The first article in this new series explained how Cybersecurity works in an e-Passport scheme. Now the authors do a deep dive into the verification mechanisms used to detect potential Cyber fraud.

The table below illustrates the process by which the mechanisms are verified to detect potential fraud in case of Cyberattacks.

 

Mechanism

 

Purpose

 

Authentication and Verification Process

 

How do we detect fraud?

Passive Authentication

Authenticity of the document

Authenticity of the data Integrity

Data groups in the micro-controller (DGs) are digitally signed by the issuing country.

Signatures are stored in EF.SOD (Data Structure signed by the Document Signer) + public key (Document Signer Certificate, or DSC).

Verify signatures of DGs and EF.SOD with DSC.

Verify signature of DSC with issuing authority Country Signer Certificate (CSC) from ICAO PKD.

Invalid signature of data on micro- controller

Invalid or missing certificate chain to issuing authority

Basic Access Control

Confidentiality Privacy

Machine Readable Zone (MRZ) shall be visually read from the passport to calculate access key. This key shall be used to grant access to the micro-controller using symmetric authentication (based in 3DES, a symmetric-key block cipher).

Symmetric session keys are exchanged and used to encrypt the communications (secure messaging)

MRZ often improperly formatted, so micro-controller cannot be accessed.

Supplemental Access Control

Confidentiality Privacy

MRZ or CAN (Card Access Number) shall be visually read from the passport to calculate access key.
Use asymmetric Diffie-Hellman (mathematical method of securely exchanging cryptographic keys over a public channel) key exchange with micro-controller based on mapping functions defined in EF.CardAccess (a file required for the Password Authenticated Connection Establishment mechanism.)Elliptic Curve and traditional Diffie-Hellman algorithms are supported.The key exchange generates a set of strong AES (Advanced Encryption Standard) or 3DES sessions keys used for secure messaging.
MRZ or CAN often improperly formatted, so micro-controller cannot be accessed.

Active Authentication

Authenticity of the document

Readable data contains a public key (DG15) and corresponding private key is stored in the micro-controller in a secure area. The micro-controller signs a random piece of data with the secure private key. The signature is verified with the public key.

Passive Authentication is required to ensure integrity of the public key in DG15

Micro-controller may be cloned or copied, so signature verification fails

Chip Authentication

Authenticity of the roles Confidentiality
Privacy

Readable data contains public key info (DG14) and corresponding private key is stored in the micro-controller in a secure area. Use asymmetric Diffie-Hellman key exchange with micro-controller. Elliptic Curve and traditional Diffie-Hellman algorithms are supported.

The key exchange generates a set of strong AES (or 3DES) sessions keys used for secure messaging.

Micro-controller may be cloned or copied, so signature verification fails

Terminal Authentication

Authenticity of the roles Confidentiality
Privacy

Readable data contains a CVCA (Country Verifier Certification Authority) reference in EF.CVCA (a file containing the public key of the certification authority) to a CV certificate chain used to verify the terminal.
Micro-controller stores a trust point with the CVCA root certificate for the certificate chain, which includes permissions on micro-controller data.Micro-controller verifies the CV certificate chain and permissions provided by the terminal. CV, DV and IS certificates. Terminal signs a challenge from the micro-controller with the IS private key stored in a secure area locally or remotely. Terminal verifies the challenge to ensure authenticity of the terminal IS (Inspection System) private key.
Allows micro-controller to verify terminal access rights to data.

Next in our series, you’ll learn about the Common Criteria for Information Technology Security Evaluation (often called Common Criteria or CC), an international standard for computer security certification with international and mutual recognition agreement. CC has long been the undisputed reference Cybersecurity framework for the IT and Security industries.

Join the conversation.

Keesing Technologies

Keesing Platform forms part of Keesing Technologies
The global market leader in banknote and ID document verification

+ posts

The Secure Identity Alliance (SIA) is an expert and globally recognised not-for-profit organisation. We bring together public, private and non-government organisations to foster international collaboration, help shape policy, provide technical guidance and share best practice in the implementation of identity programmes. Underpinning our work is the belief that unlocking the full power of identity is critical to enable people, economy and society to thrive.

Previous articleVirginia is Issuing Redesigned Driver’s License and ID Card
Next articleWest Virginia’s Driver’s License, ID Card Have a New Design