1 mon. december 3, 2001a secure national id card group 8 chris marinak mike cuvelier adam sowers...

Mon. December 3, 2001

A Secure National ID Card 1

A Secure National ID CardA Secure National ID Card

Group 8Chris MarinakMike CuvelierAdam SowersSaud Bangash



OutlineOutline

Why do we need a national identity card?

Brief background / historyHow our design works Security vs. PrivacyQuestions



The Problem…The Problem…

Lots of people wish they could be Dave Evans



The Problem…The Problem…

Naturally, there are many imposters



The SolutionThe Solution

A standard national identification card with biometric data

All citizens and immigrants will be required to have an ID card

Use will be mandatory in various critical locations

Card readers have connection to general authorization database



BackgroundBackground

More than 100 other nations have a national ID system–Most European Nations

Nothing has ever materialized in the United States– Closest was 1996 Immigration Bill

Recent Congressional Hearings



The Basic GoalThe Basic Goal

To establish a system that can accurately verify a person is who they say they are

???



System RequirementsSystem Requirements

Card can securely hold personal identification information

System of readers can be used to verify cardholder matches card data– Airports– Firearms background check, etc.

Central database maintains a list of flags for each person



System RequirementsSystem Requirements

Readers and database can securely communicate

Government agencies can securely access the database flags–Wanted criminal– Suspected terrorist, etc.

A nationwide network to support communication (public or private)



InfrastructureInfrastructure

This system will be very expensive to create (~ $3 Bil.) and maintain (???)– Communication network– Cards– Card Readers– Card Makers–Maintenance and Support Personnel



System DesignSystem Design

Card Reader

Gov’tDatabase

Card Maker

FBI NSA CIA…



Levels of SecurityLevels of Security

Low security – face of card– Basic identification information (photo,

address, DOB, …)– Used at bars, banks, etc.

High security – smart card– Holds similar information, but also

stores thumbprint and voice print.



Security ImplementationSecurity Implementation

Card– The card data is encrypted with private

key from RSA key pair. Database–We will assume the database is

perfectly secure

Why??

Because he says so…



The Secure ChannelThe Secure Channel

Uses a scheme similar to SSHEach reader has an RSA key pair and

identification numberThe database also has an RSA key

pairDatabase and reader use RSA to

establish a secret key and use AES for data exchange



Security vs. PrivacySecurity vs. Privacy

As always, increased security has its price on privacy

Our card will only be used in areas that already invade on privacy– Airports– Gun background checks

No data will be logged so citizens cannot be tracked



Final ThoughtsFinal Thoughts

A secure national ID system is feasible (check out our report for more info)

We have tried to minimize any invasions of privacy, but some things are impossible to prevent

Debates are likely to heat up in the coming months

Is the added security worth inherent losses in privacy???



Questions???Questions???



The CardThe Card

For most purposes, the card will be used like a driver’s license

For high-security areas, a reader that connects to the database will decrypt the card data

Only government authorized sites will have a card reader



The ReaderThe Reader

Cardholder will put thumb on readerReader will check thumbprint against

print on the cardReader will check the database to

authenticate the cardholderReader will display pass or fail



Low SecurityLow Security

Many applications will maintain same security as today– Alcohol Purchases– Check Cashing

Similar security as existing state IDs (except better tamper-proofing)



High SecurityHigh Security

Areas of high security will receive added security with the card

Many already require privacy infringements– Airports– Gun purchases– Nuclear facilites, etc.

Cardholder will be aware of high-security check (by authorizing connection)



The Secure ChannelThe Secure Channel

Reader DatabaseReader requests a connection - sends unique reader ID.

Random string encrypted with reader’s public key

Reader sends back random string encrypted with database public key

Random string is used as key for symmetric encryption using AES

If a match, database sends back person’s public key for decryption and any flags

Reader sends person’s ID and card serial #



The DatabaseThe Database

Every card issued will have a record in the database

Person’s IDCard Serial

NumberPublic Key Flags

Each card reader also has a record

Reader’s Location (IP Addr.)

Reader Serial Number

Public KeyAccess Perm.




Each personal record has flag fields– Convicted felon– Wanted criminal– Suspected terrorist, etc.

Flag field only contains binary flag, no details

Flags can only be seen and modified by proper agency– FBI, CIA, NSA, etc.




Knows network location of readerSecurely stores the public key of

each readerWill send only relevant flags– Airports will not know whether a person

is authorized to purchase a gun



Anticipated AttacksAnticipated Attacks

Fake card faces– Will not work for high security

Recreated ID’s with Smart Cards– Different card serial number– Won’t have private key associated with public

key in database

Spoofed Readers– Will not be in proper network location– Will not have reader’s private key



Anticipated Attacks (cont’d)Anticipated Attacks (cont’d)

Readers log personal information– Readers made by third party

Attacks on database security–We will assume the database is

perfectly secure

Why??

Because he says so…

1 mon. december 3, 2001a secure national id card group 8 chris marinak mike cuvelier adam sowers...

Documents

id card use

secure national id card

national identity card

national id system

high security smart

secure channel

private slide

person slide