As the first article in this series explained, Public Key Infrastructure (PKI) technology assures authorities that information on a secure ePassport chip can be trusted, while making the authentication process smoother and more efficient. That said, it’s important to understand that passport PKI only works well if it is correctly and securely implemented.
Proper implementation of PKI includes:
- Good understanding of the complex technology and communications infrastructure for PKI, end-to-end, in the design and operation of the system, complying with ICAO 9303 and other relevant standards and good practice.
- Strong IT security, including protecting against unauthorised access and cyberattacks, protecting private keys and critical functionality in Hardware Security Modules (HSMs).
- Good teamwork between stakeholders, including management and technical; and issuance and authentication. Non-expert stakeholders need the opportunity to understand key aspects of PKI in accessible terms so they can make informed decisions—bridging the gap between specialists and non-specialists.
- Membership of ICAO PKD and ensuring that new public keys are uploaded and shared in time to reach border services before they are used to sign new passports.
- Active management to acquire all public key certificates possible.
Recent initiatives from ICAO
- The ICAO Public Key Directory (PKD) enables participating countries (82 in February 2022) to share their respective public keys to facilitate easier controls around the world.
- A recent initiative of ICAO is to make the public keys available to commercial entities in the private sector (e.g., banks, insurance and travel companies) so more entities would be able to verify data contained in ePassport chips. This generates facilitation and trust.
What developments does the future hold?
- ICAO are coordinating efforts to introduce a future form of the passport which will include a virtual component: the Digital Travel Credential (DTC). It could become possible for travellers to send the contents of their DTC electronically to the border services at their destination in advance; and it may be possible for a mobile phone to become an accepted form of passport in the future. The data structure of a DTC is similar to that of a standard ePassport, so it can also be verified using the PKD.
- Computer power increases substantially over time (known as Moore’s Law), so what is considered ‘beyond computation feasibility’ to break today may become unsafe in the future, requiring key lengths to be increased. Quantum computing may radically increase computer power beyond the existing trend. New forms of encryption are being standardised to safeguard trust in the era of quantum computing.
Talking to the Chip
Communicating with the secure electronic chip in an e-passport uses Near-Field Communication (NFC), which is a low-powered radio signal used when a payment machine talks to a contactless card. Several steps should be followed to read and authenticate an e-passport securely. The flow chart below illustrates those steps.
(1) Establish contact with the chip. A reader can use two mechanisms to access the chip: the original, Basic Access Control (BAC) is being replaced over time by Password Authenticated Connection Establishment (PACE). PACE-only documents have been allowed since 2018 so today’s passport readers must be able to read both. The term Supplemental Access Control (SAC) refers to using PACE when both parties can do so, or BAC if not.
These steps read the data on the chip, but they do not check whether the data and chip are genuine (i.e., whether the e-passport can be trusted). Experts agree with ICAO recommendations that further steps (2) and (3) to authenticate the document are essential.
(2) Authenticate the data on the chip. After connecting to the chip, the reader verifies that the digital signatures correctly match the data on the chip. A correct match is essential as it proves that the data has come from the right originator and has not been amended, so can be trusted. This step is called Passive Authentication (PA).
PA involves two levels of signing and authentication. Document signing keys are used to sign individual passports but are typically used only for a limited number of times before being retired. The document signing certificate stating the public key for a passport is included in the chip, and this certificate is signed by the country signing key, which is used to sign document signing certificates, for a maximum of 5 years.
Certificate Revocation Certificates (CRLs) and Deviation Lists are used by a passport issuer to notify all countries of technical errors or certificates that should not be relied on (for example, because security has been compromised). The issuer notifies ICAO of CRLs and Deviation lists so they can be included in the Public Key Directory (PKD). This ensures that Passive Authentication does not place trust in invalid data.
Master Lists can be included in the PKD which declare which public keys a country considers valid. This is useful as a consistency check but represents one country’s view rather than ICAO’s.
(3) Authenticate the chip. Another test is carried out to check that good (valid) data has not been copied (cloned) onto a false chip. This test is called Chip Authentication (CA), or an earlier version, Active Authentication (AA).
After (2) and (3) have been successfully completed, the passport reader now has evidence that the chip and its data can be trusted.
(4) EU fingerprints access. EU passports contain two fingerprint images of the document holder, to enable a simple and effective check on identity if necessary. This is subject to rigorous privacy control called Extended Access Control (EAC). The process to verify this permission and unlock access to the fingerprints is Terminal Authentication (TA). EAC requires the reading country to have authority from the country issuing the document; permission is exchanged via a Single Point Of Contact (SPOC) in each country.
The PKI implementation model described in this article series gives assurance that data stored in the ePassport chip are genuine. The key issue is trust. When implemented well, as described above, PKI can strengthen authenticators’ confidence in an identity presented at a border and in many other use cases.
This article is an initiative by the SIA’s Document Security Working Group. To find out more please visit: Secure Identity Alliance (SIA)
ICAO: Basic Concepts of MRTD and EMRTD—Two-page factsheet
ICAO Doc 9303, Machine Readable Travel Documents, 8th edition 2021, contents page…
ICAO Doc 9303, Part 2: Specifications for the Security of the Design, Manufacture and Issuance of MRTDs
ICAO Doc 9303, Part 11: Security Mechanisms for MRTDs
ICAO Doc 9303, Part 12: Public Key Infrastructure for eMRTDs
ICAO Doc 9303, Part 13: Visible Digital Seals
ICAO Master Lists, ePassport and Health
German Federal Office for IT Security (BSI):
BSI TR-03135 Machine Authentication of MRTDs for Public Sector Applications
EU Digital COVID Certificate