Imagine being denied entry to a foreign country because the electronic chip in your travel document is considered vulnerable and you would have to request a visa before traveling there? Because travel documents usually have a 10-year validity, this is a valid concern and is the reason why we consider micro-controllers (often called chips) in secure documents to be high value components.
As one of the most basic instances of the advanced IT solutions available in the industry, secure software embedded in ePassports and keeping them safe from their Cyberattacks are the object of deep concern and attention, especially with the increased adoption of digital ID, often derived from a secure electronic document such as a passport.
Cybersecurity is an ever-evolving concern. Setting up a secure identity document project relying on highly certified products is a necessary practice but not sufficient for protecting identities from future Cyberattacks. Active monitoring and anticipation of Cyber threats is critical to protect sensitive assets. Such threats include eavesdropping, cloning, or extracting highly confidential fingerprints from the electronic chip.
Decades of security progress have been framing an always-improving environment focused on a single objective: defining and maintaining a Cybersecurity framework to deploy secure embedded solutions in electronic ID documents.
The next step is to look beyond Cybersecurity and focus on Cyber resilience, which refers to an entity’s ability to continuously deliver protection, despite adverse events. This combines information security, business continuity, and organizational resilience. This is particularly relevant for governmental programs, who should continue to issue secure identity documents to their citizens at any point in time.
Concretely, the future Cybersecurity of ID documents like ePassports depends on the ability to update, in the field, the secure embedded software (for example algorithms used for the various security mechanisms) protecting the data stored in the chip – with no need to issue a new document.
How does Cybersecurity work in an ePassport scheme?
The ePassport features a micro-controller with specific secure embedded software. The role of such software is to securely manage the storage in the electronic chip of personal information related to the holder, along with additional biometric data and issuing country specific data. The software provides the required authentication keys and algorithms to communicate with the inspection system, using contactless interface and standard ISO commands, formatted in an interoperable way (as specified by ICAO 9303) so that it can be used at any inspection system in the world.
Security mechanisms are evaluated according to a security certification scheme to guarantee their strength.
The cryptographic protocols implemented in the ePassport provide specially designed, state of the art protection of the electronic document and the personal data (including biometrics) it holds, that has undergone a thorough reviewing and certification process by academics, national security agencies and the industry. As security is a permanent race against fraud, active monitoring of today’s threats is critical to protect sensitive assets, but also anticipate the protections for the future.
The main security attributes include:
-
- Authenticity of the document: proof that the document is genuine. Protects against forgery.
- Authenticity of the data: proof that the personal data stored has not been altered after issuance (authenticates the issuing authority, also called the document signer).
- Authenticity of the roles: mutual authentication of parties involved in the transactions (passport holder, inspection system, passport document) guarantee segregated access control to the personal data and prevent illegal access.
- Confidentiality, integrity: data exchanges between the ePassport and the inspection system are protected in both integrity and confidentiality. This is referred to as secure messaging.
- Privacy: those mechanisms work together to protect the personal data and are hence not only security, but also privacy-enabling, features. In addition, the cryptographic protocols have been designed in such a way that data access requires user consent and issuing authority access right granting. In particular, this provides built-in protection against eavesdropping. Privacy is achieved through several standardized security mechanisms.
The mechanisms ensure that the micro-controller is genuine and that the data stored in it has been signed by a valid issuing authority. Underlying algorithms, with different key lengths, are used to execute the cryptographic calculations that are necessary to those mechanisms.
ICAO manages a central repository called the Public Key Directory (PKD) for exchanging the information required to authenticate ePassports. The PKD contains:
-
- Document Signer Certificates (DSCs)
- Certificate Revocation Lists (CRLs)
- Country Signing Certificate Authority (CSCA) Master List
Each State (country) issuing an ePassport establishes a single Country Signing Certification Authority (CSCA) as its national trust point for ePassports. CSCA certificates issue the Document Signer Certificates that are then used to create digital signatures on ePassports.The Document Signer is then checked against the CSCA to validate the digital signature. This process is illustrated in Figure 1 (below).
To learn more about how PKI works see What is PKI? Understanding Public Key Infrastructure.
Up Next: This article has explained how Cybersecurity works in an e-Passport scheme.
The next article in this series will delve into the verification mechanisms used to detect potential Cyber fraud.
The Secure Identity Alliance (SIA) is an expert and globally recognised not-for-profit organisation. We bring together public, private and non-government organisations to foster international collaboration, help shape policy, provide technical guidance and share best practice in the implementation of identity programmes. Underpinning our work is the belief that unlocking the full power of identity is critical to enable people, economy and society to thrive.