1. An On-line Secure
E-Passport Protocol
Vijayakrishnan Pasupathinathan
with, Josef Pieprzyk and Huaxiong Wang
Centre for Advanced Computing - Algorithms and Cryptography (ACAC)
Macquarie University, Australia
1

2. Outline
•
•
•
•
Overview of E-passport
First Generation - some known weaknesses
Second Generation
•
Working and Problems
An Online E-passport Proposal
2

3. E-passport Overview
•
Integration of a biometric enabled contact-less smart
card microchip.
•
E-passport guideline (DOC 9303) developed by
International Civil Aviation Organisation (ICAO).
•
Describes communication protocol
•
•
Provides details on establishing a secure
communication channel between an e-passport and
an e-passport reader
•
Authentication mechanisms.
Uses existing approved standard such as ISO14443,
ISO11770, ISO/IEC 7816, ISO 9796.
3

4. E-passport Overview
4

5. E-passport Overview
•
Yesterday: Machine
readable passport with
MRZ
Image courtesy of DFAT Australia
4

6. E-passport Overview
•
Yesterday: Machine
readable passport with
MRZ
•
Today: Electronic Passport
with digital Image
4

7. E-passport Overview
•
Yesterday: Machine
readable passport with
MRZ
•
Today: Electronic Passport
with digital Image
•
Tomorrow: Passports with
secondary biometric
information
4

8. E-passport Operation
First Generation
•
Basic Access Control - enables encrypted
communication.
•
Passive Authentication - provides integrity of epassport data.
•
Active Authentication - provides authentication of
chip contents.
E-passport Holder
Border Security
Visits a check point
Scan MRZ
BAC
Passive Auth
Active Auth
5

9. First generation PKI
Country CSCA
Country CSCA
PKD
(ICAO)
DS
...
DS
.
.
.
Country CSCA
E-passport
As of Dec. 2007 - 4 countries are actively upload to PKD.
(Australia, Japan, New Zealand and Singapore)
By early 2009, 20 countries are expected to join PKD

10. Known Attacks (Problems) in
First Generation E-passports
•
•
BAC is optional! So, encryption is optional.
Low entropy (3DES, max. 112b, BAC max
56/74b, in practice 30-50b)[Jules et. al. 2005]
•
•
The authentication key is derived from
document#, DoB, DoE.
No protection against cloning. [G S. Kc et. al. 2005]
7

11. Known Attacks (Problems) in
First Generation E-passports
•
Formal verification of the complete protocol
[V. Pasupathinathan et. al 2008]
•
•
•
No data origin authentication.
•
Can be exploited because of weakness in
facial biometric.
Subject to replay and Grand master attacks.
Vulnerable to Certificate Manipulation.
And there are others too!
8

12. Second Take!
Second Generation E-passports
•
•
•
Proposed by BSI Germany [Kluger 2005]
•
Adds extra biometric identifiers - finger
prints (optionally, Iris scan).
•
June 2009 all EU members will implement.
Adopted by EU in June 2006
New protocols to enhance security for
Extended Access Control (EAC).
9

13. EAC Mechanisms
•
Based on Diffie-Hellman Key Pair (PKCS #3 or
ISO 15946)
•
Chip Authentication - replaces active
authentication
•
Terminal Authentication
E-passport Holder
Visits a check point
Border Security
Scan MRZ
BAC
Chip Auth
Passive Auth
Terminal Auth
10

14. EAC Mechanisms
Chip Authentication
Chip
PKI Structure
IS
PKc SKc Dc
Send PKc
Generate ephemeral
key-pair
Send PK’
K= KA(Pk’ SKc)
PK’ SK’
K = KA(PKc SK’)
Terminal Authentication
Chip
RNDc
IS
Send RNDc
z = IDc || RNDc || H(PK’)
S = SIGN{ z }
Verify {S}
Send S
Photo Courtesy ICAO MRTD Report November 2007

15. Problems with EAC - PKI
Certify{PKc}
E-passport
Send Public
Key
Check ALL
Certificates
Document
Signer
Certify{PKds}
E-passport’s Home Country
(CSCA)
Certify ALL
IS systems
Chip Auth - PKc
CERT{IS}{DV}{VCSCA}
Visiting Country
Inspection System
DV
.....
DV
Visiting Country’s
Document Verifier
12

16. Problems with EAC - PKI
Certify{PKc}
E-passport
Send Public
Key
Check ALL
Certificates
Document
Signer
Certify{PKds}
E-passport’s Home Country
(CSCA)
Certify ALL
IS systems
Chip Auth - PKc
NOT Useful
CERT{IS}{DV}{VCSCA}
Visiting Country
Inspection System
DV
.....
DV
Visiting Country’s
Document Verifier
E-passports DONT have an internal clock!!
How does it now if the certificate is valid?
12

17. Problems with EAC - PKI
Certify{PKc}
E-passport
Send Public
Key
Check ALL
Certificates
Document
Signer
Certify{PKds}
E-passport’s Home Country
(CSCA)
Certify ALL
IS systems
Chip Auth - PKc
CERT{IS}{DV}{VCSCA}
Visiting Country
Inspection System
DV
.....
DV
Visiting Country’s
Document Verifier
12

