machine readable travel documents (mrtd) - biometric passport
DESCRIPTION
An insight into the E-Passport, aka Biometric Passport, the need for biometrics in travel documents, the ICAO regulations governing the information contained in the electronic chip, RFID technique, Privacy threats in the current design.TRANSCRIPT
![Page 1: Machine Readable Travel Documents (MRTD) - Biometric Passport](https://reader035.vdocuments.us/reader035/viewer/2022062312/554a3fa3b4c905863d8b4e8f/html5/thumbnails/1.jpg)
{
Machine Readable Travel Documents
EL 447 Coursework Assignment
By: Tariq Hashmat Tauheed
![Page 2: Machine Readable Travel Documents (MRTD) - Biometric Passport](https://reader035.vdocuments.us/reader035/viewer/2022062312/554a3fa3b4c905863d8b4e8f/html5/thumbnails/2.jpg)
• Conventional travel documents Low Technology
• Hard to copy/forge, printed paper with ID picture
![Page 3: Machine Readable Travel Documents (MRTD) - Biometric Passport](https://reader035.vdocuments.us/reader035/viewer/2022062312/554a3fa3b4c905863d8b4e8f/html5/thumbnails/3.jpg)
• ICAO attempts to develop Biometric Passport since 1968.
•Discrete Machine Readable Zone (MRZ) containing little information.
•Aims at speeding information at borders.
![Page 4: Machine Readable Travel Documents (MRTD) - Biometric Passport](https://reader035.vdocuments.us/reader035/viewer/2022062312/554a3fa3b4c905863d8b4e8f/html5/thumbnails/4.jpg)
Addition of machine readable information on
the cards since 1980----
Biometric main attraction
---ICAO Standard released
in 2004
![Page 5: Machine Readable Travel Documents (MRTD) - Biometric Passport](https://reader035.vdocuments.us/reader035/viewer/2022062312/554a3fa3b4c905863d8b4e8f/html5/thumbnails/5.jpg)
BIOMETRICSBiometric technology
• Becoming the base for secure authentication of personal identity
• Many countries started to issue E-passports with an embedded chip containing biometric data
• MRZ (introduced in 1980) contains two machine readable lines at the bottom of the identity page of passport.
• The latest biometric standardized contains biometric features such as fingerprint, facial and iris recognition and enhances the security mechanisms.
![Page 6: Machine Readable Travel Documents (MRTD) - Biometric Passport](https://reader035.vdocuments.us/reader035/viewer/2022062312/554a3fa3b4c905863d8b4e8f/html5/thumbnails/6.jpg)
Minimal Requirements in ICAO Standard
Machine-Readable Travel Documents (MRTD) must provide• facial image• a digital copy of the MRZ, and• to have them digitally signed by
the issuing country.
The preferred platform is a contactless IC chip based on RFID technology.
![Page 7: Machine Readable Travel Documents (MRTD) - Biometric Passport](https://reader035.vdocuments.us/reader035/viewer/2022062312/554a3fa3b4c905863d8b4e8f/html5/thumbnails/7.jpg)
Logical Data Structure for MRTDLogical Data Structure (LDS) ----> for global interoperability
• ICAO guideline on how data should be stored in a microchip
• Data Group (DG) -- for grouping & collecting logical data into LDS
• ICAO guideline divides• Data elements into 19 groups and• LDS into three parts
“Mandatory” Data Elements
“Optional” Data Elements
![Page 8: Machine Readable Travel Documents (MRTD) - Biometric Passport](https://reader035.vdocuments.us/reader035/viewer/2022062312/554a3fa3b4c905863d8b4e8f/html5/thumbnails/8.jpg)
:::Mandatory:::
• Data defined by the issuing state or organization.
• Includes the details recorded in the MRZ such as• Passport Number, • Passport Bearer’s Name,• Nationality,• Date of Birth,• Date of Expiry of passport,• Encoded facial biometric image & • Checksum of individual data
elements which are used for deriving the session key.
![Page 9: Machine Readable Travel Documents (MRTD) - Biometric Passport](https://reader035.vdocuments.us/reader035/viewer/2022062312/554a3fa3b4c905863d8b4e8f/html5/thumbnails/9.jpg)
:::Optional:::• Data defined by the issuing state or
organization. • Includes • Encoded identification features
(face, finger and eye),• Displayed identification features
(digital signature), &• Encoded security features (contact
details, proof of citizenship and endorsements).• Details for automated border
clearance,• Electronic visas,• Other travel records.
