFID Readers


3M Security Systems eMRTD Verification Process

MRTD to Be Inspected

Physical Check

Extract MRZ

MRZ Valid

Query against

whitelist

Perform

Physical

Checks

Validate MRZ

Perform BAC

using MRZ

Perform

Facial

Checks

Perform PA

Checks

Record ResultY

Record ResultY

Perform EACContains 2

nd

Gen FeaturesY

Record Result

Record Result

N

BAC Sucessful

Extract Data

Record Result

Perform

Fingerprint

matching

Produce Result

EAC Sucessful

Y

AA Present

Perform AA

Record Result

Y

Y

N

Holder provides

eMRTD

N

N

N

N

Y


3M Security Systems Physical Checks: Reliance on experts?


3M Security Systems Physical Checks

� Check that the document has

not been tampered with

� Check the document under

various wavelengths of light

� Check that the document has

not expired


3M Security Systems Limitations of Physical Checks

� Difficult to automate

� Not standardised

� Can be subjective

� Physical inspection is not always logged


3M Security Systems Validate MRZ

� Validate that the contents of the

MRZ are valid

� Validate the checksum

� Validate that they match the

contents of the passport


3M Security Systems Validation of MRZ

Checksum


3M Security Systems BAC

� Extract the following fields

• Date of Birth

• Document Number

• Expiry Date

� Send these to the chip

� These should match DG1


3M Security Systems Facial Biometrics

� Match the holder to the DG2

using facial biometrics

� DG2 is required to meet certain

standards

� Used in some countries

including

• Portugal

• Australia

• UK (Trial)


3M Security Systems Biometric Facial Checking


3M Security Systems Passive Authentication

� Check the validity of EF.SOD

� Check the hash values of the

datagroups

� Check the signature of SOD

� Check the chain of the

document signer certificate

� Check against null and non null

CRLs

� ICAO PKD Maintains

Certificates for subscribers


3M Security Systems Active Authentication

� Ensures the eMRTD is not

cloned

� Challenge response between

the terminal and the eMRTD


3M Security Systems Passive Authentication

� CSCAs can be exchanged

• By diplomatic channels

• Using CSCA MasterLists

� A CSCA is a trust anchor and can identify the eMRTD Issuing Authority

� Inspection System Integrity and Performance

� Security controls must ensure that bogus CSCAs cannot be inserted during the verification process

� Inspection System Architecture designed to requirements (not onefits all) – depends upon operating environment, devices, key management strategy, network reliability


3M Security Systems Extended Access Control

� Consists of the following

• Chip Authentication

• Terminal Authentication

� Provides the following

• Mutual authentication between the

chip and the terminal

• Some indication of the issuer of the

eMRTD

• Privacy of the fingerprints on the

passport


3M Security Systems Second Generation Features

� EAC requires the implementation of the EAC infrastructure

to ensure verification

� EAC Protects the privacy of the fingerprints on the

ePassport

� EAC proves the issuer of the ePassport

� EAC Ensures that only authorised terminals can read

fingerprints


3M Security Systems Fingerprint matching

� DG3 Contains the fingerprint

� 0 – 10 digits can be stored

depending on the country

where fingerprints are captured

� Fingerprint image contained

(not a template)


3M Security Systems Registration: A link in the chain


3M Security Systems Consolidating Checks

Fingerprint Biometric

Facial Biometric

AA

TA

BAC

Expiry Check

MRZ

Physical

NOT PRESENTINVALIDVALID


3M Security Systems Use Case 1: Valid 2nd Gen eMRTD


Facial Biometric

AA

TA

PA

BAC

Expiry Check

MRZ

Physcial

NOT IMPLEMENTEDNOT PRESENTINVALIDVALID


3M Security Systems Use Case: 1st Gen Fake Passport


Facial Biometric

AA

TA

PA

BAC

Expiry Check

MRZ

Physcial



3M Security Systems Use Case: Cloned 2nd Gen eMRTD


Facial Biometric

AA

TA

PA

BAC

Expiry Check

MRZ

Physcial



3M Security Systems Use Case: Possible Fake Passport


Facial Biometric

AA

TA

PA

BAC

Expiry Check

MRZ

Physcial



3M Security Systems An expired eMRTD


Facial Biometric

AA

TA

PA

BAC

Expiry Check

MRZ

Physcial



3M Security Systems Use Case: Fake Passport


Facial Biometric

AA

TA

PA

BAC

Expiry Check

MRZ

Physcial



3M Security Systems Usability of eMRTD Inspection Systems

� Section 5: Usability of eMRTD Inspection Systems


3M Security Systems Usability Challenges

� Use their terminology

• Counterfeit (not PA has failed)

• Falsified (not Digital Signature is not verified)

• Cloned (not Active Authentication has been subverted)

• Access denied (Terminal Authentication does not have appropriate CV chains)

� Simplicity by design

• User Interface design aligns with tasks

• Clear feedback on processing

• State of device (security)

� Case Studies

• Engage with Users


3M Security Systems Conclusion

� Section 6: Conclusion


3M Security Systems Conclusion

� eMRTDs are complex documents and need to be verified

appropriately

� Partial checking of some features is not enough to

guarantee that the document is authentic

� Various designs and physical layouts of documents from

various countries can easily lead to confusion although the

electronic features are standardised and the same

� User interface design for eMRTD verification apps should

provide a result in a clear and concise manner


3M Security Systems Questions?

� Raoul D’Costa

� redcosta AT mmm DOT com

� uk.linkedin.com/in/raouldcosta

� 00441635264104


3M Security Systems References

� Myths about ePassports -http://www.gemalto.com/myths_about_epassports/myths_2.html

� ICAO 9303 Passport Standards - http://www2.icao.int/en/MRTD/Pages/Doc9393.aspx

� Wikipedia entry on biometric passports - http://en.wikipedia.org/wiki/Biometric_passport

� http://www.en.bmi.bund.de/nn_1176866/Internet/Content/Themen/Travel__ID__Documents/Electronic__Passport/Datenschutz__en.html

� ICAO eMRTD Report Volume 203 Number 202 http://www2.icao.int/en/MRTD2/ReportsPastIssues/ICAO%20MRTD%20Report%20Vol.%203%20No.%202,%202008.pdf

� UK ID Card -http://www.ips.gov.uk/cps/files/ips/live/assets/documents/id_card_security_guide_low.pdf

� EAC Specification version 3.1.1 -https://www.bsi.bund.de/cae/servlet/contentblob/532066/publicationFile/44792/TR-03110_v202_pdf

� Golden Reader Tool for Reading eMRTDs -https://www.bsi.bund.de/DE/Themen/ElektronischeAusweise/Projekte/projekteGRT/GRT_node.html