18. Problems with EAC - PKI
Certify{PKc}
E-passport
Send Public
Key
Check ALL
Certificates
Document
Signer
Certify{PKds}
E-passport’s Home Country
(CSCA)
Certify ALL
IS systems
Chip Auth - PKc
CERT{IS}{DV}{VCSCA}
Visiting Country
Inspection System
How Many??
DV
.....
DV
Visiting Country’s
Document Verifier
What is the Limit?
Vulnerable to Denial of Service when combined
with first generation weaknesses!
12

19. Problems with EAC - PKI
Certify{PKc}
E-passport
Send Public
Key
Check ALL
Certificates
Document
Signer
Certify{PKds}
E-passport’s Home Country
(CSCA)
Certify ALL
IS systems
Chip Auth - PKc
CERT{IS}{DV}{VCSCA}
Visiting Country
Inspection System
DV
.....
DV
Visiting Country’s
Document Verifier
12

20. Problems with EAC - PKI
Certify{PKc}
E-passport
Document
Signer
Certify{PKds}
E-passport’s Home Country
(CSCA)
How Long is this valid?
Send Public
Key
Check ALL
Certificates
Certify ALL
IS systems
Chip Auth - PKc
CERT{IS}{DV}{VCSCA}
Visiting Country
Inspection System
DV
.....
DV
Visiting Country’s
Document Verifier
Passports are normally valid for 5 or 10 years!!! Document
Issuer need to be around 15 years CSCA around 20 years!
We can have passport with expired certificates!!
12

21. Problems with EAC - PKI
Certify{PKc}
E-passport
Send Public
Key
Check ALL
Certificates
Document
Signer
Certify{PKds}
E-passport’s Home Country
(CSCA)
Certify ALL
IS systems
Chip Auth - PKc
CERT{IS}{DV}{VCSCA}
Visiting Country
Inspection System
DV
.....
DV
Visiting Country’s
Document Verifier
12

22. Problems with EAC - PKI
Certify{PKc}
E-passport
Document
Signer
Certify{PKds}
E-passport’s Home Country
(CSCA)
Identity Revealed
Send Public
Key
Check ALL
Certificates
Certify ALL
IS systems
Chip Auth - PKc
CERT{IS}{DV}{VCSCA}
Visiting Country
Inspection System
DV
.....
DV
Visiting Country’s
Document Verifier
Identity of the Passport revealed before terminal is
authenticated!
12

23. Problems with EAC - PKI
Certify{PKc}
E-passport
Send Public
Key
Check ALL
Certificates
Document
Signer
Certify{PKds}
E-passport’s Home Country
(CSCA)
Certify ALL
IS systems
Chip Auth - PKc
CERT{IS}{DV}{VCSCA}
Visiting Country
Inspection System
DV
.....
DV
Visiting Country’s
Document Verifier
12

24. EAC other Problems
•
•
•
•
IS requires write access to E-passports.
•
Border Control terminal need to update CSCA
certificates when they pass through.
Terminal Authentication is weak.
•
Can authenticate who is writing to e-passport.
Only semi-forward secrecy [Monnerat et al 2007]
Leakage of Digest [Monnerat et al 2007]
•
Security objects in the chip
13

25. Online Secure E-passport
Protocol
•
•
Why Online?
•
•
Use the same PKI as in First Generation.
Eliminate the need to send long certificate
chains.
Provide security guarantees for
•
Identification and authentication of both epassport and inspection systems. (i.e. Mutual)
•
•
Privacy protection to e-passport holders.
Confidentiality of information (session-key
security and e-passport data)
14

26. Online Secure E-passport
Protocol
E-passport
Visiting Country
Inspection System
15
DV

27. Online Secure E-passport
Protocol
E-passport
Visiting Country
Inspection System
create and send session key part
15
DV

28. Online Secure E-passport
Protocol
Visiting Country
E-passport
Inspection System
create and send session key part
Read MRZ and send signed
message to DV
15
DV

29. Online Secure E-passport
Protocol
Visiting Country
E-passport
Inspection System
DV
create and send session key part
Read MRZ and send signed
message to DV
DV may choose to send
e-passport ID
15
Verify IS
Sign session key
and IS public key

30. Online Secure E-passport
Protocol
Visiting Country
E-passport
Inspection System
DV
create and send session key part
Read MRZ and send signed
message
All Message from hereon isto DV
encrypted
Send Information back from DV
encrypted using session key formed
Verify signature
Only DV public key
15
Verify IS
Sign session key
and IS public key

31. Online Secure E-passport
Protocol
Visiting Country
E-passport
Inspection System
DV
create and send session key part
Read MRZ and send signed
message to DV
Send Information back from DV
encrypted using session key formed
Verify signature
Only DV public key
Send Certificate and ID
Verify ID and certificate
Compare with DV information
15
Verify IS
Sign session key
and IS public key

32. OSEP Characteristics
•
•
•
The protocol is SK-secure. [Canetti 2001]
•
Tamper detectable integrity check protects
against passport forgery. (data in e-passport is
hashed and signed by document signer
•
Same PKI as first generation.
Minimal computation by e-passport.
Passport identity is released only to
authenticated Inspection Systems.
16

33. What needs to be done?
•
•
•
Online nature can induce delays.
•
Fallback to off-line authentication.
But current passport systems use online
communication.
Integrate with SMART GATE system. (An
automated processing system)
17

34. Thank you
krishnan@ics.mq.edu.au
18