The first article in this new series explained how Cybersecurity works in an e-Passport scheme. Now the authors do a deep dive into the verification mechanisms used to detect potential Cyber fraud.
The table below illustrates the process by which the mechanisms are verified to detect potential fraud in case of Cyberattacks.
Mechanism |
Purpose |
Authentication and Verification Process |
How do we detect fraud? |
Passive Authentication |
Authenticity of the document Authenticity of the data Integrity |
Data groups in the micro-controller (DGs) are digitally signed by the issuing country.
Signatures are stored in EF.SOD (Data Structure signed by the Document Signer) + public key (Document Signer Certificate, or DSC). Verify signatures of DGs and EF.SOD with DSC. Verify signature of DSC with issuing authority Country Signer Certificate (CSC) from ICAO PKD. |
Invalid signature of data on micro- controller
Invalid or missing certificate chain to issuing authority |
Basic Access Control |
Confidentiality Privacy |
Machine Readable Zone (MRZ) shall be visually read from the passport to calculate access key. This key shall be used to grant access to the micro-controller using symmetric authentication (based in 3DES, a symmetric-key block cipher).
Symmetric session keys are exchanged and used to encrypt the communications (secure messaging) |
MRZ often improperly formatted, so micro-controller cannot be accessed. |
Supplemental Access Control |
Confidentiality Privacy |
MRZ or CAN (Card Access Number) shall be visually read from the passport to calculate access key. Use asymmetric Diffie-Hellman (mathematical method of securely exchanging cryptographic keys over a public channel) key exchange with micro-controller based on mapping functions defined in EF.CardAccess (a file required for the Password Authenticated Connection Establishment mechanism.)Elliptic Curve and traditional Diffie-Hellman algorithms are supported.The key exchange generates a set of strong AES (Advanced Encryption Standard) or 3DES sessions keys used for secure messaging. |
MRZ or CAN often improperly formatted, so micro-controller cannot be accessed. |
Active Authentication |
Authenticity of the document |
Readable data contains a public key (DG15) and corresponding private key is stored in the micro-controller in a secure area. The micro-controller signs a random piece of data with the secure private key. The signature is verified with the public key.
Passive Authentication is required to ensure integrity of the public key in DG15 |
Micro-controller may be cloned or copied, so signature verification fails |
Chip Authentication |
Authenticity of the roles Confidentiality |
Readable data contains public key info (DG14) and corresponding private key is stored in the micro-controller in a secure area. Use asymmetric Diffie-Hellman key exchange with micro-controller. Elliptic Curve and traditional Diffie-Hellman algorithms are supported.
The key exchange generates a set of strong AES (or 3DES) sessions keys used for secure messaging. |
Micro-controller may be cloned or copied, so signature verification fails |
Terminal Authentication |
Authenticity of the roles Confidentiality |
Readable data contains a CVCA (Country Verifier Certification Authority) reference in EF.CVCA (a file containing the public key of the certification authority) to a CV certificate chain used to verify the terminal. Micro-controller stores a trust point with the CVCA root certificate for the certificate chain, which includes permissions on micro-controller data.Micro-controller verifies the CV certificate chain and permissions provided by the terminal. CV, DV and IS certificates. Terminal signs a challenge from the micro-controller with the IS private key stored in a secure area locally or remotely. Terminal verifies the challenge to ensure authenticity of the terminal IS (Inspection System) private key. |
Allows micro-controller to verify terminal access rights to data. |
Next in our series, you’ll learn about the Common Criteria for Information Technology Security Evaluation (often called Common Criteria or CC), an international standard for computer security certification with international and mutual recognition agreement. CC has long been the undisputed reference Cybersecurity framework for the IT and Security industries.
The Secure Identity Alliance (SIA) is an expert and globally recognised not-for-profit organisation. We bring together public, private and non-government organisations to foster international collaboration, help shape policy, provide technical guidance and share best practice in the implementation of identity programmes. Underpinning our work is the belief that unlocking the full power of identity is critical to enable people, economy and society to thrive.