![Page 10: Machine Readable Travel Documents (MRTD) - Biometric Passport](https://reader035.vdocuments.us/reader035/viewer/2022062312/554a3fa3b4c905863d8b4e8f/html5/thumbnails/10.jpg)
Overview of
Mandatory and
Optional Data
Elements defined for LDS
![Page 11: Machine Readable Travel Documents (MRTD) - Biometric Passport](https://reader035.vdocuments.us/reader035/viewer/2022062312/554a3fa3b4c905863d8b4e8f/html5/thumbnails/11.jpg)
E-PASSPORTIdea by Davida and Desmedt -
1988
• Biometric passport = E-passport• Paper & electronic identity credential• Contains biometrics features for
authentication of travellers• Contains chip & antenna enclosed in
front/back/central page• Chip storing the user’s information• Also contains biometric identifiers
[depending on various countries choice and technical evolution]
• Recommended file formats & communication protocols followed
![Page 12: Machine Readable Travel Documents (MRTD) - Biometric Passport](https://reader035.vdocuments.us/reader035/viewer/2022062312/554a3fa3b4c905863d8b4e8f/html5/thumbnails/12.jpg)
Biometric
Passport
![Page 13: Machine Readable Travel Documents (MRTD) - Biometric Passport](https://reader035.vdocuments.us/reader035/viewer/2022062312/554a3fa3b4c905863d8b4e8f/html5/thumbnails/13.jpg)
Working Mechanism of Biometric Passport
Border/Immigration officer uses MRZ reader to scan the MRZ part of e-passport to retrieve the embedded information.
||Then, the stored information is obtained
from the contact less chip by putting the e-passport near to e-passport reader.
||Finally, verification of data is performed
using PA, BAC mechanism for data encryption and integrity verification using either passive or active authentication. PA is compulsory where as BAC and AA are
optional.
![Page 14: Machine Readable Travel Documents (MRTD) - Biometric Passport](https://reader035.vdocuments.us/reader035/viewer/2022062312/554a3fa3b4c905863d8b4e8f/html5/thumbnails/14.jpg)
Special Properties of E-Passport
• Biographical information and biometric information are securely stored which are identical to the information in the passport.
• Contactless chip technology that lets the stored information to be retrieved by chip readers at a close distance.
• Digital signature technology for verification of authenticity of the data stored on the chip.
![Page 15: Machine Readable Travel Documents (MRTD) - Biometric Passport](https://reader035.vdocuments.us/reader035/viewer/2022062312/554a3fa3b4c905863d8b4e8f/html5/thumbnails/15.jpg)
RADIO FREQUENCY IDENTIFICATION(RFID)
Dedicated Short Range Communication (DSRC)“
Technology incorporating the use of
electromagnetic/electrostatic coupling in the RF area of the em spectrum to identify uniquely and track objects.
“
RFID chips are being used everywhere such as tracking animals, inventory tracking devices, to start cars,
ESPECIALLY IN E-PASSPORTS
![Page 16: Machine Readable Travel Documents (MRTD) - Biometric Passport](https://reader035.vdocuments.us/reader035/viewer/2022062312/554a3fa3b4c905863d8b4e8f/html5/thumbnails/16.jpg)
Antenna
Transceiver
Transponder
Three Components of RFID System
![Page 17: Machine Readable Travel Documents (MRTD) - Biometric Passport](https://reader035.vdocuments.us/reader035/viewer/2022062312/554a3fa3b4c905863d8b4e8f/html5/thumbnails/17.jpg)
RFID System
![Page 18: Machine Readable Travel Documents (MRTD) - Biometric Passport](https://reader035.vdocuments.us/reader035/viewer/2022062312/554a3fa3b4c905863d8b4e8f/html5/thumbnails/18.jpg)
RFID Circuit
![Page 19: Machine Readable Travel Documents (MRTD) - Biometric Passport](https://reader035.vdocuments.us/reader035/viewer/2022062312/554a3fa3b4c905863d8b4e8f/html5/thumbnails/19.jpg)
“CHIP-INSIDE” SYMBOLICAO Definition: MRTD has a contactless IC
imbedded in it that can be used for biometric identification of the holder.
