ePassport - intro

Mood: Wife does not sleep at home, husband rest in peace ;)

Music: This is how I have learned the word 'remedy' :D

Note: All the materials available and provided below are publically available on the internet.

Introduction

The biometric passport is in general the passport with the RFID computer chip, which stores the data necessary to uniquely identify the person. Once per a while there are organized the Interoperability Test Events, where number of companies presents their passports and test them with various readers discussing and analyzing the results - one of them happened last time in Berlin. The well known deliverers of complex solutions are (among others):

• Giesecke&Devirent
• Oberthur
• Bundes Drukerei
• PWPW
• Österreichische Staatsdruckerei

The chip

The content of the chip is the top secret knowledge of any country and the specficiations for such processors (including the OS) are not publically available. You may split them on two subsets - the one, which have just OS and the one which has additional Java Virtual Machine. Some of the most known brands are (among others):

• Gemplus (which inquired lastly Setec)
• Sharp
• NXP (founded by Philips) offering MOB line of processors used among others in german passports
• Siemens

Of course except the processors, you need plenty of the other items and there is couple of other niches like "passport readers" equipments (Omnikey, 3M, Oce) , but the main trend is established be the ICAO norms - document 9303, which you must pay for.

BAC > EAC

The communication with a chip is specified by ICAO New Technology Working Group within two standards:

• Basic Access Control (BAC) - it is already working in number of countries and it is mandantory in EU already
• Extended Access Control (EAC) - it works just in Germany since Nov 05, but number of countries are preparing for that, as it is planned to be obligatory since 2009. (there is a couple of opened issues yet in specification)

BAC specifies mainly the fundamentals answering the questions, where chip should be wrapped within the passport, what data should be stored in processor (including the picture and digital signature to detect modification - the content of the chip should stay static from verification to verification) and how the data should be passed from the chip, including the encrypting mechanism based on MRZ - machine readable zone, which you can see in the passport as:

P<UTOERIKSSON<<ANNA<<MARIA<<<<<<<<<<

BAC is "criticized as offering too little protection from unauthorized interception" and it happens because the cryptography key are symmetric, they base on passport serial number, date of birth and exipry date (no infrastructure provided).

Lukas Grunwald demonstrated that it is trivial to copy the biometric certificate
from an open e-passport into a standard ISO 14443 smartcard using a standard
contact-less card interface and a simple file transfer tool. This is hardly
surprising, given that the certificate is simply stored as a file, and had been
obvious to those involved in the design of the ICAO e-passport standard
throughout its development. In particular, Grunewald did not change the data
held on the copied chip, which binds biometric data (e.g., photo) to identity
data (e.g., name and date of birth), without invalidating its cryptographic
signature, which means at present the use of this technique does not allow
reprogramming of fake biometric data to match a different user. Grunewald also
did not clone the Active Authentication functionality, an optional feature of
the ICAO e-passport standard that some countries implement such that the
embedded microprocessor is not only a floppy-disk-like data carrier for a
biometric certificate, but also a tamper-resistant authentication token that can
participate in a public-key
cryptography based challenge-response protocol. Nevertheless, Grunewald
created international media headlines with his claim that such copying of the
biometric certificate constitutes the creation of a "false passport" using
equipment costing around USD$200

The source

The EAC is a remedy for it and it includes additionally (among others):

• the necessity of storing the finger prints (standard specifies which fingers but not the format of storing the data)
• assymetric cryptoraphy based on secure communication based on the pair of keys - private in the passport and public one in the passport reader; both provided by the specific PKI infrastructure:

Picture comes from Crypthomatic sites

In fact, n case of passport where a cross-country authentication is required, the PKI is not so simple as it seems...

Original slide 25 comes from Kim Nguyen (Deutsche Drukeirei)

Conclusion

As you can see the ePassport is typical sample of two-tier architecture: the very thin client and huge back end ;)

Resources

• Cool and simpler clarification of BAC and EAC
• Bundes Drukerei guidelines about BAC and EAC
• Bundes Drukerei security issues about BAC and EAC
• EAC about article
• The output from Berlin Interoperability Tests
• JavaCard technology in ePassport
• Australian passport

Interesting

• SIS (Schengen Information System)
• VIS (Visa Information System)