Presentation is loading. Please wait.

Presentation is loading. Please wait.

E- passports Erik Poll Digital Security Group Radboud University Nijmegen.

Similar presentations


Presentation on theme: "E- passports Erik Poll Digital Security Group Radboud University Nijmegen."— Presentation transcript:

1 e- passports Erik Poll Digital Security Group Radboud University Nijmegen

2 Erik Poll Radboud Universiteit Nijmegen 2 overview e-passports functionality and security mechanisms problems, so far future

3 Erik Poll Radboud Universiteit Nijmegen 3 e-passports e-passport contains RFID chip / contactless smartcard –in Dutch passports, a Java Card chip stores digitally signed information: –initially just facial images (photos) –soon also fingerprints –later maybe iris aka biometric passport or MRTD with ICC/chip introduction pushed by US in the wake of 9/11 –to solve what problem?? international standard by ICAO (International Civil Aviation Organization, branch of United Nations) e-passport logo

4 Erik Poll Radboud Universiteit Nijmegen 4 Protocols & standards ISO defines physical communication for RFIDs ISO 7816 originally developed for contact smartcards defines standard APDU commands & responses, ICAO standard for e-passports defines specific IS commands and responses for passports additional EU standards standardise optional parts of ICAO specs & fix timeline additional advanced secuity mechanisms on top of ICAO

5 Erik Poll Radboud Universiteit Nijmegen 5 National id-cards & terminology Nederlandse Identiteitskaart (NIK) conforms to the same ICAO specification NB possible confusion eNIK is a future extension of NIK, with digital signature capability MRTD = Machine-Readable Travel Document just has Machine (OCR) Readable Zone, the MRZ, but need not contain a chip ie. e-passport = MRTD + chip MRZ

6 Erik Poll Radboud Universiteit Nijmegen 6 Basic Access Control (BAC) protects against unauthorised access and eavesdropping receive additional info optically read MRZ send MRZ Machine Readable Zone encrypted

7 Erik Poll Radboud Universiteit Nijmegen 7 Alternative: Faraday Cage protects against unauthorised access, but not eavesdropping –used in US passports, initially instead of BAC

8 Erik Poll Radboud Universiteit Nijmegen 8 Active Authentication (AA) protects against passport cloning (which BAC doesn't) ie authentication of the passport chip public key, signed by government (DG15) send challenge prove knowledge of corresponding private key

9 Erik Poll Radboud Universiteit Nijmegen 9 Questions? Open source implementation of passport terminal and passport applet available at


Download ppt "E- passports Erik Poll Digital Security Group Radboud University Nijmegen."

Similar presentations


Ads by Google