Hence, MRTDs shall carry the specified symbol
![Page 20: Machine Readable Travel Documents (MRTD) - Biometric Passport](https://reader035.vdocuments.us/reader035/viewer/2022062312/554a3fa3b4c905863d8b4e8f/html5/thumbnails/20.jpg)
Russian Passport with the“Chip-Inside”Symbol
![Page 21: Machine Readable Travel Documents (MRTD) - Biometric Passport](https://reader035.vdocuments.us/reader035/viewer/2022062312/554a3fa3b4c905863d8b4e8f/html5/thumbnails/21.jpg)
PRIVACY & SECURITY ISSUES• E-passport guarantees confidentiality,
consistency and authenticity of information based on some cryptographic tools.
• Wireless transmission of data in RFID makes it is vulnerable to an attack from a distance.
• Attacks possible at communication network, chip or at backend system.
• Most common attacks:• Eavesdropping,• Reverse Engineering,• Clandestine Scanning and Tracking,• Cloning,• Biometric Data-Leakage,• Cryptographic Weaknesse & • Skimming.
![Page 22: Machine Readable Travel Documents (MRTD) - Biometric Passport](https://reader035.vdocuments.us/reader035/viewer/2022062312/554a3fa3b4c905863d8b4e8f/html5/thumbnails/22.jpg)
September 11, 2001
Global warning to handle & review the security and border
control issues in practice
![Page 23: Machine Readable Travel Documents (MRTD) - Biometric Passport](https://reader035.vdocuments.us/reader035/viewer/2022062312/554a3fa3b4c905863d8b4e8f/html5/thumbnails/23.jpg)
Attacker secretly listens to the communication link and intercepts
the information by using unauthorized device during the
communication between chip and legitimate reader
------Passive attack
------Very hard to acknowledge because
there is no emission of powered signals
------Attacker can eavesdrop up to at
least of 2 meters
EAVESDROPPING
![Page 24: Machine Readable Travel Documents (MRTD) - Biometric Passport](https://reader035.vdocuments.us/reader035/viewer/2022062312/554a3fa3b4c905863d8b4e8f/html5/thumbnails/24.jpg)
The process of taking the technological principles of a device, object or system apart to figure out
how it works------Attacker can reverse engineer if he/she has the sound technical
knowledge & has access to equipment not commonly found in
commercial market
REVERSE ENGINEERING
![Page 25: Machine Readable Travel Documents (MRTD) - Biometric Passport](https://reader035.vdocuments.us/reader035/viewer/2022062312/554a3fa3b4c905863d8b4e8f/html5/thumbnails/25.jpg)
Scanning: The secret way of reading the electronic data of an identity
card without the permission of the card holder
------Tracking: Ability to locate an
individual and it can easily reveal the location privacy
------Clandestine tracking more harmful
than scanning ------
Faraday cage has been suggested to protect e-passports
CLANDESTINE SCANNING AND TRACKING
![Page 26: Machine Readable Travel Documents (MRTD) - Biometric Passport](https://reader035.vdocuments.us/reader035/viewer/2022062312/554a3fa3b4c905863d8b4e8f/html5/thumbnails/26.jpg)
The way of acquiring the data from an authorized identity card and
making an unauthorized copy of the captured sample in a new chip
------Active authentication as the counter
measure for cloning threat.------
Can be bypassed by amending the EF.COM file of the passport chip.
CLONING
![Page 27: Machine Readable Travel Documents (MRTD) - Biometric Passport](https://reader035.vdocuments.us/reader035/viewer/2022062312/554a3fa3b4c905863d8b4e8f/html5/thumbnails/27.jpg)
If the biometric data are compromised, replacement is not
possible------
One of the technics to increase data security is to use data-hiding
------Watermarking-based multimodal biometric approaches are widely
used
BIOMETRIC DATA-LEAKAGE
![Page 28: Machine Readable Travel Documents (MRTD) - Biometric Passport](https://reader035.vdocuments.us/reader035/viewer/2022062312/554a3fa3b4c905863d8b4e8f/html5/thumbnails/28.jpg)
A new scheme for preserving authentication based on fingerprints that uses ElGamal cryptosystem for biometric comparison in encrypted
domain------
No facility for key sharing and only used for authentication
------Authentication protocol based on elliptic curve cryptography more theoretical without experimental
evaluation------
Some weakness on cryptography relied by ICAO
CRYPTOGRAPHIC WEAKNESSES
![Page 29: Machine Readable Travel Documents (MRTD) - Biometric Passport](https://reader035.vdocuments.us/reader035/viewer/2022062312/554a3fa3b4c905863d8b4e8f/html5/thumbnails/29.jpg)
The act of obtaining encoded data without the consent of users by using electronic storage device
------Data retrieved by beaming power at the passport within a few inches or
at most a few feet------
If the reader broadcasts the signal with high power the range can be
extended
SKIMMING
![Page 30: Machine Readable Travel Documents (MRTD) - Biometric Passport](https://reader035.vdocuments.us/reader035/viewer/2022062312/554a3fa3b4c905863d8b4e8f/html5/thumbnails/30.jpg)
BIOMETRIC SYSTEM MODEL
The ways of attacks to the system must be understandable by showing a
generic biometric system model and its different modules.
![Page 31: Machine Readable Travel Documents (MRTD) - Biometric Passport](https://reader035.vdocuments.us/reader035/viewer/2022062312/554a3fa3b4c905863d8b4e8f/html5/thumbnails/31.jpg)
CRYPTOGRAPHY IN E-PASSPORTS• ICAO standards specify cryptographic
measures & control techniques to be implemented in e-passport.
• One mandatory cryptographic feature & five optional advanced security methods.
Stored data integrity in the LDS and SOD verified & authenticated by PASSIVE
AUTHENTICATION (PA).
ACTIVE AUTHENTICATION (AA) is an optional security feature depending on public key cryptography to protect the chip against modification or cloning.
![Page 32: Machine Readable Travel Documents (MRTD) - Biometric Passport](https://reader035.vdocuments.us/reader035/viewer/2022062312/554a3fa3b4c905863d8b4e8f/html5/thumbnails/32.jpg)
Basic Access Control (BAC) as an optional feature against data skimming
and misuse.
Extended Access Control (EAC) adds functionality to terminal authentication
& chip authentication to prevent unauthorized access to additional
biometrics
Cryptography Threats: The recommended minimal key lengths have been chosen so that breaking those keys requires a certain effort, independent of the chosen signature
algorithm.Cryptographic
Threats
![Page 33: Machine Readable Travel Documents (MRTD) - Biometric Passport](https://reader035.vdocuments.us/reader035/viewer/2022062312/554a3fa3b4c905863d8b4e8f/html5/thumbnails/33.jpg)
DISCUSSIONS• ICAO standard allows an additional security
access mechanism to meet data protection requirements & to enhance privacy of additional biometric data (such as fingerprints and iris identifiers).
• Addition of metallic shield to cover e-Passport to prevent skimming and BAC to prevent unauthorized readers from accessing the chip was implemented.
• These properties will make attacker more difficult to modify the stolen or lost passports as the new name and information would differ from the information on the RFID tag.
• All e-passports issued must follow ICAO standards.
• However, countries implement e-passport programs according to their specific policies and are free to implement different options specified in the standard.
• Because of this, there are some differences on implementation of e-passports among several countries even though they all confirm to the ICAO.
![Page 34: Machine Readable Travel Documents (MRTD) - Biometric Passport](https://reader035.vdocuments.us/reader035/viewer/2022062312/554a3fa3b4c905863d8b4e8f/html5/thumbnails/34.jpg)
• The US State Department specified that new US passports would increase the available memory from 32 kilobytes to 64 kilobytes apparently to reserve for some more biometric characteristics.
• The State Department also made compulsory rule for using the metallic layer to cover the passport.
• The idea of using the metallic shield is a good concept but it does not provide a complete solution.
• Since, passports are used for personal identification all over the world, one need to open it which makes the exposition of RFID.
• Multimodal Biometric features are useful and widely used for authentication process, but misuse of these features can make severe loss of vital private information.
• Several technologies are implemented in order to prevent from security threats, among them Biometrics is proved to be more secure than others.
![Page 35: Machine Readable Travel Documents (MRTD) - Biometric Passport](https://reader035.vdocuments.us/reader035/viewer/2022062312/554a3fa3b4c905863d8b4e8f/html5/thumbnails/35.jpg)